Purchasing 7.4, 4.1 (control of outsourced processes), & 8.4d

Revision: 4/16/2009 updated note 8 to clarify customer owned property procedure called for in ISO 9001:2008

Vendors (suppliers) already in existence as of May 2005 known to be in good standing (i.e., no significant quality, delivery, and/or pricing issues) have been "grandfathered" in. Evaluation criteria for these vendors may or may not be found in their records.


1. Purchasing needs are based upon:
- orders received requiring material not in stock,
- the need to re-stock material maintained as established min/max stock,
- vendors providing products or outsourced services (i.e., plating, painting, calibration, internal audits, etc.), and/or
- Equipment, tooling, and shop supply purchases.
Office supplies and other non-product related purchases may involve a purchase order or may simply be a check or credit card purchase. These types of purchases tend not to have the controls described here due to the fact they are not the product and we don't have to.
- Has the required material been purchased previously? If so, from which vendor?
- Has our customer requested we use a particular vendor for their product?
- Do we have a vendor who can likely provide the material we need?
"Acceptable" vendors we use for our materials and services are those actively maintained in our business system software as vendors in good standing (not deleted, removed from availability as a source for that part number, or discouraged from use).
3. Vendors providing products or services that can affect product quality are evaluated and selected using the following criteria, as applicable:
- price, availability, delivery,
- reputation (history we or someone we respect has with them or data they may provide to show they are in good standing [i.e., D & B, examples of quality and delivery reports from current customers, etc.),
- customer referred or required,
- available certifications and/or tests,
- sole or single source,
- a capability assessment (on-site or remote) based upon equipment available, samples provided of similar products or services, and/or a review of the vendor's quality system documentation (manual, procedures, etc.), and/or
- a quality system recognized as compliant or registered to a relevant standard (ISO, Industry, etc.) by a second or third party (customer, registrar, etc.).
Remember: if the process is being outsourced, we need to make sure the vendor of choice has controls in place to ensure we will be able to get product that meets all requirements (i.e., Plating, Painting, Powder-coating, Calibration, Silk-screening, Internal audits, etc.).  Much of this is based upon the certifications they supply and/or inspections or tests we perform on the product when it is submitted to us, but can be based upon our knowledge of the vendor's capability (history/reputation) and recognition of their performance as part of the evaluation process (current and future). Planning & Realization serves as a guideline for ensuring processes address all of the pertinent requirements and can be used to evaluate whether our vendors have the needed controls. The basis for selection may be noted as a comment in the vendor file in our business system software, but the evidence and record of the evaluation and the results of that evaluation is the vendor's existence in our business system software.

4. A Purchase Order (PO) is generated, ensuring the purchasing requirements are adequately defined, including as applicable:
- what was ordered (description), quantity, and price,
- quality-system requirements needing to be lived up to (including the need for a C of C, certified maintenance technicians, pertinent
controls/specifications for outsourced processes, etc.), and
- if a source inspection is to be performed, the vendor is made aware of the requirement and the terms for releasing the product (explicitly
described in the PO).
5. Evidence the PO has been reviewed and approved for adequacy (clearly describes the requirements) is accomplished when the PO is entered into and accepted by our business system software.
6. Problems encountered at Receiving are brought to management's attention. Management may choose to return the product to the vendor per the vendor's process or may choose to use it "as is" (see Nonconformance Control). In either case, the incident is noted on the Opportunities & Incidents Log as an issue for consideration as part of re-evaluation. If the issue is bad (a catastrophic event) or big (trends show a consistent problem over time), management follows our Improvement Systems procedure to facilitate improvement (corrective action). If management feels we should take action on actual or potentially bad or big issues (corrective/preventive action and/or continual improvement), they follow the same Improvement Systems procedure or someone with rights to setting up vendors in our business system software removes the vendor, blocks the vendor from being recognized as an acceptable source for that part number, or notes "do not use" or some other intuitively obvious statement letting us know not to use the vendor in the vendor section of our business system software. A comment that the vendor is only to be used as a last resort "discouraged from use" may also be used, especially if the vendor is the only one available (customer specified, sole source, etc.) and still has to be used. When this is the case, we still need to bring the issue to management's attention so they can look at alternatives when at all possible.
7. Late deliveries and/or vendor problems are noted on the Opportunities & Incidents Log. This data is summarized annually (or more frequently) and reviewed during management review (see Management Review Matrix) to identify areas for improved vendor performance, to make recommendations, and to communicate them to the vendor(s).
8. Receiving verifies that what was received is what was ordered (comparing the actual product to the packing slip and the packing slip to the purchase order), the item was not damaged, and is the correct thickness or gage (when applicable). Evidence of this receiving inspection is signed or initialed packing slip, noting the name or initials of the person authorizing release. The item is distributed and/or allocated to a job as needed (see the Production Process Overview). Once the invoice is received from the vendor, office personnel match the invoice with the PO to verify that what was ordered is what we received, checking it against the packing slip as well, for all areas except Assembly (they check their own). Parts where the appearance is to be perfect are routed to Quality for additional receiving inspection. Quality inspects the finish (all dimensions or features on one & critical dimensions or features on 10% up to 15 pieces total) and notes the results in their inspection log (record of inspection).

Note - Customer property can be received using these same procedures and tends to be a sheet of material that our customer provides for a small custom Punch Press operation. It is usually some sort of special material that Pi-Co does not purchase. The material tends to arrive with some form of identification (we can tell it belongs to them because it is marked or labeled).  When this is missing, we label or mark the item(s) to ensure everyone will know it is customer property.  If loss, damage, or unsuitability of customer property (whether it arrived that way or we did something to it) is encountered, we let management know so they can call the customer to report it.  The incident is recorded on the Opportunities & Incidents Log. Generally, Pi-Co returns the left over property (if applicable) with the shipment of parts. But if we have material left over and they would like for us to store it for a period of time (pending management’s approval) we will store it in the Quality area.

9. Vendors are re-evaluated using the information collected in the Opportunities & Incidents Log. Action will be taken for vendors with significant incidents related to quality, delivery, and/or pricing. When such an occasion arises, Management will choose the course of action. These actions tend to include the issuance of a corrective action or removal as an approved vendor (see note 6). While these courses of action are typical, we may have instances where a problem is acknowledged with no action taken. This tends to be the case when a vendor is a sole source or customer specified, but may involve other types as well.


Type and extent of control (7.4.1) - “The type and extent of control applied to the vendor and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product.” This refers to the impact a problem with something purchased (material, product, service, etc.) would have on the product or service it is used for or with (constituent parts). The greater the impact of failure to control the vendor or the thing being purchased, the more control you need. “Type” is what you will do to ensure success (evaluate and select good vendors, perform an assessment on samples of the material before introducing it into your product, inspect/test material upon arrival, etc.). “Extent” tends to be criteria, or a reflection of frequency or degree of control (i.e., obtain and review the vendor’s reports from their registrar, audit the vendor, report on vendor performance, clearly describing the purchase in a PO, etc.). “Extent” also includes any actions taken as a result of evaluation or re-evaluation, such as adding vendors to our system to reflect approval, deleting or flagging poor performers, etc.


The little numbers shown throughout this document are clause numbers from ISO 9001:2008 being fulfilled by the activities related to the step or note referencing the clause. An example of this is the "Evaluate and select vendor" box with "7.4.1" referenced. This means the notes or documents referenced, address the requirements of 7.4.1 of ISO 9001:2008.