Inside Quality Insider

  •  

  •  

  •  

  •  

     

     

  • SUBSCRIBE

Miriam Boudreaux  |  01/19/2010

Miriam Boudreaux’s picture

Bio

How to Find Out If an ISO 9001 Certificate Is Valid

This certificate smells fishy!

The first thing you need to do when you are evaluating a potential supplier based on their ISO 9001 certificate is request that they provide you with a copy of the certificate itself. If the company is indeed certified, they shouldn't have a problem providing you with a copy of their certificate.  When you have it, then you can make the following checks:

1. Only registrars are allowed to give ISO 9001 certificates. An organization cannot self-grant a certificate. So, look for the name of the registrar (e.g., DNV, BSI, ABS etc.).

2. Look for the name of the accreditation body (e.g., ANAB, UKAS, etc.). If you see a stamp from an accreditation body, you can find out if this accreditation body is a member of the International Accreditation Forum (IAF). If there is no stamp from an accreditation body on the certificate then you should be suspicious as to whether the registrar is competent to audit. A registrar may opt to not seek accreditation, but that may or may not be an indication of their ability and competency. Here is an excerpt from the ISO web site:

"In most countries, accreditation is a choice, not an obligation and the fact that a certification body is not accredited does not, by itself, mean that it is not a reputable organization. For example, a certification body operating nationally in a highly specific sector might enjoy such a good reputation that it does not feel there is any advantage for it to go to the expense of being accredited. That said, many certification bodies choose to seek accreditation, even when it is not compulsory, in order to be able to demonstrate an independent confirmation of their competence."

3. If there is a registrar name on the certificate, the quickest way to find out if the certificate is valid is to call the registrar directly and ask them to verify that they have issued such a certificate. Explain to their registrar what you are trying to do and they should be able to put you in touch with the specific department that can help with you with such situations.

4. Bear in mind that if an organization certifies Plant A, it doesn't mean that Plants B and C are also certified. Usually the certificate will tell you exactly which processes and locations are certified. So verify that your vendor's specific location and processes are certified.

5. Ensure that the certificate has not expired. If it has, then you can ask the company the reason why the certificate is expired. Valid reasons could be:

a. They already had their recertification audit but the registrar failed to provide the audit report on time and therefore they were unable to answer the nonconformities on time. In this case you should be able to get a copy of the recertification audit report. I have experienced this situation and the organization truly may not be at fault.

b. They were not ready for their recertification audit and decided to postpone it. In this case, you should expect to see an audit agenda, describing the new audit date. I have seen this situation also. In this case the organization itself is admitting they have shortcomings. See if they are actually working on improving the system.

 

6. If you have some time and access to the internet, you can actually go to the registrar web site directly and look for a list of their clients. An easy Google search could use the search words: ISO 9001 registrar.  

 

Not all registrars are created equal

Like it or not, not all registrars conform to the same audit standards or principles. Simply put, some registrars are better than others. I'm not being biased, but rather speaking from my own experience and what I hear in the ISO standards world.

In the case of an accredited registrar that is operating while its accreditation is under suspension, they are not authorized by the accreditation to give certificates bearing the logo of the accrediting agency (e.g., ANAB, UKAS, etc.) until their auditing practices are up to par with the accreditation body auditing practices and the ISO 9001 auditing standard as well.

When an organization is audited by a registrar that doesn't have good practices, the only one that stands to lose is the organization, because they are made to believe that their management system is conforming to the standard, when in fact, such a management system may have many opportunities for improvement. In some cases, the need for this improvement is severe. The problem is not just “not conforming to the standard” but rather not getting the full benefit of being certified, which means improving the processes and the business.

Of course, all audits are based on a sampling plan, however if a registrar decides to audit less days than those recommended by the International Accreditation Forum or another similar entity, then you may not be able to truly obtain a representative sample from which to audit.

It still smells...

A good supplier should be able to help you improve your quality by providing you with excellent products and services. If you have done your homework, verified at the certificate, and audited the company and you still think that the processes from your potential supplier don't match the level of quality that an ISO 9001-certified company should demonstrate, then go with your assessment. The fact that a company has a legitimate ISO 9001 certificate doesn't guarantee that they still meet your standards. Trust your instincts.

Discuss

About The Author

Miriam Boudreaux’s picture

Miriam Boudreaux

Miriam Boudreaux is the president of Mireaux Management Solutions, a consulting and technology firm headquartered in Houston, Texas, providing ISO and API consulting, ISO and API training, internal auditing services, and implementation of the Web QMS hosted software platform. Miriam holds bachelor’s and master’s degrees in Industrial Engineering. She is an RABQSA certified QMS and ISMS auditor, ASQ Certified Quality Engineer (CQE), and a Certified Quality Manager (CQM). She has served as an examiner with the Texas Award for Performance Excellence and participates as a speaker at various conferences throughout the year.

Comments

Self Certify, Anyone can provide a certificate

This article is misleading and should be corrected before re-circulated by Quality Digest. 

1. A company can self certify.

2. And anyone can provide an ISO 9001 certificate. However, not anyone can provide an accredited ISO 9001 certification. The number one thing to look for is an accreditation mark from the registrar / auditing organization. If you pay me $20, I would be happy to provide your organization with an ISO 9001 certificate. MS Word's Word Art has some terrrifc fonts and graphics. 

Self certification

I'm not familiar with self certification. I presume you could create your own certificate, but unless you are a recognized entity, not sure who would put any trust in it. I guess I don't know enough about self certification to talk about it, never heard about it and no company that I know has done that. We recommend our clients to look for accredited registrars that provide accredited certificates because an accredited registrar means they are regulated and audited and than in itself is a bit reassuring. I believe accreditation bodies have woken up and have been more stringent with the registrars, which is a good thing for everybody, since audit days, audit practices and audit reports can be improved with consistency. Thanks for reading the article!

