How to control outsourced processes in your Management System

conference with 2 peopleISO 9001:2015 clauses 8.4.1 – 8.4.3 and requires that external providers must be controlled and their performance be evaluated.   This 9001 clause applies to IATF 16949, AS9100D, 13485, 14001 45001, and ISO 27001.  Effectively there is almost no difference between purchasing a service and outsourcing of a process.

What processes are outsourced, and how are they controlled?

Usually, outsourced processes include things like:

  • component manufacturing
  • accounting
  • maintenance
  • transportation
  • IT support
  • warehousing & distribution
  • banking & finance
  • legal
  • consultant/auditor

Internal and certification audits take into account Outsourced Processes & Products.  ISO Standard 8.4.1 covers how organizations address external outsource vendors.

How to control outsourced process/external service/product providers

One method to control outsourced processes is through the contractual document.  This document should define service levels, roles, responsibilities, and methods to monitor and report on the deliverables.  Also, the contract should cover the documented information from the outsourcing organization.

Another method is through a second-party audit process.  A second party audit is carried out on a potential or current supplier by a purchasing organization.  The purpose is to use the audit result as part of the purchasing decision - a factor to conform to clause 8.4 of ISO 9001. 

In this time of lean operations, it is good to know competent auditors available to meet your second party audit needs.

Here are the steps of a Second Party Audit

  1. Purchaser considers purchasing from supplier and sets up audit
  2. Decides to audit
  3. Audit carried out and reported
  4. If outcome successful then, order placed
  5. Follow-up

Interested parties, including the outsourced organizations, have a big impact on the organization’s performance.

8.4 Control of externally provided processes, products and services

In general, it is required that the organization ensure that any externally provided products or services meet the same requirements in the management system.  Controls need to be defined and documented if:

  • The provided products or services are incorporated into the organization’s own products or services
  • The products or services are provided to the organization’s customer’s directly
  • A process used from an external provider is the result of the organization’s decision

The organization must create and apply criteria to the external organization for:

  • Evaluation
  • Selection
  • Monitoring
  • Re-Evaluation

8.4.2. Type and extent of control

Be sure the provided processes conform to the control of its quality management systems compare the control of the external process/product with your own controls.

Define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output.

Ensure the processes, products and services consistently meet applicable statutory and regulatory requirements.  The method and frequency of verification should also match your Management System.

Verify the external provider employs effective controls.  Review their Management System.

Verify the external processes, products and processes meet requirements through testing or inspection.

8.4.3 Information for external providers

The following should be communicated to the external provider:

  • Detailed description of the requirements for processes, products and services
  • How the products and services are approved, and (b 2) the methods and equipment used
  • Under what conditions the products and services are released to the organization
  • The requirements needed to ensure competence of the people involved
  • How the external provider interacts with the organization
  • How the performance is controlled and monitored
  • What and how are the activities verified and validated at the external provider’s location

Information

We offer a free, no obligation initial analysis as well as accomplishment Guarantees.

building bricks 35x25Copyright 2008 - 2021 Management Solutions Group, All Rights Reserved

building bricks 35x252879 Hoag NE • Grand Rapids, MI 49525
• Phone: Tap: (616) 365-9822
• Fax: (425) 799-5915

Testimonial from a Client

Outstanding Learning Experience

"Just wanted to send a note thanking you for the hard work and effort given to our company to help obtain ISO13485 & 9001. We successfully passed the initial registration audit two weeks ago. The auditor was impressed with how we integrated both systems and said it should be used as a model for other companies attempting to do the same. Linda’s work was outstanding and we learned a lot about our company and where our shortfalls are. Without her help and assistance we never would have achieved this goal"

Micro Star Innovations