ISO9001 and Property Belonging to Customers or External Providers

When I worked in subcontract electronics, we build products for a great range of organisations and a great range of industries. One of the challenges there is making sure you test things properly before you ship them both electrically and mechanically where a specific fit is required. Sometimes we would build the test gear and sometimes the customer would provide it to us to use trusting that we would look after it. They would also of course give us the data to manufacture the base printed circuit boards and buy the parts and any specialist code that had to be put any to any of the devices on the products. We had similar agreements with suppliers, I was once given a $150,000 reflow oven for trials for 3 months, you can bet I looked after that!

So why am I telling you this? Well strangely enough ISO9001:2015 has a clause just for this, it's clause 8.5.3 with the catchy title of Property Belonging to Customers or External Providers, and here's what it needs you to do to comply. 

Identification 

Firstly, it's obviously not limited to physical property, it can be software, documentation or actually anything that is provided to you. Once it has been provided you need to be able to identify it clearly as something that has been provided to you, we used to label equipment CS VS with a incrementing number to identify things with CS being Customer Supplied and VS being Vendor Supplied. Of course, if it's software then you may need to put the identification it the name of the file or perhaps keep a register of it. ISO9001:2015 doesn't specify how you do it only that you must do it.  

Verification 

Secondly you need to verify that what ever has been provided to you is able to meet the requirements that it's intended to be used. Just because it comes from the customer for example doesn't mean that you shouldn't follow your standard inspection requirements when booking it into the company or running it in your processes.

Safeguard it 

Thirdly you need to protect it and make sure it's safe, remains undamaged and obviously doesn't get lost or stolen. I like to explain this as thinking about loaning your favourite tool to your neighbour or family member, you expect at some point to get it back and you expect that it will be in a good condition when you do. This means you need some processes in place to ensure that this happens. The other thing you would expect is that if your neighbour or family member broke or worse lost your favourite tool, they would tell you, it's the same here. You need to have processes in place that cover this eventuality and the steps that you will take to replace or recover, especially if it is software or data based.

Summary 

 When you think about it these three requirements of clause 8.5.3 of ISO9001:2015 make sense. It's not your property but you are responsible for it so clearly identifying it and storing it correctly seems like the right thing to do. Verifying that it does what it's meant to do is also a smart thing to do after all it's part of the product or service you are providing them either physically or as a verification tool for the product or as a tool to create it. Ensuring that if something does happen to the item supplied that you have processes to communicate that something has happened also makes good sense.