Type and Extent of Control to be Applied - ISO 9001:2008 DIS

According to ISO 9001:2008 DIS, an organization must define the type and extent of control to outsourced processes.

According to the N526 - Guide to the Terminology used in ISO 9001:2000 and ISO 9004:2000 document, the definition of control is :

• power to give orders or to restrain something
• means of restraining or regulating
• standard of comparison for checking the results of an action or measurement.

So, I would like to start a debate on what quality professionals, knowledgeable about ISO 9001 on the adequacy of controls which would be deemed acceptable. We know that it is not a requirement for ISO 9001 compliant organizations to flow down ISO 9001 compliance to their suppliers. However, just specifying certain requirements for outsourced processes in a contract and/or PO is no guarantee that the supplier will perform adequately.

For example, if an organization outsources the design of a product to a design-house, what would be the expected controls to be exercised for this supplier? Would compliance to ISO 9001 section 7.3 be mandated? How would the customer assure that the supplier conforms with such requirements? What about other associated requirements, such as the competence of the people performing design work? Would a requirement such as that need to be explicitly invoked?

Opinions welcomed.

from http://elsmar.com/Forums