- An external provider is an interested party in the organization, though independent from the organization’s QMS.
- You must communicate with the external supplier to ensure the level of quality of your product.
- You are expected to document this operation of processes as per clause 4.4.2 and a quality plan may be a good place to document this definition.
There are various reasons your company would use the services of suppliers - either it lacks the resources to do the work itself or decided that it would be better to allow an external provider to produce the products or provide it with services. Many companies opt for this kind of work as a business strategy.
In order for services or products to remain at the expected level of quality, the ISO 9001 standard sets the structure and control, but you must evaluate the critical suppliers against a fixed set of criteria. It also expects that any goods, activities, tasks, processes, or assignments with influence on the quality of the product and its conformity with requirements, although performed by an external provider, be under control in the in-house QMS.
You will have to monitor their performance against your requirements. Collaboration between you and a supplier should be mutually beneficial, and if possible long-term.
Type and extent of control
The biggest challenge is to carry out full control over actions that are not directly under the organization’s supervision. If you developing adequate control of delivered products or services, then it should reduce nonconformities and complaints from the end customer and will improve the quality of the final product.
The key challenge for you is to be able to make sure that your organization consistently provides conforming products and services by including the processes of external origin in the QMS.
Information for external providers
When it comes to information that you need to provide to external suppliers, ISO 9001 standard wants you to ensure that all the requirements regarding purchase are identified, including approval of the requirements and definition of controls. Also, you need to ensure that the supplier receives all the information it needs in order to verify its ability to deliver the products or services according to the requirements.
To ensure adequacy, quality, and clarity of specified requirements of purchased products, you need to communicate them correctly to the external provider. That means that all data you have given are understood by the supplier and sufficient and approved.
You are the one who has to plan, define, and communicate to the external provider which activities for approval or release of products or services must be conducted by them before delivery to you.