How to control your outsourced processes

Outsourced processes must be controlled by the organisation and these controls must be defined and described within their system. Organisations are required to identify the controls they apply for any outsourced processes. Examples of some outsourced processes include:

• A process completed wholly or partially by a sister facility outside the scope of management system, such as performing design, purchasing or customer related processes, including management activities such as business planning, goal setting, resources, data analysis, budgeting, etc. This may include the entire element or a subsection e.g. the sister facility completes supplier evaluation and re-evaluation of suppliers and the site running the management system initiates purchase orders.

• A process completed by an outside supplier or subcontractor such as heat treating, plating, calibration, painting, powder coating, etc. These types of processes may be controlled by the purchasing process where a formal contract or purchase order may be the controls. If this is the case, written documentation would be the purchasing documentation and records, however these processes are required to be documented.

If an outsourced process is controlled through purchasing, there must be documented objective evidence to ensure that these processes are being controlled beyond the basic purchasing requirements, which are focused on controlling products not processes.

Outsourced processes may be controlled through such methods as, but not limited to, auditing, contractual agreements, process performance data review on an on-going basis of purchasing processes.

Ensuring control over outsourced processes does not absolve the organisation of the responsibility for conforming to customer, statutory and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as the potential impact of the outsourced process on the organisation’s capability to provide a product or service that conforms to requirements, the degree to which the control of the process is shared, or the capability of achieving the necessary control through the application of the purchasing process.

You should expect to see evidence that your organisation has determined their processes and interactions. If your organisation calls it a ‘process’, it must be monitored for effectiveness and improved.

Look for evidence that your organisation has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your organisation’s management system.

​You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organisation’s management system are planned.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

---