Simple Rules on Purchasing – Part I 

When it comes to purchasing goods and services for your business the ISO 9001 Quality Management Systems standard is full of good common sense. Here is what it says –

7 Product Realisation
7.4 Purchasing
7.4.1 Purchasing Process

The organization shall ensure that purchased product conforms to specified purchase requirements. The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realisation or the final product.
The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organization’s requirements. Criteria for selection, evaluation and re-evaluation shall be established.
Records of the results of evaluations and any necessary actions arising from the evaluation shall be maintained (see 4.2.4).

Note that these requirements apply to items that go into the product or service, manufacture it, check it and deliver it.

The Standard tells us that we must control the goods/services we buy AND the supplier or subcontractor we buy from. We need only do this for goods or services that can affect the quality of our finished products and services. Makes perfect sense doesn’t it? After all, we are paying for quality goods and services. We don’t want to rework or reject products, do extra inspections, or recall products. Remember the old adage “You can’t make a silk purse out of a sow’s ear.”

But this doesn’t mean we have to go to a lot of time and expense to check everything. The checks we do on goods and services and the suppliers we purchase them from should be relevant to how important the goods or services are to the quality of our finished products and services (for the standard AS 4801 we also need to consider the safety of our staff and products/services, and for ISO 14001 the environmental impacts).

The more important the purchase we are making is, the greater the controls we would want to have over it. This means that:

In communicating our requirements . . . . .
When goods and services can have a big impact on us we might need to, for example, send the supplier a purchase order with our specification attached, refer to Australian Standards, refer to a scope of works, contract, etc.

If they have little impact we might place our order over the phone or by an email that contains little detail. If they have no impact we don’t need to worry about it.

When it comes to suppliers . . . . .
Where goods or services have a big impact on us we might say that the supplier has to be certified to ISO 9001 (and AS 4801 for safety and ISO 14001 for the environment depending on your needs) because of the extra level of assurance this gives us. If the goods and services will have little impact on us we might simply say that the supplier has to be on our Approved Supplier List. If the goods and services have no impact on our product/service quality then we don’t need to include them in this procedure at all.

What’s an Approved Supplier List?

Many businesses will list the suppliers they have confidence in on an Approved Supplier List which will also state the types of goods and services that can be purchased from the supplier (they may not be good at everything). For ease of use this list might include the supplier’s contact details too. The last column on the list will often be the “review date”. This is the date on which you are due to review that supplier’s performance to see whether they still deserve your business. Alternatively you could forget this column and just review them all at a time that will be easy for you to remember. Most businesses do this review annually.

You don’t have to have an Approved Supplier List, it depends on the needs of your business and the product/service you supply. But the Standard says you do have to establish the criteria for the selection, evaluation and re-evaluation of suppliers. Here are some simple examples of such criteria:

  • Price
  • Reputation
  • History of past performance
  • Ability to deliver on time
  • Ability to meet deadline/s and project specific requirements
  • Whether they have a certified Quality Management System in place (AS 4801 and ISO 14001)
  • Whether they have evidence of a suitable Quality Management System (not certified)
  • The results of audits or reviews of their processes.

Again, the extent of this evaluation varies in accordance with the degree of risk and complexity associated with the product or service they are to supply and its impact on our finished products and services.

If you’d like some guidance or need a sounding board please email me at Alternatively, visit my website where you’ll find my Top 5 Essential Tips, audit checklists, and free ISO procedures.