Guidance

Purchasing

The ISO Navigator™ database hyperlinks the ISO 9000 principles and the ISO 9001 requirements; and explains them in plain English with practical guidance.

This guidance has been superseded by ISO 9001:2015 Clause 8.4.1 General. If you want to see a comparison matrix that correlates the requirements of ISO 9001:2008 to the revised requirements of ISO 9001:2015, please click here to begin comparing.

Our range of ISO 9001:2015 quality manuals and integrated manual templates cover the requirements of ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement and document your organization's quality management system or integrated management system.

ISO 9001:2008: Supplier evaluation 7.4.1 (superseded)

Evaluate and select suppliers based on their ability to meet your requirements by deciding what is important, e.g. criteria. Supplier evaluation and approval can be based on previous performance, the results of supplier audits or questionnaires, but these are not are not mandatory. This guidance has been updated for ISO 9001:2015, please click here to review the changes.

Maintain records of suppliers that you approve, using an approved supplier list. The onus is on the organization to prove that they control the quality of any input, service or supply which could impact product quality. You can download a free copy of the ISO 9001:2008 purchasing procedure in .docx format.

Try to limit the use of the term 'supplier' to those suppliers whose product or service has direct a impact or effect on the quality of your own product or service. This does not normally include products and services that the organization uses, e.g. proprietary office materials and equipment that do not directly impact on product or service performance.

If you're looking for ISO 9001:2015 quality management system templates, please click here for more information.

Supplier selection

All potential new suppliers should complete a supplier quality questionnaire since the questionnaire will provide an initial overview of the supplier’s organization. After the completed questionnaire has been evaluated, a decision can be made regarding the level of approval to be granted. This should be based on the requirement for further, future action, such as an audit of the supplier's quality system.

Approval is often granted for a three-year period, thereafter, a further review should be conducted either by audit or by questionnaire. Also considered, as part of the three-year review, is previous performance data analysed to assess the applicability for continued business.

You could consider dividing your suppliers into groups based on the product or service they provide and what effect it has on the quality of your products or processes. There is no ‘right way’ for vetting suppliers. To meet the intent of the clause you simply need to establish a process with properly documented criteria which are based upon customer requirements. Such criteria might include:

  1. Ability to understand product requirements
  2. Capability to meet specifications, e.g. men, machines, materials, method
  3. Logistical capacity
  4. Operates a compliant QMS
  5. Credit worthy
  6. Having passed a second party audit of their QMS
  7. Capacity to work on continuous improvement
  8. Commitment to cost reduction

Approved suppliers list

You should implement a process to define and control the selection and use of external services and suppliers, and records both of the suppliers used and of their quality level. This means that you should compile a list of approved suppliers with, where appropriate, a list of the goods or services that each is approved to supply.

The quality manager should review the approved suppliers list at least annually and should review any particular supplier immediately if problems become apparent. There must be a general instruction that any staff member who has problems with the quality of materials, goods or services, should report them to the quality manager as this ensures that all of the information comes together at one point.

Supplier audit checklist

On site audits can be conducted as part of the initial introduction and vetting process. The decision to audit a newly identified supplier may depend on many aspects such as criticality of supply, approvals held, location and financial implications. Notification of the audit and a scope must be given to the supplier well in advance of the actual audit.

Free Downloads
Supplier Audit Checklist 21 page audit checklist covering 16 supplier aspects

Using non-ISO 9001 registered suppliers

There is an urban myth that you can only deal with other ISO 9001 approved companies. This is NOT an ISO 9001 requirement. You may decide the selection criteria that suit your requirements and ensure that non-registered suppliers conform to your QMS requirements. Supplier performance must re-evaluated periodically using data analysis techniques.

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.

Planning

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities
    5.4 Consultation & Participation
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives
 

Doing

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
7.1.1 Resources - General
7.1 Resources 7.1 Resources
7.1.2 People 7.2 Competence 7.2 Competence
7.1.3 Infrastructure
7.3 Awareness 7.3 Awareness
7.1.4 Operational Environment 7.4.1 Communcation - General 7.4.1 Communcation - General
7.1.5 Monitoring & Measuring 7.4.2 Internal Communcation 7.4.2 Internal Communcation
7.1.6 Organizational Knowledge 7.4.3 External Communcation 7.4.3 External Communcation
7.2 Competence 7.5 Documented Information 7.5 Documented Information
7.3 Awareness    
7.4 Communcation    
7.5 Documented Information    
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
8.1 Operational Planning & Control
8.1 Operational Planning & Control 8.1.1 General
8.2.1 Customer Communication 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.2.2 Determining Requirements
  8.1.3 Management of Change
8.2.3 Reviewing Requirements   8.1.4 Outsourcing
8.2.4 Changes in Requirements
  8.2 Emergency Preparedness
8.3.1 Design Development - General    
8.3.2 Design Development - Planning
   
8.3.3 Design Development - Inputs    
8.3.4 Design Development - Controls    
8.3.5 Design Development - Outputs    
8.3.6 Design Development - Changes    
8.4.1 External Processes - General    
8.4.2 Purchasing Controls    
8.4.3 Purchasing Information    
8.5.1 Production & Service Provision    
8.5.2 Identification & Traceability    
8.5.3 3rd Party Property    
8.5.4 Preservation    
8.5.5 Post-delivery Activities    
8.5.6 Control of Changes    
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    
 

Checking

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
9.1.1 Performance Evaluation 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.1.2 Customer Satisfaction 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.1.3 Analysis & Evaluation 9.2 Internal Audit 9.2 Internal Audit
9.2 Internal Audit 9.3 Management Review 9.3 Management Review
9.3 Management Review    
 

Acting

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement