ISO 9001:2015 Clause 8.4 Control of externally provided processes, products and services

ISO 9001:2015 19 Minutes

8.4.1 General
The organization shall ensure that externally provided processes, products and services conform to requirements.
The organization shall determine the controls to be applied to externally provided processes, products and services when:

  1. products and services from external providers are intended for incorporation into the organization’s own products and services;
  2. products and services are provided directly to the customer(s) by external providers on behalf of the organization;
  3. a process, or part of a process, is provided by an external provider as a result of a decision by the organization.

The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements. The organization shall retain documented information of these activities and any necessary actions arising from the evaluations.

1) The organization shall ensure that externally provided processes, products and services conform to requirements.

Ensuring that externally provided processes, products, and services conform to requirements involves a structured approach to supplier and vendor management within an organization. Here are steps and strategies to help achieve this:

  • Thoroughly vet and select suppliers and service providers based on their track record, capabilities, and alignment with your organization’s quality standards.
  • Implement a supplier evaluation process that assesses their performance in terms of quality, delivery, reliability, and other relevant factors.
  • Clearly define and communicate your organization’s requirements to suppliers and service providers. This includes specifications, quality standards, delivery schedules, and any other relevant expectations.
  • Establish formal contracts or agreements that outline the terms, conditions, and quality expectations. These contracts should include provisions for compliance and consequences for non-compliance.
  • Conduct regular audits and assessments of your suppliers and service providers. These assessments should verify their compliance with your requirements and quality standards.
  • Consider using third-party audits for an unbiased evaluation.
  • Implement Key Performance Indicators (KPIs) to monitor supplier and service provider performance over time. This can include metrics related to on-time delivery, defect rates, and customer satisfaction.
  • Maintain open lines of communication with your suppliers. Encourage them to report any issues or potential problems promptly.
  • Collaborate with suppliers to address quality improvement opportunities and process optimizations.
  • Inspect incoming materials, components, or products from suppliers to verify their quality and conformity to specifications. Use statistical sampling techniques when appropriate.
  • Identify and assess risks associated with externally provided processes, products, and services. Develop contingency plans to mitigate these risks.
  • Diversify your supplier base to reduce the impact of a single supplier’s failure.
  • Provide necessary training and support to suppliers to help them understand and meet your quality requirements.
  • Offer guidance and assistance in areas where improvement is needed.
  • Continuously seek opportunities for improvement in your supplier and vendor relationships.
  • Regularly review and update your supplier management processes based on lessons learned and changing requirements.
  • Maintain detailed records of supplier performance, audits, inspections, and corrective actions taken.
  • Use these records for data-driven decision-making and as evidence of conformity to requirements.
  • Implement a process for addressing non-conformities promptly. This may include corrective actions and preventive actions.
  • Provide feedback to suppliers to help them improve their performance.

By following these steps and maintaining a proactive and collaborative relationship with your external providers, you can enhance the likelihood that externally provided processes, products, and services will conform to your organization’s requirements, ultimately contributing to the overall quality of your products or services.

2) The organization shall determine the controls to be applied to externally provided processes, products and services when products and services from external providers are intended for incorporation into the organization’s own products and services

When products and services from external providers are incorporated into an organization’s own products and services, it’s crucial to apply controls to ensure quality, compliance, and the seamless integration of these external components. Here are some key controls to consider:

