AS9100 Clause 8.4 – Control of Externally Provided Processes, Products, and Services

ISO 9001:2015 clause 8.4 Control of externally provided processes, products, and services requires organizations to ensure that externally provided processes, products, and services conform to requirements. This clause applies to all processes, products, and services that are provided by external providers, whether they are intended for incorporation into the organization’s own products and services, provided directly to customers by the external provider on behalf of the organization, or a process, or part of a process, that is provided by an external provider as a result of a decision by the organization.

The organization must:

• Identify and assess the risks associated with externally provided processes, products, and services. This includes considering the potential impact of the risks on the organization’s ability to meet its requirements.
• Select external providers based on their ability to meet the organization’s requirements. This includes considering the external provider’s competence, capability, and experience.
• Define and agree the requirements for externally provided processes, products, and services. This includes the technical, operational, and quality requirements.
• Monitor and control the performance of external providers. This includes monitoring the delivery of products and services against requirements, and taking action to address any issues.
• Maintain records of externally provided processes, products, and services. This includes records of the selection, assessment, monitoring, and control of external providers.

By following these requirements, organizations can ensure that externally provided processes, products, and services meet their requirements and contribute to the overall quality of the organization’s products and services.

Here are some additional tips for controlling externally provided processes, products, and services:

• Involve the relevant stakeholders in the selection and assessment of external providers. This will help to ensure that the organization’s requirements are fully considered.
• Use a formal contract to document the requirements for externally provided processes, products, and services. This will help to avoid misunderstandings and ensure that both parties are clear on their obligations.
• Establish a process for monitoring and controlling the performance of external providers. This will help to identify any issues early on and take corrective action before they impact the organization’s products and services.
• Maintain records of all relevant information about externally provided processes, products, and services. This will help to demonstrate compliance with ISO 9001:2015 and provide evidence of the organization’s ability to control externally provided processes, products, and services.