ISO 9001:2015 Clause 8.5.3 Property belonging to customers or external providers

ISO 9001:2015 15 Minutes

ISO 9001:2015 Requirements

The organization shall exercise care with property belonging to customers or external providers while it is under the organization’s control or being used by the organization. The organization shall identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products and services. When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred.
NOTE A customer’s or external provider’s property can include material, components, tools and equipment, premises, intellectual property and personal data.

1) The organization shall exercise care with property belonging to customers or external providers while it is under the organization’s control or being used by the organization.

This requires that an organization should control any property belonging to customers or external providers while under the organization’s control or be used by the organization. This clause could be applied to protecting the subcontractor’s tools, materials and plant onsite against theft or damage. For a company dealing with refurbishments of rooms, this could be the processes to protect existing items / the structure, such as covering furniture and flooring with protective plastic/drop sheets. This exact requirement would also extend to protecting client data, such as project documents and data in systems In a services company that does not have physical customer or external provider property, this could be limited to managing customers’ information, including personal information. Customer property always carries the risk of being lost, damaged, stolen or misused, or their conditions may deteriorate over time. An organization should implement mechanisms to identify all such cases and notify the customer/external provider when this happens. This can be done effectively by maintaining an inventory management system, identifying customer property, traceability and maintenance or control over the use of the property through access controls, etc. The controls can be decided by the organization, as required. The requirement to exercise care with property belonging to customers or external providers is a crucial aspect of quality management and business ethics. Organizations must ensure that they treat external property with respect, safeguard it from damage or loss, and use it only for its intended purpose. Here’s how an organization can fulfill this requirement:

  • Clearly define the responsibilities of personnel who have access to or are responsible for customer or external provider property. Assign ownership and accountability.
  • Maintain an inventory or record of all customer or external provider property under the organization’s control. This includes items such as customer-supplied materials, tools, equipment, or intellectual property.
  • Label or mark customer or external provider property to clearly identify its ownership and intended use. Ensure that the identification is consistent with agreements and requirements.
  • Store and handle customer or external provider property in a safe and secure manner to prevent damage, theft, or loss.Use appropriate storage conditions, such as controlled environments or secure storage areas, when necessary.
  • Regularly inspect and maintain customer or external provider property to ensure it remains in good condition and is fit for its intended purpose.
  • Obtain written authorization from the customer or external provider for any use or disposition of their property outside of the agreed-upon terms.
  • Implement controls to prevent unauthorized personnel from using or accessing customer or external provider property. Ensure that employees are aware of the limitations and restrictions regarding the use of external property.
  • Return customer property promptly and in the condition in which it was received when no longer needed. Follow agreed-upon return procedures. Obtain customer or external provider authorization for any disposal or disposition of their property.
  • Maintain records of all customer or external provider property, including details of receipt, storage, use, maintenance, and return or disposition.Ensure records accurately reflect the condition and usage of the property.
  • Train employees who handle customer or external provider property on the organization’s policies, procedures, and their responsibilities regarding such property.
  • Maintain open and effective communication with customers or external providers regarding the handling and status of their property, including any concerns or issues that arise.
  • Develop procedures for handling any non-conformance related to customer or external provider property, including the reporting and resolution of issues.
  • Ensure that the organization’s practices regarding customer or external provider property comply with all legal and contractual requirements, including intellectual property rights.
  • Conduct periodic internal audits and verifications to assess the effectiveness of the organization’s processes for handling external property.
  • Use data and feedback to drive continuous improvement efforts in property handling processes, aiming to enhance customer satisfaction and ensure compliance.

By implementing these measures, an organization can exercise care and diligence in handling property belonging to customers or external providers, thereby maintaining trust, complying with contractual agreements, and upholding ethical and quality standards.

2) The organization shall identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products and services.

Identifying, verifying, protecting, and safeguarding customers’ or external providers’ property provided for use or incorporation into products and services is a critical aspect of maintaining quality and compliance with contractual obligations. Check that your organization communicates with its customers in regard to the handling and treatment of their property. You should also check that contingency plans and, where relevant, actions are undertaken when non-conformity occur with customer property. Good sources of information often include Goods returned by the customer; Warranty claims; Revised invoices; Credit notes; Articles in the media; Consumer websites; Direct observation of, or communication with, the customer. Here’s a comprehensive approach for customers to follow:

  • Identification: Clearly define your property, including unique identifiers, specifications, and any labeling or marking requirements. Ensure that your property is marked or labeled in accordance with your specifications.
  • Verification: Establish clear verification criteria for your property, including quality standards, quantities, and any specific requirements. Ensure that the organization verifies your property against the agreed-upon criteria upon receipt and communicates the results to you.
  • Protection and Packaging:Package your property securely to prevent damage during transit and handling. Label or mark the packaging with handling instructions, fragility warnings, and any specific storage requirements.
  • Transportation: Select reliable carriers and logistics partners with a track record of safe and secure transportation. Inspect the condition of your property upon delivery and immediately report any visible damage or discrepancies.
  • Storage Instructions: Provide clear storage instructions to the organization if your property has specific requirements, such as temperature, humidity, or light conditions. Ensure that the organization follows these instructions.
  • Authorization for Use: Clearly specify under what conditions the organization is authorized to use or incorporate your property into products or services. Document this authorization. Ensure that any use is compliant with your specified requirements.
  • Monitoring and Updates: Monitor how the organization handles and uses your property throughout the project or service. Request regular updates on the status of your property and promptly address any changes or concerns.
  • Communication: Maintain open lines of communication with the organization regarding the handling, status, and condition of your property. Address any inquiries, requests for information, or concerns raised by the organization.
  • Traceability and Records: Request that the organization maintains traceability records for your property, including records of receipt, storage, usage, and any inspections or tests performed.
  • Non-Conformance Handling: Establish a process for addressing non-conformances, damage, or discrepancies related to your property. Outline how claims for loss or damage will be handled.
  • Insurance: Consider insuring your property during transportation and while it is under the organization’s control. Verify whether the organization’s insurance policies cover your property.
  • Legal and Contractual Compliance: Ensure that the organization’s practices regarding your property comply with all legal and contractual requirements, including intellectual property rights.
  • Feedback and Improvement: Provide feedback to the organization on the handling and protection of your property, including any suggestions for improvement or concerns.

By following these steps, customers can effectively identify, verify, protect, and safeguard their property provided for use or incorporation into products and services. This proactive approach helps ensure that property is handled according to your specifications, minimizes risks, and promotes a positive working relationship with the organization. If there are any products, materials, or tools on your organization’s premises that are owned by a customer, all employees must exercise care with this property. This means they must ensure that the product is not lost or damaged.

3) When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider

If customer property is lost or damaged, this needs to be recorded and the customer needs to be notified. When the property of a customer or external provider is lost, damaged, or otherwise found to be unsuitable for use, it is essential for the organization to report this promptly and transparently to the customer or external provider. This communication is crucial for maintaining trust, resolving issues, and ensuring compliance with contractual agreements. Here are the steps to follow when such a situation occurs:

  • As soon as the loss, damage, or unsuitability is discovered, take immediate action to prevent further damage or loss and to mitigate the impact on the project or service.
  • Document the details of the incident thoroughly. Include information such as the date, time, location, the nature of the issue, and any relevant circumstances or observations.
  • Notify the customer or external provider of the incident promptly. Use the most appropriate and expedient means of communication, which may include phone calls, emails, or formal written notifications.
  • Provide a detailed report to the customer or external provider that includes:
    • A clear description of the incident and the property affected.
    • The root cause or circumstances that led to the incident.
    • The extent of the damage or loss, if applicable.
    • Any immediate corrective actions taken to mitigate the impact.
    • Steps planned or underway to prevent similar incidents in the future.
    • Any compensation, replacement, or remediation plans if applicable, in accordance with contractual terms.
  • Collaborate with the customer or external provider to determine the most suitable course of action for addressing the issue. This may involve discussing replacement, compensation, or corrective actions.
  • Maintain open lines of communication throughout the resolution process. Keep the customer or external provider informed of progress and any changes in the situation.
  • Implement preventive measures to avoid similar incidents in the future. This may include process improvements, enhanced security measures, or changes in handling procedures.
  • Ensure that all actions taken are in compliance with contractual agreements and legal requirements. Adhere to any dispute resolution mechanisms specified in the contract.
  • Use the incident as an opportunity for continuous improvement. Analyze the root causes and identify lessons learned to enhance processes and prevent recurrences.
  • Maintain records of all communications, actions taken, and resolutions reached related to the incident. These records may be valuable for future reference and audits.
  • Solicit feedback from the customer or external provider regarding their satisfaction with the resolution process and the organization’s handling of the incident.
  • Conduct follow-up communications with the customer or external provider to ensure that the agreed-upon actions and resolutions have been effectively implemented.

Timely and transparent communication when property is lost, damaged, or unsuitable is critical for maintaining a positive business relationship, addressing issues promptly, and demonstrating the organization’s commitment to accountability and customer satisfaction.

