Featured Product
This Week in Quality Digest Live
Lean Features
Laurie Flynn
Researchers find ways to lower US healthcare administration costs by analyzing other countries’ approaches
Bruce Hamilton
Will lean thinking inform the designers of AI?
Gene Kaschak
Lean supply is not just about the size of inventory
Eight unique best-practice sessions featuring 11 process improvement and thought leaders

More Features

Lean News
From excess inventory and nonvalue work to $2 million in cost savings
Tactics aim to improve job quality and retain a high-performing workforce
Sept. 28–29, 2022, at the MassMutual Center in Springfield, MA
Enables system-level modeling with 2D and 3D visualization, reducing engineering effort, risk, and cost
It is a smart way to eliminate waste and maximize value
Simplified process focuses on the fundamentals every new ERP user needs
DigiLEAN software helps companies digitize their lean journey
Partnership embeds quality assurance at every stage of the product life cycle, enables agile product introduction
First trial module of learning tool focuses on ISO 9001 and is available now

More News

Tom Taormina


The Perils of Outsourcing: A Case Study

With ISO 9001’s clause 8.4, responsibility can’t be abdicated

Published: Monday, April 1, 2019 - 12:03

Outsourcing is historically one of the most misunderstood concepts in quality management system (QMS) implementation and operation. Prior to ISO 9001:2015, the requirement for outsourced processes was limited to a few sentences in the standard’s clause 4.1. This article will present, through a case study, how understanding the implications that outsourcing, according to ISO 9001, is of key importance for a company.

Some history

ISO 9001:2008 clause 4.1 was so vague that a guidance document was needed. It was the subject of so many interpretations that Technical Committee (TC) 176 of the International Organization for Standardization (ISO) published guidance document ISO TC/176 SC 2/N 630R2—“Guidance on outsourced processes.”

The most impactful guidance from that publication was the definition that an outsourced process is one that the organization may conduct internally but has chosen to subcontract the work to an outside organization. It also states that the company must exhibit the same level of control over outsourced processes as it would over processes within its own QMS.

Fortunately, ISO 9001:2015 has relocated this requirement to “clause 8.4—“Control of externally provided processes, products and services,” where it more logically belongs in the standard. Unfortunately, it again stops short of clarifying a key element that an outsourced process must be controlled to the same degree that the process is controlled within the organization.

Two companies: BIG and Naïve

The following case study will dramatize the importance of control of outsourced products and provide a practical basis for understanding its application and consequences.

A large international company developed a philosophy of outsourcing some of its manufacturing to smaller machine shops. Its noble plan was to help local businesses grow their capabilities and expand their client base. We will call this company BIG.

BIG identified a company that had machining capability for an entirely different market segment. We will call it Naïve.

The purchasing agent from BIG was eager to meet his target for qualifying new machine parts providers when he approached Naïve. During his initial interview, BIG’s agent was impressed by the craftsmanship he saw and the quality of work Naïve produced with modest machining equipment.

The plan for failure

BIG’s agent enticed Naïve with an initial order for a large quantity of machined parts. He implied that the company would need to purchase a larger CNC work center to handle the quantities and delivery needs. He also stated that Naïve would have to become certified to ISO 9001:2008 and undergo an audit by BIG’s quality department. BIG’s agent offered Naïve a quality manual template and recommended that the company’s principals just copy the content and change the context to their organization.

Having no quality management experience, the principals at Naïve created a quality manual and attempted to implement the process controls required by the standard. When the BIG quality representative performed an initial audit, she created a list of major and minor nonconformities and gave Naïve tentative approval for the first production run.

Naïve was overwhelmed with the audit report and sought out a quality consultant, who informed the company that it was nowhere near compliant with the standard. The QMS consultant rewrote Naïve’s quality manual and trained the principals on the resources they would need. Naïve purchased a CNC work center and produced hundreds of parts. However, Naïve still didn’t internalize the requirements of the standard.

Reality sets in

The incoming inspector at BIG, who was following its documented procedures, rejected all the parts. Naïve had not tested the raw material BIG had provided, and it was not to specification. BIG had a set of special gauges to inspect the parts that weren’t provided to Naïve. The entire lot was determined to be scrap.

BIG refused to pay Naïve for the order. The situation rapidly deteriorated, and lawyers were retained. An expert report was written on behalf of Naïve. The requirements of ISO 9001:2008, clause 4.1, were cited along with an expert opinion that BIG did not follow its own supplier approval requirements. BIG was found to have circumvented its own documented procedures within its ISO 9001:2008 QMS regarding outsourcing.

The lesson from this case for outsourcing is that an organization must virtually duplicate its QMS requirements, operational procedures, inspection and testing procedures, and go/no go criteria at the supplier’s facility. It must ensure that the subcontractor has the same competencies as those who perform those processes in-house.

The other critical lesson is that BIG’s QMS was grossly out of control by allowing a purchasing agent to circumvent its own supplier approval procedures, a major nonconformity.

Call to action

Clause 8.4 in ISO 9001:2015 is critical to the success of your QMS and your company. As you implement and audit the requirements, pay particular attention to how you structure the approval and monitoring of the various types of suppliers that you use. When buying off-the-shelf parts, the responsibility is on your organization to ensure that they are fit for use and that the suppliers continually deliver conforming commodities. When outsourcing services, your supplier must mirror the process controls that you have in-house. Your company has the obligation to ensure that operators within outsourced manufacturers are competent, and that their processes are continually producing acceptable products or services.

If your organization does contract services for other companies, it is your obligation to ensure that your QMS meets all the requirements of the organization you are providing services to. As you fulfill the requirements of ISO 9001:2015’s clause 8.2—“Requirements for products and services,” it is your duty to ensure that all controls are in place before accepting an order for contract services.

Bottom line, however, if there is controversy over the product or service, the company that outsources services cannot abdicate its responsibility for conformance to a subcontractor.


About The Author

Tom Taormina’s picture

Tom Taormina

Tom Taormina is a subject matter expert in the ISO 9000 series of standards, having written 10 books on the beneficial use of the standards. He has worked with more than 700 companies and was one of the first quality control engineers at NASA’s Mission Control Center during the Gemini and Apollo projects. He also is an expert witness in product liability and organizational negligence.