The standard requires organization to define the type and extent of control exercised over supplier and goes on to require that these controls be dependent upon the type of product, the impact of the product on the quality of the final product, and, where applicable, on the quality audit reports and/or quality records of the previously demonstrated capability and performance of supplier. The extent of supplier control needs to be consistent with supplier performance and an assessment of product, material, or service risk. Control mechanisms may include a check of products at delivery, site acceptance tests, second-party supplier audits, etc. If supplier audits are required, this should be written in to the contracts with the suppliers.Your organization’s criteria for determining the need, type, frequency, and scope of second-party supplier audits must be based on a risk analysis. Issues that could trigger the need for a second-party supplier audit will include inputs from supplier performance indicators; risk assessment results, and follow-up of open issues from process and product audits.The identification of applicable statutory and regulatory requirements needs to consider the country of receipt, shipment, and delivery. When special controls are required, your organization must implement these requirements and cascade those requirements down to your suppliers.Externally provided processes must remain under your organizations QMS control and can be achieved through documented information that is aligned to ensure common inputs, outputs, controls, ownership, governance etc., between your organization’s requirements and those that are used to interface with the supplier. In the automotive industry, the type and extent of control of externally provided processes, products, and services are crucial to ensure the overall quality, safety, and reliability of the final automotive products. Automotive manufacturers often collaborate with a wide range of suppliers and service providers to obtain components, materials, and various services necessary for the production process. Managing these external sources effectively is vital to maintain consistency and meet industry standards. The control measures typically include:
- Supplier selection and evaluation: Automotive companies must carefully choose suppliers based on their ability to meet quality standards, capacity, delivery timelines, financial stability, and other relevant criteria. Regular evaluations and performance assessments help maintain control and ensure continuous improvement.
- Quality management system: Automotive manufacturers usually require their suppliers to maintain an effective quality management system (QMS) that complies with industry standards, such as ISO 9001. This system ensures that the suppliers adhere to strict quality control procedures, including incoming inspections, process controls, and final product verification.
- Supplier audits: Regular on-site audits are performed to assess supplier processes, facilities, and quality management systems. This helps identify any potential issues and ensures compliance with agreed-upon standards and requirements.
- Supplier agreements and contracts: Clear contractual agreements are established with suppliers that outline the specific requirements, responsibilities, and expectations. These agreements may cover quality specifications, delivery schedules, intellectual property rights, and other crucial terms.
- Traceability and documentation: It is essential to maintain traceability of components and materials back to their original sources. This includes documenting the supplier’s details, batch/lot numbers, and relevant certifications to enable effective recall management and identify potential issues.
- Supplier collaboration and communication: Open and effective communication channels between the automotive manufacturer and the suppliers are essential for addressing challenges, sharing information, and fostering a cooperative working relationship.
- Risk management: Automotive companies must assess and manage potential risks associated with externally provided processes, products, and services. This could include risks related to quality, delivery, cost, or changes in regulations.
- Change control: Any changes to externally provided processes, products, or services should be adequately controlled and communicated to ensure the automotive manufacturer’s requirements are consistently met.
- Continual improvement: Collaboration with suppliers should involve a focus on continuous improvement. This includes encouraging suppliers to innovate, optimize their processes, and enhance product quality.
- Compliance with industry regulations: Automotive manufacturers and their suppliers must adhere to industry-specific regulations and standards to ensure compliance and meet legal requirements.
By implementing these control measures, the automotive industry can maintain consistency, improve product quality, and mitigate risks associated with externally provided processes, products, and services.
Clause 18.104.22.168 Type and extent of control
In addition to the requirements given in ISO 9001:2015 Clause 8.4.2 Type and extent of control, Clause 22.214.171.124 requires that the organization have a documented process to identify outsourced processes and to select the types and extent of controls used to verify conformity of externally provided products, processes, and services to internal (organizational) and external customer requirements.The process shall include the criteria and actions to escalate or reduce the types and extent of controls and development activities based on supplier performance and assessment of product, material, or service risks.
In the context of quality management systems, the organization must have a documented process to identify outsourced processes and to select the types and extent of controls used to verify conformity of externally provided products, processes, and services to internal (organizational) and external customer requirements. This process is essential to ensure that the products and services provided by external suppliers meet the organization’s quality standards and, ultimately, customer expectations.Here are the key steps typically involved in the documented process:
- Identification of Outsourced Processes: The organization must first identify all the processes, products, and services that are outsourced to external suppliers. This can involve assessing the various stages of the organization’s operations to determine where external providers are involved, including the supply of raw materials, components, or specific manufacturing or service processes.
