ISO 9001 Consulting - Tips On Outsourced Processes

ISO 9001 Consulting
- Tips on outsourced processes
What is the ISO 9001:2008 requirement for outsourced processes?
This article provides guidance on the intent of ISO 9001:2008 clause 4.1 on the control of outsourced processes. ISO 9001:2008 clause 4.1 states:

What is the definition of an outsourced process?
An “outsourced process” is a process that the organization has identified as being needed for its quality management system (QMS), but one which it has chosen to be carried out by an external party outside the managerial control of your facility and not subject to the same QMS.

An outsourced process may be performed by a supplier that is totally independent from the organization, or which is owned by the same parent organization (e.g., a separate department or division not subject to the same QMS). It may be provided on-site within the physical premises or work environment of the organization or off-site at an independent site.

Examples of such processes include: - strategic planning done at head office; purchasing or design done at head office or another location; heat treating; painting; welding, calibration; testing; sort; human resources; information technology; etc., peformed by an outside organization. A manufacturing company may outsource welding, heat treatment or painting of product. A software company may outsource software development. A bank may outsource check clearing services.

How should outsourced processes be controlled?
The intent of Clause 4.1 is to emphasize that when an organization chooses to outsource (permanently or temporarily) a process that affects product conformity with requirements, it cannot simply ignore this process or exclude it from the QMS. The organization has to demonstrate it exercises sufficient control to ensure the process is performed according to the relevant ISO 9001:2008 requirements, as well as, the requirements of the organizations QMS.

The nature and extent of control will depend on the importance of the outsourced process, the risk involved, and the competence of the supplier. Also, the outsourced process will interact with other processes (either carried out by the organization or outsourced). These interactions must be managed as required by ISO 9001:2008 clauses 4.1.a and 4.1.b.

The acquisition and control of an outsourced process will normally be subject to the requirements of both ISO 9001:2008 clause 7.4 (Purchasing) and clause 4.1 (General Requirements) and many of other clause 7.0 requirements especially clause 7.1. In some situations, the organization might not actually “purchase” the outsourced process. It might receive the service from head office or from another division, without a monetary transaction taking place. Regardless of these circumstances, ISO 9001:2008 Clauses 7.4, 4.1 and 7.1 are still applicable.

An organization will typically face two situations that frequently must be considered when deciding the appropriate level of control of an outsourced process:

1. Where an organization has the competence and ability to carry out a process, but chooses to outsource that process (for commercial or other reasons), the process control criteria should already have been defined and can be transposed into requirements for the supplier, if necessary.

2. Where the organization does not have the competence to carry out the process itself, and chooses to outsource it, the organization has to ensure the controls proposed by the supplier of the outsourced process are adequate. In some cases, it may be necessary to involve external specialists in making this evaluation.

It may be convenient, or even necessary, to define some or all of the methods to be used for control of the outsourced processes in a contract between the organization and the supplier. Care should be taken, however, not to inhibit the supplier from proposing innovations to the outsourced process.

In some situations, it might not be possible to verify the output from the outsourced process by subsequent monitoring or measurement. In these cases, the organization needs to ensure that the control over the outsourced process includes process validation in accordance with ISO 9001:2008 clause 7.5.2.

Important tips

1.Make sure you include all outsourced processes affecting product quality, in the scope of your QMS. You must be able to demonstrate sufficient controls over outsourced processes to ensure that such processes are performed according to the relevant requirements of ISO 9001:2008. The nature and scope of such control will depend on the nature of the outsourced or subcontracted process and the risk involved.

2.Outsourced processes may be controlled in any number of ways, e.g., asking for ISO 9001 certification; providing the outsourcer with product specifications; your supplier quality manual that they must meet; asking for inspection and test results or certificates of compliance; validation of outsourced process; conducting product and QMS audits of your outsourcer; etc. The expectation here is that you flow down to your supplier, the relevant ISO 9001 requirements that you would have to implement, had the process been performed in your own facility under your QMS control.

Where can I get further help?
This article is an excerpt from my eBook, “Understanding ISO 9001:2000”. This book provides a complete and in-depth coverage of all ISO clause requirements and well as key quality management principles and concepts. It is an excellent guide for QMS development, maintenance or improvement.

Need Training or Consultancy help?
Ask Art Solutions has significant expertise in all of the implementation steps and can help you fast track your way to an effective and profitable QMS.
If you need help in developing or implementing your ISO 9001:2008 QMS, please call us at 905-593-8867 for a no obligation review of your needs.

Your Feedback is valuable
If this article was informative or if you would like to provide feedback, do send us an email with your comments.
If you feel this FAQ could help your supplier, customer or other business associate, feel free to refer our website to them