Featured Product
This Week in Quality Digest Live
Standards Features
Mark Hembree
Rumors about ball performance meet quality assurance
Grant Ramaley
FDA seeks to align Part 820 with ISO 13485:2016; why that may not be enough.
MSMEs are encouraged to uphold the highest standards
Steven Brown
21st-century standard candles at NIST

More Features

Standards News
US Dept. of Commerce issues seven grand challenges
Requesting quotes for ‘Baldrige Reimagined’
Standards-based audit checklist and best practices provide support for growing technology in aerospace
Accelerating the adoption of digital twins in building industries
Tactics aim to improve job quality and retain a high-performing workforce
Demonstrating a commitment to keeping people safe and organizations running
Making the new material freely available to testing laboratories and manufacturers worldwide
Run compliance checks against products in seconds
Aug. 25, 2022, at 3:00 p.m. Eastern

More News

Miriam Boudreaux


How to Find Out If an ISO 9001 Certificate Is Valid

This certificate smells fishy!

Published: Tuesday, January 19, 2010 - 12:01

The first thing you need to do when you are evaluating a potential supplier based on their ISO 9001 certificate is request that they provide you with a copy of the certificate itself. If the company is indeed certified, they shouldn't have a problem providing you with a copy of their certificate.  When you have it, then you can make the following checks:

1. Only registrars are allowed to give ISO 9001 certificates. An organization cannot self-grant a certificate. So, look for the name of the registrar (e.g., DNV, BSI, ABS etc.).

2. Look for the name of the accreditation body (e.g., ANAB, UKAS, etc.). If you see a stamp from an accreditation body, you can find out if this accreditation body is a member of the International Accreditation Forum (IAF). If there is no stamp from an accreditation body on the certificate then you should be suspicious as to whether the registrar is competent to audit. A registrar may opt to not seek accreditation, but that may or may not be an indication of their ability and competency. Here is an excerpt from the ISO web site:

"In most countries, accreditation is a choice, not an obligation and the fact that a certification body is not accredited does not, by itself, mean that it is not a reputable organization. For example, a certification body operating nationally in a highly specific sector might enjoy such a good reputation that it does not feel there is any advantage for it to go to the expense of being accredited. That said, many certification bodies choose to seek accreditation, even when it is not compulsory, in order to be able to demonstrate an independent confirmation of their competence."

3. If there is a registrar name on the certificate, the quickest way to find out if the certificate is valid is to call the registrar directly and ask them to verify that they have issued such a certificate. Explain to their registrar what you are trying to do and they should be able to put you in touch with the specific department that can help with you with such situations.

4. Bear in mind that if an organization certifies Plant A, it doesn't mean that Plants B and C are also certified. Usually the certificate will tell you exactly which processes and locations are certified. So verify that your vendor's specific location and processes are certified.

5. Ensure that the certificate has not expired. If it has, then you can ask the company the reason why the certificate is expired. Valid reasons could be:

a. They already had their recertification audit but the registrar failed to provide the audit report on time and therefore they were unable to answer the nonconformities on time. In this case you should be able to get a copy of the recertification audit report. I have experienced this situation and the organization truly may not be at fault.

b. They were not ready for their recertification audit and decided to postpone it. In this case, you should expect to see an audit agenda, describing the new audit date. I have seen this situation also. In this case the organization itself is admitting they have shortcomings. See if they are actually working on improving the system.


6. If you have some time and access to the internet, you can actually go to the registrar web site directly and look for a list of their clients. An easy Google search could use the search words: ISO 9001 registrar.  


Not all registrars are created equal

Like it or not, not all registrars conform to the same audit standards or principles. Simply put, some registrars are better than others. I'm not being biased, but rather speaking from my own experience and what I hear in the ISO standards world.

In the case of an accredited registrar that is operating while its accreditation is under suspension, they are not authorized by the accreditation to give certificates bearing the logo of the accrediting agency (e.g., ANAB, UKAS, etc.) until their auditing practices are up to par with the accreditation body auditing practices and the ISO 9001 auditing standard as well.

When an organization is audited by a registrar that doesn't have good practices, the only one that stands to lose is the organization, because they are made to believe that their management system is conforming to the standard, when in fact, such a management system may have many opportunities for improvement. In some cases, the need for this improvement is severe. The problem is not just “not conforming to the standard” but rather not getting the full benefit of being certified, which means improving the processes and the business.

