Hello Everyone!:bigwave:

I'm currently updating our Quality Manual to include outsourced processes. Since bringing in a manufactured line, we send aerospace parts out to be plated, drilled, and sometimes machined. My question is how exactly do I show control over outsourced processes? Would it suffice to say that I have in depth vendor surveys and ISO certifications on these companies as well as thorough inspections being done upon return of product? Also, all of the product that's being worked on by other companies is supplied by us, therefore inspected before evening leaving our building.

And finally, if we have a company come in to calibrate our tools (mainly scales, calipers, and rulers) is this considered outsourcing as well by ISO standards?

Thank you so much for any and all help you all can offer :)

Susan

Hello Everyone!:bigwave:

I'm currently updating our Quality Manual to include outsourced processes. Since bringing in a manufactured line, we send aerospace parts out to be plated, drilled, and sometimes machined. My question is how exactly do I show control over outsourced processes? Would it suffice to say that I have in depth vendor surveys and ISO certifications on these companies as well as thorough inspections being done upon return of product? Also, all of the product that's being worked on by other companies is supplied by us, therefore inspected before evening leaving our building.

And finally, if we have a company come in to calibrate our tools (mainly scales, calipers, and rulers) is this considered outsourcing as well by ISO standards?

Thank you so much for any and all help you all can offer :)

Susan

Regarding controlling outsource processes, if you can validate the process is in control at the supplier you should be good. Vendor surveys, Certified QMS, Special Process NADCAP, and supplier management are pillars of this control. Also, you should be able to verify any and all special processes at your Facility to ensure conformity of the product. Finally do not forget a registry of the suppliers and the scope of their approval, typically called an Approve Supplier Listing, (ASL).

Regarding calibration, yes you should consider this as an outsource activity and survey the service and ensure their accreditation. Also, it is important to ensure that POs for calibrations services require traceability to NIST or other Internationally Recognized Standards organization.

Ralph

Outsourced processing (as well as calibration, testing, ...) is just another supplier, although controls may be different than for raw materials. It should be covered as part of 7.4 Purchasing.

As far as outsourced proccess's go my company does the following:

Monthly scheduled meetings where we discuss yield, scrap levels, dead on arrival rates, early life failures, customer feedback, repair times, on time delivery.

We audit all our subcontractors at least once a year, more if we find serious issues.

Our logistics department have daily contact to monitor order progress and send new orders.

For each of our products our subcontractor have engineering and CAD contacts should they have any issues with production

We also supply them with our approved supplier list and also approved components list.

This has always been met with satisfaction by our CB auditors.

The original poster queries about outsourced "processing" which often requires more "control" than just any supplier of an off-the-shelf product.

For off-the-shelf products, the purchaser can get by without site audits, merely tracking and recording the consistency of the product as it arrives at customer's dock.

For customized processing (even something as generic as plating), the customer should have more consistent rigor in the way it assures itself the supplier is performing all its processes in a consistent, repeatable manner. This does not necessarily entail site audits, but it does mean tracking deliveries, inspection records (supplier's and customer's), response to queries, changes, or complaints and periodically reviewing the record of that tracking for anomalies or changes which could signal a deterioration of overall quality of the supplier.

Defining and communicating your requirements is one part of the "control." Confirming that the supplier provided what you required is another important part of the "control."

Outsourced processes do not always mean "purchased" service. My organization outsources to other divisions that have their own QMS certification. The process is outsourced outside of the scope of our QMS but there is no purchasing involved. Therfore, outsourcing often is combined with 7.4 Purchasing but certainly not always. We should not assume that outsourcing always includes a purchasing activity.

Defining and communicating your requirements is one part of the "control." :agree1:That is an excellent point. I agree wholeheartedly. Clearly defining product/process/system requirements associated with the outsourced activity is definitely part of control.

Please note I had started a similar thread (http://elsmar.com/Forums/showthread.php?t=25403)on this very subject.

:agree1:That is an excellent point. I agree wholeheartedly. Clearly defining product/process/system requirements associated with the outsourced activity is definitely part of control.

Please note I had started a similar thread (http://elsmar.com/Forums/showthread.php?t=25403)on this very subject.

Sidney, good point and I think that one change in ISO 9001:2008 is related to outsourcing now.
Thanks,
al40

Now that you have laid out the expectation with the outsourcing vendor via the PO. They are an Approved Vendor correct? You need confirmation from that vendor they are meeting your specs.

You will need to find out how they record that the product meets spec at each stage of thier process. That will guide you in what records will suffice. If the vendor is ISO certified all you may need is confirmation that your order has shipped. Provided that the product meets spec prior to shipping is stipulated as the record of conformance in the contract/po. Basically what your doing is creating a trail of responsibility.

