Skip to main content
Jun 27, 2017 Craig Thornton

Clause 8.4 of ISO 9001: Controlling Externally Provided Processes, Products and Services

Way back in Part 8 of this blog series I discussed the importance of relationship management in developing your quality management system.  In that blog I said that “when I was a Senior Auditor for a Certification Body and auditing companies for ISO 9001 or ISO 14001, supplier management especially was always an area that companies were very weak in.” 

Over the years ISO and its technical committees have recognised this fact and in 2015 they significantly strengthened the requirements for this critical area. 

Deming believed that your suppliers aren’t rivals or problems to be solved – in fact, he said that we should “ask our suppliers to come and help us solve our problems”.  Clause 8.4 is a tool to help you do that. Let’s take a look at the detail.

 

8.4.1 - Purchasing 

The standard talks about an external provider.  Let’s call them a supplier.  This list could be in your ERP system, your accounting system, in Mango (if you use it) or in a spreadsheet.

You must evaluate the critical suppliers against a fixed set of criteria.  As an example, I have used the following criteria for over 20 years and it has stood up well over time:

  • Technology - do they have the technology to supply what you want?
  • Quality - what quality standards do they meet?
  • Responsiveness - are they responsive to your needs?
  • Delivery - can they deliver on time?
  • Cost - is the price acceptable?
  • Environmental impact - what is their impact on the environment and society

As you use these suppliers you will need to monitor their performance against your requirements.  It takes some effort to ensure that they are performing, but it is time and resources very well spent.  As you regularly talk with your critical suppliers about your issues and requirements a relationship will be built, one which is mutually beneficial, and more likely to be long-term.

 

8.4.2 - Controls for Suppliers

1. You need to ensure outsourced processes are controlled.  For example, here at Mango we have partners that do implementations of our software at the customer's sites for us.  So we have procedures and training that provide the knowledge to partners on how to undertake and manage this important process.

2. you need to define the controls for the supplier.  These controls could be defined in various documents like: purchase orders; in agreements; or in contracts.  In addition you need to have controls on the actual product or service they provide.  You could ask for a certificate of conformance, or a test report or a third-party test.  For example, here at Mango we have formal Partner Agreements in place that define controls around things like marketing, sales, implementation and support for customers.

3. don’t have “one-size-fits-all” controls for suppliers.  For the critical suppliers that have a significant risk to your business, put tighter controls in place.  For others - not so much.  Don't forget that you also need to make sure that your suppliers meet local laws and regulations.

Finally for 8.4.2 you need to inspect the product or service from the supplier.  This could be your inwards goods receiving inspection process.  When you receive the product you need to check it against the order and ask:

  • Was it what was on the order?
  • Was it the right price?
  • Was it delivered on time?
  • Was it damaged?
  • Was it the right quantity?

 

8.4.3 - Communication with Suppliers 

This is typically done with a purchase order but it could also be by contract or agreement.  I have also seen other methods of spelling our requirements for suppliers, such as inspection and test plans, work briefs, statements of work and even forecasts are used in the communication process.  The standard says that you don’t have to write these down in a document but I think it’s best practise to do so.


Takeaways

In working through clause 8.4, the standard asks you to consider the following questions:

  • What do you actually want to be supplied?
  • How will you approve the:
    • Product or service prior to delivery;
    • Methods, processes and equipment the supplier will use;
    • Release of the product or service to you?
  • What is the competence of the supplier’s staff?
  • How will the supplier will interact with you?
  • How will you control and monitor their performance prior to delivery?
  • How will you verify and validate the supplier’s premises?

The answers to these questions are in essence the base structure for a long-term relationship that will be beneficial to all involved.  Make the most of it.


Integrated_Management_System_manuel.jpg

 

View previous blogs in this series "How to Implement a QMS and Achieve ISO 9001 Certification":

How to Implement a QMS and Achieve ISO 9001 Certification - Part 1: Introduction

How to Implement a QMS and Achieve ISO 9001 Certification - Part 2: Customer Focus

How to Implement a QMS and Achieve ISO 9001 Certification - Part 3: Leadership

How to Implement a QMS and Achieve ISO 9001 Certification - Part 4: Engagement of People

How to Implement a QMS and Achieve ISO 9001 Certification - Part 5: Process Approach

How to Implement a QMS and Achieve ISO 9001 Certification - Part 6: Improvement

How to Implement a QMS and Achieve ISO 9001 Certification - Part 7: Evidence Based Decision Making 

How to Implement a QMS and Achieve ISO 9001 Certification - Part 8: Relationship Management

How to Implement a QMS and Achieve ISO 9001 Certification - Part 9: Clauses 0.1, 0.2, 0.3, 1, 2 and 3 of ISO 9001:2015

How to Implement a QMS and Achieve ISO 9001 Certification - Part 10: Clauses 4.1, 4.2, 4.3 and 4.4 – Context, Interested Parties, Scope, QMS

How to Implement a QMS and Achieve ISO 9001 Certification - Part 11: Clauses 5.1 Leadership and Commitment

How to Implement a QMS and Achieve ISO 9001 Certification - Part 12: Clause 5.2 Policy

How to Implement a QMS and Achieve ISO 9001 Certification - Part 13: Clause 5.3 Roles, Responsibilities and Authorities

How to Implement a QMS and Achieve ISO 9001 Certification - Part 14: Clause 6.1 Actions to Address Risks and opportunities

How to Implement a QMS and Achieve ISO 9001 Certification - Part 15: Clause 6.2 Objectives

How to Implement a QMS and Achieve ISO 9001 Certification - Part 16: Clause 7.1 Resources

How to Implement a QMS and Achieve ISO 9001 Certification - Part 17: Clause 7.2 and 7.3 - Competence and Awareness 

How to Implement a QMS and Achieve ISO 9001 Certification - Part 18: Clauses 7.5 - Documented Information

How to Implement a QMS and Achieve ISO 9001 Certification - Part 19: Clauses 8.1 - Clause 8.1 - Operational Planning and Control

How to Implement a QMS and Achieve ISO 9001 Certification - Part 20: Clauses 8.2 - Requirements for Products and Services

How to Implement a QMS and Achieve ISO 9001 Certification - Part 21: Clauses 8.3 - Design and Development

Published by Craig Thornton June 27, 2017