Management system guidance
8.4 Control of externally provided products and services
ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.
Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.
8.4.1 General
An external provider is a supplier, or any entity that provides goods, materials, knowledge, parts, assemblies, printed materials, services, software, or finished goods that feature, or are incorporated into your business’s final product or service.
All suppliers of products and services must be adequately controlled to ensure their products and services conform to specified purchase requirements. If you need a procedure and forms to help control your business's purchasing and procurement process, click here.
Suppliers are controlled via initial selection evaluations using self-assessment questionnaires, audits of the supplier’s quality management system, and audits of the supplier’s processes. The selection criteria for potential suppliers, and the subsequent decision rationale for the approval of suppliers must be documented and authorized.
Supplier evaluation
What is the scope, extent and criteria for evaluating suppliers and who decides? Organizations should evaluate and approve each supplier prior to proceeding with the supplier approval. The supplier evaluations are completed to determine if each supplier is capable of meeting quality, delivery, and performance requirements. A typical supplier evaluation might include:
- Gathering and analysis of data (such as technological and operational capabilities, logistics, quality, technical risks) about the supplier;
- An on-site assessment of the quality system or compliance review by your Audit staff;
- Completing and signing a quality agreement or contract.
Businesses often assess the supplier’s facilities, quality system, and process controls to determine if there is potential impact on their own manufacturing or service provision processes.
- Assign risk levels on parts/materials, as appropriate;
- Determine if there is potential product or regulatory risk;
- Confirm the capability of the supplier to supply or manufacture to requirements.
All suppliers should be given an overall performance rating between 0-100%. Set the minimum performance threshold or benchmark to 95% for example. The resulting performance rating is an indication of a supplier’s performance ability and their ability to meet your requirements. Retain records of supplier evaluations and the related actions.
Supplier approval
Approved suppliers must have satisfactorily demonstrated their ability to meet your business's requirements, as well as customer and legal requirements, as determined and evidenced by the initial supplier evaluation process.
Suppliers are often approved, or not approved, on the basis of financial standing, preferred cost, product expertise, past performance, technology, logistics, supply chain integrity, business risk, and any known significant environmental, or health and safety compliance issues.
If the supplier is acceptable, they should be added to your approved supplier list. Signed approval must be given by an authorized representative, typically the Quality Manager and the Purchasing, or Contracts Manager have the authority sign off on supplier approvals. The approval status of each supplier must be clearly authorized on your approved supplier list.
Monitoring supplier performance
The performance of suppliers must be consistently monitored by the Quality Manager and the Purchasing, or Contracts Manager. Various ways include the review of measures, targets, KPIs, score cards, dash-boards, scored ratings, or survey results. The ongoing monitoring of external providers and suppliers commonly use some of the following criteria to rate performance:
- An assessment of the quality and quantity of products, services or materials provided;
- On-time delivery performance;
- Supplier responsiveness/communication;
- Total number of corrective actions;
- Supplier response time;
- Defective parts per million (PPM);
- Total cost;
- A review of receiving records, inspection records, or acceptance records.
Businesses should periodically communicate these results to their suppliers as appropriate. On-site supplier audits and process audits at the supplier’s premises is deemed necessary by the Quality Manager and the Purchasing, or Contracts Manager.
Issues or conditions which might initiate a supplier audit include quality issues, engineering changes, process changes, plant location changes or the criticality of the part or service. When an audit is necessary, you should contact the supplier and schedule an on-site visit and confirm the agenda.
More information on PDCA
Planning
Context
Planning
Support
Doing
Support
Operations
Checking
Monitoring, measurement, analysis and evaluation
Acting
Improvement
Want to know more?
- Read our customer's feedback
- Client list - who's using our templates?
- How the templates are formatted and download examples
- Why we use turtle diagrams and process maps
- What's the difference between a process and a procedure?
- About documented information
SSL certification
A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.
Free PDCA guidance
ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.