ISO 9001:2015, 8.4

Clause 8, Operation, has seven sub-clauses:

8.1 Operational Planning and Control
8.2 Requirements for Products and Services
8.3 Design and Development of Products and Services
8.4 Control of Externally Provided Processes, Products, and Services
8.5 Production and Service Provision
8.6 Release of Products and Services
8.7 Control of Nonconforming Outputs

This article is on 8.4 Control of Externally Provided Processes, Products, and Services.

8.4.1 General

Requirements:

Ensure that externally provided processes, products, and services conform to requirements.

Determine the controls to apply to externally provided processes, products and services when:

a) products and services from external providers are to be incorporated into organization’s own products and services;

b) products and services are provided directly to customer by external providers on behalf of organization;

c) a process, or part of a process, is provided by an external provider as a result of a decision by organization.

Determine and apply criteria for evaluation, selection, monitoring of performance, and re-evaluation of external providers

(based on their ability to provide processes or products and services in accordance with requirements). Retain appropriate documented information of these activities and any necessary actions arising from evaluations.

Changes:

  • Replaces most of 7.4.1 on purchasing process
  • Includes outsourcing and drop shipments
  • External provider is outside scope of system:
    • purchasing from a supplier,
    • arrangement with an associate company,
    • outsourcing of processes and functions.
  • Adds monitoring of external provider performance
  • See Annex A.8 on Control of Externally Provided Processes, Products, and Services

8.4.2 Type and Extent of Control

Requirements:

Ensure externally provided processes, products, and services do not adversely affect ability to consistently deliver conforming products and services to customers.

a) ensure externally provided processes remain within control of quality management system;

b) define controls to be applied to external provider and those applied to resulting output;

c) take into consideration:

1) potential impact of externally provided processes, products, and services on organization’s ability to consistently meet customer and applicable legal requirements;

2) effectiveness of controls applied by external provider;

d) determine verification, or other activities, necessary to ensure externally provided processes, products, and services meet requirements.

Changes:

  • Expands upon old 7.4.1 requirement on type and extent of control
  • Old 4.1 NOTE 3 on outsourcing controls now auditable as a requirement
  • Apply controls on providers and their outputs
  • Considers effectiveness of provider’s controls
  • Considers “potential impact” of externally provided processes, products, and services
  • Includes verification from old 7.4.3 on verification of purchased product

8.4.3 Information for External Providers

Requirements:

Ensure adequacy of requirements prior to communicating them to external provider.

Communicate requirements to external providers:

a) processes, products, and services to be provided;

b) approval of:

1) products and services;
2) methods, processes, and equipment;
3) release of products and services;

c) competence, including any required qualifications;

d) external providers’ interactions with organization;

e) control and monitoring of external providers’ performance to be applied by organization;

f) verification or validation activities that organization, or its customer, intends to perform at external providers’ premises.

Changes:

  • Includes requirements from old clauses 7.4.2 and 7.4.3
  • Adds interactions with organization, e.g., SCAR
  • Adds control and monitoring of external provider’s performance
  • Adds “validation” activities

Competence is defined in ISO 9000:2015, 3.10.4, as the ability to apply knowledge and skills to achieve intended results.

Demonstrated competence is sometimes referred to as qualification.

You can enroll in one of our 2.0 day “ISO 9001:2015 Requirements and Transition Guidance” public classes at this web page.

You can arrange for the course to be taught onsite at your facility by contacting Larry Whittington at larry@whittingtonassociates.com, or 770-862-1766770-862-1766.