4) When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall retain documented information on what has occurred

Retaining documented information when the property of a customer or external provider is lost, damaged, or found to be unsuitable for use is a crucial part of ensuring transparency, accountability, and compliance with quality management standards and contractual obligations. Here’s how the organization should handle the retention of documented information in such situations:

  • Document the Incident: As soon as the incident occurs, document all relevant details thoroughly. This should include information such as the date, time, location, the nature of the issue, and any circumstances or observations related to the incident.
  • Report and Notification: Document the notification and communication process with the customer or external provider. This includes records of when and how you informed them about the incident, the details provided, and any immediate actions taken.
  • Root Cause Analysis: Document the results of any root cause analysis or investigations conducted to determine how and why the incident occurred. This should include an analysis of contributing factors.
  • Corrective Actions: Document any immediate corrective actions taken to mitigate the impact of the incident and prevent its recurrence. Describe the actions and their effectiveness.
  • Resolution Plans: If the incident involves compensation, replacement, or remediation, document the plans and actions taken to address these aspects. Include details of any agreements reached with the customer or external provider.
  • Preventive Measures:Document any preventive measures implemented to prevent similar incidents in the future. This should include process improvements, enhanced security measures, or changes in handling procedures.
  • Compliance with Contractual and Legal Requirements:Ensure that the documented information reflects compliance with contractual agreements and legal requirements. Adhere to any specific record-keeping or reporting requirements outlined in the contract.
  • Continuous Improvement:Use the documented information to facilitate continuous improvement efforts. Analyze the root causes, lessons learned, and opportunities for enhancing processes and reducing the risk of similar incidents.
  • Record Retention:Adhere to your organization’s document retention policy and retain the documented information for the specified retention period or as required by regulatory standards.
  • Confidentiality and Security: Ensure that the documented information is stored securely and confidentially to prevent unauthorized access or disclosure.
  • Accessibility and Retrieval: Make sure that the documented information is easily retrievable for audits, investigations, and reference purposes. Maintain an organized system for document storage and retrieval.
  • Reporting and Communication: Document any additional reporting or communication related to the incident, including follow-up communications with the customer or external provider.
  • Customer Feedback: If the customer provides feedback on the incident and its resolution, document this feedback and any actions taken in response.

By retaining documented information in a structured and organized manner, the organization demonstrates its commitment to transparency, accountability, and effective incident management. This documentation also serves as a valuable resource for future reference, audits, and continuous improvement efforts.

Here are the key documents and records required for Clause 8.5.3:

Documents:

  1. Procedure for Handling Customer or External Provider Property: This document outlines the organization’s procedures for receiving, handling, protecting, and managing property belonging to customers or external providers. It should describe the steps to be taken when property is received, used, or returned.
  2. Property Identification and Labeling Standards: If applicable, the organization may need to maintain documents that specify the standards for identifying and labeling customer or external provider property. This includes information about unique identifiers, labeling methods, and any specific requirements.
  3. Communication and Notification Procedures: Documents that describe the procedures for communicating with customers or external providers regarding the status of their property, including notifications of loss, damage, or other issues.

Records:

  1. Property Receipt Records: Records of all property received from customers or external providers. These records should include details such as the property description, unique identifiers, quantity, condition upon receipt, and the date of receipt.
  2. Inspection and Verification Records: Records of any inspections or verifications conducted on the received property. This includes records of inspections for accuracy, completeness, and compliance with specifications.
  3. Incident and Non-Conformance Reports: Records of any incidents involving customer or external provider property, such as loss, damage, or unsuitability for use. These records should document the incident’s details, root causes, corrective actions taken, and any communication with the customer or external provider.
  4. Communication Records: Records of all communication with customers or external providers related to their property. This includes notifications, agreements, resolutions, and feedback received.
  5. Authorization Records: Records of written authorizations or agreements from customers or external providers specifying the conditions under which the organization is authorized to use or incorporate their property into products or services.
  6. Storage and Handling Records: Records related to the storage and handling of customer or external provider property, including any specific storage conditions or handling instructions.
  7. Traceability Records: Records that establish traceability of customer or external provider property throughout its use or incorporation into products or services. These records may include unique identifiers, handling logs, and usage records.
  8. Documentation of Return or Disposition: Records of property that has been returned to customers or external providers or records documenting the agreed-upon disposition or disposal of the property.
  9. Training Records: Records of training provided to employees involved in handling customer or external provider property, demonstrating their competence in carrying out these activities.
  10. Audit and Review Records: Records of internal audits and management reviews related to the handling of customer or external provider property, including findings and corrective actions.

These documents and records are essential for demonstrating compliance with ISO 9001:2015 Clause 8.5.3 and for effectively managing property belonging to customers or external providers within an organization’s quality management system. They help ensure transparency, accountability, and compliance with contractual agreements.

