8.4.1 Can we reduce the number of suppliers we apply our controls to?

M

MMESSER

Registered
We are a small manufacturer of pumps and components for the medical, industrial, aerospace industries. We have over 400 suppliers that provide product and services that are incorporated into our products. I read 8.4.1 & 8.4.2 as allowing us to determine the controls applied, but does not seem to allow us to limit the scope of supplier to apply the controls to. I have 400+ suppliers of this type.

I am asking for 2 reasons. There are those in my org. that are suggesting I need to apply the controls only to a subset of these supplier we classify as key suppliers. The other reason is that I floated this idea to our ISO Registrar/auditor who implied this would be allowed as long as we defined the criteria for Key suppliers.

I just don't read the standard as allowing this, also, we are moving towards AS9100, and I really don't think that would be allowable. The end result would be that only 20-40 of more than 400 of our suppliers providing products and services incorporated into our products, would have the full set of controls and monitoring applied. This would make life easier, but I don't want to go down this path if not advisable.
 
Download Free White Paper
Elsmar Forum Sponsor
You posted this in the ISO 9001 subforum but mentioned medical and aerospace, which have their own requirements. In ISO 9001 you do have to have controls for products and services used in your products, BUT they don't have to be the exact same controls. You are free to group your suppliers in classes such as critical and non-critical and apply different controls to each class. Just remember that medical and aerospace may not have as much flexibility.
 
I believe there is a way to get the best of both worlds. The key is that there is no requirement to apply the same controls and levels to all suppliers, just that there is something in place for all suppliers. So if you don't already have it, create an approved suppliers list. Your first phase of control is that you only buy from suppliers on the list. Next use Risk Management methodology to decide the level of control for each supplier. This can be laid out as an extension of the ASL. In your risk management consider such inputs as the suppliers past performance, their volume/spend and most importantly the criticality of the component. These critical suppliers will make up the 30 or so that need the most attention.
So going on just a little info but also experience in supplier quality, I would say you end up with about 30 whom you interact with weekly or at least monthly, another hundred or so that you calculate a performance metric and follow up on bigger issues on occasion. And then you have the balance which you 'monitor' for issues and only react when something blows up. Of course that supplier would get moved to a more critical status at least until their issue is put to bed.

I have some experience with AS9100. These techniques will work there too. The main thing is selling to the auditor that the less critical suppliers do have 'enough' supervision. As long as you make good decisions on ranking them then this should be no trouble. The auditor can't write it up based on his opinion, he/she woudl have to find evidence that your ranking was not appropriate.
 
Just curious... are you including suppliers like Mouser or Uline? If so, there's not much control you can apply over them so you can scale way back.
 
yodon said:
Just curious... are you including suppliers like Mouser or Uline? If so, there's not much control you can apply over them so you can scale way back.
Click to expand...
For a supplier such as Uline, we design qualify each new box type by performing drop tests, etc. Once qualified, it is limited to verifying correct product, quantity and checking for shipping damage.
For electronics, the same type of controls with the addition of controls for counterfeit electronics.
 
My employer has a lot of suppliers too. Controls must be applied to all of them, but more stringent controls are applied to those identified as Critical based on critical characteristics, patient and/or user safety and the importance of the supplied items on end product. All of this must be mapped out. Matrixes work well, can be included in supplier control procedures.
 
gakiss2 said:
I believe there is a way to get the best of both worlds. The key is that there is no requirement to apply the same controls and levels to all suppliers, just that there is something in place for all suppliers. So if you don't already have it, create an approved suppliers list. Your first phase of control is that you only buy from suppliers on the list. Next use Risk Management methodology to decide the level of control for each supplier. This can be laid out as an extension of the ASL. In your risk management consider such inputs as the suppliers past performance, their volume/spend and most importantly the criticality of the component. These critical suppliers will make up the 30 or so that need the most attention.
So going on just a little info but also experience in supplier quality, I would say you end up with about 30 whom you interact with weekly or at least monthly, another hundred or so that you calculate a performance metric and follow up on bigger issues on occasion. And then you have the balance which you 'monitor' for issues and only react when something blows up. Of course that supplier would get moved to a more critical status at least until their issue is put to bed.

I have some experience with AS9100. These techniques will work there too. The main thing is selling to the auditor that the less critical suppliers do have 'enough' supervision. As long as you make good decisions on ranking them then this should be no trouble. The auditor can't write it up based on his opinion, he/she woudl have to find evidence that your ranking was not appropriate.
Click to expand...
Thank you.
 
Miner said:
You posted this in the ISO 9001 subforum but mentioned medical and aerospace, which have their own requirements. In ISO 9001 you do have to have controls for products and services used in your products, BUT they don't have to be the exact same controls. You are free to group your suppliers in classes such as critical and non-critical and apply different controls to each class. Just remember that medical and aerospace may not have as much flexibility.
Click to expand...
Thank you for your feedback.
 
MMESSER said:
We are a small manufacturer of pumps and components for the medical, industrial, aerospace industries. We have over 400 suppliers that provide product and services that are incorporated into our products. I read 8.4.1 & 8.4.2 as allowing us to determine the controls applied, but does not seem to allow us to limit the scope of supplier to apply the controls to. I have 400+ suppliers of this type.

I am asking for 2 reasons. There are those in my org. that are suggesting I need to apply the controls only to a subset of these supplier we classify as key suppliers. The other reason is that I floated this idea to our ISO Registrar/auditor who implied this would be allowed as long as we defined the criteria for Key suppliers.

I just don't read the standard as allowing this, also, we are moving towards AS9100, and I really don't think that would be allowable. The end result would be that only 20-40 of more than 400 of our suppliers providing products and services incorporated into our products, would have the full set of controls and monitoring applied. This would make life easier, but I don't want to go down this path if not advisable.
Click to expand...
All must have evidence of some degree of control. How much is applied to each is up to your organization.
 
You must log in or register to reply here.

Similar threads

J
AS9100 8.4.1
Replies
0
Views
446
JoeZenOne
J
E
AS9102 - Maintaining Supplier FAIs on File for Customer Review?
Replies
4
Views
740
erin.b
E
D
Importance of cybersecurity compliance
Replies
2
Views
183
yodon
Y
Stefan Mundt
Exclusions - Clauses: 8.2, 8.3 & limiting 8.4 ???
Replies
8
Views
1K
Sidney Vianna
Sidney Vianna
R
Hole Punching Original Records?
2
Replies
11
Views
870
Nichole F
N
Back
Top Bottom