SBS - The Best Value in QMS software

The auditor documented that we did not have control of Outsourced Processes

A

adamson

#1
Please help. Outsourced processes

Background

I work for the Central Medical Stores which buys, stores and distributes all drugs for the Govt. We are currently implementing 9001. We are dependent on other Govt. departments / ministries for things such as building maintenance / Hiring of senior posts / Provision of vehicles for distribution etc.

The auditor documented that we did not have control of outsourced processes. For example, the transport dept provides the trucks and maintenence thereof to all Govt ministries.

The auditors argue that if no trucks are provided then we can’t meet customer requirements…no problem with that…the same goes for maintenance; if the fridges pack in…or if HR head office cannot fill senior manager positions…..etc. These services are never bought.

The other Govt departments do not have a QMS.

So questions
1. Is ISO certification possible where we have these inter departmental interfaces?
2. If so, what needs to be done to ensure sufficient control , e.g inter departmental agreements on key deliverables?
3. In terms of definition: Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes.

We don’t “choose” to outsource. Therefore are the auditors correct in their interpretation of outsourced processes?

All help appreciated.
 
Elsmar Forum Sponsor

Randy

Super Moderator
#2
Re: outsourced processes

You're not choosing to use what you are required to, you are mandated to do so and NO you do not have control and probably have little or no influence as well.

More properly what you say falls under 7.2.1(a) for sure.

And the auditor should not be interpreting, but would be better off in verifying that you have adequately identified the requirements you must meet and whether or not you are effectively meeting them
 

Marc

Fully vaccinated are you?
Staff member
Admin
#3
<snip> Outsourced processes

The auditor documented that we did not have control of outsourced processes. For example, the transport dept provides the trucks and maintenance thereof to all Govt ministries.

The auditors argue that if no trucks are provided then we can’t meet customer requirements…no problem with that…the same goes for maintenance; if the fridges pack in…or if HR head office cannot fill senior manager positions…..etc. These services are never bought.

The other Govt departments do not have a QMS.

So questions
1. Is ISO certification possible where we have these inter departmental interfaces?
2. If so, what needs to be done to ensure sufficient control , e.g inter departmental agreements on key deliverables?
3. In terms of definition: Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes.

We don’t “choose” to outsource. Therefore are the auditors correct in their interpretation of outsourced processes? <snip>
It sounds to me as if you are a distributor.

And - There are processes you will never have *total* control over. An example is transportation. No matter how you look at it there is no transportation company with 100% On Time Delivery. Accidents and traffic jams (and planes or ships which come in late, or that sink or crash) *do* happen. You may "require" 100% On Time delivery from a supplier, but they can not honestly say that they will be able to 100% of the time be able to meet the delivery date/time.

Maintenance - That's an area you (or your supplier) can easily keep covered. Identify critical equipment and make sure you have replacement parts for high failure rate parts. This is "Business 101". Heck, I keep a *lot* of different "backup" things here. Things as simple as a replacement belt and bags for my vacuum cleaner.

What this sounds to me like, it the auditor is asking you what contractually you require of your suppliers.

The interesting part of this is from what I understand is you are part of a government agency dealing with other government agencies. I would think this could be an interesting discussion thread. In large part this sounds like a "How do you flow 'down' requirements from one government agency to another" question.

Comments, folks?
 

somashekar

Staff member
Super Moderator
#4
Welcome to the Cove adamson

So questions
1. Is ISO certification possible where we have these inter departmental interfaces?
Yes it is. Please very clearly define within your process and interactions what are your processes, what are provided processes (Infrastructure, work environment and stuff) and what are outsourced processes.
2. If so, what needs to be done to ensure sufficient control , e.g inter departmental agreements on key deliverables?
If you are operating on a level playing field and you have your say, then an agreement makes sense.
3. In terms of definition: Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes.
Make sure that it is you who have the option of "make or buy" to define controls on such processes that you make or buy.
If it is provided with no option for you, then your QMS works within such constraints. You are just an user of the provided resource.

Reach out in the quality manual very clearly what are such processes that you "DECIDE TO OUTSOURCE"
Further, either in the manual or in any other suitable document, detail what are such controls you exercise on them so that they meet your requirements

Lead the auditor to your outsourced processes (If any) and, he has no say in deciding what you outsource.
 
