Management system guidance

8.4 Control of externally provided products and services

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

8.4.1 General

|

An external provider is a supplier, or any entity that provides goods, materials, knowledge, parts, assemblies, printed materials, services, software, or finished goods that feature, or are incorporated into your business’s final product or service.

All suppliers of products and services must be adequately controlled to ensure their products and services conform to specified purchase requirements. If you need a procedure and forms to help control your business's purchasing and procurement process, click here.

Suppliers are controlled via initial selection evaluations using self-assessment questionnaires, audits of the supplier’s quality management system, and audits of the supplier’s processes. The selection criteria for potential suppliers, and the subsequent decision rationale for the approval of suppliers must be documented and authorized.

Supplier evaluation

What is the scope, extent and criteria for evaluating suppliers and who decides? Organizations should evaluate and approve each supplier prior to proceeding with the supplier approval. The supplier evaluations are completed to determine if each supplier is capable of meeting quality, delivery, and performance requirements. A typical supplier evaluation might include:

  1. Gathering and analysis of data (such as technological and operational capabilities, logistics, quality, technical risks) about the supplier;
  2. An on-site assessment of the quality system or compliance review by your Audit staff;
  3. Completing and signing a quality agreement or contract.

Businesses often assess the supplier’s facilities, quality system, and process controls to determine if there is potential impact on their own manufacturing or service provision processes.

  1. Assign risk levels on parts/materials, as appropriate;
  2. Determine if there is potential product or regulatory risk;
  3. Confirm the capability of the supplier to supply or manufacture to requirements.

All suppliers should be given an overall performance rating between 0-100%. Set the minimum performance threshold or benchmark to 95% for example. The resulting performance rating is an indication of a supplier’s performance ability and their ability to meet your requirements. Retain records of supplier evaluations and the related actions.

Supplier approval

Approved suppliers must have satisfactorily demonstrated their ability to meet your business's requirements, as well as customer and legal requirements, as determined and evidenced by the initial supplier evaluation process.

Suppliers are often approved, or not approved, on the basis of financial standing, preferred cost, product expertise, past performance, technology, logistics, supply chain integrity, business risk, and any known significant environmental, or health and safety compliance issues.

If the supplier is acceptable, they should be added to your approved supplier list. Signed approval must be given by an authorized representative, typically the Quality Manager and the Purchasing, or Contracts Manager have the authority sign off on supplier approvals. The approval status of each supplier must be clearly authorized on your approved supplier list.

Monitoring supplier performance

The performance of suppliers must be consistently monitored by the Quality Manager and the Purchasing, or Contracts Manager. Various ways include the review of measures, targets, KPIs, score cards, dash-boards, scored ratings, or survey results. The ongoing monitoring of external providers and suppliers commonly use some of the following criteria to rate performance:

  1. An assessment of the quality and quantity of products, services or materials provided;
  2. On-time delivery performance;
  3. Supplier responsiveness/communication;
  4. Total number of corrective actions;
  5. Supplier response time;
  6. Defective parts per million (PPM);
  7. Total cost;
  8. A review of receiving records, inspection records, or acceptance records.

Businesses should periodically communicate these results to their suppliers as appropriate. On-site supplier audits and process audits at the supplier’s premises is deemed necessary by the Quality Manager and the Purchasing, or Contracts Manager.

Issues or conditions which might initiate a supplier audit include quality issues, engineering changes, process changes, plant location changes or the criticality of the part or service. When an audit is necessary, you should contact the supplier and schedule an on-site visit and confirm the agenda.

|

More information on PDCA

Planning

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities
    5.4 Consultation & Participation
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives
 

Doing

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
7.1.1 Resources - General
7.1 Resources 7.1 Resources
7.1.2 People 7.2 Competence 7.2 Competence
7.1.3 Infrastructure
7.3 Awareness 7.3 Awareness
7.1.4 Operational Environment 7.4.1 Communcation - General 7.4.1 Communcation - General
7.1.5 Monitoring & Measuring 7.4.2 Internal Communcation 7.4.2 Internal Communcation
7.1.6 Organizational Knowledge 7.4.3 External Communcation 7.4.3 External Communcation
7.2 Competence 7.5 Documented Information 7.5 Documented Information
7.3 Awareness    
7.4 Communcation    
7.5 Documented Information    
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
8.1 Operational Planning & Control
8.1 Operational Planning & Control 8.1.1 General
8.2.1 Customer Communication 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.2.2 Determining Requirements
  8.1.3 Management of Change
8.2.3 Reviewing Requirements   8.1.4 Outsourcing
8.2.4 Changes in Requirements
  8.2 Emergency Preparedness
8.3.1 Design Development - General    
8.3.2 Design Development - Planning
   
8.3.3 Design Development - Inputs    
8.3.4 Design Development - Controls    
8.3.5 Design Development - Outputs    
8.3.6 Design Development - Changes    
8.4.1 External Processes - General    
8.4.2 Purchasing Controls    
8.4.3 Purchasing Information    
8.5.1 Production & Service Provision    
8.5.2 Identification & Traceability    
8.5.3 3rd Party Property    
8.5.4 Preservation    
8.5.5 Post-delivery Activities    
8.5.6 Control of Changes    
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    
 

Checking

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
9.1.1 Performance Evaluation 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.1.2 Customer Satisfaction 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.1.3 Analysis & Evaluation 9.2 Internal Audit 9.2 Internal Audit
9.2 Internal Audit 9.3 Management Review 9.3 Management Review
9.3 Management Review    
 

Acting

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement
 

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.