ISO 9001 clause 8.4 – Control of externally provided processes, products and services

Introduced and expended as part of the ISO 9001:2015 standard, there are more rigorous requirements for managing suppliers. This article will focus on explaining the key changes that were introduced in ISO 9001 clause 8.4 – control of externally provided processes, products and services. Many organizations make the mistake of having their own house in order while forgetting the importance of controlling the quality of external partners. This is precisely what ISO 9001 now addresses.  

Naturally, we expect that the standard’s requirements will evolve once more when the scheduled 2026 revision to ISO 9001 is published. For now, this article will reference ISO 9001:2015 clause 8.4 – control of externally provided processes, products and services.

Why is it so important to manage suppliers?

Supply chain networks are expanding and evolving at an unprecedented pace. At the same time, companies face enormous pressures to improve supply chain efficiency, reduce costs and mitigate risks involved in supplier compliance.

Poor supplier quality results in reputational damage, not to mention huge costs to your business. A supplier delay could push back your product deadlines and cause significant costs on a per day basis. Last year, one in three businesses felt the blow, experiencing cumulative losses over one million euros due to supplier failures. This is why ISO 9001 clause 8.4 places such stress on ensuring that your suppliers are just as carefully assessed as your own internal processes and procedures.

Clause 8.4 – key changes introduced in ISO 9001:2015.

ISO 9001:2015 clause 8.4 focuses our attention on our responsibility to control externally provided processes, products and services. Again, we expect this will change with the penciled 2026 ISO 9001 revision, but below is how the ISO 9001 standard currently looks.

There were three main changes:

1) Who are your suppliers?

There were some small terminology changes in ISO 9001. “Purchasing” and “outsourcing” are now called "control of externally provided processes, products and services.” While this doesn't mean you need to update your terminology, ISO 9001:2015 has now made it more explicit exactly who and what a supplier is.

A supplier is anyone who is a provider external to the scope of the quality management system who impacts your organization in any way. So, in essence, anyone who supplies your organization a product or service. This can be anything from the manufacturer of parts that are used in your own production processes, down to a cleaning agency responsible for keeping your offices tidy.

I know what you’re thinking: why is it important to assess your cleaning agency? Well think about it. These staff members have access to your premises. Could they accidentally interfere with crucial equipment when cleaning? Do they need to be given access to buildings that requires oversight from a security perspective? Are they party to confidential information that your organization collects? Through the lens of a cleaning agency, you can hopefully see the importance of considering the full range of “suppliers” of products and services to your organization.

So, ISO 9001:2015 requires the organization to address all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organization, or by any other means.

It is also worth noting that an external provider is a provider external to the scope of the quality management system. This means that if a quality management scope covers a single site in a wider group structure, then anything sourced from other members of the group would be classed as externally provided and subject to the requirements.

2) Record the results of supplier activities

In ISO 9001:2008 sub-clause 7.4.1, it was required to keep records of the criteria for selection, evaluation and re-evaluation of the suppliers. For ISO 9001:2015, there is now an explicit requirement to ensure monitoring and measurement activities are undertaken at appropriate points.

The organization is required to record not only the criteria, but also the results of these activities, including performance and monitoring. This has many implications for you if you haven’t previously maintained records of the results of supplier performance activities.

This task is made significantly easier by investing in software that simplifies supplier management. Ideagen offer a broad suite of software solutions that can make supplier management a breeze.

3) Verification activities

In ISO 9001:2008, the organization needed to ensure the purchased product met specified purchase requirements. In ISO 9001:2015, the verification needs to ensure "the externally provided processes, products and services meet requirements."

If organizations were previously only verifying external provisions against the initial purchase requirements, rather than the ability of the provision to help the organization to achieve their overall objectives, the organization will need to update their processes and management system accordingly.

Invest in the right tools to meet ISO 9001 clause 8.4 requirements

Investing in software to meet ISO 9001 clause 8.4 requirements concerning suppliers is essential for ensuring that all externally provided processes, products and services conform to specified requirements.

Ideagen provides comprehensive solutions that streamline supplier management, enhance supplier evaluation and ensure compliance with ISO standards. Their tools facilitate accurate record-keeping, real-time tracking and efficient audit preparation, supporting organizations in maintaining high-quality standards across their supply chain.