BY RENAUD ANJORAN
How many of your suppliers claim to be ISO 9001 certified? Is it true? And, to start with, what does it mean?
I want to shed some light on this topic.
The purpose of the ISO 9001 standard is to “help businesses and organizations to be more efficient and improve customer satisfaction”. How does it do that?
First, what is a Quality Management System (QMS)?
Basically, a QMS is what a company puts in place to ensure it meets its customers’ requirements. Among others, it includes:
- Specific objectives, for example, keeping customer complaints below 1%
- A certain way of doing business and managing employees
- A certain setup of the processes involved in delivering products or services
- A set of procedures and training programs (to ensure employees know how they are supposed to do their job)
- A way of ensuring the equipment runs as expected and the gauges can be trusted
- Some type of system for managing long-lasting improvements
- Internal audits and management reviews to keep the whole system running
More and more companies (including ours) treat it as their entire ‘management system’. It doesn’t include some support functions such as accounting or IT insofar as they don’t impact what is delivered to customers, but those functions can be included in that system too.
(Note: a QMS is implemented in a company, and a company’s QMS can be certified…We are not discussing productcertifications here.)
The ISO 9001 standard
This standard is not about advice or guidelines. It is a set of requirements (this way, it can be audited when a company applies for certification). These requirements are generally considered the minimum an organization should satisfy before they can claim to have an effective QMS.
The standard might seem abstract when one reads it because it has been written in a way that is applicable to any type of organization (not only companies with a profit motive, not only manufacturing companies, and so on).
ISO 9001 has been ‘adapted’ to be more relevant to certain industries. Some of those more specific standards include:
- ISO 13485 – Medical devices
- IATF 16949 – Automotive parts
- ISO/TS 22163 – Rail
- ISO/TS 29001 – Petroleum, petrochemical and natural gas industries
However, if a factory makes leather wallets, Christmas trees, T-shirts, or a host of other products, there is no industry-specific standard, and ISO 9001 is a relatively good fit.
The certification (or ‘registration’) process
An objective of ISO 9001 is to give a common standard for different actors in a given supply chain.
But, how to make sure these different actors really follow that common standard? They can be certified. It sends the signal that they have established a QMS and comply with the minimum requirements spelled out in ISO 9001.
It reduces ‘audit fatigue’ — the need for a company to keep auditing all its suppliers and partners. Get audited once, comply with the standard, and get the certification. That’s the logic at play here.
Who issues those certifications/registrations? A few companies are authorized to do this by the national governing bodies — they are the ‘registrars’.
However, something went wrong in the certification process
The company pursuing certification is the one that picks its registrar. That’s a fundamental issue. Soccer teams can’t pick their own referees, and pigs can’t pick the door enclosing their paddock, and for good reason…
Large international bodies (Intertek, Bureau Veritas, TUV Rheinland, SGS, British Standards Institute, and so forth) try to follow the same standards in China as in other countries.
However, a large number of ‘certificate mills’ — companies that have been accredited and yet don’t fulfil their mission — have popped up, and their certificates are sometimes not worth more than the paper they are printed on.
China Checkup suggests a list of 20 Chinese registration bodies that can be trusted. I feel that’s a good reference list.
The importance of the scope
Covering an entire business operation is not a must. A company can get certified only for part of its activities.
A large company can proceed step by step — maybe start only with its internal QA team’s work, and step by step work its way to 100% of the operations.
How to know what activities are compliant? Look at the ‘scope’, which is written on the certificate
Congratulations, you found an ISO 9001-compliant supplier.
If you see their objective is to have few than 20% defectives in each batch, will you be pleased? Probably not.
Each organization can set the objectives it pleases, within certain limits. The objectives are sometimes in the quality manual (which is no longer a must since 2015) or in another document. Request it and it could be interesting…
An ISO registration is not ‘achieved forever’. The registrar is supposed to do surveillance audits and, after a few years, a formal re-audit.
Many companies still mention ISO 9001 on their marketing materials and yet are no longer allowed to make that claim. Keep this in mind…
Are there fake certificates? Yes, of course. Just like any paper in China, Vietnam, or India, there can be a strong temptation to fake it… and the risk is pretty low.
Note, there are also certificates issued by organizations that are not accredited as registrars (that’s not illegal, but there is practically no oversight of the way they do their job, and in general I would say it is meaningless). I have a feeling it’s a more widespread situation in the US than in China, but I don’t have any numbers to back this up.