8.4外部提供的过程、产品和服务的控制

8.4.3、提供给外部供方的信息

组织应确保在与外部供方沟通之前所确定的要求是充分的。

组织应与外部供方沟通以下要求：

a. 拟提供的过程、产品和服务，包含相关技术数据的标识（例如：规范、图纸、过程要求、作业指导书）；

b. 对下列内容的批准：

1. 产品和服务；

2. 方法、过程和设备；

3. 产品和服务的放行；

c. 能力，包括所要求的人员资格；

d. 外部供方与组织的互动；

e. 被组织所用的外部供方绩效的控制和监视；

f. 组织或其顾客拟在外部供方现场实施的验证或确认活动。

g. 设计和开发控制；

h. 特殊要求、关键项目，或关键特性；

i. 试验、检验、和验证（包含生产过程确认）；

j. 用于产品接收的统计技术的使用, 和组织接收的有关指导书;

k. 所需要的：

—— 实施质量管理体系；

—— 使用客户指定或者批准的外部供方，包括过程来源（例如：特殊过程）；

—— 向组织通报不合格过程、产品或服务以及或得处置的批准；预防仿冒件的使用（见8.1.4）；

—— 向组织通报过程、产品、或服务的更改，包含其外部供方的更改，或生产地点的更改，并获得组织的批准；

—— 向外部供方传递适用要求，包括顾客要求；

—— 提供用于设计批准、检验/验证、调查或审核的试验样件的要求；

—— 保持形成文件的信息，包含保存期限和处置要求

l. 在供应链的任何层次，组织及其顾客,和法规授权的管理部门有接触使用的设施区域和适用的形成文件的信息的权利。

m. 确保人员意识到：

—— 对于产品和服务符合性的贡献；

—— 对于产品安全性的贡献；

—— 道德行为的重要性。

8.4.3、Information for external providers

The organization shall ensure the adequacy of requirements prior to their communication to the external provider.

The organization shall communicate to external providers its requirements for:

a. the processes, products and services to be provided including the identification of relevant technical data (e.g., specifications, drawings, process requirements, work instructions);

b. the approval of:

1. products and services;

2. methods, processes and equipment;

3. the release of products and services;

c. competence, including any required qualification of persons;

d. the external providers’ interactions with the organization;

e. control and monitoring of the external providers’ performance to be applied by the organization;

f. verification or validation activities that the organization, or its customer, intends to perform at the external providers’ premises.

g. design and development control;

h. special requirements, critical items, or key characteristics;

i. test, inspection, and verification (including production process verification);

j. the use of statistical techniques for product acceptance and related instructions for acceptance by the organization;

k. the need to:

—— implement a quality management system;

—— use customer-designated or approved external providers, including process sources (e.g., special processes);

—— notify the organization of nonconforming processes, products, or services and obtain approval for their disposition; prevent the use of counterfeit parts (see 8.1.4);

—— notify the organization of changes to processes, products, or services, including changes of their external providers or location of manufacture, and obtain the organization’s approval;

—— flow down to external providers applicable requirements including customer requirements;

—— provide test specimens for design approval, inspection/ verification, investigation, or auditing;

—— retain documented information, including retention periods and disposition requirements;

l. the right of access by the organization, their customer, and regulatory authorities to the applicable areas of facilities and to applicable documented information, at any level of the supply chain;

m. ensuring that persons are aware of:

—— their contribution to product or service conformity;

—— their contribution to product safety;

—— the importance of ethical behavior.