- Risk Assessment and Criticality Analysis: Once the outsourced processes are identified, the organization should perform a risk assessment and criticality analysis to determine the potential impact of these external processes on the final product or service. This analysis helps prioritize the level of control required for each outsourced process.
- Selection of External Providers: Based on the risk assessment, the organization selects external providers who can meet the required quality standards. This involves supplier evaluation and assessment to ensure their capabilities align with the organization’s needs.
- Establishing Control Measures: The organization then defines the types and extent of controls needed to verify conformity of externally provided products, processes, and services. These controls may include quality specifications, performance criteria, inspection, testing, monitoring, and any other relevant requirements to ensure compliance with organizational and customer requirements.
- Contractual Agreements: Clear and detailed contractual agreements are established with the selected external providers. These agreements outline the requirements, responsibilities, and expectations related to quality, delivery, communication, intellectual property, and other relevant aspects.
- Performance Monitoring and Measurement: The organization monitors and measures the performance of external providers regularly. This can include conducting audits, reviewing performance metrics, customer feedback, and any non-conformances or corrective actions related to externally provided processes or products.
- Communication and Collaboration: Open communication channels are maintained with external providers to address issues, provide feedback, and foster a collaborative relationship focused on continuous improvement.
- Change Management: Any changes in outsourced processes, products, or services are controlled and communicated effectively to ensure ongoing conformity with requirements.
- Record Keeping: The organization maintains documented information related to the entire process, including supplier evaluation, controls, audits, and performance evaluation.
By having a well-documented process for controlling externally provided processes, products, and services, the organization can enhance the overall quality of its products or services, minimize risks, and ensure customer satisfaction.
Dynamic Control Process for Externally Provided Processes, Products, and Services in the Automotive Industry
The process should include specific criteria and actions for escalating or reducing the types and extent of controls and development activities based on supplier performance and assessment of product, material, or service risks. This dynamic approach allows the organization to adjust its control measures and collaboration with suppliers based on their performance and the risks associated with the provided products or services. Here’s how this aspect can be incorporated into the process:
- Supplier Performance Evaluation: The organization should regularly evaluate the performance of its external suppliers against predefined key performance indicators (KPIs) and quality metrics. These evaluations could include criteria such as on-time delivery, product quality, responsiveness, compliance with specifications, and customer feedback.
- Risk Assessment and Criticality Analysis: In parallel with supplier performance evaluation, the organization should continually assess the risks associated with the supplied products, materials, or services. This assessment can be based on factors such as criticality to final product quality, potential impact on customer satisfaction, regulatory compliance, and financial implications.
- Escalation Criteria: Specific criteria should be established that trigger the need for escalated controls and development activities. For example, if a supplier consistently fails to meet quality standards, delivery schedules, or other critical requirements, this could warrant an escalation in monitoring, increased inspection, or even a search for alternative suppliers.
- Reduction Criteria: On the other hand, the process should also outline criteria that would allow the organization to reduce the level of controls and development activities for well-performing suppliers with low-risk products or services. This could include streamlining inspection processes or conducting audits less frequently.
- Collaborative Improvement Plans: If a supplier’s performance or risk assessment indicates areas of concern, the organization should work collaboratively with the supplier to develop improvement plans. These plans should outline specific actions and timelines to address the identified issues and enhance performance.
- Continuous Communication: Regular communication with suppliers is vital in this process. It allows the organization and suppliers to exchange feedback, address concerns, and jointly identify opportunities for improvement.
- Documentation and Records: All supplier performance evaluations, risk assessments, escalation, and reduction actions should be well-documented to maintain a clear history of the supplier relationship and the decisions made.
- Management Review: The results of the supplier performance evaluations and risk assessments, as well as any actions taken, should be reviewed periodically by top management to ensure the effectiveness of the control process and to make informed decisions regarding supplier relationships.
By incorporating criteria and actions to escalate or reduce control measures and development activities based on supplier performance and risk assessment, the organization can ensure that the control process remains flexible, adaptable, and aligned with the goal of continuously improving product and service quality.
Defining subcontractor controls
When carrying out supplier surveillance you will need a plan which indicates what you intend to do and when you intend to do it. You will also need to agree the plan with your supplier. If you intend witnessing certain tests, the supplier will need to give you advanced warning of its commencement so that you may attend. The quality plan would be a logical place for such controls to be defined. Some companies produce a Quality Assurance Requirement Specification to supplement supplier requirement and also produce a Surveillance Plan. In most other cases the controls may be defined on the reverse side of the purchase order as standard conditions coded and selected for individual purchases.
