The Quality Hub Podcast
Listen Below. Learn More.
ISO 9001 Clause 8.4 - Purchasing - Part 2
Episode 22 – ISO 9001 Clause 8.4 – Purchasing – Part 2
ISO 9001 Clause 8.4 – Purchasing – Part 2
In the second part of “Purchasing” on the Quality Hub podcast, Xavier Francis, along with Murphy Shaw and Matthew Pilley from Core Business Solutions, delve into Clause 8.4.2 of the ISO 9001 standard, focusing on supplier controls. Murphy explains the importance of controlling supplier quality to prevent negative impacts on the organization and its customers. Matthew describes Core’s approach, which includes drafting a supplier management process within the quality manual and defining purchasing as a key process.
Hello everyone and thanks for listening to the Quality Hub and chatting with ISO Experts. I’m your host Xavier Francis and today I’m here again with Murphy Shah and Matthew Pilley, both consultants here at Core Business Solutions. Glad you could join us again guys.
Hey Axe, I’m glad to be back. Awesome. Good morning.
Good morning. Good to see you again. Always a pleasure to have you guys here.
So this week is the second part of our three-part series on Purchasing and Clause 8.4 of ISO 9001 Standard. If you haven’t listened to the first part, we recommend you do so before continuing here. Well gentlemen, let’s get started.
Today we’re going to look at Clause 8.4.2 and I’m going to read the first section. It states, “The organization shall ensure that externally provided processes, products, and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers.”
So we’re going to start with Murphy this time.
What does that mean?
So that statement is pretty important. It’s about how we control our suppliers to ensure that they are providing us with good-quality parts and services. Because when their quality declines, that in turn would affect our ability to provide our customers with good quality products or services.
Okay, so it sort of shows that flow down. Yeah, it’s the domino effect. If our supplier falls, then we fall.
And then our customer falls. Right. So that’s what the standard is trying to say here.
If we put controls in place to ensure our supplier is okay, then we’ll be okay. And ultimately our customer will be okay.
All right, that’s pretty clear. Certainly is a proactive approach too and not just reactive. Putting things in place to manage your suppliers.
Makes sense. Now Matthew, how do we at CORE approach that?
The first thing we do is outline a supplier management process in your quality manual. So we help companies build a quality manual. Typically they don’t have one.
We have a template for that and that’s what we use to build out the company’s highest-level quality document, which is the quality manual. As with all clauses and requirements in the standard, we help the organization’s draft process for the qualification and evaluation of suppliers that align with those requirements. And we also typically define purchasing as what we consider to be a key process.
In case anybody isn’t familiar with key processes, the standard defines a key process as a critical activity or series of activities within an organization that is essential for achieving the intended outcomes. If we’re talking about suppliers that are supplying you with what you need to do your job and what your business needs to do, that’s pretty darn key.
Absolutely. And we want to achieve an outcome of conforming products. As a key process, one of the deliverables for our certification projects is to develop what we call a process plan document.
That process plan defines people within the business who serve as the process owner and the other key players who have a role in managing or administering the purchasing process. It documents the records and other procedures that are associated with the process and the organizational approach to how they carry out their purchasing process by way of activities or steps. Almost as if you’re defining a work instruction or a procedure.
The process of how you’re going to go about procuring product services.
Right. At a very high level. Within that process, a business can define how it intends to apply control to purchase products.
Whether that’s receipt of documentation such as certificates of conformance or associated test data. Any incoming inspections that might need to be performed based on the received products. And then finally, within our platform, we provide the tools necessary to document the qualification and evaluation of suppliers regularly for the evaluations.
Right. So just setting up that process, that key process of how to go about doing purchasing. Right.
And making sure it’s aligned with the values that you have as a company. Making sure it’s aligned with what you want from a supplier. So you need to determine all of that and then put a process in place.
Absolutely. Okay. Very good.
Now Murphy, what are some best practices for establishing effective supplier controls to ensure quality and compliance?
