Guidance Document N630 on Outsourced Processes

In support of ISO 9001:2000 and ISO 9004:2000, ISO Technical Committee 176/SC 2 has published the following guidance documents:

N524 – Guidance on ISO 9001:2000 clause 1.2 ‘Application’
N525 – Guidance on the Documentation requirements of ISO 9001:2000
N526 – Guidance on the Terminology used in ISO 9001:2000 and ISO 9004:2000
N544 – Guidance on the Process Approach to quality management systems

N630 – Guidance on ‘Outsourced Processes’

Document N630 was recently published and provides guidance on the intent of ISO 9001:2000 clause 4.1 on the control of outsourced processes. ISO 9001:2000 clause 4.1 states: “Where an organization chooses to outsource any process that affects product conformity with requirements, the organization shall ensure control over such processes. Control of such outsourced processes shall be identified within the quality management system.”

N630 describes an “outsourced process” as a process that the organization has identified as being needed for its quality management system, but one which it has chosen to be carried out by an external party. An outsourced process can be performed by a supplier that is totally independent from the organization, or which is part of the same parent organization (e.g., a separate department or division not subject to the same quality management system). It may be provided within the physical premises or work environment of the organization or at an independent site.

The intent of Clause 4.1 is to emphasize that when an organization chooses to outsource (permanently or temporarily) a process that affects product conformity with requirements, it can not simply ignore this process or exclude it from the quality management system. The organization has to demonstrate it exercises sufficient control to ensure the process is performed according to the relevant ISO 9001:2000 requirements, as well as, the requirements of the quality management system.

The nature of this control will depend on the importance of the outsourced process, the risk involved, and the competence of the supplier. Also, the outsourced process will interact with other processes (either carried out by the organization or outsourced). These interactions must be managed as required by ISO 9001:2000 clauses 4.1.a and 4.1.b.

The acquisition of an outsourced process will normally be subject to the requirements of both ISO 9001:2000 clause 7.4 (Purchasing) and clause 4.1 (General Requirements). In some situations, the organization might not actually “purchase” the outsourced process. It might receive the service from a corporate office or from another division, without a monetary transaction taking place. Under these circumstances, however, ISO 9001:2000 Clauses 7.4 and 4.1 are still applicable.

There are two situations that frequently must be considered when deciding the appropriate level of control of an outsourced process:

1. When an organization has the competence and ability to carry out a process, but chooses to outsource that process (for commercial or other reasons), the process control criteria should already have been defined and can be transposed into requirements for the supplier, if necessary.

2. When the organization does not have the competence to carry out the process itself, and chooses to outsource it, the organization has to ensure the controls proposed by the supplier of the outsourced process are adequate. In some cases, it may be necessary to involve external specialists in making this evaluation.

It may be convenient, or even necessary, to define some or all of the methods to be used for control of the outsourced processes in a contract between the organization and the supplier. Care should be taken, however, not to inhibit the supplier from proposing innovations to the outsourced process.

In some situations, it might not be possible to verify the output from the outsourced process by subsequent monitoring or measurement. In these cases, the organization needs to ensure that the control over the outsourced process includes process validation in accordance with ISO 9001:2000 clause 7.5.2.

Guidance document N630 and the rest of the ISO 9000 Introduction and Support Package can be downloaded from<http://isotc176sc2.elysium-ltd.net>.