Of course, all audits are based on a sampling plan, however if a registrar decides to audit less days than those recommended by the International Accreditation Forum or another similar entity, then you may not be able to truly obtain a representative sample from which to audit.

It still smells...

A good supplier should be able to help you improve your quality by providing you with excellent products and services. If you have done your homework, verified at the certificate, and audited the company and you still think that the processes from your potential supplier don't match the level of quality that an ISO 9001-certified company should demonstrate, then go with your assessment. The fact that a company has a legitimate ISO 9001 certificate doesn't guarantee that they still meet your standards. Trust your instincts.

For more information about the ISO 9001 standard, see the Quality Digest knowledge guide, “What Is ISO 9001:2015?”


About The Author

Miriam Boudreaux’s picture

Miriam Boudreaux

Miriam Boudreaux is the CEO and founder of Mireaux Management Solutions, a technology and consulting firm headquartered in Houston, Texas. Mireaux’s products and services encompass international standards ISO and API consulting, training, auditing, document control and implementation of Web QMS software platform. Mireaux’s 6,500 square foot headquarters, located in the northwest area of Houston, houses their main offices as well as their state-of-the art training center. Mireaux itself is certified to ISO 9001:2015 and ISO 27001:2013. To get in touch with Miriam Boudreaux, please contact her at info@mireauxms.com.


Database for certified companies

how can i find and see or get a copy of an iso certificate on certified companies? is there a site for downloading?

[posted by Quality Digest on behalf of Elizack]

good Article

I really want to thank you for posting this article after reading of comments would like to say that a purchaser or any client does not have enough time to inspect a body or maybe he is not able to do so he will like to by a BRAND name in any sector. so third party accreditation is valuable for all types of business.


Miriam, I enjoyed your article.  I did expect though that you might provide at least some generic examples of invalid ISO 9001 certificates.  As a Certification Body contract auditor, I have added some audits indirectly as a result of customers who questioned the validity of ISO certificates of potential suppliers.  In several cases, an entire industry association was issuing ISO 9001 certificates to its members.  In another case, a consultant prepared a manual and procedures, did training and internal audits and issued an ISO 9001 certification with the mark of a certification body that they created, "validated" by another organization that they created. 

Self Certify, Anyone can provide a certificate

This article is misleading and should be corrected before re-circulated by Quality Digest. 

1. A company can self certify.

2. And anyone can provide an ISO 9001 certificate. However, not anyone can provide an accredited ISO 9001 certification. The number one thing to look for is an accreditation mark from the registrar / auditing organization. If you pay me $20, I would be happy to provide your organization with an ISO 9001 certificate. MS Word's Word Art has some terrrifc fonts and graphics. 

There is no "self certify"!

A company can self declare that they are compliant or conforming to the ISO standard.  But they cannot "certify".

And no, not anyone can provide an "ISO certificate" - the use of the logo for ISO is only allowed through an accredited registrar after an actual certification.

So you're the one misleading!  

I need an ISO accredited

Hi, I'm very interested in having an accredited ISO. Please let me know if you can help. 

Thank you.

Self certification

I'm not familiar with self certification. I presume you could create your own certificate, but unless you are a recognized entity, not sure who would put any trust in it. I guess I don't know enough about self certification to talk about it, never heard about it and no company that I know has done that. We recommend our clients to look for accredited registrars that provide accredited certificates because an accredited registrar means they are regulated and audited and than in itself is a bit reassuring. I believe accreditation bodies have woken up and have been more stringent with the registrars, which is a good thing for everybody, since audit days, audit practices and audit reports can be improved with consistency. Thanks for reading the article!

Hey !!!

I didn't read the other readers' comment before writing mine. If I were at ISO I wouldn't sleep well tonight: it's not a question of "losing faith" but it's certainly a fact that raises doubts on the reliability of auditors, registrars and accreditation bodies. That there are no two registrars alike is quite disgraceful, especially when both are controlled by the same accreditation body: that's all but objectivity and equality. Despite all the standards put on registrars by the various acrreditation organizations, it seems that registrars are allowed to freely operate in a certification jungle. Of course, names can't be made, but I myself know of quite a number of cases of registrars' misdemeanours, and I don't only mean validity of certificates. If we dig deep enough, we'll open a pandora's vase.

