ISO 9001: 2015 Clause 8.4.3

Mr. Pareto Head and Supply Chain comic strip

Question

It’s not clear to me who an external provider may be. Could it be an electrical contractor, a lunch truck, a caterer, or other similar? That thinking is tremendously different than just the traditional “supplier” which is what this company has using been for many years. So there’s that concern. Also, advising our external providers what equipment to use, how to use it and how to train their people? Is that really what’s said here? That would require tremendous knowledge in our organization that most likely is not here. What exactly is being said here? I’m a little confused how to address this requirement. Finally, section (e): we must communicate to the external provider how we are going to measure them? Can it be done through email, or phone, or what is a common method for meeting the requirement? Thanks much.

Answer

Who is an external provider?

ISO 9001:2015, 8.4.1 states, the organization shall determine the controls to be applied to externally provided processes, products and services when:

  1. products and services from external providers are intended for incorporation into the organization’s own products and services;
  2. products and services are provided directly to the customer(s) by external providers on behalf of the organization;
  3. a process, or part of a process, is provided by an external provider as a result of a decision by the organization.
    1. Refers to a product that becomes part of your product; for example, a bolt incorporated into a seat assembly. You purchase these.
    2. Refers to a product that is “dropped shipped” to a customer. Think of an Amazon purchase where the product comes from a second party under the Amazon logo.
    3. Refers to a process that is outsourced as a result of the organization’s decision to have the process managed externally. For example, the heat treating of a part where the part needs to be heat treated but the organization does not have that process internally.

Therefore, an electrical contractor, a lunch truck, etc. are not included since they are outside the scope of the QMS.

Secondly, “advising our external providers,” refers to the type and extent of control.  Will you perform 100% incoming verification, or require material certifications, or require certification to a quality management standard? In certain instances, you may want to specify the equipment or training an external provider must implement.  For example, for outsourced welding, your requirement might be that welders are certified by the American Welding Society or your calibration company be accredited to ISO 17025.

How will you measure an external provider?  It can be on-time delivery, responsiveness to requests, PPM targets.  Communicating the measurement (8.4.3 e) is related to 8.4.1, “retain documented information of these activities and any necessary actions arising from the evaluations”.  Therefore, a record must be retained.

George Hummel

ISO 9001: 2015 Clauses 4.1 and 4.2

Inventory, Inspection, Review, Suppliers, Supplies

Question

Let’s start with clause 4.2. What level of detail is required here? Is “supplier” or “customer” sufficient, or is it required to drill down from there to specific suppliers or customers? We have hundreds of suppliers and many more customers. Regarding 4.1, thinking about working this from the bottom up. Each Leader (supervisor, manager, director) will review processes under their control and identify issues related to those processes. Those processes can have internal and externally related issues. It’s the hope (plan) that this approach will cover all relevant issues (internal & external) that would impact our ability to meet the needs of the QMS -and- meet the needs of the interested parties (we are adding a column that identifies which interested party would be affected by the issue). As a side note, we’ll also do our risk analysis on all of the noted issues and roll the top items into the CAR/CI process. I feel I may be missing something with this approach, but it seems to mostly meet the requirements of 4.1 and 4.2.

Answer

4.2:  What level of detail?  The standard states, “the organization shall determine:

  1. the interested parties that are relevant to the quality management system;
  2. the requirements of these interested parties that are relevant to the quality management system. The organization shall monitor and review information about these interested parties and their relevant requirements.  [emphasis added]

Is “supplier” or “customer” sufficient?  It would be if all had the same requirements.  Assuming that they do not, you are required to “drill down.”  Customer satisfaction cannot be achieved unless you understand the individual requirements and monitor and review those requirements (which are an input to Management Review).

Furthermore, the list of interested parties goes beyond “customers & suppliers.”  Owners, employees, regulatory agencies, financial institutions, etc. to name a few have requirements as interested parties. These need to be addressed, as well.

“We are adding a column that identifies which interested party would be affected by the issue.” This is a good approach if the requirement is also addressed and you go beyond customer and supplier.

“Regarding 4.1, thinking about working this from the bottom up.” Once again, the standard states, “The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction…”

The key in this requirement is “strategic direction.”  If from working from the bottom up, you ultimately tie these external and internal issues to the organization’s strategic direction, there should not be a problem.

Be aware that your approach will not be familiar to your auditor.  In that case, you will need to fully explain your approach.

George Hummel

Here’s more information about this standard.

Relocation Requires Audit?

Employees, Training, Working, Learning, Duties, Tasks, DFSS, Innovation

Question

One of my contract manufacturers who is ISO 9001: 2008 certified, submitted a Supplier Change Notice to relocate their factory to a new site/location. This will trigger many activities including re-qualification, etc. My question is, for their ISO 9001 certificate, do they simply refresh their company location / address in their ISO 9001 certificate with the Notified Body or they actually need to go through a full scale quality system audit by the NB?

Answer

Yes. They do need to have a full scale audit. The reason is very simple, a business is a system. When you change the environment, you alter that system. A full audit will be an adequate representation of the scope and magnitude of the change, and will indicate if this supplier is still a reliable manufacturer. Think about your most recent home move, the family is the same, your belongings are the same; however, everything is different at the same time.

Aura Stewart

Here’s more information about ISO 9001.

 

 

Quality Progress’ Standard Issues Column

ASQ Members: please find Quality Progress’ latest Standard Issues column here about ISO 9001: 2015 and top management. You must be logged in to view the column.

And at this link, ASQ members may find additional articles published in Quality Progress about this updated standard.

Not an ASQ member? Consider joining.

Customer ISO Status In Jeopardy?

