Management system guidance

8.4 Control of externally provided products and services

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

8.4.2 Type and extent of control

|

This requirement is comparable to the requirements from ISO 9001:2008 Clauses 7.4.1 – Purchasing Process and Clause 7.4.3 - Verification of Purchased Product. You should seek and record evidence that your organization has ensured that the supplied product or service meets the specified requirements. If you need a procedure and forms to help control your business's purchasing and procurement process, click here.

Extent of supplier control

The extent of supplier control needs to be consistent with supplier performance and an assessment of product, material, or service risk. Control mechanisms may include a check of products at delivery, site acceptance tests, second-party supplier audits, etc. If supplier audits are required, this should be written in to the contracts with the suppliers.

Your organization's criteria for determining the need, type, frequency, and scope of second-party supplier audits must be based on a risk analysis. Issues that could trigger the need for a second-party supplier audit will include inputs from supplier performance indicators; risk assessment results, and follow-up of open issues from process and product audits.

The identification of applicable statutory and regulatory requirements needs to consider the country of receipt, shipment, and delivery. When special controls are required, your organization must implement these requirements and cascade those requirements down to your suppliers.

Externally provided processes must remain under your organizations QMS control and can be achieved through documented information that is aligned to ensure common inputs, outputs, controls, ownership, governance etc., between your organization's requirements and those that are used to interface with the supplier.

Controls and output

Purchase orders for items that are essential to fulfil customer requirements and directly affect the quality of your products and services should only be raised by the Purchasing Manager, or the Accounts Department (at the request of the Purchasing Manager). Purchase orders may be raised by the use of the computerised purchasing system or soft backed purchase order books. Purchase orders should contain:

  1. Supplier;
  2. Originator;
  3. Date;
  4. Purchase Order Number;
  5. Items required;
  6. Quantities;
  7. Required delivery date;
  8. Quoted prices where applicable or known;
  9. Any other information deemed critical for the supply of the material should also be noted.

Ensure that purchase orders or purchasing specifications include, where appropriate the requirements for the approval and acceptance of products, services, procedures, processes or equipment. Purchasing documentation should also define the requirements for approval of the supplier’s personnel, verification arrangements, or quality management system requirements as necessary.

All purchase orders or purchasing specifications must be reviewed and approved before they are released to the supplier. Where appropriate, ensure the requirements for certification, inspection reports, statistical data, approval of samples, etc. are included in purchasing documents.

Some purchasing documents may include an agreement obligating your suppliers to give notification of changes to their product or service. When notification is received, the Quality Manager and the Purchasing, or Contracts Manager should evaluate how, and whether the changes affect the quality of your completed products or services.

|

More information on PDCA

Planning

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities
    5.4 Consultation & Participation
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives
 

Doing

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
7.1.1 Resources - General
7.1 Resources 7.1 Resources
7.1.2 People 7.2 Competence 7.2 Competence
7.1.3 Infrastructure
7.3 Awareness 7.3 Awareness
7.1.4 Operational Environment 7.4.1 Communcation - General 7.4.1 Communcation - General
7.1.5 Monitoring & Measuring 7.4.2 Internal Communcation 7.4.2 Internal Communcation
7.1.6 Organizational Knowledge 7.4.3 External Communcation 7.4.3 External Communcation
7.2 Competence 7.5 Documented Information 7.5 Documented Information
7.3 Awareness    
7.4 Communcation    
7.5 Documented Information    

 

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
8.1 Operational Planning & Control
8.1 Operational Planning & Control 8.1.1 General
8.2.1 Customer Communication 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.2.2 Determining Requirements
  8.1.3 Management of Change
8.2.3 Reviewing Requirements   8.1.4 Outsourcing
8.2.4 Changes in Requirements
  8.2 Emergency Preparedness
8.3.1 Design Development - General    
8.3.2 Design Development - Planning
   
8.3.3 Design Development - Inputs    
8.3.4 Design Development - Controls    
8.3.5 Design Development - Outputs    
8.3.6 Design Development - Changes    
8.4.1 External Processes - General    
8.4.2 Purchasing Controls    
8.4.3 Purchasing Information    
8.5.1 Production & Service Provision    
8.5.2 Identification & Traceability    
8.5.3 3rd Party Property    
8.5.4 Preservation    
8.5.5 Post-delivery Activities    
8.5.6 Control of Changes    
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    
 

Checking

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
9.1.1 Performance Evaluation 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.1.2 Customer Satisfaction 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.1.3 Analysis & Evaluation 9.2 Internal Audit 9.2 Internal Audit
9.2 Internal Audit 9.3 Management Review 9.3 Management Review
9.3 Management Review    
 

Acting

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement
 

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.