Supplier Evaluation - External Provider Evaluation (AS9100)

[Suzeku]

I am a first time poster so be gentle. I scoured the threads and didn't see an answer, so I'll try now.

A colleague and I are discussing supplier evaluation and ASL, both in relation to AS9100C and D. Here’s where the discussion gets heated:

Colleague states that if you have 100 vendors that do work for you product related, you only have create a core group of them (they are suggesting a core of 5) to track OTD and Quality and evaluate. Their reasoning being that those handful you pick are ones that you have to use, there is no alternative, so your hands are to the fire.

I read the standard as having to track all of the OTD and Quality and evaluate all that are directly product related. Perhaps, to lighten the load, you can create Core, and Tier 2. Cores you’d be required to do all the metrics and evals and alert them if they fall below your standards, and would be companies that are used most regularly. Tier 2 you’d have all the data on and available for eval, but they are ones you might use once a year when you are in bind, and therefore their scoring could be abysmal. Therefore, they would not be part of the “alert group”. This would allow a company with limited team members to fulfill the needs and wants of the standard without creating an additional full time job.


The question I pose to you guys is, do you track and alert EVERY SINGLE vendor that is product related, or do you have wording like above to allow yourself leniency? Do you feel the above would be acceptable to an auditor?

 

[Michael_M]

By my understanding of 7.4.1 (AS9100c):

"The organization shall be responsible for the conformity of all products purchased from suppliers, including products from sources defined by the customer"

"The organization shall evaluate and select suppliers based on their....."

"b) periodically review supplier performance......"

These statements tell me that I have to evaluate all suppliers that do something to the product.

 

[Kronos147]

It's YOUR system. If you can keep control by monitoring a core group of suppliers, then great!

Additionally, consider COTO in AS9100 Rev. D 4.1.

 

[Sidney Vianna]

It's YOUR system. If you can keep control by monitoring a core group of suppliers, then great!

That's not how this is supposed to work. You can not do whatever you want, based on your resources. If there are critical things that need to happen and you don't have the resources, top management is failing one of it's basic responsibilities, as EXPLICITLY required in the standard.

The "it's your system; do whatever works for you" statement does not allow people to disregard the requirements and intent of the standard and, still expect to be certified.

It might be "your system", but let's not forget the potential consequences of nonconforming products in aviation, space and defense applications.

If complying with the requirements of AS9100 is too taxing on the organization, then they have no business in this business.

 

[Kronos147]

"it's your system; do whatever works for you"

Who said that?

If there are critical things that need to happen and you don't have the resources, top management is failing one of it's basic responsibilities, as EXPLICITLY required in the standard.

I agree.

The "it's your system; do whatever works for you" statement does not allow people to disregard the requirements and intent of the standard and, still expect to be certified.

You must meet the requirements. You must consider your organization and processes.

The blanket that all suppliers must be assessed X where X = the same, or same criteria, or same frequency may not be true based on the context of the organization.

It might be "your system", but let's not forget the potential consequences of nonconforming products in aviation, space and defense applications.

If complying with the requirements of AS9100 is too taxing on the organization, then they have no business in this business.

If overburdening resources leave the system ineffective that would be bad too.

If I at all implied to "slack off" or "don't do your due diligence" in my first post I apologize for my wording. I am a big fan of clause 0.1.

 

[BoardGuy]

IAQG has issued an AS9100C, Clause 7.4.1 clarification on this point as follows:

[FONT=&quot]“An organization is expected to monitor supplier performance (i.e. quality and delivery) to determine how its suppliers are performing and whether the organization wishes to do business with them in the future.” [/FONT]

[FONT=&quot]“IAQG 9100, clause 7.4.1 requires that the type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product.”[/FONT]

Here is the link to AS9100C Clarification Document: http://www.sae.org/iaqg/projects/9100clarify2009.pdf

Now one point that must be remembered is that these measurements, per 7.4.1, only apply for your suppliers that have an effect on the product realization or the final product. Any supplier that does not affect realization or final product is not subject to control under 7.4.1.

 

[Kronos147]

Those are some great points, Board Guy.


Perhaps a real world application/scenario would help justify my position:

In our organization, statistics for Supplier Performance are tallied manually.

We have a supplier that does grinding for us, once in a blue moon. We ask for an AS9102 FAIR with the delivery.

We have a supplier that does Nadcap Chem Film on 60% of our products.

The Nadcap supplier is assessed and monitored a little more closely than the grinding shop. We review these 'critical' suppliers more stringently than the supplier that provides our machine coolant. Both can effect production, but our Risk Based Thinking has us operating with the thought (hope?) that bad coolant would be discovered as we change it on the first machine.

Our Risk Based Thinking says that a grinder that gives us a FAIR that we can verify each order needs less assessment than someone giving us a certificate of conformance we use as a big part of the process acceptance criteria.

This is how we can best apply our resources to make sure we meet our objectives.

 

[Mike S.]

AS9100D 8.4.1.1c says:

The organization shall: c. periodically review external provider performance including process, product and service conformity, and on-time
delivery performance;

If your auditor finds you buying products or services that affect the final product from a supplier for whom you do not have any of this info, what do you think will happen?

 

[al40]

Agreed, I have a supplier base of 3500+ and we keep track of their OTD and quality but we only report out Top 25 based on criticality and $ spent. You have to know what your supplier base is doing.

Best wishes,
AL40