Outsourced processes must be controlled by the organisation and these controls must be defined and described within their system. Organisations are required to identify the controls they apply for any outsourced processes. Examples of some outsourced processes include:

• A process completed wholly or partially by a sister facility outside the scope of management system, such as performing design, purchasing or customer related processes, including management activities such as business planning, goal setting, resources, data analysis, budgeting, etc. This may include the entire element or a subsection e.g. the sister facility completes supplier evaluation and re-evaluation of suppliers and the site running the management system initiates purchase orders.

• A process completed by an outside supplier or subcontractor such as heat treating, plating, calibration, painting, powder coating, etc. These types of processes may be controlled by the purchasing process where a formal contract or purchase order may be the controls. If this is the case, written documentation would be the purchasing documentation and records, however these processes are required to be documented.

If an outsourced process is controlled through purchasing, there must be documented objective evidence to ensure that these processes are being controlled beyond the basic purchasing requirements, which are focused on controlling products not processes.

Outsourced processes may be controlled through such methods as, but not limited to, auditing, contractual agreements, process performance data review on an on-going basis of purchasing processes.

Ensuring control over outsourced processes does not absolve the organisation of the responsibility for conforming to customer, statutory and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as the potential impact of the outsourced process on the organisation’s capability to provide a product or service that conforms to requirements, the degree to which the control of the process is shared, or the capability of achieving the necessary control through the application of the purchasing process.

You should expect to see evidence that your organisation has determined their processes and interactions. If your organisation calls it a ‘process’, it must be monitored for effectiveness and improved.

Look for evidence that your organisation has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your organisation’s management system.

​You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organisation’s management system are planned.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

Processes such as design and development, manufacturing, customer service and purchasing are key to giving the customer what they want.

Supporting processes do not contribute directly to what the customer wants but do help the key processes to achieve their output. Support processes include often human resources, finance, document control, training and facilities maintenance, etc.

A good way look at this is to think about how work flows through your organisation. Consider how the inputs and outputs to the key processes flow from one process to the next, what sub-processes might exist within it and how the support processes link in. For now, ignore the standard, in fact put it in a draw and forget it exists. Instead focus on your key processes and how your departments interface with each other.

When defining your processes, try to keep it simple. A process such as ‘receiving inspection’ could be a a sub-process of the ‘purchasing’ process, for example. You are looking for a process model that explains the key processes of the business and how each relates and links to the others. The depth of process explanation may be as detailed as your company chooses.

It should be based on its customer and applicable regulations or statutory requirements, the nature of its activities and its overall corporate strategy. In determining which processes should be determined and documented the organisation may wish to consider factors such as:

• Effect on quality;
• Effect on the environment;
• Effect on safety and wellbeing;
• Risk of customer dissatisfaction;
• Statutory and/or regulatory requirements;
• Economic risk;
• Effectiveness and efficiency;
• Competence of personnel;
• Complexity of processes.

Once you have defined the processes and interfaces, go back to the standard and determine which processes are responsible for meeting which requirements. When defining your organisation’s processes, think about each process and department and try to define those processes around the current organisational model and not around the requirements of the standard. For each process, ensure that is has:

• Owner(s) and participants, defined and documented;
• Procedures, work instructions or forms;
• Inputs, activities and outputs;
• Key performance indicators;
• Risks and opportunities;
• A sequence and interaction of processes.

You want to make sure that your organisation has determined your processes and that the interactions are also defined, preferably (but not necessarily) within a management system manual. Subsequently, this includes the actual and technical inputs and outputs of the processes to show their inter-relationship.

This requires that the description of the interactions between the processes should include process names, process inputs and process outputs in order define their interactions. Interaction means how one influences the other. The description of the interactions of the processes cannot be done if the processes are not determined (e.g. named).

As part of the standards, the organisation is not required to produce system maps, flow charts, lists of processes etc as evidence to demonstrate that the processes and their sequence and interactions have been determined - but certainly such documents will be useful, if not mandatory. Graphical representation such as flow-charting is perhaps the most easily understandable method for describing the interaction between processes.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).