ISO 9001:2015 clauses 8.4.1 – 8.4.3 and requires that external providers must be controlled and their performance be evaluated. This 9001 clause applies to IATF 16949, AS9100D, 13485, 14001 45001, and ISO 27001. Effectively there is almost no difference between purchasing a service and outsourcing of a process.
What processes are outsourced, and how are they controlled?
Usually, outsourced processes include things like:
- component manufacturing
- IT support
- warehousing & distribution
- banking & finance
Internal and certification audits take into account Outsourced Processes & Products. ISO Standard 8.4.1 covers how organizations address external outsource vendors.