The insurance company I am temporarily helping on quality is limiting its ISO 9001 certified perimeter to the administration of contracts and claims.
With regard to clauses 8.4.1 and particularly 8.4.2 of ISO 9001:2015, should the other internal entities of the company (.i.e HR, IT, Sales Dpt, …) absolutely necessary but outside of the perimeter be considered exactly like external providers – just like a provider of IT, for instance – or should they be considered as internal providers with a limited control of their contribution to the QMS through a simplified SLA? Of course, SLAs will be put in place in order to secure the relationship of these internal entities with the perimeter.
I thank you in advance for your help/interpretation of clauses 8.4.1 and 8.4.2 applied to the case submitted.
Thank you for your question. Yes, that is an appropriate interpretation, but let me add three comments.
Firstly, recognize that your support functions are captive within your organization and therefore not subject to all of the same conditions that would be imposed on an outside service provider. For example, you can’t stop doing business with them if you are not happy with their service. I like your idea for an SLA – keep it simple, but outline your requirements and expectations for their support services.
Secondly, use your process approach (clause 4.4) to define the boundaries of your QMS and how those other external departments interface with you. This will be helpful in helping your team and others to understand the relationship between your QMS and the rest of the organization.
Thirdly, take advantage of the Context of the Organization analysis (clause 4.1) to further explore those relationships and that will help to determine the level of control you require over those support functions.