ISO MANAGE
Free Trial
Sign in

The intent of this subsection is to ensure that the organization clearly communicates to external providers the requirements and controls it needs for externally provided processes, services or products, in order to avoid a negative effect on its operations or on customer satisfaction.

The organization should ensure its requirements are complete, clear and address any potential sources of ambiguity or confusion; both parties should agree to what is required.

It is essential that all relevant details are clearly stated at the time of ordering; these can include, for example, drawings, catalogue or model numbers, response times, and the required delivery date and place.

The information to be submitted to the external provider (e.g. a printed purchase order in this subsection) should be checked prior to issue.

In a small organization, it will probably be the person who does the buying who will do the checking for adequacy.
This could simply involve reading and confirming the order over the telephone.

The purchasing information should provide details related to any methods, processes, and equipment that should be used, e.g. certain welding techniques, the use of specific calibrated equipment, or employee uniforms.

Other factors that need to be clearly stated could relate to, for example, packaging, labelling, certificates of analysis, or test results.

While it is essential to fully describe what is needed, unnecessary detail can lead to misunderstanding and incorrect provision.

The information should specify any competence requirements needed for persons from the external provider, such as a certified welder, or a qualified lawyer.

The performance of external providers needs to be monitored.
The type and frequency of the monitoring that the organization will use should be included in the information.
This could specify the level of performance that the external provider has to meet, or provide information relating to how the results of the organization’s performance evaluations will be communicated.

At times, the organization or its customer could need to perform verification or validation at the premises of the external provider.
This could be due to the size of the product, nature of the service, or due to time constraints for delivery.
EXAMPLE An interior decorator could need to visit a manufacturer to view curtain fabrics that have been ordered, or employees could need to be monitored while they are being trained at a training facility.

In these cases, the organization should provide information about such arrangements, such as the timing for the verification and validation and any other provisions (such as office space, administrative support or testing facilities) required from the external provider.

Verification activities that could be considered include, but are not limited to:

— receiving inspections (e.g. the inspection of office supplies might be simply a verification that the quantity ordered was delivered, where a delivery docket, signed by an employee, might involve all the documented information that is required);

— reviewing certificates of analysis;

— second party audits;

— tests (e.g. an organization may choose to inspect a sample lot or do some form of testing to verify conformance to requirements; alternatively, it might be equally effective and more efficient to review certificates of analysis or test results submitted by the external provider);

— evaluations of statistical data;

— evaluating performance indicators.