18.104.22.168、The organization shall:
a. define the process, responsibilities, and authority for the approval status decision, changes of the approval status, and conditions for a controlled use of external providers depending on their approval status;
b. maintain a register of its external providers that includes approval status (e.g., approved, conditional, disapproved) and the scope of the approval (e.g., product type, process family, authorized approval to distribute);
c. periodically review external provider performance including process, product and service conformity, and on- time delivery performance;
d. define the necessary actions to take when dealing with external providers that do not meet requirements;
e. define the requirements for controlling documented information created by and/or retained by external providers.