Last edited:
J

JaneB

#5
I work for the Central Medical Stores which buys, stores and distributes all drugs for the Govt. We are currently implementing 9001. We are dependent on other Govt. departments / ministries for things such as building maintenance / Hiring of senior posts / Provision of vehicles for distribution etc....

The auditor documented that we did not have control of outsourced processes. For example, the transport dept provides the trucks and maintenence thereof to all Govt ministries.

The auditors argue that if no trucks are provided then we can’t meet customer requirements…no problem with that…the same goes for maintenance; if the fridges pack in…or if HR head office cannot fill senior manager positions…..etc. These services are never bought...
And is there any actual evidence that there are problems? Or is this just a way-out 'what if??' scenario dreamed up by your auditors?

Sheesh - at the very least, have they ever done any audits in a comparable situation? No, you don't choose your suppliers in this case!
1. Is ISO certification possible where we have these inter departmental interfaces?
Yes. But it requires some intelligence and work on the part of the auditors. It ain't a 'tick the box' exercise.
2. If so, what needs to be done to ensure sufficient control , e.g inter departmental agreements on key deliverables?
That sounds like one suitable method. (You can have various methods, it's jsut a matter of what works).
definition: Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes.

We don’t “choose” to outsource. Therefore are the auditors correct in their interpretation of outsourced processes?
Nope. Randy and Marc have given good advice here.

You may need to clarify what the issue is. Perhaps have a discussion with the Technical Manager (guy the auditors report to) at your certifier and explain your concerns - auditors pursuing a path of 'how do you ensure you get what you need from other departments?' But get clear about what they are saying (and what they're not), what their evidence is for it, etc.
 
#7
Hello adamson, and welcome to the Cove :bigwave:
But get clear about what they are saying (and what they're not), what their evidence is for it, etc.
Yes, I agree.

Not knowing for certain which clause the auditor was after makes it a bit awkward to commment, but how about this part of clause 4.1?
Excerpt from ISO 9001:2008 said:
Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

NOTE 1 Processes needed for the quality management system referred to above include processes for management activities, provision of resources, product realization, measurement, analysis and improvement.

NOTE 2 An “outsourced process” is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party.


NOTE 3 Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as

a) the potential impact of the outsourced process on the organization's capability to provide product that conforms to requirements,
b) the degree to which the control for the process is shared,
c) the capability of achieving the necessary control through the application of 7.4.
If so, the first question is in the clause: What influence will the processes in question have on product quality? Basically what the others have already said, but here it is...

/Claes
 
Last edited:
B

Bill Hicks

#8
When we had our last AS9100B audit in April 2011, our auditor brought up the fact that our worst performing supplier was our most often used supplier and asked what we were doing to gain control of quality and delivery issues. He noted numerous non-conformances were issued with no evidence of improvement. My response was simply that we did not choose the particular supplier but are required to use them per our customer PO or approved supplier list do to minimal cost for what value they add.(Decorative Plating)

My response was noted and not brought up again during the audit. Note, we do not choose to outsource to this particular supplier but are required to.

I hope this helps give some insight into the original discussion on this thread.

Thanks,

Bill
 
A

adamson

#9
Hi,
Thanks for your reply.
What this sounds to me like, it the auditor is asking you what contractually you require of your suppliers.
The problem here is that a formal contract won't fly (neither audits). We can identify the risks involved and then meet to communicate / agree our requirements and then schedule regular meetings to feedback any issues for resolution. This would be a "gentlemen's agreement", there are no enforceable / punitive measures. Would this be a suitable approach?