There's a further point

That is, a Registrar's accreditation can be suspended for one or more industry sectors, even when the Registrar is big: it happened in the past in critical industry sectors like food making, construction; it can happen again and the certificate user will certainly not be allowed to these information. Testing the validity of ISO 9001 - or 14001, to speak of the most common - certificates is a very tricky business because both the seller, the registrar and the accreditation body are interested parties, and none of them will give out any information that can damage them. Though costly it might be, the only effective way to test the soundness of a supplier's management system is to directly audit it or to have it audited by a reliable local third party. We must not forget that certificates are paper sheets and that they mean themselves. 

Everybody is an interested party

Hi Umberto, I have been saying the same thing for a long time. The process of being objective when you want to please both the client and your bosses is a very fine line. We all are in to make money, but in the end, it comes to commitment, ethics and integrity. The article wants to showcase unaccredited registrars from accredited ones, because that's where the majority of the gap is, though as everyone has well said, there is enough statistical variation within registrars themselves, to render some certificates out of control :)!

Have you missed the point?

Thanks Miriam, good article; describes what should be rather than what is though. I feel.
ISO 9001 is a litany of requirements to be used in a procurement process; the onus for compliance is on the supplier not the certifier (or registrar as they're known Stateside).
Since certifiers pay very little for auditors, whether they be contractors or staff, and they allow ridiculously short amounts of time for their audits, the chances that a certifier’s view of the integrity of your supplier’s quality system is of value as a qualification criterion is limited at best.
On the other hand, certification does tell you that the supplier feels that something is needed but the extent to which they are committed to ISO 9001's awesome message is simply not demonstrated by the certificate. And since that accreditation systems the world over have let this situation develop over the last 25 years is to their eternal shame, their imprimatur is worthless. In reality you are left with testing the supplier yourself.

So what's the alternative?

I recommend the following as tests to see if an ISO 9001 certification is valid. More to the point though, we're more interested in checking that the supplier can demonstrate effective implementation of a QMS that meets ISO 9001 than we are that the supplier pays a certifier.

!. Ask for a copy or sight of the quality manual that addresses ISO 9001/4.2.2. In particular make sure that 4.2.2 c) is well covered and makes sense. My guess is that the whole notion of this requirement as it addresses ISO 9001/4.1 a), b) and c) will have been missed.
2. Ask who is the management rep as per 5.5.2. If that person is not the business owner or Chief Executive, assume there is little commitment to ISO 9001. The focus here is the word "ensuring" in 5.5.2 a).
3. Ask for the last internal audit report. If it shows only conformity checking with procedures, take it that there is no effective internal auditing at all. Systems effectiveness is what you’re looking for.
4. Ask the supplier for a copy of their last two certification audit reports. If the reports make any sense to you, there's a glimmer, if they are trivial ....etc, etc. And check out the time spent on the audit. If you think you could check out the supplier in that length of time, there’s another glimmer, if not…etc, etc..
5. If you can be bothered contacting the certifier, ask for a copy of the auditor's CV. If you would employ this person to do your vendor assessment then there's a glimmer, if not....etc etc

Hope this helps……one last thought, get your suppliers to run the evaluation against ISO 9004:2009 and let you have a copy. If they’re OK to let you see it, they are probably OK to deal with!
All the best.

Good points

Thank you for reading the article and thank you for your good points. A lot can be written about a robust QMS. Here thought I wanted to focus on the validity of the certificate itself.

First point in article is wrong

There is no regulation preventing an organization from self-certifying to ISO 9001 and issuing a document to that effect.

Of course, the self-issued certificate cannot misrepresent the conditions of certification, nor can it use the service marks of any certification body nor can it make inaccurate claims.

Considering the current sorry state of quality systems registrars, I would find out how an organization self-certifies before I would dismiss their claims of compliance with ISO 9001.


Thanks for reading the article. I would like to think that an organization can consider themselves as "conforming to the standard". As far as self-certifying? Not sure about that.

ISO 9001 Validity

Interesting article. Thanks.

Would you consider the ISO 9001 registration valid if the company personnel you actually talk to, including QA people, know little or nothing about the principles of ISO 9001 and have little or no interest in actully applying the principles?

How often is ISO 9001 registration just "quality theater?"

All the best,

Bill Corcoran
Mission: Saving lives, pain, assets, and careers through thoughtful inquiry.
Motto: If you want safety, peace, or justice, then work for competency, integrity, and transparency.

Valid certificate

Bill thanks for reading the article. I hear you and although you bring up good points, the article was focusing on the validity of the certificate. I would like to think that a company such as the one your presented, will sooner rather than later- be challenged during an audit for basically not complying with the intent of the standard and not effectively implementing the requirements.