Hey !!!

I didn't read the other readers' comment before writing mine. If I were at ISO I wouldn't sleep well tonight: it's not a question of "losing faith" but it's certainly a fact that raises doubts on the reliability of auditors, registrars and accreditation bodies. That there are no two registrars alike is quite disgraceful, especially when both are controlled by the same accreditation body: that's all but objectivity and equality. Despite all the standards put on registrars by the various acrreditation organizations, it seems that registrars are allowed to freely operate in a certification jungle. Of course, names can't be made, but I myself know of quite a number of cases of registrars' misdemeanours, and I don't only mean validity of certificates. If we dig deep enough, we'll open a pandora's vase.

There's a further point

That is, a Registrar's accreditation can be suspended for one or more industry sectors, even when the Registrar is big: it happened in the past in critical industry sectors like food making, construction; it can happen again and the certificate user will certainly not be allowed to these information. Testing the validity of ISO 9001 - or 14001, to speak of the most common - certificates is a very tricky business because both the seller, the registrar and the accreditation body are interested parties, and none of them will give out any information that can damage them. Though costly it might be, the only effective way to test the soundness of a supplier's management system is to directly audit it or to have it audited by a reliable local third party. We must not forget that certificates are paper sheets and that they mean themselves. 

Everybody is an interested party

Hi Umberto, I have been saying the same thing for a long time. The process of being objective when you want to please both the client and your bosses is a very fine line. We all are in to make money, but in the end, it comes to commitment, ethics and integrity. The article wants to showcase unaccredited registrars from accredited ones, because that's where the majority of the gap is, though as everyone has well said, there is enough statistical variation within registrars themselves, to render some certificates out of control :)!

Have you missed the point?

Thanks Miriam, good article; describes what should be rather than what is though. I feel.
ISO 9001 is a litany of requirements to be used in a procurement process; the onus for compliance is on the supplier not the certifier (or registrar as they're known Stateside).
Since certifiers pay very little for auditors, whether they be contractors or staff, and they allow ridiculously short amounts of time for their audits, the chances that a certifier’s view of the integrity of your supplier’s quality system is of value as a qualification criterion is limited at best.
On the other hand, certification does tell you that the supplier feels that something is needed but the extent to which they are committed to ISO 9001's awesome message is simply not demonstrated by the certificate. And since that accreditation systems the world over have let this situation develop over the last 25 years is to their eternal shame, their imprimatur is worthless. In reality you are left with testing the supplier yourself.

So what's the alternative?

I recommend the following as tests to see if an ISO 9001 certification is valid. More to the point though, we're more interested in checking that the supplier can demonstrate effective implementation of a QMS that meets ISO 9001 than we are that the supplier pays a certifier.

!. Ask for a copy or sight of the quality manual that addresses ISO 9001/4.2.2. In particular make sure that 4.2.2 c) is well covered and makes sense. My guess is that the whole notion of this requirement as it addresses ISO 9001/4.1 a), b) and c) will have been missed.
2. Ask who is the management rep as per 5.5.2. If that person is not the business owner or Chief Executive, assume there is little commitment to ISO 9001. The focus here is the word "ensuring" in 5.5.2 a).
3. Ask for the last internal audit report. If it shows only conformity checking with procedures, take it that there is no effective internal auditing at all. Systems effectiveness is what you’re looking for.
4. Ask the supplier for a copy of their last two certification audit reports. If the reports make any sense to you, there's a glimmer, if they are trivial ....etc, etc. And check out the time spent on the audit. If you think you could check out the supplier in that length of time, there’s another glimmer, if not…etc, etc..
5. If you can be bothered contacting the certifier, ask for a copy of the auditor's CV. If you would employ this person to do your vendor assessment then there's a glimmer, if not....etc etc

Hope this helps……one last thought, get your suppliers to run the evaluation against ISO 9004:2009 and let you have a copy. If they’re OK to let you see it, they are probably OK to deal with!
All the best.

Good points

Thank you for reading the article and thank you for your good points. A lot can be written about a robust QMS. Here thought I wanted to focus on the validity of the certificate itself.

First point in article is wrong

There is no regulation preventing an organization from self-certifying to ISO 9001 and issuing a document to that effect.

Of course, the self-issued certificate cannot misrepresent the conditions of certification, nor can it use the service marks of any certification body nor can it make inaccurate claims.

Considering the current sorry state of quality systems registrars, I would find out how an organization self-certifies before I would dismiss their claims of compliance with ISO 9001.

Self-certification

Thanks for reading the article. I would like to think that an organization can consider themselves as "conforming to the standard". As far as self-certifying? Not sure about that.

ISO 9001 Validity

Miriam,
Interesting article. Thanks.

Would you consider the ISO 9001 registration valid if the company personnel you actually talk to, including QA people, know little or nothing about the principles of ISO 9001 and have little or no interest in actully applying the principles?

How often is ISO 9001 registration just "quality theater?"

All the best,

Bill Corcoran
Mission: Saving lives, pain, assets, and careers through thoughtful inquiry.
Motto: If you want safety, peace, or justice, then work for competency, integrity, and transparency.

Valid certificate

Bill thanks for reading the article. I hear you and although you bring up good points, the article was focusing on the validity of the certificate. I would like to think that a company such as the one your presented, will sooner rather than later- be challenged during an audit for basically not complying with the intent of the standard and not effectively implementing the requirements.

You can create content!

  • Classifieds
  • File Share
  • Forum Topic
  • Events
  • Links

Sign In to get started!