This blog aims to help organizations understand the meaning and interpret the requirements stated in ISO 9001:2015 concerning “outsourced process” and how to carry out a meaningful gap analysis against your current processes and procedures.
The Clause 8.4 in revised standard specifically talks about control of externally provided processes, products and services.
There is a noticeable change in terminology of the revised ISO 9001:2015 standard that “Purchasing” and “Outsourcing” are now referred as “externally provided processes, products and services”.
However, that doesn’t mean that you have to change or update your terminologies, but you may continue to use terms which suit your operations such as “supplier”, “partner” or “vendor” rather than “external provider”. Though intent is the same as what was in the 2008 version since purchasing includes products and services you acquire from suppliers and outsourced processes.
So, let’s dig a little deeper and get a better sense of how this requirement can be understood clearly in a different way.
Take a look at the figure below:
Hence, it is clear from the above figure that regardless of the size and interacting phase of the outsource organization the specific outsourced activities shall always be liable to take under the purview of your QMS and therefore you may demand your suppliers comply with the requirements.
Clause 8.4.1 specifically requires you to record the results of various supplier activities such as evaluation, selection, monitoring of performance, and thereafter the re-evaluation.
The organizations which were not doing this before will now have many new implications. Thus, it requires them to revisit their supplier activities in a holistic manner. For example, reassessment of supplier is as important as supplier on-boarding, therefore the importance of performance data is really needed for it.
While setting up the criteria, the organization should not limit themselves only to quality parameters, timely-delivery or cost focus; but you can also include collaborative innovation and sustainability road map. You may extend it to your energy & environmental requirements as well!
As the revised standard focuses on “control” over outsourced processes it can be extended to your secondary party audits through which you can set your own criteria and assess the suppliers for fulfilment of requirements.
Here lies an important fact to bear in mind concerning clause 4.1. It requires you to determine external issues such as emerging from external providers which affect the organization’s ability to achieve the desired outputs. Thus, monitoring and reviewing such critical issues be highlighted in your management review.
Another important aspect that is described is the communication to external providers under clause 8.4.3.
Apart from the required product features, design, drawing, etc. the necessary information in regards with special processes, equipment, quality targets, communication or escalation protocols and insight on future project deliverables will also be helpful for your suppliers.
Finally, clause 8.5.3 should also be considered for the preservation of external providers property.
For this, you may list all such assets of the external provider and perform a periodic asset verification audit and inform suppliers of any adverse findings. This also needs to be documented.
Needless to say, the supplier activity data should be a part of your management reviews for effective management of external providers risks and the opportunities as well!