{"id":1288,"date":"2015-05-05T18:34:00","date_gmt":"2015-05-05T18:34:00","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/9001academy\/blog\/2015\/05\/05\/how-to-control-outsourced-processes-using-iso-9001\/"},"modified":"2024-11-21T18:25:51","modified_gmt":"2024-11-21T18:25:51","slug":"how-to-control-outsourced-processes-using-iso-9001","status":"publish","type":"post","link":"https:\/\/advisera.com\/9001academy\/blog\/2015\/05\/05\/how-to-control-outsourced-processes-using-iso-9001\/","title":{"rendered":"How to control outsourced processes using ISO 9001"},"content":{"rendered":"<p>It\u2019s common for global organizations, when acquiring new businesses, to make \u201ccuts,\u201d and many processes that are not core business processes are outsourced. On the other hand, SMEs (Small and Medium Enterprises) also outsource some processes for the simple reason that they do not have enough internal resources to manage all processes in an efficient and effective manner.<\/p>\n<p>So, outsourcing is all around us, sometimes even if we are not aware of it\u2026 but if we are not aware, how it is under our control? What about the satisfaction of our clients? What about legal compliance? What about my business plans? Do I feel \u201clucky\u201d?<\/p>\n<h2 style=\"padding-top: 10px;padding-bottom: 10px\">Outsourcing in ISO 9001:2008 and ISO DIS 9001:2015<\/h2>\n<p>Almost all organizations, regardless of their size or complexity, have some outsourced processes. With respect to ISO 9001:2008 clause 4.1, there were and still are many issues that arise on <a href=\"https:\/\/advisera.com\/9001academy\/documentation\/internal-audit-checklist\/\" target=\"_blank\" rel=\"noopener noreferrer\">audits<\/a>\u00a0between organizations, consultants, and auditors about what is or is not an outsourced process and what is a purchased service. ISO DIS 9001:2015 clause 8.4.1 requires that external providers must be controlled and their performance be evaluated. The term \u201cpurchasing\u201d is no longer used. There is almost no difference between <a href=\"https:\/\/advisera.com\/9001academy\/documentation\/request-order-purchasing\/\" target=\"_blank\" rel=\"noopener noreferrer\">purchasing<\/a>\u00a0of a service and outsourcing of a process. To be honest, there never was; however, outsourcing was often not very clear.<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h2 style=\"padding-top: 10px;padding-bottom: 10px\">What processes are usually outsourced, and how are they usually controlled?<\/h2>\n<p>Usually, outsourced processes include things like:<\/p>\n<ul>\n<li>accounting,<\/li>\n<li>maintenance,<\/li>\n<li>transport,<\/li>\n<li>IT support,<\/li>\n<li>storing,<\/li>\n<li>forwarding agency,<\/li>\n<li>bank,<\/li>\n<li>lawyer,<\/li>\n<li>consultant\/auditor,<\/li>\n<li>distribution,<\/li>\n<li>canteen\/catering,<\/li>\n<li>cleaning,<\/li>\n<li>etc.<\/li>\n<\/ul>\n<p>These are basic services that are purchased very frequently, or even on a daily basis. Many times during audits, the answer was that those \u201cexternal providers\u201d were under control by contract, through a supplier evaluation methodology, or through certificates\/licenses held. As for contracts, you see that in 90% of cases they are based on price. Common sense tells us that the same type of control is likely applied to purchasing of tangible products from time to time and for provision of ongoing service. Prices do not tell us anything about the behavior of the outsourced organization. Also, universal criteria and methodologies for suppler evaluation do not tell us much about the reliability of outsourced services. As for possession of certificates and required licenses, it is questionable how hard it really is to get them. If the cantina where our employees eat and our company\u2019s catering organization have all necessary systems certificates and legally requested licenses, does that mean that the risk of poisoning of all employees and related business impact is lower?<\/p>\n<h2 style=\"padding-top: 10px;padding-bottom: 10px\">How to control outsourced process\/external service providers<\/h2>\n<p>A process is not a product, so the focus should be on specific process parameters rather than on product characteristics. One of management principles on which ISO 9001:2008 is based is named \u201cMutually beneficial supplier relationship.\u201d In ISO DIS 9001:2015 that principle is named \u201cRelationship management.\u201d (Read the following article to find more details about management principles in ISO DIS 9001:2015: <a href=\"https:\/\/advisera.com\/9001academy\/blog\/2014\/02\/04\/seven-quality-management-principles-behind-iso9001-requirements\/\">Seven Quality Management Principles behind ISO 9001 requirements<\/a>.) Both of them had the same idea, which is that our business heavily depends on purchased or outsourced products\/services. Frequently, though, the \u201cpurchasing of service\u201d approach is \u201cas fast and cheap as possible.