Hi all,
Has anyone had any experience with operating multiple company sites under one ISO certification? I am curious as to how standardization works across multiple sites, especially when the products and processes may be very different between them. A few questions that come to mind, are:
1) Do they have to share all ISO documentation or can they have site unique documents?
2) How does the registrar determine how much time to spend at each site...or does he even have to visit all sites?

I'm looking for any advice you might have on how to successfully manage remote sites under one QMS.

Thanks,
Kim

I'm looking for any advice you might have on how to successfully manage remote sites under one QMS.
I suggest you familiarize yourself with Annex 3 of the IAF Guidance to ISO Guide 62 available here. (http://www.compad.com.au/cms/iaf/workstation/upFiles/890968.IAF-GD2-2003_Guide_62_Issue_3_Pub.pdf) The process allows for some deviation for documents that are site, product line and/or activity specific. In principle, provided the organization satisfies the eligibility criteria, multi-site organizations can be certified based on a sampling process. Some Sector specific Schemes, such as the AQMS (AS9100/9110) and TS 16949 have restrictions on sampling of sites.

Thanks Sidney. I don't think that I ever would have found that on my own. :thanx:

Has anyone had any experience with operating multiple company sites under one ISO certification? I am curious as to how standardization works across multiple sites, especially when the products and processes may be very different between them. A few questions that come to mind, are:
1) Do they have to share all ISO documentation or can they have site unique documents?

I didn't have all sites under one ISO registration but I did have a common customer service area that was responsible for order taking and billing for three operating plants. Each plant had their own ISO registration and site specific documents but there was only one set of documents for the customer service group that applied to all three plants. Plant specific requirements were part of the customer service group documents.

The Registrar was British Standards Institute and the Customer Service Group was technically tied to one of the plant's registration rather than stand alone. That meant there were only 3 registrations not 4. The operating plants wanted their own registrations so they could keep document control and management review simple.

2) How does the registrar determine how much time to spend at each site...or does he even have to visit all sites?

Since the plants were not in the same geographic area, there were different auditors at each plant. BSI would audit the customer service group separately by the same auditor for the closest geographic plant. Normally the customer service site audit only lasted a half day while the plants usually were done in a day after the initial audit. As the division quality manager I was the on-site management representative for the customer service group. Management review and corrective action for the group was actually done through the division vice-president and management team but the plants were copied on reports. One of the benefits of the arrangement was that everyone from the vice president to sales to customer service was involved in the ISO process.

Bill Pflanz

I had two sites, one in Mexico and one in the US on the same certificate. They shared the same Quality Manual and Procedures. Instructions and forms were specific to the sites. We used one of the top 5 registration firms, and it worked out just fine.

--QG

When I was at Newport Corp, we had multiple sites in the U.S. and abroad under a single registration. We had single point for billing issues (Corporate), and a single point of contact for me to work with the registrar, my CCM as he was known, Coordinating Client Manager.

The arrangement made the registration process much easier to manage. I received copies of all audit reports and responses, and had to write only one check per year plus the billing for the audits.

It also gave me quite a bit of power, which I used as needed. I selected and interviewed the prospective auditors for our account, and approved the one(s) I considered to be the best match for our various business models. Those would typically be the LCM, or local Client Manager.

Operation of the QMS was fairly simple. We had a Corporate QM which was the parent QM for every site. Each site in turn would have a local QM or specific procedures, to tailor the Corporate system to their needs. Any conflict between the two was resolved because the Corporate system was the parent, and therefore the main system.

Internal audit and management review was handled at each facility. We had several different patterns in the company, but so long as they met requirements, that was OK.

Hope this helps.

Hershal

Hi All,

I too would like advise on combining sites to one registration.

My brain tells me I should not find it too difficult, but I am! :frust:

Where do I start? I know I am asking a lot here - what I have done so far is spoken with our registar who advises on the audit process/costs etc,.

I have questions like:
Is it ok to use different instructions/documents/records?
As long as each site is conforming to all parts of the standard, is it ok that how they conform to them could be different?

I would like to make it as painless as possible. So if for example all sites are following the non-conformance procedure but have different non-conformances documents, employees are familiar with their own documents and would like them to keep them - is this ok?

Sorry if I sound gaga !! :mg:

The reason we chose to NOT have all facilities (9) under the same certificate is if one of them receives an open or not recommended verdict, the rest of them would be under the same restrictions.

The bottom line is what are you trying to achieve with this exercise and what do you expect to gain – is it worth it?

I think you can save a small sum of audit cost but in terms of work as the QA or compliance manger, it appears that it can reduce your workload substantially.

