Control of Outsourced Processes (not properly described in the quality manual)

Edugar

Involved In Discussions
Hello all,

We received the following minor non conformity in our last 13485 audit from our notified body: “the outsourced processes and their control are not properly described in the quality manual”.

In order to address this feedback, we are looking at different options to make our current approach of managing the outsourced processes more transparent to all involved parties. One simple approach would be to do a procedure.

- Do you think that it is the best way to show that organization controls the outsourced processes?
- Do you have any example of “control of outsourced processes” procedure to share?

Appreciate your input.
 
S

SteveK

Re: Control of outsourced processes

Hi Edugar,

We have some secondary processes (e.g. anodizing) which are controlled by a Sub-Contracting procedure as part of the QMS. Very specific to our systems (but short) - just shows how it links in to purchasing/production.

Steve
 

Marcelo

Inactive Registered Visitor
What is need is to describe the outsource processes (hence the "not properly described in the quality manual" NC) and show how it interacts with your internal processes, and also show that it does not introduce any risks to your processes and final product.

For this, you need to set requirements for these outsourced processes, including risk management activities which need to be taken by your provider.
 

qusys

Trusted Information Resource
Hello all,

We received the following minor non conformity in our last 13485 audit from our notified body: “the outsourced processes and their control are not properly described in the quality manual”.

In order to address this feedback, we are looking at different options to make our current approach of managing the outsourced processes more transparent to all involved parties. One simple approach would be to do a procedure.

- Do you think that it is the best way to show that organization controls the outsourced processes?
- Do you have any example of “control of outsourced processes” procedure to share?

Appreciate your input.

You shall define the criteria with which your company controls outsourced processes, establishing measureables, target, management of non conformities and so on.
This could be agreed in the contract that you sign with your supplier.
Here , you could also establish the communication channel with them ( example meeting on time basis, reports and so on), as well as second part audit from your side as well.
To better explain and manage the overall process of control of outsourced processes, you could think to a mapping of your process to manage this one .
Hope this helps
 
C

cclee

Not sure what was the objective evidence provided to support the deductive nonconformance statement but I assumed it is related to one of these:

-contract manufacturer for the manufacture of devices, subassemblies, etc.
-contract sterilization for the sterilization of finished products.
-contract laboratories for the analysis of sterilization, environmental monitoring, biocompatibility etc.

I'm sure you already have procedures in place to maintain and control the above processes and elements of the QMS through CAPA, internal/supplier audits, quality objectives, management reviews, etc. So, without having to create a separate procedure for Outsourced Processes you could state in your manual all your outsourced processes and indicate that the policy to control these processes is identified in section 8.5.1(Improvement- General) of your manual (assuming your manual is aligned with ISO clause). Also, at the end of the manual you could reference the sections to the appropriate procedures or create a map to "link" everything together so the auditor will have a better understanding of the control of outsourced processes.

Hope this helps.
 

jkuil

Quite Involved in Discussions
Please read the 2 ISO guidance documents applicable to the outsourced processes
 

Attachments

  • Guidance on outsourced processes.doc
    111 KB · Views: 1,104
  • ISO application.doc
    161.5 KB · Views: 733
D

db

We received the following minor non conformity in our last 13485 audit from our notified body: “the outsourced processes and their control are not properly described in the quality manual”.

Quote to me, from the standard where this is a requirement? I do not see that in my copy of ISO 13485. I don't think this is a valid nonconformity.
 
C

Cochita

I believe that the most effective tool of getting assurance around efectiveness of controls within outsourced processes is using SAS70 standard (look up wikipedia on SAS70 as I cannot add link here due to a being newbie). Basically, you get the vendor to deliver you a SAS70 report (using specialist provider). There are two types of reports:
Type I - describing controls in place within the processes operated by the vendor meeting control objectives (description of control framework).
Type II - content of type I plus results of attestation of operating effectiveness of those controls over specific period (usually 6months). This kind of report requires that vendors uses independent auditor (SAS70 provider) to test these controls applying sampling/testing procedures as defined by SAS70 standard.

Getting any of the two reports will have cost implication to your vendor, therefore ideally, provision of SAS70 report should be a prequisite to becoming a vendor in a first place.

I hope this helps.
 

Edugar

Involved In Discussions
Quote to me, from the standard where this is a requirement? I do not see that in my copy of ISO 13485. I don't think this is a valid nonconformity.

Yes, you are right. It would be a NC if the Outsourced processes were not properly controlled. In this situation I guess the auditor wanted a clearer description.
 
D

DRDDO

Yes, you are right. It would be a NC if the Outsourced processes were not properly controlled. In this situation I guess the auditor wanted a clearer description.


Hi Edugar
I really agree with you,
although the requirement is not specifice required outsource process in QM but it is good business practcie to indicated in QM,
for example: Sterile produce done by ABC company!
We are not lawer, we are medical device maker,
Auditor want to make clear as you say.
what do you think?
DRDDO
 
Top Bottom