  • Carefully select and qualify suppliers based on their ability to meet your organization’s quality and performance requirements.
  • Assess their track record, capabilities, quality control processes, and compliance with relevant standards.
  • Establish clear and comprehensive contractual agreements that outline quality standards, specifications, delivery schedules, and any other relevant requirements.
  • Define the roles and responsibilities of both parties regarding quality assurance and compliance.
  • Implement a robust quality assurance program that includes regular inspections and testing of the components or services provided by external providers.
  • Conduct incoming inspections to verify the quality of received components.
  • Maintain thorough documentation of all components and services received from external providers.
  • Establish traceability to track the origin and history of external components and services throughout the integration process.
  • Develop a change control process that addresses any changes made by external providers, including design changes, process modifications, or updates to specifications.
  • Ensure that changes are properly reviewed, approved, and documented.
  • Identify and assess the risks associated with external components and services. Develop contingency plans to mitigate potential issues that may arise.
  • Diversify your supplier base to reduce the risk of supply chain disruptions.
  • Conduct regular supplier audits to assess their performance and adherence to contractual agreements.
  • Monitor key performance indicators (KPIs) related to quality, delivery, and reliability.
  • Establish a process for handling non-conforming components or services received from external providers.
  • Implement corrective and preventive actions to address root causes and prevent recurrence.
  • Perform integration testing to ensure that the external components or services seamlessly integrate with your organization’s own products or services.
  • Verify that the integrated solution meets all functional and performance requirements.
  • Maintain proper documentation control to ensure that the integration process is well-documented, including specifications, test plans, and integration procedures.
  • Ensure that any changes to documentation are properly reviewed and approved.
  • Maintain open lines of communication with external providers to address any issues or concerns promptly.
  • Collaborate with providers to resolve integration challenges and optimize processes.
  • Continuously assess and improve your processes for incorporating external components and services.
  • Seek feedback from both internal teams and external providers to identify areas for enhancement.

By applying these controls, organizations can effectively manage the incorporation of external products and services into their own offerings, ensuring quality, compliance, and customer satisfaction while minimizing risks associated with external dependencies.

3) The organization shall determine the controls to be applied to externally provided processes, products and services when products and services are provided directly to the customer(s) by external providers on behalf of the organization;

When products and services are provided directly to the customer by external providers on behalf of the organization, it’s essential to establish controls to ensure that the customer experience aligns with the organization’s quality standards and expectations. Here are some key controls to consider:

  • Thoroughly vet and select external providers based on their ability to represent your organization effectively and provide high-quality products and services to customers.
  • Continuously evaluate their performance and adherence to quality and service standards.
  • Develop clear and comprehensive contractual agreements that define the scope of work, service levels, quality expectations, and any regulatory or compliance requirements.
  • Include SLAs that specify performance metrics and response times.
  • Implement a robust quality assurance program to monitor the external provider’s performance in real-time.
  • Establish mechanisms for ongoing monitoring and reporting of service quality and customer satisfaction.
  • Collect and analyze customer feedback related to the products and services provided by external providers.
  • Develop processes for addressing customer complaints and resolving issues promptly.
  • Ensure that external providers have a clear understanding of your organization’s values, culture, and customer service expectations.
  • Establish regular communication channels to exchange information and updates.
  • Define and track KPIs related to customer satisfaction, service quality, and compliance with contractual agreements.
  • Use performance metrics to identify areas for improvement.
  • Regularly review and update SLAs to reflect changing customer needs and organizational goals.
  • Collaborate with external providers to optimize service delivery processes.
  • Conduct periodic audits and compliance checks to ensure that external providers are adhering to contractual agreements and regulatory requirements.
  • Verify that their processes meet your organization’s quality standards.
  • Establish communication channels to keep customers informed about the arrangement with external providers.
  • Clearly communicate any changes or updates that may impact the customer experience.
  • Ensure that external providers handle customer data and sensitive information in compliance with data security and privacy regulations.
  • Implement safeguards to protect customer data throughout the service delivery process.
  • Develop contingency plans to address service interruptions or disruptions caused by external providers.
  • Ensure that there are backup options in place to minimize customer impact in case of unforeseen issues.
  • Include provisions in contracts that outline the process for transitioning services from one provider to another if necessary.
  • Develop a plan for a smooth transition without compromising customer satisfaction.
  • Collaborate with external providers to identify opportunities for improvement in service delivery, efficiency, and customer satisfaction.
  • Implement necessary changes to enhance the customer experience.

By applying these controls, organizations can effectively manage the delivery of products and services to customers by external providers while maintaining high standards of quality, customer satisfaction, and compliance with regulatory requirements. This helps ensure a positive customer experience and protects the organization’s reputation.