The main obstacle would be the people and their willingness to change. If culture had been deeply entrenched, I would suggest that you manage the change slowly and in an incremental basis.

The first step that I would suggest is for you to standardize your level 1&2 documents as well as some of the level 3&4 documents. This would drastically cut down your work and since these documents do not involve the operators much, it can be implemented without much resistance. Note that the trend is to have more general procedures and leave the details and specifics into the SOP or WIs.

The Work instructions, etc can be changed slowly and in consultation with the affected parties. And I don't think they need to be standardized also.

We had 15 different sites within the United States under 1 certification. Our business is a part of a much larger business which is the provider of many of our needs, such as Human Resources and Purchasing, they were not certified and still aren't. We had no management system or process documentation before we started. There were 2 of us working with everyone (around 1200 people to start with)to build the system (plus 2 technical writers/website people) Our main process was split into subordinate processes and each of those has an "owner" who was responsible for the going's on at all sites, not just where he/she is situated. It took 2 1/2 years to get everyone on the same page - lots of travel and video conferences, a lot of money! All documentation was (and still is) posted on an intranet site available to everyone. One surveillance audit found some issues which we addressed fairly easily. We passed our first certification audit (complete audit of 4 sites) with out any nonconformances or even concerns. Don't know how that could have happened because many sites were still doing things "their own way", but our internal audits were addressing those problems so I guess they figured we had it handled. The structure of the system seemed to overwhelm our third party auditors. After 3 rounds of audits (they always did HG then choose different sites) and absolutely no findings we dropped our certification - wasn't helping us overcome the differences that management knew were there but "outsiders' couldn't find. I have a feeling we'd have gotten more out of it if each site was certified individually, but our intent was to develop a seamless business - so similar that our customers wouldn't be able to tell which site did the work. We are doing that and still have a QMS in place - but we're doing it without the cost of external audits or a certification. Our larger corporation is now focused on lean manufacturing - and we are adapting our QMS to meet those requirements.

1)Not absolutely,you can prepare documents for some site,but it's difficult to manage
2)The registrar determine how much time to take according to the complication of each site,such as ISO9000 related clause, department,and function,...;and he has to visit all sites.

That would have been a big job to get all in place, particularly with no doco to start with - congratulations on such a major achievement. It can be a massive job creating & running a single system across multiple sites/organisations, whether in the same state/country/region or not.

After 3 rounds of audits and absolutely no findings we dropped our certification - wasn't helping us overcome the differences that management knew were there but "outsiders' couldn't find.

Understandable. One wants to be getting value from the certification. But it certainly sounds as though the business knows where it's going and how it wants to be.

Re. the 'single certificate' per site, my experience is that it also requires a lot from the certifier/registrar. If they don't do their job of coordinating and managing at their end - and making sure that someone (a single someone) manages things, then you their customer can end up with multiple different auditors and many different views & many different reports, which can be less than helpful. I'm dealing with the end result of such a set of circumstances at the moment.

Thanks for sharing your experience.

Hi all,
Has anyone had any experience with operating multiple company sites under one ISO certification? I am curious as to how standardization works across multiple sites, especially when the products and processes may be very different between them. A few questions that come to mind, are:
1) Do they have to share all ISO documentation or can they have site unique documents?
2) How does the registrar determine how much time to spend at each site...or does he even have to visit all sites?

I'm looking for any advice you might have on how to successfully manage remote sites under one QMS.

Thanks,
Kim

Has anyone had any experience with operating multiple company sites under one ISO certification? Yes, we have 6 different divisions/sites under 1 certificate.

1) Do they have to share all ISO documentation or can they have site unique documents? Some documents are global and some are site specific.
2) How does the registrar determine how much time to spend at each site...or does he even have to visit all sites? The registrar visits each site on a rotational schedule. Although, some things are required to be audited every visit.

I'm looking for any advice you might have on how to successfully manage remote sites under one QMS. It is a little bit of a challenge but with a good foundation for Doc Control, Corrective Action, etc. you can manage it all easier than you might think.

I run the entire QMS for all sites/divisions totaling about 700+ people. I do not have a team or a Dept working for me nor an assigned person to help at each of these sites. My secret, the foundation of the system must be able to stand on it's own. The people who follow the documentation are the ones who wrote that documentation. I took their words, made sure it met ISO 9001:2000 and documented it, controlled it, and distributed it. All I do is audit it and make sure they follow it and provide suggestions for improvement as best I can.
Does this help?

