Keshav Ram Singhal
'Outsourcing' is an important external source activity for an organization. 'Outsource' can be defined as 'making an arrangement where an external organization performs part of the organization's role, function or process (interrelated and interacting activities).
ISO 9001:2008 QMS standard however mentioned requirements to ensure controls over outsource process, but it was not specific on the externally provided products and services. According to ISO 9001:2008 QMS standard, where an organization chooses to outsource any process, the organization needs to ensure control over such process.
Forthcoming ISO 9001:2015 QMS standard not only deals with externally provided process or processes, but it also mentions detailed requirements of the control on externally provided processes, products, services and property. There may be situations, when:
(i) outsource products and services are intended for incorporation into the organization's products and services,
(ii) an external provider on behalf of the organization provides products and services directly to the customer,
(iii) an external provider provides a process or part of a process to the organization,
(iv) an external provider provides its property for use or incorporation into the organization's products and services.
With respect to the externally provided processes, products, services and property, requirements mentioned in following clauses are relevant:
Clause 8.4 - Control of externally provided processes, products and services
Clause 8.5.3 - Property belonging to customers or external providers
According to the requirements of forthcoming ISO 9001:2015 QMS standard, an organization needs to carry out the following activities:
(i) Potential impact of externally provided processes, products and services on the organization's ability to meet requirements (customer and legal)
(ii) Effectiveness of the controls applied by external providers
(i) Controls to be applied to the externally provided processes, products and services
(ii) Criteria for the evaluation, selection, performance monitoring and re-evaluation of external providers
(iii) Verification and other activities to ensure that externally provided processes, products and services meet requirements
(i) Externally provided processes, products and services conform to requirements
(ii) Externally provided processes, products and services remain with the organization's control
(iii) Adequacy of requirements to be communicated to the external providers
Controls to be applied to
(i) External providers, and
(ii) Resulting output
Communicate to the external providers adequate requirements for the
(i) Processes, products and services
(ii) Approval of products and services
(iii) Approval of methods, processes and equipment
(iv) Release of products and services
(v) Required competence (including qualification)
(vi) External providers' interactions with the organization
(vii) Control and monitoring of the external providers' performance to be applied
(viii) Verification and validation activities to be performed at the external providers' premises by the organization or its customers
Determined controls, criteria and other activities
Controls on external providers' property
The organization is also required to exercise care with the property (such as material, components, tools, equipment, premises, intellectual property and personal data) belonging to the external providers while the same is under the organization's control or being used by the organization. The organization needs to identify, verify, protect and safeguard the property provided for the use or incorporation into the products and services.
When any property belonging to an external provider is lost, damaged or otherwise found to be unsuitable for use, the organization must (i) report the same to the external provider, and (ii) retain documented information of the same.
International Organization for Standardization (ISO) has released ISO/FDIS 9001:2015 for voting to be completed on 9 September 2015 and thereafter ISO 9001:2015 QMS standard will be published. This article is based on the draft versions of the forthcoming standard and there may be some changes after the final standard is published.