Checklist, Conformity, Go/No Go, Inspection, ISO 9001

Question

My customer wants to get ISO 9001:2015 certified. He refuses to create a first-article, in-process, and final-inspection report. He has a router sheet that has a tiny space for final inspection brief information and the operator’s initials; no inspection data is available.
In his quality manual and processes he addresses “Time Studies” and “Statistical Process Control” but he refuses to record his inspection data because this “complicates and delays” his production. I told him this is a weakness in his QMS but he says it’s not. Will this issue jeopardize his ISO certification?

Answer

I would ask how the organization could present objective evidence with the requirements of Clause 8.5.1 including  – ‘shall implement production and service provision under controlled conditions.’

Charlies Cianfrani

Find more information about this standard, here.

EHS Procedures and ISO 14001

ISO 14004, Environmental Management System, EMS

Question

Do EHS procedure have to be managed under ISO 9001:2008 if the company is not ISO 14001 certified?

Answer

It depends – are the EHS procedures part of the QMS of the organization. If so, yes. Otherwise no.

Charles Cianfrani

Here’s more information about ISO 14001.

 

Special Process NCRs During Audit

Welding, Weld, Processes, Automation

Question

Recently one of our business units had an ISO 9001: 2008 audit and during the audit they received a couple NCRs on welding as a special process.
One of the NCRs was “Some welders are not qualified prior to welding on product.”
As a matter of fact, our company has developed its own qualification program based on the our needs consisting of the following steps:
– The minimum requirement of least 2 years or more experience as a welder before starting the job.
– In class training for weld specifications, blue print reading, equipment, weld supplies, visual acceptance/ rejection criteria and equipment TPM program conducted by our QE.
– Hands on exam – the result of this test is reviewed by a QE and weld supervisor without performing any bend test, pull test or other types of DT.
– Annual recertification program based on a written exam and weld coupons visual inspection results.

The CB auditor is asking us to send the coupons out to a certified lab for bend testing or having all the welders certified by AWS. Is that required per ISO 9001? As a side note, every time we design and develop a new model we conduct all types of crash tests, FEA and durability testing in design validation phase.

Answers

From George Hummel:

I would not accept the auditor’s comments.  He/she is consulting.

From Charles Cianfrani:

No. It appears that the CB auditor is adding requirements. The organization has a process, and if it is effectively implemented that should be satisfactory evidence of conformity.

Work Instructions and Audits

Chart, graph, sampling, plan, calculation, z1.4

Question

Regarding ISO 9001: 2008 (or 2015) auditing, I have always been trained that a work instruction when implemented as supporting the QMS can be audited as it is supporting the effectiveness of the QMS. I was recently told by a business owner that not only is that not true, he does not have to show me his work instruction.  I would like to reply with a clear technical response. Can anyone share their view on this?

Answers

Thank you for your question.   Of course you know you’re right.  It sounds like you have a major nonconformance against Clause 5.1 on your hands.

Denis Devos
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com

ISO 9001:2015 clause 7.5.1b states the following :
The organization’s quality management system shall include: documented information determined by the organization as being necessary for the effectiveness of the quality management system/

 Documented information includes both procedures and records see appendix A.3 (Documented information). 

 Since the work instructions are supporting the QMS, it is part part of the QMS, and can be audited as part of both the internal audit and external audit.  It appears that part of the confusion may be caused by a lack of understanding of the new term “documented information.”

John G. Surak, PhD
– Providing food safety and quality solutions –
tel: 1-864-506-2190
skype:  john.surak
email: jgsurak@yahoo.com
A member of Stratecon International Consultants
http://www.stratecon-intl.com/jsurak.html

Document Revision Criteria

ISO documentation practices, requirements

Question

Is there any criteria available for the frequency of document revision in ISO 9001 or ISO 13485?  Some organization don’t revise the documents for a period of more than 2-3 years.  The reason provided by the organization is that there were no changes during this period. Do ISO standards mandate the revision of documents within a certain time frame? Can we treat this as non-compliance, if the documents are not revised over a period of 2-3 years ?
Answer

There are no criteria nor a requirement for document revision in ISO 9001:2015, 7.5.

ISO 13485:2016, 4.2.4, states, “review, update as necessary and re-approve documents.” This leave the review to the discretion of the organization.

Thus, there is no mandatory review frequency and no non-conformance if documents are not revised within a determined time frame.  ISO 13485 does require a review, however. But, the frequency of the review is not mandated.

George Hummel

Verification or Calibration?

Automotive inspection, TS 16949, IATF 16949

Question

There is a second part to 7.6 para “a” which reads; “where no such standards exist, the basis used for calibration or verification shall be recorded.” It is clear for shops that are complying to the ISO 9001:2008(E) we need to have measurement standards traceable to international or national measurement standards. My question has to do with cylindrical plug gages that are used at the machines to verify manufactured print dimensions. The pins/plug gages are not sent out at intervals for calibration however, they are compared to a traceable measurement standard before being issued to the manufacturing area. We consider these gages to be calibrated “as used ” and we do not record the initial actual size of the pins/plug gage but issue it only on the basis that the size was verified against a traceable measurement standard. Are we required per Para 7.6 to record the actual size of the pins/plug gages?

Answer

Thank you for your question.  What you are describing is verifying prior to use, rather than calibration.    If the rings or other standards being used to check these plug gauges each day are properly calibrated and traceable to national standards, you are compliant with ISO 9001:2015.  If you are registered to AS 9100 or TS 16949, stricter requirements will apply and you may not be meeting those requirements for recording variable results of calibration.

Denis Devos, P.Eng
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951
www.DevosAssociates.com