... One surveillance audit found some issues which we addressed fairly easily. We passed our first certification audit (complete audit of 4 sites) with out any nonconformances or even concerns. Don't know how that could have happened because many sites were still doing things "their own way", but our internal audits were addressing those problems so I guess they figured we had it handled. The structure of the system seemed to overwhelm our third party auditors. After 3 rounds of audits (they always did HG then choose different sites) and absolutely no findings we dropped our certification - wasn't helping us overcome the differences that management knew were there but "outsiders' couldn't find.

....


Doesn't sound like you had a very good audit team. Your solution sounds like it is working, but there are also many good registrars and auditors who can understand and do provide much value.

Many have commented on the difficulties / ease / power that can be wielded ..

Just as a starter I just cant resist putting down some of my experiences of auditing / certifying companies in a similar situation. I am not drawing any conclusions from this. Everyone can draw their own conclusions.

One large multinational has 6 of their plants under the same certificate. I did an expansion audit to include one more site. Smooth.

Another large industrial group here. They have thirteen of their companies (making different products with different collaborators - all basically for the steam / pressure vessel industry) certified under a common certificate. Smooth.

A third multinational, with all of their 15 odd sites certified separately for 9000, 14000, 18000 (about 45 odd certificates) by one of our competitors (equally globally reputed) had invited competitive tenders for four of their new sites. We go in with our quotes. Lo and behold, they already have certificates on the table issued by our competitors. No audits conducted.

Two large companies in the same product space certified by us. There is a merger. Organisational restructuring follows. Now they have many common 'corporate' functions. Surveillance takes place for both. Both are having differnt QMS. None is followed. What do you think happens? None is put on probation!

So many more could follow.

You are welcome to draw your own conclusions. This is not a post on the 'how and what' part. Just something I couldnt resist.

Hi to All,

I would like to know about your experience with Advantages Vs Disadvantages to have one certificate for multiple site.
I'm working on a plant trying to implement ISO 9000 when I started we were get certified as one entitite, now corporate wants that 3 plants are certified under a same certificate. We develped a Quality Manual, Quality policy which is posted everywhere, know we need to change the Quality policy & quality objectives and procedure templates and aligning the six mandatory procedures to corporate. :bonk:
By the other hand they want to have the 3rd party audit for Jan 2008, but I don't think we are prepared for it.
Operation director has asked me to provide a report with advantages and disadvantages so he can present that information to his boss, but I don't know how to start. :confused::nope:
Any advice I will appreciate it.
Anerol C

We maintain one certificate for 2 plants in the U.S., Italy, Singapore, Japan, and Puerto Rico and a design center in Europe.
First it is easy to maintain one quality manual and one corporate group (to which I belong) instead of maintaining many manuals and separate resources for internal audits. Its a big cost saver over time as the registrar will audit all the sites on the initial registration but spread out the surveillance audits so only one site is audited every three years. We worked out an ASRP (Advanced Surveillance and Reassessment Protocall/Process) with our registrar.
The quality manual is designed to document corporate quality requirements it is very generic and high level much like the standard itself. In absence of each site not meeting the six or seven (if your ISO/TS) required procedures the generic corporate procedure has been created and maintained is followed by the sites lacking the procedure. We have to do it this way as different sites have different regulations, statues and laws, as well as certain cultural differences.

Hi to All,

I would like to know about your experience with Advantages Vs Disadvantages to have one certificate for multiple site.
I'm working on a plant trying to implement ISO 9000 when I started we were get certified as one entitite, now corporate wants that 3 plants are certified under a same certificate. We developed a Quality Manual, Quality policy which is posted everywhere, know we need to change the Quality policy & quality objectives and procedure templates and aligning the six mandatory procedures to corporate. :bonk:
By the other hand they want to have the 3rd party audit for Jan 2008, but I don't think we are prepared for it.
Operation director has asked me to provide a report with advantages and disadvantages so he can present that information to his boss, but I don't know how to start. :confused::nope:
Any advice I will appreciate it.
Anerol C

Hello Anerol,

Some thoughts....


The biggest advantage of a corporate certification scheme is cost savings. You may want to get some proposals from your Registrar/CB (or perhaps a few other reputable Registrars/CB's) and compare.
The biggest risk is that if one location "messes up", then the registration status of all locations is in danger.
In a corporate QMS scenario, many resources can be standardized and shared between all locations.
You only need one Management Representative.
The internal audit process can be shared.
Etc.

You decide what's best.

Stijloor.

The biggest advantage of a corporate certification scheme is cost savings.
The biggest risk is that if one location "messes up", then the registration status of all locations is in danger.