You are assignign them your responsibility to produce a product to your specifications. They must prove to you taht hte product meets your spec. How you get that confirnation and aprroval is up to you.

Bringing this thread back to life....We have outsourced processes for plating, painting, calibration, spcialized coating, etc. No sourced machining though.

My question is that the 99% of plating and painting processes we outsource are for "decorative" purposes and not necessarily to a spec. How do we get away without calling out a spec or controls? Or is it just that easy and state as such on the P.O.?

It may not be to a formal "spec", but there is some need/requirement which has to be met (or else, why bother with the plating and/or painting?). This is what has to be "adequate" before communication to the supplier, if you are using clause 7.4 to control these outsourced processes.

How do you know if the supplier meets the "decorative" requirements?

Perhaps a visual inspection (and associated records) could suffice for meeting 7.4.3 and 8.2.4.

FWIW:
Whenever I outsourced metal finishing (plating, electropolishing, chemical coatings,etc.), I made it a point to collaborate with the supplier, explaining EXACTLY the functions and expectations of the finish and deciding together what criteria we would set to determine the finish met our requirements.

I just never thought of the relationship between us and our suppliers as anything other than a partnership with as much disclosure as possible on both sides of the deal.

Perhaps it's a strategy you could try.

This a very common problem and I feel there is a misperception about outsourced process.
I request for more feedbacks. :thanks:

Just recently transferring from TUV to SGS, I´ll pass on SGS´s definition of an outsourced process : An outsourced process is one that even if the organization has the condition/capacity to do internally, the organization decides to do it outside of the organization.

We outsource our calibration, but I do not consider it an outsourced process since I do not have the required conditions to perform the calibrations. But, I do qualify this supplier in accordance 7.4.1 par 2

Just recently transferring from TUV to SGS, I´ll pass on SGS´s definition of an outsourced process : An outsourced process is one that even if the organization has the condition/capacity to do internally, the organization decides to do it outside of the organization.

We outsource our calibration, but I do not consider it an outsourced process since I do not have the required conditions to perform the calibrations. But, I do qualify this supplier in accordance 7.4.1 par 2GOSH, THAT'S AN INTERESTING DISTINCTION.

The distinction I used (really splitting hairs, because they are ALL suppliers of one kind or another) was folks performing "additional" processes to a product my shop had already done preliminary work on or on ANY product or material we supplied.

Thus, any finish applied to products we machined (plating, chemical coating, electropolishing, etc.) by a supplier in an arm's length transaction was "outsourcing." Alternately, if I OWNED the supplier, regardless if it was in my building or across the state, we considered it just another step in our own manufacturing process, the same as if I moved the product from machine to machine or dunked it in a passivating tank in the far corner of the shop.

Conversely, if I made a bargain deal on 24-foot metal bars from supplier A and had them shipped to steel service center B to cut into 12-foot lengths so they would fit in my automatic barloaders, I considered that normal supply chain, not outsourcing, even though I had the capacity in-house to chop the bars, but chose to use my resources for a higher profit purpose, more than covering the cost of having a supplier cut them for us. The distinction in my mind being we hadn't done any preliminary work on the bars apart from paying for them.

Just recently transferring from TUV to SGS, I´ll pass on SGS´s definition of an outsourced process : An outsourced process is one that even if the organization has the condition/capacity to do internally, the organization decides to do it outside of the organization.

We outsource our calibration, but I do not consider it an outsourced process since I do not have the required conditions to perform the calibrations. But, I do qualify this supplier in accordance 7.4.1 par 2

ISO 9001 clause 4.2.1 Note 2 does not mention "conditions". SGS has to audit to ISO 9001 - if company has the "conditions/capacity" to carry out the process(es) is not, IMO, the pass/fail mark for deciding if it/they are outsourced.

FWIW:
Whenever I outsourced metal finishing (plating, electropolishing, chemical coatings,etc.), I made it a point to collaborate with the supplier, explaining EXACTLY the functions and expectations of the finish and deciding together what criteria we would set to determine the finish met our requirements.

I just never thought of the relationship between us and our suppliers as anything other than a partnership with as much disclosure as possible on both sides of the deal.

Perhaps it's a strategy you could try.

THAT is exactly what we do and have done for years but that isn't enough correct? It has to be defined on the PO or somewhere else, correct? Obviously, we don't document it. I know the supplier does though.

