It’s not clear to me who an external provider may be. Could it be an electrical contractor, a lunch truck, a caterer, or other similar? That thinking is tremendously different than just the traditional “supplier” which is what this company has using been for many years. So there’s that concern. Also, advising our external providers what equipment to use, how to use it and how to train their people? Is that really what’s said here? That would require tremendous knowledge in our organization that most likely is not here. What exactly is being said here? I’m a little confused how to address this requirement. Finally, section (e): we must communicate to the external provider how we are going to measure them? Can it be done through email, or phone, or what is a common method for meeting the requirement? Thanks much.
Who is an external provider?
ISO 9001:2015, 8.4.1 states, the organization shall determine the controls to be applied to externally provided processes, products and services when:
- products and services from external providers are intended for incorporation into the organization’s own products and services;
- products and services are provided directly to the customer(s) by external providers on behalf of the organization;
- a process, or part of a process, is provided by an external provider as a result of a decision by the organization.
- Refers to a product that becomes part of your product; for example, a bolt incorporated into a seat assembly. You purchase these.
- Refers to a product that is “dropped shipped” to a customer. Think of an Amazon purchase where the product comes from a second party under the Amazon logo.
- Refers to a process that is outsourced as a result of the organization’s decision to have the process managed externally. For example, the heat treating of a part where the part needs to be heat treated but the organization does not have that process internally.
Therefore, an electrical contractor, a lunch truck, etc. are not included since they are outside the scope of the QMS.
Secondly, “advising our external providers,” refers to the type and extent of control. Will you perform 100% incoming verification, or require material certifications, or require certification to a quality management standard? In certain instances, you may want to specify the equipment or training an external provider must implement. For example, for outsourced welding, your requirement might be that welders are certified by the American Welding Society or your calibration company be accredited to ISO 17025.
How will you measure an external provider? It can be on-time delivery, responsiveness to requests, PPM targets. Communicating the measurement (8.4.3 e) is related to 8.4.1, “retain documented information of these activities and any necessary actions arising from the evaluations”. Therefore, a record must be retained.