| Section: |
7.4.1 f |
Section Title: Risk When Selecting Suppliers. |
| 9100 C Clause |
Purchasing Process: The organization shall:
determine and manage the risk when selecting and using suppliers (see 7.1.2). |
| Other Specifications |
9100C section 7.1.2; ARP 9134. |
| Generic Expectation |
The selection process should include a process for identifying, evaluating and mitigating overall risk associated with a supplier. |
| Product Type: |
COTS/Standards |
Raw Material |
Build-to-Print |
Supplier Design |
| Specific Expectation |
Organization (Buyer) |
Develop process for and conduct risk assessment to identify potential risks associated with the selection of new suppliers. |
| Process for new suppliers should include definition of risk criteria (risk identification, consequence, level of acceptance) and mitigation actions. |
| Develop process for and conduct risk assessment to identify potential risks associated with the selection of existing suppliers. |
| Process for existing suppliers should include definition of risk criteria for risk identification, prioritization, consequence, level of acceptance and mitigation/risk reduction plan. |
| Communicate risk expectations to supplier. |
| Supplier (Seller) |
Support buyer in performing their risk assessment. |
| Have a process to mitigate risks found during buyer assessment. |
| Have a active risk management / reduction program including but not limited to new technologies, change management, equipment limitation, capability and capacity, delivery schedule, resources, financial health. |
| Have a process for subtier risk assessment aligned with buyer's program. |
| Communicate risk program and results to buyer. |
| Communicate risk expectations to subtiers. |
| Documentation to demonstrate conformance to expectation (what the auditor would look for) |
Organization (Buyer) |
Documented Risk Assessment Program. |
| Documented results of risk assessment Program. |
| Document risk management plan for supplier. |
| Document flow-down of risk management program to supplier. |
| Supplier (Seller) |
Documented actions for mitigating identified risks. |
| Documented risk management program. |
| Document flow-down of risk management program to subtier supplier. |
| Examples (Best Practices) |
Organization (Buyer) |
|
|
|
|
| Supplier (Seller) |
|
|
|
|
