ISO 9001 Consulting, Training
        and Auditing Services



ISO 9001 Outsourced Processes

What is the ISO 9001:2000 requirement for outsourced processes?

This article provides guidance on the intent of ISO 9001:2008 clause 4.1 on the control of outsourced processes. ISO 9001:2008 clause 4.1 states:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

NOTE 2: An “outsourced process” is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party.

NOTE 3: Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer’, statutory and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as:

a) the potential impact of the outsourced process on the organization's capability to provide product that conforms to requirements,

b) the degree to which the control for the process is shared,

c) the capability of achieving the necessary control through the application of 7.4.

What is the definition of an outsourced process?
An “outsourced process” is a process that the organization has identified as being needed for its operations and quality management system (QMS), but one which it has chosen to be carried out by an external party outside the managerial control of your facility and may not be subject to the same QMS as your organization.

An outsourced process may be performed by a supplier that is totally independent from the organization, or which is owned by the same parent organization (e.g., a separate department or division not subject to the same QMS). It may be provided on-site within the physical premises or work environment of the organization or off-site at an independent site.

Examples of such processes include: - strategic planning done at head office; purchasing or design done at head office or another location; heat treating; painting; welding, calibration; testing; sort; human resources; information technology; etc., peformed by an outside organization. A manufacturing company may outsource welding, heat treatment or painting of product. A software company may outsource software development. A bank may outsource check clearing services.

How should outsourced processes be controlled?
The intent of Clause 4.1 is to emphasize that when an organization chooses to outsource (permanently or temporarily) a process that affects product conformity with requirements, it cannot simply ignore this process or exclude it from the QMS. The organization has to demonstrate it exercises sufficient control to ensure the process is performed according to the relevant ISO 9001:2000 requirements, as well as, the requirements of the organizations QMS.

The nature of control will depend on the importance of the outsourced process, the risk involved, and the competence of the supplier. Also, the outsourced process will interact with other processes (either carried out by the organization or outsourced). These interactions must be managed as required by ISO 9001:2000 clauses 4.1.a and 4.1.b.

The outsourcing of a needed process will normally be subject to the requirements of both ISO 9001:2008 clause 7.4 (Purchasing) and clause 4.1 (General Requirements). In some situations, the organization might not actually “purchase” the outsourced process. It might receive the service from head office or from another division, without a monetary transaction taking place. Regardless of these circumstances, ISO 9001:2008 Clauses 7.4 and 4.1 are still applicable.

An organization will typically face two situations that frequently must be considered when deciding the appropriate level of control of an outsourced process:

1. Where an organization has the competence and ability to carry out a process, but chooses to outsource that process (for commercial or other reasons), the process control criteria should already have been defined and can be transposed into requirements for the supplier to comply with, if
necessary. Evidence of compliance to such defined requirements should be obtained from the organization providing the outsourced activity.

2. Where the organization does not have the competence to carry out the process itself, and chooses to outsource it, the organization has to ensure the controls proposed by the supplier of the outsourced process are clearly defined and are adequate. In some cases, it may be necessary to involve external specialists in making this evaluation.
Evidence of compliance to such defined requirements should be obtained from the organization providing the outsourced activity.

It may be convenient, or even necessary, to define some or all of the methods to be used for control of the outsourced processes in a contract between the organization and the supplier. Care should be taken, however, not to inhibit the supplier from proposing innovations to the outsourced process.

In some situations, it might not be possible to verify the output from the outsourced process by subsequent monitoring or measurement. In these cases, the organization needs to ensure that the control over the outsourced process includes process validation in accordance with ISO 9001:2000 clause 7.5.2.

Important tips

1.Make sure you include all outsourced processes affecting product quality, in the scope of your QMS. You must be able to identify, define and demonstrate evidence of sufficient controls over outsourced processes to ensure that such processes are performed according to the relevant requirements of ISO 9001:2008. The nature and scope of such control will depend on the nature of the outsourced or subcontracted process and the risk involved.

2.Outsourced processesmay be controlled in any number of ways, e.g., providing the outsourcer with product specifications; your supplier quality manual that they must meet; asking for inspection and test results or certificates of compliance; validation of outsourced process; conducting product and QMS audits of your outsourcer; providing drawings, checklists and forms, etc. The expectation here is that
 you flow down to your supplier, the relevant ISO 9001requirements that you would have to implement had the process been performed in your own facility under your QMS control.


ISO 9001 Home
◦  ISO 9001:2015 FAQ
◦  Purpose of the Standard
◦  Scope of the Standard
◦  Normative References, Terms and Definitions
◦  Context of the organization
◦  Understanding the needs of interested parties
◦  Determining the Scope of your QMS
◦  QMS and its processes
◦  Leadership and Commitment
◦  Customer Focus
◦  Quality Policy
◦  Organizational roles, responsibilities and authorities
◦  Risk Based Thinking
◦  Quality Objectives
◦  Planning For Changes
◦  Resources - General
◦  clause 7.1.2 -People
◦  clause 7.1.3 Infrastructure
◦  Environment for the operation of processes
◦  Measuring and Monitoring Resources
◦  Organizational Knowledge
◦  Competence
◦  Awareness
◦  Communication
◦  Documented Information
◦  Operational Planning and Control
◦  Customer Communication
◦  Determining requirements related to products and services
◦  Design and Development Planning
◦  Customer Communication
◦  Review of requirements related to products and services
◦  Design & Development Inputs
◦  True False Questions
◦  Sample Test Questions
ISO 9001 Consulting
◦  How To Select An ISO 9001 Consultant
◦  Compelling Reasons To Use An ISO 9001 Consultant
◦  What Services Can An ISO 9001 Consultant Provide?
◦  How To Select a Certification Body (Registrar)
◦  What Is The Process Approach?
◦  Useful Resources To Help You Implement ISO 9001
◦  What Are Outsourced Processes?
◦  What Are Quality Objectives?
◦  What Is Continual Improvement?
◦  What Is Customer Satisfaction?
ISO 9001 Implementation Guide
◦  Free Resources To Help You Implement ISO 9001
◦  Quality Policy
◦  Quality System Documentation
ISO 9001 Certification

Understanding ISO 9001:2008