External Processes - Subcontracting - Control Requirements

[Virgil 1]

Hello,

I'd like to know if anyone of you can give me some examples of processes that can be externalized (related to chap. 4.1."General requirements"). I have the Fench version where is written that when the organization does externalize some processes it must assure the control of them.

My question is: if I want to externalize the design process (which is important when I decide what module of ISO I apply for) how can I control this activity (in respect to the standard)?

On the other hand, if I externalize the design (which is possible to be part of the exclusions list) this means that I can consider all the standard requirements as fulfilled (including design)?

I intend to externalize some processes as: metrology, maintenance, etc.,based on contracts of services with other companies, because I have not the possibility of endowment with the necessary tools and instruments. In this case, how can I prove that the operations have ben well done and how can I prove that I control an externalized process?

Hoping to receive a reply,
I wish you a quality day

Virgil

 

[lou hannigan]

Virgil,

The terms of the contract with the vendor with whom you are externalizing the process should contain the requirements from the pertinent element. For example, any design company you utilize should have verification and validation processes.

The contract should specify that the vendor will maintain the records and evidence enabling you to audit and verify compliance with ISO 9001 requirements. For example, you can access the verification records of the design organization.

Any nonconformities and the consequent "Supplier Corrective Action" with the vendor should be able to address the pertinent requirements of the element that is being externalized. For example, if a maintenance company performed a repair job incorrectly due to an incompetent technician, you should be able to query the organization on their qualification and training procedures.

The output of the service should comply with the requirements. For example, the vendor for the calibration of the equipment should indicate the next scheduled calibrations for the instruments.

The normal ISO 9001 requirements for vendor quality control apply.

I look forward to your response and the thoughts of others on this issue.

Lou

 

[Marc]

Two main requirements also are:
You must provide the supplier with defined 'appropriate' requirements (your inputs) and defined outputs must exist as well. Process control is another issue. For example, you might require SPC for a certain process for evidence of process stability and capability.

There are many ways you can control your supplier. But - don't over do it. Don't over control your supplier.

 

[Anton Ovsianko]

It is all very fine to stipulate in the contract with your supplier that the latter must assure quality in a certain way and provide you with sufficient records et cetera, et cetera...
... if you are Ford Motor Company or, at least, if you are a key account for your supplier. However, when speaking of smaller companies or of suppliers, from whom you do not buy big volumes, how should one assure quality of suppliers services?

In Russia at least by far not all suppliers pay effort to estblishment and certification of their quality systems.

Will that do, if you use mere inbound control and supplier selection procedures, in case the supplier does not allow you manage his quality?

YS

Anton

 

[Marc]

Unless your customer specifically specifies otherwise, your 'control' may be limited to YOUR receiving inspection for that part or parts.

 

[lou hannigan]

I have to apologize. I thought the original question related to an externalization of a process pertinent to the quality system contained in the scope of the ISO 9001:2000 certification. For example; a Research, Development and Engineering firm, certified to ISO 9001:2000 including design in the scope, who subcontracts the design function.

Notwithstanding the relative negotiating standing of the two parties, I suggest that the design subcontractor should agree to and comply with the requirements of design contained in ISO 9001:2000, including cooperating in corrective action. All requirements are passed through to the subcontractor.

The RD&E firm could assume any number of the ISO 9001 requirements, for example participating in the planning stages, verifications, or validations. Another relationship, which I do not suggest, is the RD&E firm ignoring the internal quality and the processes of the subcontractor and repeating the verifications and validations once the product reaches the RD&E firm.

Regardless of the allocation between the two parties, all requirements of ISO for design must be met. Otherwise, the RD&E firm could not contain their research and design activities within the scope of the certification. They would be a shell organization.

If you externalize a process key to your product and included in the scope of your quality system, you or the subcontractor must have manifest evidence of meeting the requirements - otherwise, the processes should be omitted from your quality system scope. The RD&E firm would be an E firm!

For processes supporting the core processes, such as temporary technical help or facilities maintenance subcontractors, the above requirements could be lessened for practical purposes - however I would always push for the subcontractor and/or the firm to address of the ISO requirements (e.g. training plans for the temporary technical help).

Regards,
Lou

 

[B Hartley]

ISO Module apply for ?

Virgil,

Hi, With reference to your question I note that in your consideration of 'externalising' your Design activities you are requiring advice so that you can quote:-

"decide what module of ISO I apply for"

I'm not aware how much you know of ISO 9000 : 2000 but there is only one 'module' to achieve QMS Certification to and that is ISO 9001 : 2000.

Under the ISO 9000 : 1994 version of standard if you wished to exclude Design Activities from your QMS (whether you had a Design function or not ) you could opt to be certified to ISO 9002.

Under ISO 9000 : 2000 the only standard to which a QMS can be Certified to is ISO 9001 : 2000

The Key in differentiating between activities covered under the QMS and those excluded is in the Scope Statement that will appear on your ISO 9001 : 2000 Certificate. Your Certification Body will be able to advise you on this.

It is my understanding of ISO 9001 : 2000 that even if you 'externalise' all your 'Product' Design and Development you CANNOT exclude Clause 7.3

Your Scope would need to have wording to effect of " Manages and controls Product Design and Development Process".

Best Regards Brian

 

[Virgil 1]

Processes externalization

Hello,

I want to thank all of you for your kind replies to my question. I was out of the office these days therefore I didn't response to your messages until now.
Well, I think I wasn't quite clear in my question (excuse me for that, but the Romanian language is pretty far from English).
We are a maufacturing firm, a small one, and in order to sell our products we need the ISO 9000-2000 certification. Our products are designed by the firm that is our customer in the same time. So,in this case, I am working based on the customer's documentation (he designs and approve the process and he is certificated ISO 9001-1994). If the design is good or not it's the customer's problem, I'm not doing anything else than manufacturing upon his documentation and drawings, without verifying the calculus and so.
So far, so good. I have not problems in assuring the required quality for the products, but, when when I apply for certification, I need to have the paragraph 7.3.- Design and Development included in the scope of certification. But, if it is the customer who make his own design (and this situation will be permanent), how can I control him (or his design process) to accomplish the standard specification?
(For B Hartley)I have the French version of the standard ISO 9001-2000. It is written there that depending of exclusions that are mentioned, the cetification can be obtained on three modules: D, E, H (for module D- is excluded 7.3; for module E - are chap. 7.1, 7.2.3, 7.3, 7.4, 7.5.1, 7.5.2,7.5.3; for module D- no exclusion is admitted). Is that the reason I've asked about externalization.
In this particular situation can I consider that the design is externalized or that is excluded???
Hoping that what I written above is more clear than the previous message, I thank all of you once again for your help and I'm waiting for your possible reply.

Have a nice day

Virgil

 

[E Wall]

Hello V,
I would ask what input/participation you have with your customer on the design of the product you are manufacturing.

 

[Virgil 1]

Processes externalization

Hello Eileen,

We have absolutely no participation to the design process of the products we are manufacturing. The final customer sends the technical specifications to the design office of our main customer, who makes the design and transmits us the orders with the drawings for manufacturing the product.
Our quality conditions have been evaluated by our main customer and they are satisfactory for their requirements.
In fact, we are a kind of supplier for the organization which makes the design also, but a supplier which needs the certification
Thank you for your reply and I hope I was clear.

Have a good day!