ISO 9001 clause 8.4 – Control of externally provided processes, products and services
02 February 2017
In the new ISO 9001:2015 standard, there are more rigorous requirements for managing suppliers. The following forms part one of three instalments of our ‘ISO 9001:2015 and Supplier Management’ series which focuses on the major changes of the standard. This instalment will focus on explaining the key changes introduced in ISO 9001 clause 8.4 - control of externally provided processes, products and services.
Why is it so important to manage suppliers?
Supply chain networks are expanding and evolving at an unprecedented pace. At the same time, companies face enormous pressures to improve supply chain efficiency, reduce costs and mitigate risks involved in supplier compliance.
Poor supplier quality results in reputational damage, not to mention huge costs to your business. A supplier delay could push back your product deadlines and cause significant costs on a per day basis. Last year, one in three businesses felt the blow, experiencing cumulative losses over one million euros due to supplier failures.
Clause 8.4 – Key changes
ISO 9001:2015 clause 8.4 focuses our attention on our responsibility to control externally provided processes, products and services.
There are three main changes:
1) Who are your suppliers?
You will notice that there has been some small terminology changes in the new ISO 9001:2015 standard. “Purchasing” and “Outsourcing” are now called "control of externally provided processes, products and services”. While this doesn't mean you need to update your terminology, ISO 9001:2015 has now made it more explicit who a supplier is.
A supplier is anyone who is a provider external to the scope of the quality management system.
ISO 9001:2015 requires the organisation to address all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organisation, or by any other means.
It is also worth noting that an external provider is a provider external to the scope of the quality management system. This means that if a quality management scope covers a single site in a wider group structure, then anything sourced from other members of the group would be classed as externally provided and subject to the requirements.
2) Record the results of supplier activities
In ISO 9001:2008 sub-clause 7.4.1, it was required to keep records of the criteria for selection, evaluation and re-evaluation of the suppliers. For ISO 9001:2015, there is now an explicit requirement to ensure monitoring and measurement activities are undertaken at appropriate points.
The organisation is required to record not only the criteria, but also the results of these activities, including performance and monitoring. This has many implications for you if you haven’t previously maintained records of the results of supplier performance activities.
2) Verification activities
In ISO 9001:2008, the organisation needed to ensure the purchased product met specified purchase requirements. In ISO 9001:2015, the verification needs to ensure "the externally provided processes, products and services meet requirements."
If organisations were previously only verifying external provisions against the initial purchase requirements, rather than the ability of the provision to help the organisation to achieve their overall objectives, the organisation will need to update their processes and management system accordingly. Using
Find out more about preparing for ISO 9001 clause 8.4 - control of externally provided processes, products and services - and how Ideagen can assist with our free white paper.
Alexander Pavlović
Alex produces targeted content to help Ideagen’s readers and customers navigate the complex world of quality, governance, risk and compliance.
Alex has worked with brands such as BT, Sodexo and Unilever and is passionate about helping businesses build a cohesive, collaborative culture of quality.