Outsourced processes

What requirements does ISO 9001 place on outsourced processes and externally provided products?

The trend towards more and more processes being outsourced continues. This is particularly evident in the automobile industry, with automobile manufacturers having reduced their share of added value from almost 50 to less than 20 percent over the past 30 years. While the reason for outsourcing processes in the 90s was still a reduction in costs, today it is more an innovation and growth orientation. Well-functioning and well-coordinated outsourcing gives companies the opportunity to concentrate on their core competencies.

At the same time, this creates freedom for employees that encourages creative thinking. Even if the outsourcing of processes only seems to have advantages at first glance, there is also a downside that should not be neglected. The organization and coordination of external providers is associated with an effort that is often underestimated. In addition, the complexity of the overall processes continues to grow, which in some cases has serious consequences. The current version of ISO 9001 takes this problem into account and places increased demands on the management of externally provided products and services.


What are the advantages of outsourced processes?

When asked whether they should do something themselves or rather commission an external supplier, numerous companies opt for outsourcing. Externally commissioned companies often take on parts of the production, the construction of new products, the marketing or the maintenance of machines. The reason for this is that companies often focus on their core competencies and external service providers carry out the tasks more efficiently, more cheaply and with higher quality.

On the other hand, when products and processes are made available externally, there is a risk that the company’s own capabilities will be lost. An increased need for coordination also makes it more difficult to react flexibly to fluctuations in demand. The greatest risk potential, however, harbors an impending dependence on external service providers and a possible loss of control over the outsourced processes. In order to counteract these risks and avoid negative effects, the current version of ISO 9001 places increased requirements on the management of externally provided products and services.


Which requirements for the control of externally provided products need to be observed?

The requirements for the control of external products and services can be found in subsection 8.4 of ISO 9001. The quality management standard does not speak of the supplier evaluation, but of the “assessment, selection, performance monitoring and reassessment of external providers”. Companies must determine and apply criteria with which they can check the ability of external providers to provide products and services in accordance with the requirements. The ISO 9001 thus leaves enough room for interpretation so that the effort for companies remains justifiable. Documented information about the supplier evaluation and monitoring must be kept.


Dealing with Third Party Property

If your supplier provides you with internal documents, you must meet additional ISO 9001 requirements. These can be found in subsection 8.5.3 “Property of the customer or the external provider. On the one hand, the organization must carefully handle, label, protect, verify and secure the property of external providers. If the property of external providers is lost or damaged, they must be informed about this and documented information about what has happened must be retained.


Risk-based thinking for externally provided processes and products

The requirements for risk-based thinking from Section 6 “Planning” and 6.1 “Measures for dealing with risks and opportunities” are also relevant for supplier management. ISO 9001 tells us that the control measures – depending on the products, services or processes procured – can differ considerably. Here, too, the QM standard leaves enough room for maneuver for appropriate behavior and at the same time ensures that critical procurement processes are handled appropriately. The risk potential can be assessed, for example, by grouping the external providers in a risk matrix:

Venture supplier …

… high purchasing risk (quality), high profit influence

Potential supplier …

… low purchasing risk (quality), high profit influence

Bottleneck supplier …

… high purchasing risk (quality), low profit influence

Standard supplier …

… low purchasing risk (quality), low profit influence

Depending on the grouping of suppliers, the intensity of the control of external providers is also different – while a distinct control is necessary for venture suppliers, the effort is lower for standard suppliers.


ISO 9001 represents procurement practice

Unlike the previous version, the current version of ISO 9001 takes into account the various procurement practices and legal differences. We would like to explain the various procurement constellations that are possible in practice, as well as the basic forms of contract, to you below:


Purchase contract

At the contractually agreed time, the supplier delivers the subject matter of the contract to the customer. The subject of the contract is free of defects that reduce or eliminate the usability and the value of the subject.


Contract for work and services

The supplier undertakes to produce a work within the agreed time in such a way that it has the warranted properties and is free of defects. Contract for work and services in contrast to the pure contract for work and services, the supplier not only produces the work in a work and services contract, but also uses its own materials for the manufacture or production.


Service contract

The supplier undertakes personally to provide services for a specific period of time, but does not owe the contractual partner any specific success.


Temporary Employment Contract

A supplier is in its capacity as employer a busy at his employees temporarily to another entrepreneur available without solving the employment relationship.


What quality does information have to have for external providers?

In its current version, the QM standard ISO 9001 places requirements on the quality of information that the external providers receive. This is to ensure that external service providers are provided with sufficient and correct information. For example, ISO 9001 requires that procurement agreements such as B. Orders (if applicable) must include the following:

  • Exact description of what is to be provided
  • Requirements for permits and releases
  • Requirements for the qualification and competence of persons
  • Measures of cooperation between suppliers and customers
  • Agreements on the performance monitoring of the service provider
  • Validation or verification activities that the customer would like to carry out at the supplier