ISO
9001:2015 QMS Awareness – Operation – Control of externally provided processes,
products and services
===========
Control
of externally provided processes, products and services
Let us understand the
terms ‘external provider’, ‘externally provided process’, ‘externally provided
product’ and ‘externally provided service’.
Provider = Supplier = Contractor
= A party, person or organization that provides a product or a service to the
organization
A provider may be
internal or external.
External provider =
External supplier = A provider or supplier that is not part of the organization
Externally provided
process = A process that is carried out by an external party, person or
organization on behalf of the organization.
Externally provided
product = A product that is provided by an external party, person or
organization and used or incorporated into the organization’s own product/s or
service/s. Raw material purchased from market is an externally provided
product.
Externally provided
service = A service that is provided by an external party, person or
organization to support the organization’s activities.
Examples of external
provider – (i) Supplier of raw material, (ii) Supplier of components, (iii)
Consulting organizations, (iv) Distributor, (v) Producer, (vi) Retailer, (vii)
Vendor
Examples of externally
provided process – (i) Calibration of testing equipment conducted by an
external calibration laboratory, (ii) Information technology support provided
by an external party, person or organization, (iii) Painting services
outsourced to a professional painter, (iv) Employees’ trainings conducted by an
external trainer or institute.
Examples of externally
provided product – (i) Raw material purchased from a supplier and used in the
production of the organization’s product, (ii) Component purchased from a
supplier and used in the production of the organization’s product, (iii)
Software purchased from a software vendor and used in the organization’s
systems, (iv) Safety equipment purchased from a supplier for use in the
organization’s operation.
Examples of external
provided service – (i) Consultation service provided by an external party,
person or organization, (ii) Information technology services provided by an
external party, person or organization.
Externally provided process
/ product / service may be through:
-
Purchasing from a
supplier / vendor,
-
An arrangement with an
associated organization,
-
Outsourcing process to
an external provider.
Requirements
The
organization needs to consider – (i) Potential impact of externally provided
process / product / service on the organization’s ability to meet requirements
(customer and legal), and (ii) Effectiveness of the controls applied by
external providers.
The
organization needs to determine – (i) Controls to be applied to the externally
provided process / product / service, (ii) Criteria for evaluation, selection,
performance monitoring and re-evaluation of external providers, (iii) Verification
and other activities to ensure that externally provided process / product /
service meets requirements. Clarification – It should be noted that
controls to externally provided process / product / service are applicable (i)
When product / service from the external provider is incorporated into the
organization’s own product / service, (ii) When product / service is directly
provided directly to the customer by the external provider on behalf of the organization,
and (iii) When the organization decides to provide a process or part of a
process by an external provider.
The
organization needs to ensure – (i) Externally provided process / product /
service conforms to requirements, (ii) Externally provided process / product /
service does not adversely affect the organization’s ability to consistently
deliver conforming product / service to customer, (iii) Externally provided
process / product / service remain with the organization’s control, and (iv) Adequacy
of requirements communicated to the external provider.
The
organization needs to define – (i) Controls to be applied to external
providers, and (ii) Controls to be applied to resulting output.
The
organization needs to communicate to the external providers adequate
requirements for the (i) Process / product / service, (ii) Product / service approval,
(iii) Method / process /equipment approval, (iv) Release of products /
services, (v) Required competence including qualification of persons, (vi) External
providers’ interactions with the organization, (vii) Control and monitoring of
the external providers’ performance to be applied, (viii) Verification and
validation activities to be performed at the external providers’ premises by
the organization or its customer.
The
organization needs to apply – Determined controls, criteria and other
activities.
The
organization needs to retain documented information (records) – Evaluation,
selection, monitoring of performance and re-evaluation of external providers
and any action arising from these activities.
In short
Clause
8.4 of ISO 9001:2015 QMS standard focuses on the control of externally provided
processes, products and services. Here are a few examples of control that can
be applied to meet the requirements of this clause:
1.
Supplier
evaluation and selection – Implementing a well-defined process to assess and
select suppliers based on their ability to meet the organization’s
requirements. The process may include evaluating supplier’s quality management
system or its certification, product / service quality, delivery performance,
financial stability etc.
2.
Supplier
performance monitoring – Regular monitoring and evaluating the performance of
the supplier with reference to on-time delivery, product / service quality,
compliance with requirements etc.
3.
Communication
– Maintain effective communication with the supplier to facilitate a better and
mutual understanding of requirements, changes, and any potential issues. Efforts
can be made to conduct regular meetings and prompt communication with suppliers.
4.
Incoming
inspection and verification – Establish procedure for inspecting and verifying externally
provided process / product / service upon receipt.
Control
on external providers’ property
Clause
8.5.3 of ISO 9001:2015 QMS standard stipulates requirements on property
belonging to customers or external providers. Exercise following controls on
the external provider’s property –
1.
Exercise
with external provider’s property (such as material, components, tools,
equipment, premises, intellectual property and personal data) while under the
organization’s control or being used.
2.
Identify,
verify, protect and safeguard the property provided for the use or
incorporation into the product / service.
3.
Report to
the external provider any property belonging to an external provider is lost,
damaged or otherwise found to be unsuitable for use.
Think of
the following Questions
(1)
What are externally provided processes,
products and services?
(2)
Why an organization need to control externally
provided processes, products and services?
(3)
What documented information you may need to
retain for externally provided process / product / service?
Best wishes,
Keshav Ram Singhal
Please have your comments /
reaction.
To train your employees with ISO
9001:2015 QMS Awareness, please supply them “TRAINING HANDBOOK ON ISO 9001:2015QMS AWARENESS” (ASIN:
B093YFFY7Z), which is available worldwide at Amazon. Please
search this Training Handbook in Amazon Website of your country.
You may also supply your
employees following eBooks - (i) A Concise Guide on Creating and Updating Documented Information
(eBook) https://store.pothi.com/book/ebook-keshav-ram-singhal-concise-guide-creating-and-updating-documented-information/
(ii) Applying Risk-based Thinking in an Organization Implementing ISO
9001:2015 QMS (eBook) https://store.pothi.com/book/ebook-keshav-ram-singhal-applying-risk-based-thinking-organization-implementing-iso-9001-2015-q/
Thanks.
No comments:
Post a Comment