Part 2 of Clause 8 governs what happens after planning is complete and the organization begins execution. This is the production core of the QMS: controlling external providers, maintaining disciplined process conditions, preserving product identity and traceability, enforcing release gates, and isolating nonconforming outputs before they escape.
These controls are where operational credibility becomes visible. A strong organization does not just make conforming product most of the time. It can prove who supplied what, how the process was run, who authorized release, and what happened when something went wrong.
Visual Summary
Use the Clause 8 Part 2 visual for a quick review of supply-chain control, controlled production conditions, traceability, release gates, and nonconformance containment.
Jump to Guide Sections
1. Why Clause 8 Part 2 Is the Production Core
The second half of Clause 8 answers the practical execution questions: are external inputs controlled, are production conditions stable, can product history be reconstructed, is release disciplined, and do errors get contained before they reach the customer? If the answer to any of those questions is weak, the organization is relying on luck more than system control.
What Clause 8 Part 2 Prevents
Supplier-driven escapes, unstable shop-floor conditions, broken traceability, unauthorized release, and accidental shipment of nonconforming product.
What Clause 8 Part 2 Creates
Disciplined execution with controlled inputs, validated process conditions, documented release evidence, and a clear response path when conformity is lost.
2. Clause 8.4: Control of Externally Provided Processes, Products, and Services
Clause 8.4 requires the organization to ensure that externally provided processes, products, and services conform to requirements. This extends beyond purchased material. It includes subcontracted special processes, calibration services, external laboratories, outsourced logistics, and other external inputs that can affect product or service conformity.
| Control Need | Practical Expectation | Typical Evidence |
|---|---|---|
| Selection and approval | Choose providers based on their ability to meet technical, quality, and delivery requirements. | Approved supplier lists, audits, qualification records, PPAPs, initial capability reviews. |
| Monitoring and re-evaluation | Track supplier performance and reassess if risk or performance changes. | Scorecards, PPM trends, OTD trends, NCRs, escalation reviews, business reviews. |
| Flow-down of requirements | Provide the supplier with the full requirement set, including drawings, specifications, changes, and special controls. | Purchase orders, quality clauses, revision controls, change notices, special-process requirements. |
| Verification of received or outsourced output | Confirm the incoming or externally provided output meets the defined criteria before use. | Incoming inspection, certificates, receiving checks, source inspections, special-process validation records. |
3. Clause 8.5: Production and Service Provision
Clause 8.5 requires production and service provision to be carried out under controlled conditions. That includes availability of documented information, suitable monitoring and measurement resources, competent people, validated special processes where needed, and implementation of actions to prevent human error.
| Controlled Condition | Why It Matters | Typical Control |
|---|---|---|
| Current work instructions | Operators need the right sequence, limits, and quality checks at point of use. | Controlled standard work, routers, setup sheets, digital work instructions. |
| Competent personnel | Even good instructions fail if the person executing them is not qualified. | Qualification matrices, training evidence, certification status, layered observation. |
| Suitable equipment and measurement | Machines and gages must be fit for purpose and in controlled condition. | Preventive maintenance, validation, calibration, setup verification. |
| Validation of special processes | Where the result cannot be fully verified later, the process itself must be validated. | Welding validation, heat treat validation, sterilization validation, software validation. |
| Human-error prevention | Many escapes are not knowledge failures but process-design failures. | Poka-yoke, barcode checks, forced verification steps, label controls, sequence interlocks. |
4. Clause 8.5.2: Identification and Traceability
Identification and traceability are required where needed to ensure conformity. The purpose is not bureaucracy. It is to maintain a reliable link between the raw material, the work in process, the finished output, and the records that show what happened during execution.
What Traceability Can Protect
- Root-cause analysis after a defect or escape.
- Containment scope during a recall or customer complaint.
- Verification that the correct material, tooling, and routing were used.
- Evidence that special characteristics were controlled through the full route.
What Auditors Look For
- Clear status identification: accepted, in-process, hold, nonconforming, released.
- Lot, batch, serial, or traveler identity retained where required.
- Ability to reconstruct product history quickly.
- No mixing of controlled and uncontrolled product in storage or flow.
5. Clause 8.6: Release of Products and Services
Clause 8.6 requires the organization to implement planned arrangements at appropriate stages to verify that product and service requirements have been met. Release cannot proceed until those arrangements are complete, unless otherwise approved by relevant authority or the customer where applicable.
| Release Requirement | Typical Evidence |
|---|---|
| Verification completed | Inspection results, test records, checklist completion, first-article or final inspection evidence. |
| Conformity decision made | Accept/reject disposition, electronic signoff, approval stamp, designated reviewer authorization. |
| Traceable release authority | Name, role, or system identity of the person who authorized release. |
| Exception path controlled | Formal concession, deviation, waiver, or customer approval when requirements are not fully met. |
6. Clause 8.7: Control of Nonconforming Outputs
Clause 8.7 requires nonconforming outputs to be identified and controlled to prevent unintended use or delivery. The organization must determine action appropriate to the nature of the nonconformity and its effect on conformity.
| Control Step | Practical Expectation |
|---|---|
| Identify and segregate | Mark and isolate suspect output so it cannot be mixed with conforming product. |
| Evaluate disposition | Decide on rework, repair, scrap, concession, return, containment, or further investigation based on defined authority. |
| Record the event | Retain evidence of the nonconformity, the action taken, concessions obtained if any, and release approval after correction where applicable. |
| Trigger broader response when needed | Escalate into root-cause analysis, corrective action, customer notification, or wider containment when risk warrants it. |
Strong Containment Behavior
Segregation is immediate, status is visible, responsibility is clear, and investigation starts before product can drift back into the normal flow.
Weak Containment Behavior
Nonconforming product is set aside informally, labeling is inconsistent, and nobody can prove whether all suspect material was contained.
7. Quick Reference: Clause 8 Part 2 Audit Readiness
External Provider Checks
- Approved providers are selected on capability, not convenience alone.
- Supplier performance is monitored and re-evaluated.
- Requirement changes are flowed down in controlled form.
- Incoming or outsourced outputs are verified before use.
Production-Control Checks
- Controlled conditions exist at the point of use.
- Special processes are validated where later verification is not sufficient.
- Human-error prevention is built into the process where risk is meaningful.
- Status and identity are visible through execution.
Release and Traceability Checks
- Traceability can reconstruct product history when needed.
- Release only occurs after planned verification is complete.
- Release authority is identifiable and retained.
- Exception approvals are formal and traceable.
Nonconformance Checks
- Nonconforming output is clearly identified and segregated.
- Disposition authority is defined and followed.
- Records show what happened and why.
- Escalation into corrective action occurs when risk or recurrence warrants it.