4) The organization shall determine the controls to be applied to externally provided processes, products and services when a process, or part of a process, is provided by an external provider as a result of a decision by the organization

When an organization decides to outsource a process or part of a process to an external provider, it’s crucial to establish controls to ensure that the outsourced activities are performed effectively, efficiently, and in alignment with the organization’s objectives. Here are key controls to consider when outsourcing a process:

  • Conduct a thorough evaluation of potential external providers to assess their capabilities, experience, and reliability.
  • Consider factors such as their track record, financial stability, compliance with relevant regulations, and alignment with your organization’s values and objectives.
  • Establish clear and comprehensive contractual agreements that define the scope of work, responsibilities, deliverables, performance expectations, quality standards, and any regulatory or compliance requirements.
  • Ensure that contracts include provisions for monitoring, reporting, and dispute resolution.
  • Develop SLAs that specify performance metrics, key performance indicators (KPIs), response times, and service quality standards.
  • Include penalties or incentives to motivate the external provider to meet or exceed performance targets.
  • Identify and assess potential risks associated with outsourcing the process, such as data security, intellectual property protection, and operational disruptions.
  • Develop risk mitigation strategies and contingency plans.
  • Ensure that the external provider complies with data security and confidentiality requirements.
  • Implement measures to protect sensitive information and intellectual property.
  • Establish a quality control process that includes regular audits of the external provider’s performance and deliverables.
  • Verify that the external provider’s processes align with your organization’s quality standards.
  • Maintain open communication channels with the external provider to discuss progress, address issues, and provide feedback.
  • Require regular reporting to track performance against agreed-upon metrics.
  • Develop a process for managing changes to the outsourced process. This includes changes in scope, requirements, or other factors that may impact the outsourcing arrangement.
  • Ensure that changes are properly documented, reviewed, and approved.
  • Include provisions in the contract for terminating or transitioning the outsourced process back in-house or to another provider if necessary.
  • Develop a plan for a smooth transition without compromising business continuity.
  • Collaborate with the external provider to identify opportunities for process improvement, cost reduction, and efficiency gains.
  • Implement necessary changes to enhance the overall value of the outsourcing arrangement.
  • Ensure that the external provider complies with all relevant laws and regulations that pertain to the outsourced process.
  • Conduct periodic compliance assessments.
  • Continuously evaluate the external provider’s performance and adherence to contractual obligations.
  • Foster a positive working relationship that encourages collaboration and mutual success.

By implementing these controls, organizations can effectively manage outsourced processes while minimizing risks, ensuring quality, and achieving their business objectives. Careful planning, monitoring, and communication are essential for successful outsourcing arrangements.

5) The organization shall determine and apply criteria for the evaluation of external providers based on their ability to provide processes or products and services in accordance with requirements

Determining and applying criteria for the evaluation of external providers based on their ability to provide processes, products, or services in accordance with requirements is a critical aspect of supplier or vendor management. Here’s a step-by-step guide on how an organization can effectively establish and apply these criteria:

  1. Identify Evaluation Criteria:
    • Begin by identifying the specific criteria that are essential for evaluating external providers. These criteria should align with the organization’s needs, objectives, and the nature of the products or services being sourced.
    • Common evaluation criteria may include quality, cost, delivery performance, reliability, compliance with regulatory requirements, financial stability, and environmental sustainability.
  2. Align with Organizational Objectives:
    • Ensure that the chosen criteria are directly aligned with the organization’s strategic goals and priorities. Consider how the performance of external providers impacts key outcomes.
  3. Determine Weighting and Importance:
    • Assign weights or importance levels to each evaluation criterion based on its relative significance to the organization’s objectives.
    • This weighting helps prioritize criteria, ensuring that critical aspects receive more attention during the evaluation process.
  4. Establish Clear Standards:
    • Define clear and measurable standards or benchmarks for each criterion. These standards should serve as a basis for assessment.
    • For example, quality standards may include acceptable defect rates or adherence to specific quality control processes.
  5. Develop a Scoring System:
    • Create a scoring or rating system that quantifies the performance of external providers against the established criteria.
    • The scoring system can be numerical or qualitative, depending on the nature of the criteria and their measurement.
  6. Data Collection and Documentation:
    • Collect relevant data and information on the performance of external providers. Data sources may include audits, inspections, customer feedback, and internal assessments.
    • Maintain comprehensive records of evaluations, including documentation of findings and scores.
  7. Regular Evaluation:
    • Implement a regular evaluation process, typically conducted at predefined intervals or triggered by specific events (e.g., a supplier’s performance issue).
    • Continuous monitoring ensures that external providers consistently meet requirements.
  8. Communication and Feedback:
    • Maintain open and constructive communication with external providers. Provide feedback on their performance, both positive and negative.
    • Encourage external providers to share their insights and feedback on the organization’s requirements and processes.
  9. Corrective Action and Improvement Plans:
    • If an external provider’s performance falls below acceptable levels, develop corrective action plans collaboratively to address the issues.
    • Track and verify the implementation of corrective actions to ensure improvement.
  10. Performance Reviews and Records:
    • Regularly review the supplier evaluation records and use them for decision-making, supplier development, and supplier selection.
    • Consider conducting periodic performance reviews with key suppliers to discuss progress and areas for improvement.
  11. Supplier Development and Collaboration:
    • Invest in the development of strategic supplier relationships. Collaborate with suppliers to drive mutual improvement and innovation.
    • Share best practices and provide training where necessary.
  12. Periodic Review of Criteria:
    • Periodically review and update the evaluation criteria to ensure they remain relevant and aligned with the organization’s evolving needs and goals.
  13. Integration with Supplier Scorecards:
    • If applicable, integrate the evaluation criteria and scoring system into supplier scorecards, dashboards, or supplier management software for ease of tracking and analysis.

By following these steps, an organization can establish a robust and structured approach to evaluating external providers, ensuring that processes, products, and services are consistently delivered in accordance with requirements. This not only enhances quality but also helps manage risks and supports the organization’s overall success.

6) The organization shall determine and apply criteria for the selection of external providers based on their ability to provide processes or products and services in accordance with requirements

Selecting external providers based on their ability to provide processes, products, or services in accordance with requirements is a crucial step in supplier or vendor management. Here’s a step-by-step guide on how an organization can determine and apply criteria for the selection of external providers:

  1. Define Your Needs and Requirements: Clearly define the specific processes, products, or services you require from external providers. Consider your organization’s objectives, quality standards, and any regulatory or compliance requirements.
  2. Identify Selection Criteria: Determine the criteria that are most important for selecting external providers. Common criteria include:
    • Quality and reliability of products or services.
    • Cost competitiveness.
    • Delivery capabilities, including lead times.
    • Financial stability and track record.
    • Compliance with relevant standards and regulations.
    • Environmental and sustainability practices.
    • Location and logistical considerations.
  3. Weight the Criteria: Assign weights or importance levels to each selection criterion based on their relative significance to your organization’s objectives. This helps prioritize criteria during the evaluation process.
  4. Gather Information: Research potential external providers to gather information about their capabilities, experience, and performance history. Seek referrals, conduct online research, and consider industry reports or reviews.
  5. Request for Information (RFI): Send out RFIs to potential external providers to collect essential information about their capabilities, financial stability, quality control processes, and other relevant details. Use the RFI responses to create an initial shortlist of potential providers.
  6. Request for Proposal (RFP): Send RFPs to the shortlisted providers, providing them with detailed information about your requirements, evaluation criteria, and expectations. Ask for detailed proposals, including pricing, timelines, and a description of how they intend to meet your requirements.
  7. Evaluate Proposals: Evaluate the received proposals against your predefined selection criteria. Consider factors such as cost, quality, reliability, and alignment with your organizational goals. Use a scoring system to objectively assess each proposal.
  8. Conduct Supplier Audits: If necessary, conduct on-site visits or audits of the potential providers’ facilities to verify their capabilities and quality control processes. Assess their adherence to relevant standards and regulations.
  9. Risk Assessment: Evaluate the risks associated with each potential provider, considering factors like financial stability, geographic location, and potential supply chain disruptions. Develop risk mitigation strategies as needed.
  10. Reference Checks: Contact references provided by the potential providers to gain insights into their past performance, reliability, and quality of work.
  11. Selection Decision: Based on the evaluation and audit results, make an informed decision on the selection of external providers. Consider both quantitative factors (scores) and qualitative factors (e.g., reputation, references) in your decision-making process.
  12. Contract Negotiation: Engage in contract negotiations with the selected external provider to finalize the terms and conditions, pricing, service levels, and any specific requirements.
  13. Contractual Agreements: Once the contract is agreed upon, ensure that it includes clear and comprehensive terms, including performance metrics, service level agreements, quality standards, and dispute resolution processes.
  14. Onboarding and Relationship Management: Develop an onboarding process to facilitate a smooth transition and integration of the external provider into your organization’s processes. Establish ongoing communication channels and relationship management protocols.
  15. Continuous Monitoring and Evaluation: Implement a system for continuously monitoring and evaluating the performance of external providers against the established criteria. Regularly review the performance and make adjustments as needed.
  16. Periodic Review and Re-evaluation: Periodically review and re-evaluate your external providers to ensure they continue to meet your organization’s evolving needs and objectives.

By following these steps, an organization can effectively determine and apply selection criteria for external providers, ensuring that they are capable of delivering processes, products, or services in accordance with requirements. This structured approach helps organizations make informed decisions, minimize risks, and achieve their strategic goals.

7) The organization shall determine and apply criteria for the monitoring of Performance of external providers based on their ability to provide processes or products and services in accordance with requirements

Monitoring the performance of external providers based on their ability to provide processes, products, or services in accordance with requirements is essential for maintaining quality and meeting organizational goals. Here’s a step-by-step guide on how an organization can determine and apply criteria for the monitoring of external provider performance:

  1. Define Monitoring Objectives: Clearly define the objectives and goals of monitoring external provider performance. Determine what specific outcomes and quality standards you expect from them.
  2. Identify Key Performance Indicators (KPIs): Identify the key performance indicators that will be used to measure the external provider’s performance. These indicators should be aligned with your objectives and may include metrics such as:
    • Quality metrics (e.g., defect rates, error rates).
    • Timeliness metrics (e.g., on-time delivery).
    • Cost and efficiency metrics (e.g., cost savings, production efficiency).
    • Customer satisfaction scores.
    • Compliance with regulatory requirements.
  3. Assign Weights to KPIs: Assign weights or importance levels to each KPI based on their relative significance to your organization’s objectives. This helps prioritize KPIs during the evaluation process.
  4. Data Collection and Reporting: Establish a process for collecting performance data from external providers. This may include regular reporting, data uploads, or automated data feeds. Define reporting formats and frequency.
  5. Benchmarking and Targets: Set performance benchmarks and targets for each KPI. These targets should be realistic, achievable, and aligned with your organization’s expectations. Consider historical performance data as a baseline.
  6. Scoring and Rating System: Develop a scoring or rating system that quantifies the external provider’s performance against the established KPIs and targets. This system can be numerical (e.g., scores on a scale) or qualitative (e.g., ratings).
  7. Performance Review Meetings: Schedule periodic performance review meetings with external providers. These meetings provide an opportunity to discuss performance, challenges, and improvement opportunities. Share performance data and feedback openly.
  8. Corrective Action Plans: Establish a process for addressing performance issues or deviations from targets. Collaborate with external providers to develop and implement corrective action plans. Monitor and verify the effectiveness of corrective actions.
  9. Continuous Improvement: Encourage a culture of continuous improvement with external providers. Collaborate on process enhancements and efficiency gains. Share best practices and ideas for improvement.
  10. Documentation and Records:Maintain comprehensive records of performance data, performance reviews, corrective actions, and improvement initiatives. These records serve as evidence of compliance and support decision-making.
  11. Contractual Agreements: Ensure that your contracts with external providers include provisions related to performance monitoring, KPIs, and the consequences of failing to meet performance targets.
  12. Communication and Feedback: Establish open communication channels with external providers. Provide regular feedback on their performance, emphasizing both strengths and areas for improvement. Encourage providers to share their insights and recommendations.
  13. Periodic Evaluation of Criteria: Periodically review and update the criteria and KPIs used for performance monitoring. This ensures they remain relevant to your evolving needs and objectives.
  14. Recognition and Incentives: Consider offering recognition or incentives to high-performing external providers as a way to motivate and reward excellent performance.
  15. Escalation Procedures:Define escalation procedures for addressing severe or persistent performance issues. Ensure that there is a clear path for dispute resolution.
  16. Termination or Transition Planning:Include provisions in contracts for terminating or transitioning the relationship with external providers if performance issues persist and corrective actions fail.