THAT is exactly what we do and have done for years but that isn't enough correct? It has to be defined on the PO or somewhere else, correct? Obviously, we don't document it. I know the supplier does though.After we conferred/collaborated, we reduced it to writing (the Control Plan and the Inspection Plan), then afterward there is no "he said/she said" argument. Sometimes we generated "gold samples" when an appearance attribute was agreed, each party having pass/fail samples for visual comparison.

Obviously [perhaps not so obviously?], we also involved OUR customer in this dialog. (We sold to OEM.)

Back then, I thought it was a great way to


avoid arguments AFTER the fact
reduce cost (the outsourced process was not "over-engineered" to satisfy the whim of some persnickety inspector with an ingrown hair)
get the supplier actively involved in the success of my product
learn potential cost savings or product improvements (I first learned about electroless nickel from one such plating source and subsequently lobbied all my customers who specified such plating to switch from electrolytic nickel plate and to change from toxic cadmium plating to this process which made machinists all look good because of the uniform thickness coating - no "dogboning" on edges and points of machined products.)

We are currently an ISO-9001 Certified Design and Manufacturing supplier of integrated assembly and welding systems for the automotive and general industrial industries. I have prepared our QMS and documentation for an upcoming AS9100 audit scheduled for April. The executive management has recently made the decision to outsource all of our Mechanical and Controls Engineering. The people who recently worked for the engineering departments are still here, however do not work directly for our company any longer.
So, here's my dilemma:
How do I address this with my new AS9100 auditor?
Currently they are still under our roof, working to our Design and Development Procedures and requirements, so do I treat them as though they are still internal departments?
Am I now exposed to a non-conformance, if it becomes known and I don't have them included within my approved supplier system?
How should I develop the system for this in the future?
We use suppliers of course for purchased components, temp. contractors and special process manufacturing, however, this is different for us, since it's so close to our audit, we are little nervous as to how to handle the situation.

We are currently an ISO-9001 Certified Design and Manufacturing supplier of integrated assembly and welding systems for the automotive and general industrial industries. I have prepared our QMS and documentation for an upcoming AS9100 audit scheduled for April. The executive management has recently made the decision to outsource all of our Mechanical and Controls Engineering. The people who recently worked for the engineering departments are still here, however do not work directly for our company any longer.
So, here's my dilemma:
How do I address this with my new AS9100 auditor?
Currently they are still under our roof, working to our Design and Development Procedures and requirements, so do I treat them as though they are still internal departments?
Am I now exposed to a non-conformance, if it becomes known and I don't have them included within my approved supplier system?
How should I develop the system for this in the future?
We use suppliers of course for purchased components, temp. contractors and special process manufacturing, however, this is different for us, since it's so close to our audit, we are little nervous as to how to handle the situation.Curiously, we have several threads revolving around the issue of "employee status" vis a vis ISO auditor opinion this week.

In general, my take on this is: "on-site workers, regardless of who actually signs a paycheck, are engaged in a task for the organization, and thus under the "control" of the organization."

Usually, it's pretty easy to differentiate a supplier who performs work off-premises from an external worker (salesman, field engineer, SQA), regardless if the off-premises worker is on a direct payroll for the organization or works for a "temp agency."

Similarly, it seems to me easy to differentiate between a roofing installer, a process machine repairman, a plumber, etc. and a flock of inspectors hired from a temp agency or a room full of CAD people making working engineering drawings from sketches drawn up by in-house engineers. The outside contractors/suppliers are providing a product or service based on THEIR skill and experience and the organization has little control over HOW the task is performed even if the WHEN and WHERE of access is limited.

Conversely, the draftsmen, inspectors, engineers, assemblers, and others hired from a temp agency are specifically bound by the temporary contract to be under the control of the organization for the HOW as well as the WHEN and WHERE. Each individual worker, of course, regardless of whether an outside supplier or a captive temporary worker, brings certain skills and experience to the job which allows him some latitude in how easily or efficiently he performs the task at hand. Your organization is spared the expense of training/retraining a whole crop of new temp employees. (That's why the organization agreed to keep the same workers rather than insisting on a new crop from the temp agency.)

In the specific case, the fact the paycheck signer has changed, but the workers are the same, is merely an accounting detail, NOT an indicator of loss of function or control over their activities.

Think of this whole apparent change as something as trivial as changing bank accounts for the payroll and designating a new organization person as the check signer. From your description, nothing more has changed, nor should anything change in the way you interact on a day-to-day basis with these workers.

BOTTOM LINE:
you still have the same control you had when they were direct employees.

I´ll pass on SGS´s definition of an outsourced process : An outsourced process is one that even if the organization has the condition/capacity to do internally, the organization decides to do it outside of the organization.

Really? I disagree and would dispute this - they're making up their own definition.

