Determining if Maintenance Contractor is an External Service subject to ISO 9001 Clause 8.4

#1
I've read several articles on the net about what constitutes an externally provided process, product, or service under clause 8.4 of the 2015 standard. Some articles say that processes covered under clause 8.4 are ones that directly affect the product (we're a manufacturer), while other articles seem to imply 8.4 applies to everything under the sun including the trash pick up service.

I work for a small chemical manufacturer that produces raw materials for other industries. The Instrument and Electrical (I&E) Manager is a company employee. The electricians that work under him daily are from a maintenance contractor company. Although I&E is a support department, and is not directly involved in manufacturing product, is the maintenance contractor company considered an external provider subject to clause 8.4?
 

Tagin

Involved In Discussions
#2
Consider, from 9002:2016 8.4.2:

The intent of this subclause is to establish the controls for external providers, in order for the organization to have confidence that the products and services to be provided will meet requirements.

The type and extent of control is based on what the potential impact that the externally provided process, product or service can have on the organization’s ability to consistently deliver conforming products and services.

EXAMPLE In a printing organization, the paper quality could be critical. However, a travel agency might use normal, commercial stationery without the need for any quality related purchasing controls. The printing organization needs to monitor the performance of its paper providers very closely to ensure that the quality of its printed products remains at the expected level.

The organization should determine which controls are to be implemented by or for an external provider. The intent of these controls is to ensure that product or service provision will be carried out according to planned arrangements and that the product or service will conform to requirements.
So, its up to you to determine what kinds of controls (if any) are needed "in order for the organization to have confidence that the products and services to be provided will meet requirements" for this maintenance contractor company.
 
#3
I've read several articles on the net about what constitutes an externally provided process, product, or service under clause 8.4 of the 2015 standard. Some articles say that processes covered under clause 8.4 are ones that directly affect the product (we're a manufacturer), while other articles seem to imply 8.4 applies to everything under the sun including the trash pick up service.

I work for a small chemical manufacturer that produces raw materials for other industries. The Instrument and Electrical (I&E) Manager is a company employee. The electricians that work under him daily are from a maintenance contractor company. Although I&E is a support department, and is not directly involved in manufacturing product, is the maintenance contractor company considered an external provider subject to clause 8.4?
Consider this scenario.
Your external supplier provides raw material for your products, well this is directly related to your product.
As such, a close monitoring is needed to apply, supplier evaluation and monitoring, you could also perform audits in his facilities, sometimes there are some agreed contracts.
While a supplier which provides you services for training in Microsoft office and windows apps, well maybe will be evaluated every six months, because such services are not directly related to the product, normally is the practice followed.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#4
is the maintenance contractor company considered an external provider subject to clause 8.4?
In my (professional) assessment, based on your description, NO. This external service source is not required to be managed under section 8.4 of the ISO 9001:2015 Standard. Lines have to be drawn somewhere; otherwise, the slippery slope can get ludicrous, fast.
 
#5
In my (professional) assessment, based on your description, NO. This external service source is not required to be managed under section 8.4 of the ISO 9001:2015 Standard. Lines have to be drawn somewhere; otherwise, the slippery slope can get ludicrous, fast.
I agree with you Sid. The vice president of manufacturing, who has been here for thirty years, has never considered the maintenance contractors a critical vendor. I agree with Tagin that the standard implies that it should be up to the company.

I agree with the slippery slope getting ludicrous. The problem I have is some CB auditors choose to inject their personal opinion about how you should run your company. Let me share an unrelated example. In the last CB audit we had, the CB auditor insisted that we had to have the safety department part of our QMS (keep in mind we're a manufacturer). As such, all safety near misses should be logged in our NCR system. I told her that the safety department has never been part of our QMS, and isn't going to be because it doesn't directly affect the quality of our product. She kept replying that safety does affect the company, so "we can't have can't have blinders on looking only at quality." Now clause 4.4 of the standard implies that the organization determines its processes. So I believe clause 4.4 gives my company the right to "put on blinders" and not include safety as a process because the safety department has it's own system. Some "holier than though" CB auditors seem to think that they determine what the organization processes are during the CB audit. Using this auditor's logic, everything, including the company that cuts the grass around the front office, needs to be part of the QMS.