\u201d So, what is \u201cbeneficial\u201d for our service supplier? Nothing. He will leave us as soon as he finds a better solution, or a better business partner. In order to secure mutual sustainability between us and our outsourced service supplier, it is necessary to define mutually recognized and accepted tailor-made service level parameters, as well as monitoring methodology, reporting, and follow-up actions. How deep those parameters and monitoring methodology should go depends on the business risk associated with the service that we get from an outsourced organization, so they definitely must be customized according to the organization or the types of services we need.<\/p>\n<p>One of methodologies over outsourced processes is that the contract with the outsourced organization should refer to a mutually accepted and approved document (procedure\/work instruction\u2026 let\u2019s say documented information) which very clearly defines service level parameters, roles, responsibilities, and authorities for monitoring, reporting, and consequences.\u00a0 Both parties have the authorization to make further improvement to the documented information in order to improve cooperation, depending on both parties\u2019 identified business risks.<\/p>\n<p>Another type of <a href=\"https:\/\/advisera.com\/9001academy\/documentation\/appendix-1-checklist-evaluation-suppliers\/\" target=\"_blank\" rel=\"noopener noreferrer\">control<\/a>\u00a0of outsourced processes is by a second-party audit process. To learn more about second-party audits, read this article: <a href=\"https:\/\/advisera.com\/9001academy\/blog\/2015\/02\/24\/first-second-third-party-audits-differences\/\">First-, Second- &amp; Third-Party Audits, what are the differences?<\/a>.\u00a0In this case, the checklist used should be mutually defined, agreed, and approved. Auditors should be very competent in evaluating not only the level of compliance with requirements or agreed parameters\/performance, but also how sustainable the outsourced business is, as well as further identifying possible risks not only for your own company, but also for the outsourcing partner organization.<\/p>\n<p>Whatever type of the above control mechanisms are used, they are transparent for both sides, focused on business risk and opportunities for both sides, and secure satisfied customers at the end of the chain.<\/p>\n<p>Interested parties, including outsourced organizations, have a big influence on our performance. Our performance is based on our ability to secure and satisfy clients. This brings us to mutually accepted, controlled, and improved relationship management between us and our outsourced organizations.<\/p>\n<p><em>To implement ISO 9001 easily and efficiently, use our <\/em><a href=\"https:\/\/advisera.com\/9001academy\/iso-9001-premium-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener\">ISO 9001 Premium Documentation Toolkit<\/a><em> that provides step-by-step guidance and all documents for full ISO 9001 compliance.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s common for global organizations, when acquiring new businesses, to make \u201ccuts,\u201d and many processes that are not core business processes are outsourced. On the other hand, SMEs (Small and Medium Enterprises) also outsource some processes for the simple reason that they do not have enough internal resources to manage all processes in an efficient &#8230;<\/p>\n","protected":false},"author":36,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[135,136,137,138,139,140,141],"class_list":["post-1288","post","type-post","status-publish","format-standard","hentry","category-blog","tag-audit","tag-consulting","tag-iso-90012008","tag-iso-dis-90012015","tag-outsource","tag-relationship-management","tag-sla"],"acf":[],"_links":{"self":[{"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/posts\/1288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/users\/36"}],"replies":[{"embeddable":true,"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/comments?post=1288"}],"version-history":[{"count":0,"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/posts\/1288\/revisions"}],"wp:attachment":[{"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/media?parent=1288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/categories?post=1288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/advisera.com\/9001academy\/wp-json\/wp\/v2\/tags?post=1288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}