I'll stay with what's clearly stated in ISO 9001:2008 (cl 4.1):

NOTE 2 An “outsourced process” is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party.

Why, oh why, use something else ??? :nope:

Really? I disagree and would dispute this - they're making up their own definition.

I'll stay with what's clearly stated in ISO 9001:2008 (cl 4.1):

NOTE 2 An “outsourced process” is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party.

Why, oh why, use something else ??? :nope:

The lead auditor put it in the stage 1 audit report. I did not dispute it or find anything wrong with it as all my outsourced processes are being monitored by many different ways...

The lead auditor put it in the stage 1 audit report.

Ah, that's a different thing. I assume the lead auditor wrote something like 'even though the organisation has the capacity to do this, it has chosen to outsource XYZ process' whereas I understood you to mean they were creating their own unique definition & using that. Sorry if I confused.

Ah, that's a different thing. I assume the lead auditor wrote something like 'even though the organisation has the capacity to do this, it has chosen to outsource XYZ process' whereas I understood you to mean they were creating their own unique definition & using that. Sorry if I confused.

I think you understood it correctly the first time. The exact wording (after my translation) :

Outsourced processes in our understanding are those which even having the conditions/capacity to do it internally, the organization chooses to do it outside of the organization. Please check if this situation occurs.

Like I mentioned in a previous post, I did not think much of it since our outsourced processes are being sufficiently monitored and under control.

Just recently transferring from TUV to SGS, I´ll pass on SGS´s definition of an outsourced process : An outsourced process is one that even if the organization has the condition/capacity to do internally, the organization decides to do it outside of the organization.



That's news to me, :D :rolleyes: certainly not how I would define outsourcing.

It's also simply wrong. For example, there aren't that many companies that decide (for whatever reason) to not use their own onsite irradiation facility and instead outsource that key manufacturing process step (gamma sterilization). They outsource because they can't do it themselves.

Certainly companies can also outsource processes for the reason you suggest.

Thanks for the input Roland.

Since you work for SGS could you maybe check what´s up here in Brazil with this "interpretation"?

I don´t wish to make this a big issue or anything, but now it´s making me curious...

I wouldn't lose any sleep over it, but if you PM me all the info, I'd be interested, and may be able to find out more (no promises).

What I always say in these situations (I usually work with manufacturing organizations) is that it helps to create a moderately-detailed process flowmap.

Where one of the steps in the flow takes place at a different company, typically that's an outsourced process. You may well need more involvement in establishing the initial arrangements.

The reason that identifying outsourced processes early is important to CBs is that we might conclude that we need to audit there if the process is significant.
You need to establish why you are satisfied that the company is competent to provide you with the products/services you need (or at the very least explain what preventive measures you have put in if they can't be judged to be reliable).

My confusion lies more with regards to our current documented system procedures and work instructions that were developed for these, previously internal departments. I agree that yes they are still working under my roof however, I can not ignore that they are separate companies and will begin manage their resources in accordance with what makes since to their business. So, with that being said, do I develop a Supplier Quality Manual that provides our specifications and requirements for deliverable s? Will this allow me to remove the Design and Development system procedure, and relative instructions for my documented system? I do not develop and/or control the procedures that my other critical suppliers use. In accordance with the Purchasing element of the standard, we evaluate, audit, and place proper controls to ensure we receive conforming product. So, I'm asking our community to help me develop a plan for how I will treat and manage this situation in the future. Thank you

My confusion lies more with regards to our current documented system procedures and work instructions that were developed for these, previously internal departments. I agree that yes they are still working under my roof however, I can not ignore that they are separate companies and will begin manage their resources in accordance with what makes since to their business. So, with that being said, do I develop a Supplier Quality Manual that provides our specifications and requirements for deliverable s? Will this allow me to remove the Design and Development system procedure, and relative instructions for my documented system? I do not develop and/or control the procedures that my other critical suppliers use. In accordance with the Purchasing element of the standard, we evaluate, audit, and place proper controls to ensure we receive conforming product. So, I'm asking our community to help me develop a plan for how I will treat and manage this situation in the future. Thank you

The standard does not require you to over control your outsourced supplier companies. It merely states you have to document whatever controls you have defined (if any are needed), and that has to be documented.

Remember, the cl 4.1 discusses identifying your processes, and inputs/outputs, criteria, metrics, planning it all out. Then it says if you have outsourced processes, you have to define those as well. You don't have to do all the 4.1 things,they can do it, but you do at a minimum have to define whatever controls you do have.

Examples can include requiring ISO certification, receiving inspection, adherence to specs, whatever is appropriate. Don't overdo it.