Perhaps this should be another thread, but is there any advise for dealing with the inevitable CB auditor that will insist this maintenance contractor is a critical vendor, even though the company's upper management does not?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#6
In the last CB audit we had, the CB auditor insisted that we had to have the safety department part of our QMS (keep in mind we're a manufacturer). As such, all safety near misses should be logged in our NCR system. I told her that the safety department has never been part of our QMS, and isn't going to be because it doesn't directly affect the quality of our product. She kept replying that safety does affect the company, so "we can't have can't have blinders on looking only at quality." Now clause 4.4 of the standard implies that the organization determines its processes.
Make her read 0.4 of ISO 9001:2015

9001 04.jpg

Based on the description of the situation, I would bet this auditor's background and forte' is on occupational safety and she also became qualified for quality management system audits (ISO 9001) and she is trying to navigate where her comfort level is. By making occupational safety a part of a QMS audit, she is trying to avoid discomfort. But she would be wrong in doing so.
 
#7
Make her read 0.4 of ISO 9001:2015


Based on the description of the situation, I would bet this auditor's background and forte' is on occupational safety and she also became qualified for quality management system audits (ISO 9001) and she is trying to navigate where her comfort level is. By making occupational safety a part of a QMS audit, she is trying to avoid discomfort. But she would be wrong in doing so.
Sidney, you are the best. You've lowered my blood pressure by at least 10 points, my friend. Dealing with auditors who think their opinion is equivalent to a Supreme Court ruling is very frustrating to say the least.
 

Ed Panek

VP QA RA Small Med Dev Company FDA and ISO13485:16
Trusted
#8
I've read several articles on the net about what constitutes an externally provided process, product, or service under clause 8.4 of the 2015 standard. Some articles say that processes covered under clause 8.4 are ones that directly affect the product (we're a manufacturer), while other articles seem to imply 8.4 applies to everything under the sun including the trash pick up service.

I work for a small chemical manufacturer that produces raw materials for other industries. The Instrument and Electrical (I&E) Manager is a company employee. The electricians that work under him daily are from a maintenance contractor company. Although I&E is a support department, and is not directly involved in manufacturing product, is the maintenance contractor company considered an external provider subject to clause 8.4?
Define it in your supplier evaluation process. Category 1 - High risk to customer satisfaction/product safety or effectiveness Category 2- Low risk Category 3 -NO RISK (Trash, Lawn care, Toilet paper, vending machine) Category 3 requires no management and may not be defined or controlled.
 
#9
I agree with you Sid. The vice president of manufacturing, who has been here for thirty years, has never considered the maintenance contractors a critical vendor. I agree with Tagin that the standard implies that it should be up to the company.

I agree with the slippery slope getting ludicrous. The problem I have is some CB auditors choose to inject their personal opinion about how you should run your company. Let me share an unrelated example. In the last CB audit we had, the CB auditor insisted that we had to have the safety department part of our QMS (keep in mind we're a manufacturer). As such, all safety near misses should be logged in our NCR system. I told her that the safety department has never been part of our QMS, and isn't going to be because it doesn't directly affect the quality of our product. She kept replying that safety does affect the company, so "we can't have can't have blinders on looking only at quality." Now clause 4.4 of the standard implies that the organization determines its processes. So I believe clause 4.4 gives my company the right to "put on blinders" and not include safety as a process because the safety department has it's own system. Some "holier than though" CB auditors seem to think that they determine what the organization processes are during the CB audit. Using this auditor's logic, everything, including the company that cuts the grass around the front office, needs to be part of the QMS.

Perhaps this should be another thread, but is there any advise for dealing with the inevitable CB auditor that will insist this maintenance contractor is a critical vendor, even though the company's upper management does not?
I wouldn't be completely convinced about that .
When the standard States, " comply with customer and local regulations"
Local laws to have safety in buildings for personnel, anti fire systems, are they local regulations to comply with or no?
Yes it doesn't affect directly the product but, you have to comply with local laws. What is your thinking?
 

Top Bottom