Selecting the degree of control
The degree of control you need to exercise over your suppliers depends on the confidence you have in their ability to meet your requirements. In deter mining the degree of control to be exercised you need to establish whether:
- The quality of the product or service can be verified by you on receipt using your normal inspection and test techniques. (This is the least costly of methods and usu ally applies where achievement of the requirements is measurable by examination of the end product.)
- The quality of the product can be verified by you on receipt providing you acquire additional equipment or facilities. (More costly than the previous method but may be economic if there is high utilization of the equipment.)
- The quality of the product can be verified by you witnessing the final acceptance tests and inspections on the suppliers’s premises. (If you don’t possess the necessary equipment or skill to carry out product verification, this method is an economic compromise and should yield as much confidence in the product as the previous methods. You do, however, need to recognize that your presence on the supplier’s premises may affect the results. They may omit tests which are problematical or your presence may cause them to be particularly diligent, a stance which may not be maintained when you are not present.)
- The verification of the product could be contracted to a third party. (This can be very costly and is usually only applied with highly complex products and where safety is of paramount importance.)
- The quality of the product can only be verified by the subcontractor during its design and manufacture. (In such cases you need to rely on what the contractor tells you and to gain sufficient confidence you can impose quality system requirements, require certain design, manufacturing, inspection, and test documents to be submitted to you for approval, and carry out periodic audit and surveillance activities. This method is usually applied for one-off systems or small quantities when the stability of a long production run cannot be achieved to resolve problems.)
As a minimum you need some means of verifying that the supplier has met the requirements of your subcontract/order and the more unusual and complex the requirements, the more control will be required. If you have high confidence in a particular supplier you can concentrate on the areas where failure is more likely. If you have no confidence, you will need to exercise rigorous control until you gain sufficient confidence to relax the controls. Your supplier control procedures need to provide the criteria for selecting the appropriate degree of control and for selecting the activities you need to perform.
Supplier delivery performance
The organization is to require 100% on-time delivery performance from the supplier. A 100% on—time delivery performance means that your supplier must deliver supplies within the time window you specify. Unless you so specify, they do not need to operate a just-in time system but it is obviously less costly to you if they do. It all depends on the quantities and volume you require and your consumption rate. With a fast consumption rate, you would need the space to store product pending use. The just-in time system avoids this by allowing shipment directly to the production line. In order that your subcontractors can achieve 100% on-time delivery, you need to provide the same type of information and make the same commitments as your customer will to enable you to meet 100% on-time delivery to them . You therefore need to inform your supplier of your production schedule and release orders to your supplier based on that schedule. If operating under a ship-to-stock system, you will need a means of notifying your supplier when stocks drop to the minimum level. Under such arrangements, you do not need a purchase order for every delivery as one order specifying the shipment rate will suffice. The organization must implement a system to monitor the delivery performance of supplier with corrective actions taken as appropriate, including tracking incidents of premium freight. Delivery advice notes will be needed to match shipments to inventory and to trace problems should the need arise. A shipment notification system similar to that which you need to have with your customer will also be necessary in order to alert you to any shipment difficulties. A simple database to record planned deliveries against actual deliveries and incidents of premium freight usage may suffice. However, you will need to take account of changes in planned deliveries and therefore you will need to link the notification system with the recording system so that the two are compatible at all times. Before accepting the supplier’s quotation you need to establish what provisions have been made for shipping product and it is at that stage that the freight arrangements should be agreed. If you neglect to specify any freight provisions and later discover the freight costs excessive, you may find you have agreed unwittingly to the supplier compensating for delays by speedier and more costly transportation. This does need to be monitored.
Verification at supplier’s premises
The organization is to specify verification arrangements and the method of product release in the purchasing documents where it is proposed that purchased product is verified at the supplier’s premises. It is important that you inform the supplier through the contract of how the product or service will be accepted. Will it be as a result of receipt inspection at the specified destination or as a result of acceptance tests witnessed on site by your authorized representative? These details need to be specified at the contracting stage so that the supplier can make provision in the quotation to support any of your activities on site.You need to specify a provision in your contract, otherwise you may lose the right to reject the product later. There is no requirement for you to document your proposal to verify product at the supplier’s premises but such a plan would indeed be a useful section in any quality plan that you produced.