"An outsourced process is one that even if the organization has the condition/capacity to do internally, the organization decides to do it outside of the organization."

I get the impression that some of us are interpreting the SGS defiention of Outsource differently.

The SGS definition does not state that it is ONLY outsourcing if the organization has the capacity to do the process internally. It says that DESPITE having or not having the capability internally, if the organiztion chooses to have the process done externally, then it is outsourcing. The SGS definition says that independent of having the capability internally, when an organizaiton chooses to do the process externally, then it is outsourcing.

To me, Note 2 in section 4.1 of ISO 9001:2008 and the SGS definition mean the same thing to me. It is about choosing. If you choose to do it internally, then make sure you have the capacity or get the capcacity if you don't have it. If you choose to do it externally, even if you have the capacity inrternally (or not), then it is outsourcing.

Hi Susan,
Another outsourced process is if your head office is in another location to your factory.

Regards
Ian

Hi Susan,
Another outsourced process is if your head office is in another location to your factory.

Regards
Ian

Generally, the head office should not be considered an outsourced process. If the head office performs a process that is relevant to your QMS, such as perhaps Sales/Customer Relations or maybe Purchasing, these should be identified as processes within your QMS and the head office is audited and viewed as a remote location.

No, I wouldn't call a process located somewhere other than 'head office' as outsourced. It's still the same organisation, just that one process occurs in a different location.

Really doesn't matter if head office is upstairs, round the corner or in another state/country from the factory: this is not outsourced.

No, I wouldn't call a process located somewhere other than 'head office' as outsourced. It's still the same organisation, just that one process occurs in a different location.

Really doesn't matter if head office is upstairs, round the corner or in another state/country from the factory: this is not outsourced.

What if the head office/corporate is not 9001 certified ? If not, whatever services they provide to their units (e.g. Purchasing) wouldn't call for exercising 'Controls' ?

Please refer the following URL:

http://www.iso.org/iso/iso_catalogue/management_standards/iso_9000_iso_14000/iso_9001_2008/guidance_on_outsourced_processes.htm

What if the head office/corporate is not 9001 certified ? If not, whatever services they provide to their units (e.g. Purchasing) wouldn't call for exercising 'Controls' ?

Please refer the following URL:

http://www.iso.org/iso/iso_catalogue/management_standards/iso_9000_iso_14000/iso_9001_2008/guidance_on_outsourced_processes.htm

That is an interesting link. Well worth reading by everybody. According to that, it would appear that ISO would in fact be comfortable considering management processes as outsourced, rather than classing it a remote location.

When this program rolled out originally in 2000 and 2002 (TS), the viewpoint promoted the remote location point of view.

Unless ISO has some updated discussions of remote locations, it would appear now that ISO would be comfortable classing them either as outsourced or remote locations, while TS (IATF) prefers considering management processes as remote locations.

I guess each organization should whichever method is more suitable for your particular application. If TS, better to stay with the remote location point of view.

Thanks for sharing that link.

That is an interesting link. Well worth reading by everybody. According to that, it would appear that ISO would in fact be comfortable considering management processes as outsourced, rather than classing it a remote location.

When this program rolled out originally in 2000 and 2002 (TS), the viewpoint promoted the remote location point of view.

Unless ISO has some updated discussions of remote locations, it would appear now that ISO would be comfortable classing them either as outsourced or remote locations, while TS (IATF) prefers considering management processes as remote locations.

I guess each organization should whichever method is more suitable for your particular application. If TS, better to stay with the remote location point of view.

Thanks for sharing that link.

I would agree that (involved) separate locations of the same company, unless part of the same overall certification, are best considered as outsource. They perform operations, there needs to be some justification that they are competent to do those operations.

You only need to read the horror stories elsewhere on Elsmar to know that companies do not always work that well internally.

The challenge comes when the performance of an internal division isn't up to par, you have less power to do anything about it, (especially when it is Corporate HQ letting you down!). It tends to be easier when another division is supplying material or components, the pass/fail criteria tend to established clearly, although achieving root cause elimination can potentially be politically difficult sometimes.

Nonetheless I have seen effective improvement in many companies done as a result of treating other divisions, even HQ functions, essentially as any other outsourced process.

Thanks for sharing that link.

It's my pleasure.

Regards,

What if the head office/corporate is not 9001 certified ? If not, whatever services they provide to their units (e.g. Purchasing) wouldn't call for exercising 'Controls' ?

That would be a different scenario. If that's what Ian meant with his example, that important information needed to be included. And yes, in that case I agree. BTW that link is to the same info as the downloads from the TC site, I think.