Well, the first control that I think of when it comes to suppliers is contracts and purchase orders. Okay. You know, this would help clearly define what is expected from the supplier and what they have to meet expectation-wise.
Okay. And that’ll ultimately tell the supplier what they have to do. Makes sense.
Another best practice that we help our clients with is to implement a good incoming inspection process. To make sure you receive the right stuff and it conforms to specifications.
Perhaps implement a written procedure that outlines those types of controls.
All right. And you know, on top of that, you could also implement a program to evaluate the supplier performance. To ensure they stay compliant with their requirements.
Not only evaluate their performance but also maybe visit them and audit them. To make sure the controls that you put on them are still being met and they’re satisfactory.
Okay. That’s interesting. I mean, that makes sense though.
If you’re making something that’s super important you need to make sure the tolerances are there. And certain things are used a certain way. Maybe from a manufacturing point, you want to make sure the tool is oiled properly.
So that something doesn’t hit a certain temperature. You know, when it’s being cut or something like that and you’re checking it out. That makes a lot of sense.
Now, Matthew, and Murphy mentioned contracts and POs. Are there any other ways that an organization can communicate its quality requirements and expectations to suppliers?
I mean, I would say that it starts at the very beginning of the process. When you first identify a supplier and decide that there’s somebody that you want to work with. Laying out your expectations for a supplier in terms of what’s necessary to keep the wheels turning at your business.
Clear and consistent communication about what you need from your suppliers. And a clear understanding of their capabilities. Do they have the ability to provide or do what it is you’re asking them to?
The capacity to provide products and services on time. With good quality at a high level. So communicating purchase order requirements.
And providing product requirements documentation that they’re expected to meet. Maybe that’s formal specifications. Maybe it means providing CAD drawings or blueprints.
You know, clearly defined terms and conditions as well. So that there’s no question. There’s no question about what you’re asking of them.
And they understand exactly what they need to do to meet what you’re asking for. Make sure that you’re providing enough information to set them up for success. Which ultimately sets you up for success.
So beyond that, if you want to go a step further, you can define and document formal quality agreements. That outlines specific requirements and expectations for products. And you can build out separate purchasing specifications for products that are mutually agreed upon.
Okay. So it comes down to clear communication and expectations. Yeah.
And it was interesting, you mentioned, you know, we talk about quality, quality, quality.
But you said capacity. So just because somebody can make something doesn’t mean they can get the amount you need in the time you need.
Right. So looking at that and clearly. And I know that’s just on-time delivery.
And when it comes down to the nuts and bolts of it. But make sure they can before you get into it. Maybe doing a site visit.
As Murphy was mentioning.
Yeah, absolutely. I mean, just to kind of touch on the capacity thing again. If, you know, they might be able to provide you with something that’s fantastic quality.
But if they can’t provide it, you know, over and over again. At a volume that you need to meet your requirements. Then obviously that’s an issue, right?
Yep. Yep. So again, communication even at a granular level at times and when needed.
Good stuff. Good stuff. So Murphy, let’s say we’ve done all this.
And things seem to be going well. What methods can companies use to monitor supplier performance and conduct audits to ensure ongoing compliance?
Well, you know, once we qualify them, as we previously discussed. And start using them as an active supplier. We certainly want to keep an eye on them to ensure their quality and delivery aren’t declining over time.
Absolutely. So again, you know, CORE has an easy way to help our clients document that using our supplier evaluation form. But items you typically want to keep an eye on are quality, delivery, and availability.
That kind of ties back into the capacity. Yeah. The thing that Matthew was talking about.
Even pricing. Yeah. You know, this way if they start to decline, we can quickly react and talk with the supplier.
You know, figure out what’s going on. Or if it’s significantly bad, ultimately going and replacing that supplier.
Yep. That’s true. Again, I think that talking to the supplier would make most parties aware of the issues and try to resolve them.