By following these steps, an organization can establish a structured approach to monitor the performance of external providers effectively. This process helps ensure that external providers consistently meet requirements, quality standards, and organizational objectives while providing opportunities for improvement and collaboration.

8) The organization shall determine and apply criteria for the Re-evaluation of external providers based on their ability to provide processes or products and services in accordance with requirements

Re-evaluating external providers based on their ability to provide processes, products, or services in accordance with requirements is essential to ensure ongoing quality and alignment with your organization’s needs. Here’s a step-by-step guide on how an organization can determine and apply criteria for the re-evaluation of external providers:

  1. Establish Re-evaluation Frequency: Determine how often you will conduct re-evaluations of external providers. The frequency may vary based on factors such as the criticality of the provider, the nature of the products or services, and the level of risk involved.
  2. Define Re-evaluation Criteria: Identify the criteria that will trigger a re-evaluation of external providers. These criteria should be specific and measurable, and they may include factors such as:
    • A decline in performance below specified thresholds.
    • Changes in the provider’s ownership or management.
    • Significant changes in regulatory requirements.
    • Feedback from internal stakeholders or customers indicating concerns.
    • Major changes in the organization’s strategic priorities or business needs.
  3. Assign Weighting to Re-evaluation Criteria: Assign weights or importance levels to each re-evaluation criterion based on their relative significance to your organization’s objectives and risk tolerance.
  4. Data Collection: Continuously collect relevant data on the performance and activities of external providers. This may include performance metrics, audit results, customer feedback, and regulatory compliance data.
  5. Thresholds for Re-evaluation: Establish specific thresholds for each re-evaluation criterion. These thresholds define the conditions under which a re-evaluation is triggered. For example, a threshold for declining performance may be defined as a consistent decrease in quality scores below a certain level.
  6. Documentation and Record Keeping: Maintain clear records of the data and information collected during the monitoring and evaluation of external providers. This documentation is essential for decision-making and compliance.
  7. Review and Assessment: Periodically review the data and assess whether any of the re-evaluation criteria have been met. This should be done according to the defined frequency.
  8. Scoring or Rating System: Utilize a scoring or rating system to quantify the provider’s performance against the established re-evaluation criteria and thresholds. This system helps in objectively determining whether a re-evaluation is warranted.
  9. Re-evaluation Process: When the predefined criteria or thresholds are met, initiate a re-evaluation process. This may involve a comprehensive assessment of the provider’s performance, capabilities, and alignment with your organization’s requirements.
  10. Communication with Providers: Notify the external provider of the re-evaluation and the specific reasons for it. Encourage open communication with the provider to address any concerns or issues that may have led to the re-evaluation.
  11. Re-evaluation Team: Assemble a team responsible for conducting the re-evaluation. This team may include representatives from various departments, including quality assurance, procurement, and compliance.
  12. Re-evaluation Criteria Review: Review and assess the external provider’s performance and compliance with requirements based on the established re-evaluation criteria. Collect updated data and information as needed.
  13. Decision-Making and Action Planning: Based on the results of the re-evaluation, make informed decisions about the future relationship with the external provider. This may include:
    • Continuation of the relationship without changes.
    • Requesting corrective actions or improvements.
    • Termination of the relationship or transition to a new provider.
  14. Continuous Improvement: Use the outcomes of re-evaluations to drive continuous improvement in supplier management processes, contractual agreements, and the selection of external providers.
  15. Documentation and Reporting:Document the results of the re-evaluation, the actions taken, and the rationale behind the decisions made.Share relevant information with internal stakeholders and maintain records for audit and compliance purposes.
  16. Feedback and Collaboration: Provide feedback to the external provider on the results of the re-evaluation and any required corrective actions or improvements. Collaborate with the provider on improvement plans if necessary.