I think the cost savings is the reason that corporate decided to work on one same certificate.
I am affraid about Jan 2008 audit we still need more time to fix all the Non conformancies found during the internal audits. I don't think we are prepared for a 3rd. party audit. What is the worst scenario that you will see??
Anerol C

What is the worst scenario that you will see??
Anerol C

Major nonconformities resulting in not being recommended for registration/certification.

Stijloor.

Major nonconformities resulting in not being recommended for registration/certification.

Stijloor.

Yes, that pretty much sums it up.

But note this doesn't mean 'and you can't get your certification'. It means you have to fix those identified major nonconformities before you can get it.

Hi Anerol C:bigwave:

In March this year I was in the same position as yourselves. The board wanted one registration (9001) across three sites in diferent parts of the country. They did not want to know about cost savings etc, just wanted to get a streamlined company.

Anyway, in October the last site was assessed and we are now all under one registration.:tg:

I am based at the Head Office so started with the QMS we have had in place for the last 12 years. One site was registered to 9001 and the other was not.

Basically, the Quality Manual and procedures are generic across all sites and are available to all through the company intranet.
I did not want to change the world and get peoples backs up in the process, so I went along with the notion that 'if it a'int broke. don't fix it' I reviewed all site specific work instrucitons and documents and changed very few - they worked and the staff were used to working with them!

The easiest one was the site that had no QMS as we could implement the QMS from scratch.

Only observations were made at both sites.

My only advice to you I think is to get the staff on your side. :whip: Try to make it exciting for them and take on board their ideas. We don't have a local champion as such - yes, some do more than others - but all contribute.

I am trying with auditing the sites at a rate of once every 2 months. Early days yet, but I think this is sufficient for the amount of employees and simplicity of the processes.

My next target now is to get 14001 across all sites. Next year looks pretty booked up then!

Good Luck!

I have another question;
Currently our company is part of a "Division A" so the certificate will involve just division A; however there are plans to get products from other divisions different than A. How we can handle those other product that are for other divisions that will be out of the scope of the certificate??
Thanks
AC

I have another question;
Currently our company is part of a "Division A" so the certificate will involve just division A; however there are plans to get products from other divisions different than A. How we can handle those other product that are for other divisions that will be out of the scope of the certificate??
Thanks
AC


The simple answer - Generally, when sister companies supply services or product, it is considered a supporting location, and must be audited that way. It is also listed that way on the cert.

But, this is a complicated arena to explain, and the smart thing to do would be to ask your registrar. They have to review your specific situation and make a call they can support.

I have another question;
Currently our company is part of a "Division A" so the certificate will involve just division A; however there are plans to get products from other divisions different than A. How we can handle those other product that are for other divisions that will be out of the scope of the certificate??
Thanks
AC

Pretty much what Helmut stated. Since they are part of your company you will most likely need to get them rolled into the registration. Just meet with the registar and figure out how much it will cost to roll them and decide upon the external audit schedule-frequency. This is based on the size of the supplier and importance of the material. The registration will list the mulitple sites covered. As you add divisions its more $.
Personal Experience: It is not recommended to go for a strategy that involves piece mailing in different divsions. We tried to do this but then Marketing and other groups started getting screwed up and telling customers we were getting registered in general, when only certain processes and products of the company were registered, we eventually made the decision for process managment sake to do the entire company after all its a quality management system standard not a product and process standard.
Sounds like your having a ball,

Jim

The simple answer - Generally, when sister companies supply services or product, it is considered a supporting location, and must be audited that way. It is also listed that way on the cert. That applies for TS-16949 certificates. For ISO 9001 certification this is not the common practice.

That applies for TS-16949 certificates. For ISO 9001 certification this is not the common practice.

how do you handle it under ISO 9001?

The registrant defines the scope of certification, including the sites and the product lines to be within the boundaries of the system to be certified. Sister sites can be treated as suppliers, if appropriate. It is imperative that we do not enforce requirements from Industry specific accreditation schemes, such as the ones emanating from the IATF or the IAQG into the traditional ISO 9001 accredited certification process.

The registrant defines the scope of certification, including the sites and the product lines to be in the scope of certification. Sister sites can be treated as suppliers, if appropriate.

It is imperative that we do not enforce requirements from Industry specific accreditation schemes, such as the ones emanating from the IATF or the IAQG into the traditional ISO 9001 accredited certification process.

Yes, I agree that would not be appropriate. However, I do not understand that ISO 9001 would allow them to exclude functions performed at sister plants or at corp. Things such as Contract Review, centralized Purchasing, Calibration, etc. would still have to be audited, wouldn't they?

