ISO 9001:2015's Clause 8.4.2, titled "Type and Extent of Control," is part of the standard's section on Operation, specifically focusing on the control of externally provided processes, products, and services. This clause requires organizations to ensure that any external provision—whether it's the procurement of products, outsourcing of processes, or services from external providers—meets the organization's quality requirements as well as the requirements of the quality management system (QMS). Here's a closer look at the focus on control within this clause:
Key Aspects of Clause 8.4.2 - Type and Extent of Control
-
Determining the Type of Control: The organization must determine the type of control to be applied to external providers and externally provided processes, products, and services. This involves assessing the impact of these external provisions on the organization's ability to consistently meet customer and regulatory requirements.
-
Extent of Control: The organization must also determine the extent of control needed over the external provision. This decision is based on factors such as the potential impact on product or service conformity, the complexity of the processes, and the risk to the organization's quality management system.
-
Criteria for Evaluation, Selection, Monitoring, and Re-evaluation: The organization must establish and apply criteria for the evaluation, selection, monitoring, and re-evaluation of external providers. This ensures that external providers are capable of providing processes, products, and services in accordance with the organization's requirements.
-
Documented Information: There must be documented information of these activities and any necessary actions arising from the evaluations. This documentation serves as evidence that the organization has effectively determined and is applying the appropriate level of control over external provisions.
-
Flow Down to External Providers: The organization must ensure that applicable requirements are communicated to external providers. This includes quality management system requirements, product specifications, and any other necessary criteria that the external provider needs to meet.
-
Verification Activities: The organization must decide on and implement the necessary verification or other activities to ensure that the externally provided processes, products, and services meet specified requirements. This could involve receiving inspections, audits of external providers, or other forms of verification to ensure compliance.
Focus on Control
The focus on control within Clause 8.4.2 emphasizes the organization's responsibility to manage risks and ensure quality throughout its supply chain. By determining the type and extent of control over external providers, the organization can mitigate risks associated with external provisions, ensuring that outputs remain within quality specifications and customer requirements are consistently met. This approach is integral to maintaining the integrity of the QMS and ensuring continual improvement in quality management practices.