5) A customer’s or external provider’s property can include material, components, tools and equipment, premises, intellectual property and personal data.

Customer’s or external provider’s property can encompass a wide range of items, including but not limited to:

  1. Materials: Raw materials, intermediate products, or finished products that are provided by customers or external providers for use in manufacturing or service provision.
  2. Components: Individual parts, assemblies, or sub-assemblies supplied by customers or external providers to be incorporated into final products or services.
  3. Tools and Equipment: Specialized tools, machinery, equipment, or instruments provided by customers or external providers for use during production or service provision.
  4. Premises: Facilities, buildings, or specific areas within facilities made available by customers or external providers for conducting certain operations or services.
  5. Intellectual Property: Any intellectual property rights or assets, including patents, copyrights, trademarks, trade secrets, or proprietary software, licensed or entrusted to the organization by customers or external providers.
  6. Personal Data: Any personal data or sensitive information provided by customers or external providers for specific purposes, such as processing orders, conducting market research, or providing services.

Each of these types of property may have specific handling, storage, and security requirements. It’s essential for organizations to have clear procedures and controls in place to manage and safeguard these various forms of customer or external provider property effectively. This ensures that such property is treated with care, confidentiality is maintained, and contractual obligations are met.

Example of Procedure for Handling Customer or External Provider Property

Objective: This procedure defines the process for receiving, handling, protecting, and managing property belonging to customers or external providers as required by ISO 9001:2015 Clause 8.5.3.

Scope: This procedure applies to all property provided by customers or external providers and entrusted to [Organization Name] for use or incorporation into products or services.

Responsibilities:

  • The [Quality Manager/Designated Personnel] is responsible for overseeing and ensuring compliance with this procedure.
  • All employees involved in handling customer or external provider property must adhere to this procedure.

Procedure:

1. Property Receipt:

  • Upon receipt of property from a customer or external provider, record the details of the property in the Property Receipt Record. This includes the property description, unique identifiers, quantity, condition upon receipt, and the date of receipt.

2. Verification and Inspection:

  • Conduct inspections or verifications of the received property, comparing it against accompanying documentation, specifications, and any unique identifiers provided. Document the results in the Inspection and Verification Records.

3. Communication with Customers or External Providers:

  • Notify the customer or external provider promptly upon receipt of their property. Provide acknowledgment and confirm the property’s condition.
  • Document all communication related to the property, including notifications, agreements, resolutions, and feedback.

4. Storage and Handling:

  • Store the property in designated and secure areas, ensuring that it is protected from damage, loss, or unauthorized access.
  • Adhere to any specific storage conditions or handling instructions provided by the customer or external provider.

5. Authorization for Use:

  • Ensure that written authorizations or agreements from customers or external providers specify the conditions under which the organization is authorized to use or incorporate their property into products or services.

6. Traceability and Record Keeping:

  • Maintain traceability records to establish the property’s status and usage throughout its lifecycle. These records may include unique identifiers, handling logs, and usage records.

7. Incident Reporting and Non-Conformance Handling:

  • If any loss, damage, or non-conformance related to the property occurs, promptly report the incident and follow the organization’s procedures for handling non-conformances. Document incident details, root causes, corrective actions, and any communication with the customer or external provider.

8. Return or Disposition:

  • When the property is no longer needed, follow the agreed-upon procedures for returning it to the customer or external provider or for disposing of it in compliance with contractual terms.

9. Training and Awareness:

  • Provide training to employees involved in handling customer or external provider property to ensure they understand and follow the organization’s policies and procedures.

10. Record Retention: – Adhere to the organization’s document retention policy for records related to customer or external provider property, retaining them for the specified retention period.

11. Continuous Improvement: – Analyze data and feedback related to property handling to identify opportunities for process improvement and risk reduction.

12. Legal and Contractual Compliance: – Ensure that all actions taken comply with legal and contractual requirements, including intellectual property rights and confidentiality agreements.

13. Reporting and Communication: – Maintain open and effective communication with customers or external providers regarding the handling and status of their property, including any concerns or issues that arise.

14. Confidentiality and Security: – Ensure that the documented information is stored securely and confidentially to prevent unauthorized access or disclosure.

15. Audit and Review: – Be prepared for internal audits and management reviews related to property handling processes.

16. Document Retention: – Retain this procedure and associated records as per the organization’s document control and record retention policy.

17. Review and Revision: – Periodically review and update this procedure to ensure its continued effectiveness and relevance.

18. Approval and Revision History: – Maintain records of procedure approvals and revisions.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply