ISO/TS16949:2009 Introduction and Support Package:
Guidance on 'Outsourced Processes'
Website:http://www.ts16949-uh.com
In conjunction with the publication of the International Standards ISO/TS16949:2009 and
ISO 9004:2000, ISO/TC 176/SC 2 has published a number of guidance modules:
N524 – Guidance on ISO/TS16949:2009 clause 1.2 'Application'
N525 – Guidance on the Documentation requirements of ISO/TS16949:2009
N526 – Guidance on the Terminology used in ISO/TS16949:2009 and ISO 9004:2000 _1)
N544 – Guidance on the Concept and Use of the Process Approach for management
systems
N630 – Guidance on 'Outsourced Processes'
(1) This module was developed jointly with ISO/TC 176/SC1/WG2. ISO/TC 176/SC1 was responsible for the development of ISO/TS16949:2009:2000 Quality management systems - Fundamentals and vocabulary)
Together these are being made available as the ISO/TC 176/SC 2 'ISO/TS16949:2009 Introduction and Support Package.
Feedback from users of the standards will be used to determine whether additional modules should be developed, or if these published modules should be revised.
The modules, and further information on the year 2000 ISO/TS16949:2009 standards, may be downloaded from the following web sites:
www.iso.org
www.bsi.org.uk/iso-tc176-sc2
C Corrie
for BSI Secretariat
ISO/TC 176/SC 2
1) Introduction
The aim of this document is to provide guidance on the intent of ISO/TS16949:2009 clause 4.1, regarding the control of outsourced processes.
ISO/TS16949:2009 clause 4.1 states:
“Where an organization chooses to outsource any process that affects product conformity with requirements, the organization shall ensure control over such processes. Control of such outsourced processes shall be identified within the quality management system.”
2) Guidance
2.1) What is an “outsourced process”?
The Oxford English Dictionary defines the verb “outsource” as “to obtain….. by contract from a source outside the organization or area; to contract (work) out”
Within the context of ISO/TS16949:2009 an “outsourced process” is a process that the organization has identified as being needed for its quality management system, but one which it has chosen to be carried out by an external party.
Note: ISO/TS16949:2009:2000 clause 3.4.1 defines “process” as “set of interrelated or interacting activities which transforms inputs into outputs”.
An outsourced process can be performed by a supplier that is totally independent from the organization, or which is part of the same parent organization (e.g. a separate department or division that is not subject to the same quality management system). It may be provided within the physical premises or work environment of the organization, at an independent site, or in some other manner.
2.2) Intent of Clause 4.1
The intent of Clause 4.1 of ISO/TS16949:2009 is to emphasize that when an organization chooses to outsource (either permanently or temporarily) a process that affects product conformity with requirements (see ISO/TS16949:2009 clause 7.2.1), it can not simply ignore this process, nor exclude it from the quality management system.
The organization has to demonstrate that it exercises sufficient control to ensure that this process is performed according to the relevant requirements of ISO/TS16949:2009, and any other requirements of the organization’s quality management system. The nature of this control will depend, among other things, on the importance of the outsourced process, the risk involved, and the competence of the supplier to meet the process requirements.
Outsourced processes will interact with other processes from the organization's quality management system (these other processes may be carried out by the organization itself, or may themselves be outsourced processes). These interactions also need to be managed (see ISO/TS16949:2009 clause 4.1 (a) and (b)).
2.3 Control of outsourced processes
2.3.1) The acquisition of outsourced processes will normally be subject to the requirements of both ISO/TS16949:2009 clause 7.4 (Purchasing) and clause 4.1 (General Requirements)
NOTE: In some situations, the organization might not “purchase” the outsourced process in the traditional sense. As mentioned in 2.1 it might, for example, receive the service from a corporate head office or from another division within a group of organizations, without any monetary transaction taking place. Under these circumstances, however, ISO/TS16949:2009 Clauses 7.4 and 4.1 are still applicable.
2.3.2) There are two situations that frequently need to be considered when deciding the appropriate level of control of an outsourced process:
a) When an organization has the competence and ability to carry out a process, but chooses to outsource that process (for commercial or other reasons).
In this situation the process control criteria should already have been defined, and can be transposed into requirements for the supplier of the outsourced process, if necessary.
b) When the organization does not have the competence to carry out the process itself, and chooses to outsource it.
In this situation the organization has to ensure that the controls proposed by the supplier of the outsourced process are adequate. In some cases it may be necessary to involve external specialists in making this evaluation.
2.3.3) It may be convenient, or even necessary, to define some or all of the methods to be used for control of the outsourced processes in a contract between the organization and the supplier. Care should be taken, however, not to inhibit the supplier from proposing innovations to the outsourced process.
2.3.4) In some situations it might not be possible to verify the output from the outsourced process by subsequent monitoring or measurement. In these cases, the organization needs to ensure that the control over the outsourced process includes process validation in accordance with ISO/TS16949:2009 clause 7.5.2.
