According to clause 8.4 of ISO 9001:2015, the organization should ensure that externally provided processes, products, and services conform to the specified requirements. To do so, the organization should:
•Establish the criteria for the selection, evaluation, and re-evaluation of external providers, based on their ability to provide processes, products, and services in accordance with the requirements. The criteria should be documented and applied consistently.
•Evaluate the potential external providers before selecting them, using the established criteria. The evaluation methods may include questionnaires, audits, references, samples, etc. The results of the evaluation should be documented and reviewed.
•Select the external providers that have demonstrated their competence and conformity to the requirements. The selection should be based on the evaluation results and the organization’s needs. The selection should be documented and approved.
•Communicate the requirements for the processes, products, and services to be provided by the external provider, including the verification and validation activities, the acceptance criteria, the documentation requirements, the changes control, etc. The communication methods may include purchase orders, contracts, agreements, etc. The communication should be clear, complete, and timely.
•Monitor the performance and conformity of the external provider, using the established criteria and methods. The monitoring methods may include inspections, tests, audits, feedback, complaints, etc. The monitoring results should be documented and analyzed.
In this case, the evidence statements that demonstrate a nonconformity with clause 8.4 are A and C, because they show that the organization did not retain documented information of the selection and evaluation of the external provider, and the monitoring of the external provider’s performance. These are requirements of the standard and essential for ensuring the quality of the externally provided processes, products, and services. The other options are not directly related to clause 8.4, although they may indicate other nonconformities or weaknesses in the organization’s QMS. For example, option B may relate to clause 7.1.3 on contingency planning, option D may relate to clause 8.2.3 on review of requirements, option E may relate to clause 8.6 on release of products and services, and option F may relate to clause 5.1.1 on leadership and commitment. References: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Scope], Mastering the Scope of ISO 9001 Quality Management Systems
