Determining which Processes are Outsourced Processes

R

RRder

Need some advice and opinions: Our company has been active since its creation in 1949 and is a small metal fabrication operation with 3 physical locations about 50-75 miles apart, all serving under one ISO 9001:2000 certificate. We were recently 3rd party audited to the 2008 Standard. We attempted to cover our 1st and 2nd tier documents geared to the requirements of the Standard's clauses 4.1, 4.1.1, and 7.5.2 along with the ISO/TC 176/SC 2's 630R3 "ISO Guidance on Outsourced Processes". In addition to these references, the 3rd party auditor states we should consider 5 elements for determining control of the outsourced process, these being:

(1) Product Validation to 7.5.2 when our verification isn't possible, (2) whether the product/service requires an outsourced process, (3) if so, to determine the standards required, e.g. NIST, ASTM, A2LA lab accreditations, etc. for producing the product or service, (4) any customer requirements, and statutory/regulatory e.g., overhead crane (OSHA), fire extinguisher (NFPA), etc. requirements.

Being left in the "dust" after the auditor leaves, we remain confused in some areas such as the preceding like statutory/regulatory the 2008 standard speaks of. As I see it, the statutory/regulatory is intended to pertain to anything concerning our metal product. For this product we feel what is needed for our QMS is what is directly pertinent to it, not the crane or fire extinguisher that is regulated by OSHA or possibly environmental requirements that another section of our organizations handles. If this belief is incorrect, where do you draw the line and how many "rabbit trails" that lead to nowhere have to be captured? A 3rd party auditor from a different registrar who performed our 2008 training, followed our thoughts, but we are stuck so far with the current contracted registrar leading in the manner above.

As for certification documents, our contracted registrar's 3rd party auditor suggested that all these or whatever certification standards be specified on the purchase order, or be as a supplement to, when ordering. We then have to sort through all our suppliers (such as sandblasting services when needed) and determine what documents they need to make our product or perform a service. These I consider their normal standards required of them by industry/govt. We then would generate a master list of these suppliers and their docs and then apply them to the PO's, this being a form of control to "outsourced processes". For those processes we have no means of measuring at Receiving Inspection, validation documentation would be required of the supplier.

Now another another level where we have a couple instances of various situations.
(1) An employee under normal circumstances of employment also performs a service of supplying special crating or pallets for shipping our product. In this case some lumber is obtained for him by our company, in others, he supplies the lumber for making the pallet or crate. Now this guy has done this for probably 10 years and is local, knows the company well and is respected well in our small community. Now he has to be expected to build to certifications/specifications and materials that he has not had available, but instead, he has patterned from similar product while . How is he considered in the outsourcing process, being an internal employee, but performing labor and wood product outside the company?

(2) The company has an out-of-state transporter that owns his own truck, but is contracted to a subsidiary of our organization. He's considered an employee of this subsidiary and is afforded benefits of them which "bolt on" to the benefits of our primary organization. The subsidiary pays its own fees, taxes, insurance, etc. and/or is charged by the primary organization (our company) when they choose to expend the cash for these costs.

In addition, the subsidiary bills the primary organization for freight charges. The CFO argues that these are separate legal entities and prefers the subsidiary not be subject to the ISO control. In this case, what is right? As I see it, this fellow's credibility has been established for nearly 40 years working with our primary organization through the subsidiary and basically is only furnishing his truck and maintaining it on his own while being compensated as an employee and for the applicable freight mileage for delivery of raw materials and distribution of finished goods to OEM's. The Distribution in addition to Design, Manufacturing, and Servicing is stated in the Scope of our QMS.

For these two instances, what is "really" expected by the ISO 9001:2008 process? Any help is appreciated. :rolleyes:
 
D

db

Re: Outsourced Process

WOW! a lot of stuff in this post... let's see if we can break it down a bit.

(1) Product Validation to 7.5.2 when our verification isn't possible,
I think this fully applies. You undoubtedly validate your processes, but probably don't document this. The question is how, for example, you know your welds will hold?

(2) whether the product/service requires an outsourced process,
What processes do you have that another entity performs for you (painting, heat treat, etc.)

(3) if so, to determine the standards required, e.g. NIST, ASTM, A2LA lab accreditations, etc. for producing the product or service,
I'm not sure this is totally required. The real question would be how do you control those processes? How do you ensure they are meeting your requirements? The auditor may very well have sensed no control and is reacting to that.

(4) any customer requirements, and statutory/regulatory e.g., overhead crane (OSHA), fire extinguisher (NFPA), etc. requirements.
Customer requirements are always important. They are normally spelled out somewhere. Do you know where? As far as the crane/ extinguisher... I am not convinced that those are within scope of the QMS audit. The crane could be as it relates to your ability to do the job (for example if you have a 20 ton crane and a 50 ton job, you probably won't be able to fulfill the customer requirments.

(1) An employee under normal circumstances of employment also performs a service of supplying special crating or pallets for shipping our product. In this case some lumber is obtained for him by our company, in others, he supplies the lumber for making the pallet or crate. Now this guy has done this for probably 10 years and is local, knows the company well and is respected well in our small community. Now he has to be expected to build to certifications/specifications and materials that he has not had available, but instead, he has patterned from similar product while . How is he considered in the outsourcing process, being an internal employee, but performing labor and wood product outside the company?
This could be an out sourced process (even if it is performed on location), and could be treated as such. How do you control the pallet manufacturer?

(2) The company has an out-of-state transporter that owns his own truck, but is contracted to a subsidiary of our organization. He's considered an employee of this subsidiary and is afforded benefits of them which "bolt on" to the benefits of our primary organization. The subsidiary pays its own fees, taxes, insurance, etc. and/or is charged by the primary organization (our company) when they choose to expend the cash for these costs.
Once again, this seems to require controlling as either an outsourced process or a purchased process (just like FedEx).


Hope that helps.
 
Top Bottom