By following these steps, an organization can establish a systematic approach to the re-evaluation of external providers, ensuring that their performance remains aligned with requirements and that appropriate actions are taken when needed to maintain quality and mitigate risks.

9) The organization shall retain documented information of these activities and any necessary actions arising from the evaluations.

It includes several documents and records that organizations are expected to establish and maintain to demonstrate compliance with this clause. Here are the key documents and records required by Clause 8.4.1 of ISO 9001:2015:

  1. Supplier Evaluation and Selection Criteria: Documented criteria for evaluating and selecting external providers, including factors like quality, cost, delivery performance, and compliance with requirements.
  2. Supplier Evaluation Records: Records of supplier evaluations, including assessment results, scores, and any corrective actions taken as a result of these evaluations.
  3. Supplier Performance Metrics: Records of supplier performance metrics and key performance indicators (KPIs), such as defect rates, on-time delivery performance, and customer satisfaction scores.
  4. Supplier Contracts and Agreements: Copies of contracts, agreements, or purchase orders with external providers that specify requirements, quality standards, and service levels.
  5. Service Level Agreements (SLAs): Documentation of service level agreements that outline the performance expectations and metrics for the external providers.
  6. Records of Communication with Suppliers: Records of communications between the organization and external providers, including emails, meeting minutes, and other forms of correspondence.
  7. Records of Corrective Actions: Documentation of any corrective actions taken in response to non-conformances or performance issues identified in externally provided processes, products, or services.
  8. Supplier Audits and Assessment Reports: Records of supplier audits, assessments, and inspection reports conducted to evaluate and monitor supplier performance.
  9. Records of Supplier Training and Qualification: Documentation of any training or qualification processes for external providers to ensure they meet the organization’s requirements.
  10. Records of Supplier Changes and Notifications: Documentation of any changes in external provider status, ownership, or key personnel, as well as notifications or communications related to these changes.
  11. Records of Supplier Development Initiatives: Documentation of supplier development activities, including improvement plans and initiatives aimed at enhancing supplier performance.
  12. Supplier Risk Assessments: Records of supplier risk assessments, including identification of potential risks associated with external providers and the organization’s risk mitigation strategies.
  13. Records of Supplier Complaints: Documentation of any complaints or feedback received from customers related to externally provided processes, products, or services.
  14. Records of Supplier Transition or Termination: Documentation of supplier transition plans or records related to the termination of relationships with external providers.
  15. Records of Supplier Performance Reviews: Documentation of periodic performance reviews conducted with external providers, including the outcomes of these reviews and any actions taken.
  16. Records of Supplier Performance Improvement: Documentation of any supplier-driven performance improvement initiatives or actions.
  17. Records of Supplier Certifications and Compliance: Copies of certifications, regulatory compliance documents, and relevant supplier compliance records.

It’s important to note that the specific documents and records required may vary depending on the organization’s size, industry, and the nature of externally provided processes, products, or services. Organizations should establish and maintain these documents and records to demonstrate effective control and management of their relationships with external providers in accordance with ISO 9001:2015 requirements.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply