Management system guidance

8.4 Control of externally provided products and services

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

8.4.2 Type and extent of control

This requirement is comparable to the requirements from ISO 9001:2008 Clauses 7.4.1 – Purchasing Process and Clause 7.4.3 - Verification of Purchased Product. You should seek and record evidence you’re your organization has ensured that the supplied product or service meets the specified requirements. Confirm that your organization has established and implement a process of inspection to ensure that purchased products conform to:

  1. Purchase orders;
  2. Delivery notes;
  3. Product specifications;
  4. National or international standards.

You could consider dividing your suppliers into groups based on the product or service they provide and what effect it has on the quality of your products or processes, e.g. level I/II/III/etc.

Based on those categories, you can define the criteria for supplier evaluation and approval. You are free to define your supplier levels and approval parameters accordingly, but, whatever rationale is opted for, it should be properly documented.

Externally provided processes remain within the organizations QMS control e.g. documented information is aligned to ensure common inputs, outputs, controls, ownership, governance etc., between the organization requirements and those that are used to interface with the external provider.

Control mechanisms may include a check of products at delivery, site acceptance tests, supplier audits, etc. If supplier audits are required, this should be in the contracts with the suppliers. There is a section within the external providers register that focuses on controls.

There is no ‘right way’ for vetting suppliers. To meet the intent of the clause you simply need to establish a process with properly documented criteria which are based upon customer requirements. Such criteria might include:


  1. Ability to understand product requirements;
  2. Capability to meet product specifications, e.g. men, machines, materials, method;
  3. Logistical capacity;
  4. Operates a compliant QMS or other management system.


  1. Credit worthy;
  2. Legally registered;

Your specific requirements:

  1. Having passed a second party audit of their QMS;
  2. Capacity to work on continuous improvement;
  3. Commitment to cost reduction.

More information on PDCA


4.1 Understanding Context 4.2 Interested Parties 4.3 Determining Scope
4.4 Management System Processes  
5.1 Leadership and Commitment 5.2 Policies 5.3 Roles, Responsibility and Authority
6.1 Address Risk and Opportunity 6.2 System Objectives and Planning 6.3 Planning for Change


7.1 Resources 7.2 Competence 7.3 Awareness
7.4 Communication 7.5 Documented Information
8.1 Operational Planning and Control 8.2 Requirements for Products and Services 8.3 Design & Development
8.4 Externally Provided Products and Services 8.5 Product and Service Provision 8.6 Release of Products and Services
8.7 Non-conforming Outputs 8.8 Emergency Preparedness 8.9 Accident and Incident Investigation


9.1 Monitor, Measure, Analyse and Evaluate 9.2 Internal Audit 9.3 Management Review


10.1 Improvement - General 10.2 Non-Conformity and Corrective Action 10.3 Continual Improvement

Free internal audit checklists

Check out our free internal audit checklists. The audit checklist template is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements.

Client list

Over 8,000 companies and globally recognized brands have relied on our templates to provide a path to improve, collaborate, and to enhance their operations to achieve certification, please see our client list for more information.