8.4.1.1、组织应：

a）确定如何对外部供方的批准状态过行决定和更改以及在什么条件下可根 据其批准状态对其进行受控使用的过程、职责和权限；

b）保持一份外部供方名录，包括批准状态（如批准，有条件批准，不批准）和批准范围（如产品类型、过程类别、分销授权的批准）；

c）周期性地评估外部供方的业绩,包括产品和服务的符合性和准时交付能力；

d）当外部供方不能满足要求时，确定采取必要的措施；

e）确定过程控制由外部供方生成和/或保留的文件的信息。

8.4.1.1、The organization shall:

a. define the process, responsibilities, and authority for the approval status decision, changes of the approval status, and conditions for a controlled use of external providers depending on their approval status;

b. maintain a register of its external providers that includes approval status (e.g., approved, conditional, disapproved) and the scope of the approval (e.g., product type, process family, authorized approval to distribute);

c. periodically review external provider performance including process, product and service conformity, and on- time delivery performance;

d. define the necessary actions to take when dealing with external providers that do not meet requirements;

e. define the requirements for controlling documented information created by and/or retained by external providers.