ISO9001 in 2021 Week by Week - Week 35 – 8.4.1 Control of externally provided products and services

This is a 52 week discussion of ISO9001:2015. Each week, we discuss a specific clause of the ISO9001:2015 standard in detail and look for ways to trim the fat. (As a member of TAG/TC176, the committee responsible for review and revision of ISO9001, (possible revision in 2023), I’ll keep you posted on what I learn all year!)

(It is strongly recommended that you purchase a copy of ISO9001:2015  for reference).  And, be sure to do your homework!

8.4.1 Control of externally provided products and services

Make it or buy it?  That is the question.

Organizations with a focus on core competencies often choose to outsource rather than try to do themselves those things that fall outside of their wheelhouse”.  When making this choice, the organization is relying on an outside provider to provide the same level of quality that they themselves would expect to provide to their customers.  This is why this clause is so important, and managing suppliers is so critical.

Having a look at the introduction in this section, the statement is a simple “shall”.

“The organization shall ensure that externally provided processes, products, and services conform to specified requirements.”  Great.  Let’s move on.

“The organization shall determine the controls to be applied to externally provided products and services when:

a)  products and services from external providers are intended for incorporation into the organization’s own products and services:”

This is a great help in defining exactly how much control we must have, and over whom.  I was once asked if my uniform and floor mat providers were on my approved source list by an auditor.  I’m glad to have this definition to prevent from ever having to have that conversation again.  The scope of the requirements is those outside products/services to be incorporated into our own products and services.  Nice and tidy.

“b)  products and services are provided directly to the customer(s) by external providers on behalf of the organization;”

This area can be a little bit tricky.  Not overly so, but a little bit.  Often when an organization has products or services essentially “drop shipped” to a customer, there is a little bit of a sense of disconnect.  The organization may “wash their hands of it”, so to speak.  But, when you rely on an outside source to be your customer-facing provider, you better have some good controls in place.   It’s important to carefully define the criteria for the purchased product or service, then carefully evaluate and select a provider based on their ability to meet all expectations (both yours and your customer’s).

“c)  a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function.”

The third qualifier of “when this applies” is whenever a decision is made to outsource a process or function.  This is very important, because this pulls into the mix any outside processing, which is more than just purchased parts.  It’s outside processing like post-manufacturing treatments such as painting, plating, assembly.  It may also apply to logistics, specialize packaging, inspection, etc.  Or it may be simply the temporary outsourcing of a process due to capacity.  In any case, a structured method for evaluating, selecting and monitoring the provider must be put in place.

Now that we know when the standard applies, the clause goes on to define exactly what is needed for the organization to be considered compliant.  For all the scenarios listed above, the following requirements apply:

“The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements.  The organization shall retain documented information of these activities and any necessary actions arising from the evaluations.”

This clarifies that there must be a defined process for evaluating, selecting and monitoring its providers.  Each of these is an individual requirement where it is expected that criteria be established for 1-evaluating, 2-selecting, 3-monitoring and 4-re-evaluation.  And the section wraps up with the big one – “and it shall be documented”.

Again, just as individual criteria are expected for each 1-evaluating, 2-selecting, 3-monitoring, and 4-re-evaluation, records for each of these activities is also required.

THIS WEEK’S HOMEWORK

Review your current supplier management process and ensure that you have clearly defined where it applies (and does not apply).  Next, be sure that the four areas 1-evaluating, 2-selecting, 3-monitoring and 4-re-evaluating are all defined for all scenarios – where products or services are used by the organization, where products or services are provided directly to the customer or where processes are outsourced.  And finally, be sure there is documented information to support all of it.  Good luck!

This weekly series is a DIY guide including lots of FREE STUFF like templates, examples and tutorials.  So, SUBSCRIBE today and we’ll keep it coming to your inbox weekly.

Do you need help with your Supplier Management process to comply with these requirements?  Connect with us today and we'll help you create a robust but simple supplier management program that will be easy to manage, but powerful in terms of your reliance on your supply chain.  

And the options don't stop there.  

For more information about 8.4.1 Control of Externally Provided Products and Services and all the other clauses of ISO9001, watch this 3-minute video about another great resource to accompany this series.   Get the self-directed, on demand, online learning series  ISO9001 in Plain English, today and you'll get:

• A clear understanding of the requirements of ISO9001:2015
• Proven tips to build a robust quality system that's easy to use
• Ways to reduce documentation and paperwork (yes, really!!)

Each video is about 15 minutes and targets a specific element of ISO9001, (with over 6 hours of total content!).  We translate all the gobbledegoop into Plain English you can understand and leverage the requirements to get maximum VALUE from your quality efforts. 

For a deeper dive into the process side of your quality system, get Tribal Knowledge - The Practical Use of ISO, Lean and Six Sigma Together, a simple guide to UNITE ISO9001, lean and Six Sigma to create a robust quality system with better results.  Read what ASQ American Society for Quality – Quality Progress Magazine  had to say about it. 

We look forward to continuing this YEAR LONG journey with you.  SUBSCRIBE today and the series will come to you weekly to get you off to a great start and your quality system reinvigorated. 

And join me on my journey to always keep improving!