Yes, I agree that would not be appropriate. However, I do not understand that ISO 9001 would allow them to exclude functions performed at sister plants or at corp. Things such as Contract Review, centralized Purchasing, Calibration, etc. would still have to be audited, wouldn't they?Exclusions of processes comprised in the QMS, process outsourcing, etc... has been extensively discussed elsewhere. I fail to see where, in this thread, this issue was brought up before your preceding post. As far I read Anerol's post, she was not alluding to any process exclusion.

Exclusions of processes comprised in the QMS, process outsourcing, etc... has been extensively discussed elsewhere. I fail to see where, in this thread, this issue was brought up before your preceding post. As far I read Anerol's post, he was not alluding to excluding any process.

I was not trying to hijack the post. I was under the guidance that these processes would have to be audited under a Multi-Site scheme. You seemed to inferred that was not the case. I was simply asking how these would then be handled, if not under the Multi-Site scheme. I thought it was germain, or I would not have asked.

I have had a mix of good & bad experince when it comes to multiple site audit under one certificate.
Last time I had audited an organization where Head office & factory are 100 kms apart. Took longtime to travel & limited the auditing time.
However, what I have done is that I audtied the factory 1st & then the head office as head office covers training, internal quality audits & other documentation.

As far I read Anerol's post, he was not alluding to any process exclusion.

We are just excluding design, we will be part of "division A under one certificate" along with two more sister plants that are our customers also one of them is designing one of the products that we are manufacturing the final assembly, the other one is a sister plant, but they are designing and we are just supplying part of their final assembly.

I'm she.:o

AC

One disadvantage (my opinion) with multiple sites under one ISO certificate is some of our sites get audited often and some sites are audited every few years due to sampling. I prefer to be audited regularly as it seems to keep employees more motivated.
We all work to the corporate quality manual but each division maintains it's own QMS procedures (based on the quality manual and ISO standard) and process since each division is unique as far as products produced.

One disadvantage (my opinion) with multiple sites under one ISO certificate is some of our sites get audited often and some sites are audited every few years due to sampling. I prefer to be audited regularly as it seems to keep employees more motivated.
We all work to the corporate quality manual but each division maintains it's own QMS procedures (based on the quality manual and ISO standard) and process since each division is unique as far as products produced.

This problem can very easily be solved by discussing and fixing up a surveillance schedule with your CB. I have done surveillances on a multi site organisation who insisted that all sites be audited in each surveillance by a single auditor every six months. That came to 17 working days of an auditor including travelling for 4 locations. And were they choosy about the auditors!

The CB would happily have covered 1 or 2 sites in every survellance once a year. But if the auditee was insistant, and was willing to pay for it, they were game.

I would say though it cost them a bit, their approach did yield a lot of returns to them.

One disadvantage (my opinion) with multiple sites under one ISO certificate is some of our sites get audited often and some sites are audited every few years due to sampling. I prefer to be audited regularly as it seems to keep employees more motivated.
We all work to the corporate quality manual but each division maintains it's own QMS procedures (based on the quality manual and ISO standard) and process since each division is unique as far as products produced.


Also, don't most of your findings and improvements come from internal auditing? I would not mind a somewhat lax surveillance schedule if I'm confident in a robust IA process.

We are just excluding design, we will be part of "division A under one certificate" along with two more sister plants that are our customers also one of them is designing one of the products that we are manufacturing the final assembly, the other one is a sister plant, but they are designing and we are just supplying part of their final assembly.

I'm she.:o

AC

That sounds awfully complicated. Your company has a good idea on how you want to structure things?

I'm looking at separate certs for 3 sites myself, of all different functions. It looks, at this point, that it makes sense for us to do 3 separate ones.

It seems to me you need to decide what factors to consider? As been mentioned, some organizations prefer multi-cert and some one-cert. Some posts so far have very good reason. How do you want to do it and why? That's a question for Top Management.

I was not trying to hijack the post. I was under the guidance that these processes would have to be audited under a Multi-Site scheme. You seemed to inferred that was not the case. I was simply asking how these would then be handled, if not under the Multi-Site scheme. I thought it was germain, or I would not have asked.

My consultants, trainer and registrar have been consistent in this. They have given me no reason to believe we can't have separate ISO9001 certs.

We simply treat them as separate companies. Our factory would obviously exclude design. Our Business Unit would be highly independent and most likely has no exclusions. I don't see a problem with this.

Not to hijack the post, but what's the main concern? Our factory would treat us, the main office, as the supplier who produces designs.