How to control outsourced process/external service/product providers
One method to control outsourced processes is through the contractual document. This document should define service levels, roles, responsibilities, and procedures to monitor and report on the deliverables. Also, the contract should cover the documented information from the outsourcing organization.
Another method is through a second-party audit process. A second-party audit is carried out on a potential or current supplier by a purchasing organization. The purpose is to use the audit result as a part of the purchasing decision - a factor to conform to clause 8.4 of ISO 9001.
In this time of lean operations, it is good to know competent auditors to meet your second-party audit needs.
Here are the steps of a Second Party Audit
- Purchaser considers purchasing from the supplier and sets up an audit
- Decides to audit
- The audit was carried out and reported
- If the outcome is successful, then the order placed
- Follow-up
Interested parties, including outsourced organizations, have a significant impact on the organization’s performance.
8.4 Control of externally provided processes, products, and services
In general, it is required that the organization ensure that any externally provided products or services meet the exact requirements in the management system. Controls need to be defined and documented if:
- The delivered products or services are incorporated into the organization’s products or services
- The products or services are provided to the organization’s customers directly
- A process used by an external provider is the result of the organization’s decision
The organization must create and apply criteria to the external organization for:
- Evaluation
- Selection
- Monitoring
- Re-Evaluation
8.4.2 Type and extent of control
Be sure the provided processes conform to the control of its quality management systems and compare the power of the external process/product with your controls.
Define the controls it intends to apply to an external provider and those it intends to apply to the resulting output.
Ensure the processes, products, and services meet applicable statutory and regulatory requirements. The method and frequency of verification should also match your Management System.
- Verify that the external provider employs effective controls.
- Review their Management System.
- Verify that the external processes, products, and processes meet requirements through testing or inspection.
8.4.3 Information for external providers
The following should be communicated to the external provider:
- A detailed description of the requirements for processes, products, and services
- How the products and services are approved, and (b 2) the methods and equipment used
- Under what conditions the products and services are released to the organization
- The requirements needed to ensure the competence of the people involved
- How the external provider interacts with the organization
- How the performance is controlled and monitored
- What and how are the activities verified and validated at the external provider’s location