It’s probably better than, you know, in most cases. And maybe it’s something that they’re tolling up to be able to hit capacity better. So, you know, again, communicating that to them.
Hey, you guys are a little slower. And then you’re ready to, instead of just jump and ship. And you’re going to find out we’re this close to getting where we’re going to double our capacity.
And you guys will have it even quicker. And you’re like, okay, all right, we’ll work with you. Or they just don’t get back to you.
They don’t communicate with you. And you’re like, okay, maybe I need to look elsewhere.
Right, right. And that’s the worst-case scenario. And to your point, you know, before we get to that worst-case scenario, you know, it’s all about communication, like you said.
So, you know, the other way we can approach this is with audits. Okay. Makes me think of two types of audits.
Okay, what would those two types be? You know, one being a supplier audit. You can implement a process for auditing your supplier, although it’s not a requirement.
But it’s probably a good thing to do. You know, go on-site to your supplier and make sure that they’re up to your standards. Or perhaps send them a questionnaire to fill out.
You know, commonly referred to as a desk audit or a paper audit. And they can return that to you and you can review what their answers were. But then, and then again, the other type of audit that you can do, and this one is a requirement, is to conduct internal audits for your own company regarding supplier controls.
You know, making sure that the purchasing and receiving processes comply as well.
On your end. Yep, yep. So really, and that’s what internal audits do, they look at your processes.
So, like what Matthew was saying, you set up all this process, you get an order. Well, if we find some issues, maybe it’s actually on our end and we’re not doing the process with which we said we were going to do. Or maybe it needs to be changed.
Very good things to know. Now, Matthew, what steps should be taken when a supplier delivers non-conforming products or services? So, good question.
My brain automatically goes to the product side of things just because of my background. So, you know, first and foremost, you want to ensure that non-conforming products don’t get used. Right.
That it doesn’t get mixed in with good product. Right. So this might mean not accepting or refusing shipment and incoming.
It might mean properly labeling and segregating products. We often refer to it as quarantining material or product. Until such time you can get a resolution from the supplier.
Right.
You certainly don’t want something going into the production line if it’s not usable. Let’s say from a tech company, let’s say a software. And the minute that you install it, now it starts to conflict with other things.
Yeah.
Maybe having a test before it goes into all the computers that you’re going to install it on. Sure. Or roll it down to your customer.
Same kind of thing.
Yeah. So, after you have the product properly dispositioned, identified as non-conforming, and segregated, you notify the supplier of the non-conformance. And then you take appropriate action dependent upon the severity of the non-conformance.
And the risk that it poses to your business and the products that you’re making. Right. So this might be as simple as returning the suspect product or material to the supplier and obtaining credit.
Or it might require you to issue a, you know, what we call a SCAR. Right. A Supplier Corrective Action Request.
In this case, the supplier would be asked to perform an investigation into the cause of the non-conformance and identify a corrective action to prevent reoccurrence in the future. And this would all be formally documented and captured within your supplier management process. Okay.
Perhaps another option is you use those, parts in two different pieces that you send out. And one, the tolerances are a little bit lower. And that’ll meet.
Maybe you roll it over to that, get a little bit of credit, or something like that. And again, our core compliance platform does have the SCAR form that you can use. And other tools when needed to document all of these supplier management processes.
Well, gentlemen, this has been a great talk today. Again, we looked at part two. We have one more next week coming up.
And I want to thank you for being here today.
Thanks, Xavier. Another great podcast.
Thanks for your time, guys. Appreciate it. Always a pleasure to have you.
And I want to thank everyone who’s listened to our podcast today. We hope it’s been informative for you. Now, if you’re looking for more information about Core Business Solutions and how we can help you with ISO certification, cybersecurity, customized training, or even with your purchasing process, please email us at info@thecoresolution.com.
You can also visit our website at www.thecoresolution.com. And if you haven’t already followed us on your favorite podcast platform, please be sure to do so. That way you won’t miss the next Quality Hub podcast when it’s released next week.
Have a great day.