The interesting part of this is from what I understand is you are part of a government agency dealing with other government agencies. I would think this could be an interesting discussion thread. In large part this sounds like a "How do you flow 'down' requirements from one government agency to another" question.
Precisely. I suppose a simlar example would be head office doing the recruitment, we are involved but the control of the process is not with us. Maybe a better word for outsourced would be "shared processes" in this case. The easy way out would be if the other agencies were ISO certified but that likliehood is zero.
Thanks
 
A

adamson

#10
Hi,
Thanks for your reply
As you say, maybe better to separate "proper" outsourced process such as security and "shared / provided" processess
 
Thread starter Similar threads Forum Replies Date
Ed Panek Auditor MDR (Presub audit) finding EU Medical Device Regulations 2
I Freelance VDA6.3 Auditor at TURKEY VDA Standards - Germany's Automotive Standards 0
M VDA 6.3 – Workshop for Certified Process Auditor VDA Standards - Germany's Automotive Standards 1
R CB/Auditor Requiring a change in scope ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
W Redacting Info Before Giving to Auditor ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
T Quality auditor legal right to see Board meeting minutes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
V Certified Auditor - Need of additional certification specific to industry ( GMPs) ASQ vs ECA vs others Professional Certifications and Degrees 1
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 15
R American Petroleum Institute - Becoming an API Auditor Professional Certifications and Degrees 2
B Lowest cost way to pass Lead Auditor exam ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
Z Auditor Findings ISO 14001:2015 vs. 45001:2015 ISO 14001:2015 Specific Discussions 6
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 7
A Becoming an ISO27001 3rd Party Auditor Career and Occupation Discussions 4
L ASQ's Biomedical Auditor Course Test ASQ - American Society for Quality 1
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
G Same parts but new customer - What will the auditor ask me? IATF 16949 - Automotive Quality Systems Standard 2
Gun46 ISO 9001 : 2015 Lead Auditor Exam General Auditing Discussions 16
K %GRR was between 10-30% so we have to have a "backup plan" per auditor IATF 16949 - Automotive Quality Systems Standard 15
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 42
R ISO 45001 Lead Auditor Exam paper Training - Internal, External, Online and Distance Learning 1
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
A Our auditor told if we didn't have a patent we would have to do a validation or verification ISO 13485:2016 - Medical Device Quality Management Systems 6
W Certification for IATF Lead Auditor will expire in 2020 IATF 16949 - Automotive Quality Systems Standard 2
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
Ed Panek Auditor driving us nuts - ESD requirements ISO 13485:2016 - Medical Device Quality Management Systems 23
A OHSAS 18001 external auditor finding personal interpretation? Occupational Health & Safety Management Standards 5
S IRCA Lead Auditor training and Exam tips Training - Internal, External, Online and Distance Learning 5
L ASQ CBA biomedical auditor - CBA primer material is enough to study? ISO 13485:2016 - Medical Device Quality Management Systems 6
B VDA 6.3 Qualification as Process Auditor training course and exam VDA Standards - Germany's Automotive Standards 0
F ISO 21001 Educational Organizations Management - How to become an auditor Other ISO and International Standards and European Regulations 1
J Getting training either from ASQ or from SAI Global - ISO 9001 Lead Auditor training Training - Internal, External, Online and Distance Learning 1
P ASQ Certified Biomedical Auditor (CBA) Certification Preparation 2019 ASQ - American Society for Quality 3
M Medical Device Design Control Auditor Recommentations General Auditing Discussions 19
G Third party auditor mentions no grace period for calibration Calibration Frequency (Interval) 22
D Where (in US) can I get the VDA Auditor Edition book? VDA Standards - Germany's Automotive Standards 3
S AIAG CQI Auditor Qualification and 3rd Party Certification Requirements General Auditing Discussions 2
M IATF 16949 7.2.3 Internal Auditor Competency - Trainer's competency Internal Auditing 7
C Recommendations for UK-based ISO 13485 internal auditor training ISO 13485:2016 - Medical Device Quality Management Systems 1
Sidney Vianna AS9100 News July 2019 AAQG/RMC CB Auditor Workshop - Presentation Materials AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
D Scope of Facility - Our auditor asked us last week for our "Scope of the Facility" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
A ISO 9001 lead auditor as Full time career India Career and Occupation Discussions 2
J Manufacturing Process Auditor Requirements - IATF 16949 IATF 16949 - Automotive Quality Systems Standard 11
GreatNate ISO 9001:2015 Lead Auditor Course? (who to take with) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
A External Auditor issue with Internal Audits Internal Auditing 7
Q Internal Auditor competence for ISO 14001 ISO 14001:2015 Specific Discussions 11
S IATF 16949: Is "Certified" Internal Auditor mandatory? IATF 16949 - Automotive Quality Systems Standard 9
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6

Similar threads

Top Bottom