8.4.3   Information for External Providers

The organization shall ensure the adequacy of requirements prior to their communication to the external provider.

The organization shall communicate to external providers its requirements for:

​a.​  the processes, products, and services to be provided including the identification of relevant technical data (e.g.,                            specifications, drawings, process requirements, work instructions);

​b.  the approval of:

1.  products and services;
   
2.  methods, processes, and equipment;
   
3.  the release of products and services;
   

​

c.  competence, including any required qualification of persons;

d.  the external providers' interactions with the organization;

e.  control and monitoring of the external providers' performance to be applied by the organization;

f.  verification or validation activities that the organization, or its customer, intends to perform at the external  providers' premises;

g.  design and development control;

h.  special requirements, critical items, or key characteristics;

i.  test, inspection, and verification (including production process verification);

j.  the use of statistical techniques for product acceptance and related instruction for acceptance by the                                      organization;

k.  the need to: 

• implement a quality management system;
  
• use customer-designated or approved external providers, including process sources (e.g., special processes);
  
• notify the organization of nonconforming processes, products, or services and obtain approval for their disposition;
  
• prevent the use of counterfeit parts ( see WI 8.1.4);
  
• ​notify the organization of changes to processes, products, or services, including changes of their external providers or location of manufacture, and obtain the organization's approval;
  
• flow down to external providers applicable requirements including customer requirements;
  
• provide test specimens for design approval, inspection/verification, investigation, or auditing;
  
• retain documented information, including retention periods and disposition requirements;
  

​

l.  the right of access by the organization, their customer, and regulatory authorities to the applicable areas of                  facilities and to applicable documented information, at any level of the supply chain;

m.  ensuring that persons are aware of:

• their contribution to product or service conformity;
  
• their contribution to product safety;
  
• the importance of ethical behavior.