- The main challenge with external providers is the ability to achieve control over actions that are not directly under the organization’s supervision. This will be achieved by developing the appropriate controls. A consequent control of delivered products or services shall reduce nonconformities and complaints from the end customer and will enhance the quality of the end product.
Ensuring the Ability of the Organization to Consistently Provide Conforming Products and Services
Before the ISO 9001 Standard introduces us to the practical requirements for controlling external providers, it presents us with the main objective of those controls: ensuring the ability of the organization to consistently provide conforming products and services. In other words through applying appropriate measures, the organization shall ensure that deliveries of processes, products, or services are well controlled. In order to reach this objective, the organization must have clarity on the following main issues:
- It must be clear which processes, services, or products are externally provided. Inputs to this issue may derive from the following quality elements:
- Context of the organization—where generally external issues of the organization are determined.
- Process analysis—the analysis of processes indicates which processes are provided externally.
- Requirements for resources—where needs for services from external providers are defined.
- Requirements for knowledge—where needs for external knowledge are defined.
- Product specifications—in the specifications it is defined which products or parts of the product will be delivered by external provider.
- Planning the controls for external providers refers to the following aspects:
- Outputs of the actions to address risks and opportunities—where it is identified where and how the organization may fail to provide conformed products or services and which actions must be initiated in order to eliminate such situations
- Relevant quality objectives—where it is defined and what is expected of the organization and its processes
- Controlling changes—where management of changes may refer to changes of externally provided processes, products, or services
After understanding the issues, one may advance to developing the controls. For those required controls, the standard introduces clear requirements.
Including the Processes of External Origin in the QMS
Processes of external origin are to be included in the QMS. Inclusion of those processes in the QMS means that the organization must plan, determine, implement, control, measure the effectiveness, and improve those processes. The reference applies the following types of activities:
- QMS activities, for example, system audits
- Provision of goods or resources, for example, provision of components or outsourced personnel
- Performance of processes that are part of the realization of the product including manufacturing activities, handling, activities of measurement, and analysis
- Performance of services, for example, transport services or consulting services
These processes or business activities provided by an external provider are supposed to be identified as part of the determination of the QMS, its processes, and interactions (see clause 4.4). In clause 4.4 it is required to maintain documented information concerning the processes—that means the list of the QMS processes.
Eliminating Potential Impact Related to Externally Provided Products or Services
When purchased processes, products, or services are introduced into the realization of the product, there are risks that these might be nonconformed. Introducing nonconformed goods or services is considered as the potential impact of the product, may cause critical consequences, may have a strong effect on processes or the quality of the product (final or semi), and thus may adversely affect the ability of the organization to consistently deliver conforming products and services to its customers. Such issues, situations, or risks that may bring about those potential impacts must be identified and managed. Here are some of the issues to be reviewed when identifying risks:
- Complexity of the provided product or service
- Ability of the supplier to continually supply
- Ability of the supplier to manage and control complex production processes
- Liability and stability of processes
- Reaction to failures and nonconformities
- Liability of products
- Qualification of personnel
- Awareness of quality
- Availability and cooperation of the supplier or subcontractor
- Legal status
- Capital investment and financial viability
This webpage contains only a fragment of the chapter 8 – Operation from the book: ISO 9001: 2015 – A Complete Guide to Quality Management Systems published by:
Why choose the book ISO 9001: 2015?
Share This
