Quality Standards Update
by Paul Scicchitano
Dangerous Games
It is possible to get very different audit results
depending upon which registrar you use.
Some companies are playing a dangerous and potentially costly game with
their ISO 9000 registration certificates. But there's far more at stake
than just a piece of paper. It's the credibility of the entire third-party
registration system.
Here's how the game is played:
Say a company makes plastic bottles that ultimately hold over-the-counter
medications. Technically, its business is manufacturing plastic containers.
But all of its clients make medicines. They are in the pharmaceutical business.
So the company asks its ISO 9000 registrar if there isn't some way it could
be registered under the Standard Industrial Classification code for pharmaceuticals.
Coincidentally, the company's registrar is accredited for pharmaceuticals
but not for plastic containers. It would have to undergo a potentially costly
and time-consuming process to expand its scope of accreditation to register
the company under the appropriate SIC code for plastic containers.
Even more likely is the possibility that the company does not know its SIC
code, and the registrar chooses one that may not be the most appropriate
for its business.
Many registrars hold multiple accreditations, each based on an industrial
classification system that may not be entirely compatible with the other.
For example, the U.S. accreditation program for ISO 9000 registrars is built
around American SIC codes. The United Kingdom's program is based on British
SIC codes, and programs in other countries are based on the General Industrial
Classification of Economic Activities within the European Communities (NACE).
Often, there is no direct correlation between the different classification
systems. And when registrars attempt to match up auditors with a given background,
the conversions can become tricky. For example, British SIC code 2500 is
for chemicals and man-made fibers. But that same number is reserved for
furniture and fixtures in the United States. The confusion is compounded
when registrars affix multiple accreditations to a particular registration
certificate.
Companies that get caught up in this game, knowingly or unknowingly, risk
losing their registration certificates or suffering marketplace embarrassment.
At the very least, they may not be getting the best ISO 9000 audits for
their money.
Here's why: ISO 9000 registrars assign audit teams with appropriate industry
expertise for each accredited audit they perform based on the client's industrial
classification. The makeup of the registrar's governing board must reflect
relevant expertise for each industrial classification to which it holds
accreditation.
The system is set up this way to ensure that registrars have suitable expertise
for the clients they audit. So, when companies register under an inappropriate
industrial classification, they may get a less thorough audit.
It is possible, if not likely, to get very different audit results depending
upon which registrar you use and which accreditation mark will be affixed
to the registration certificate. Misclassified registration certificates
may be withdrawn if discovered by the registrar's accreditation body. In
practice, however, it is far more likely that the registrar will be asked
to reissue the certificate using the appropriate SIC code. The registrar
also may be asked to transfer its client to a competitor.
The vast majority of the approximately 70 ISO 9000 registrars operating
in North America are accredited through either the Dutch Council for Accreditation
(RvA), United Kingdom Accreditation Service (UKAS) or the American National
Accreditation Program for Registrars of Quality Systems.
Each ISO 9000 accreditation body has its own methods for verifying the integrity
of the registration process and for reporting deviations. Typically, accreditation
bodies perform only spot checks. Even registrars caught misclassifying companies
are given every opportunity to correct problems before disciplinary action
is taken.
Some large registrars estimate that only about 1 percent of the total number
of accredited certificates they issue are ever scrutinized by any one accreditor.
This amounts to a system that places an unusually high degree of confidence
in the registrar's ability to put professional integrity above profit. Registrars
complain that it can take up to six months to extend their scope of accreditation
and can cost anywhere from $5,000 to $20,000.
Ultimately, industry might benefit from an international industrial classification
system that aligns the various national systems. But for the time being,
you may want to make sure that you get what you pay for when you sign a
contract for an accredited ISO 9000 audit.
About the author
Paul Scicchitano is managing editor of Quality Systems Update, a monthly
newsletter and information service devoted to ISO 9000 and ISO 14000 published
by Irwin Professional Publishing, 11150 Main St., Suite 403, Fairfax, VA
22030. Telephone (703) 591-9008, fax (703) 591-0971 or e-mail isoeditor@aol.com.
