and not before time, given that it has failed totally to add any value to the ISO 9000 process. If you want to neatly expose the false premises on which certification is founded, ask yourself these questions:

1. How is it possible, in all conscience, for any company to implement ISO 9001:2000 without any reference to ISO 9004:2000, and for certifiers to fail to demand in their audits any evidence that this has been actioned and done?

2. That ISO 9001:2000, which encourages quality management as opposed to inspection-based quality control as the primary means for realizing quality, should itself rely on a system of third-party "pass-fail" inspections to provide verification and validation of supplier claims of conformity. The whole notion of third-party certification is one which has been grafted onto the ISO 9000 model - by parties who have a vested commercial interest in the outcome.

Certification has as much to do with quality as the man in the moon. The numbers tell the story - with only about 10% of the North American certified company base transitioned over to ISO 9001:2000, and many companies and stakeholders now openly questioning the certification process, there are new dynamics afoot. Its time this value-robbing concept was done away with and companies were left to implement the ISO 9000 model in their own way and use it for what it was intended - as a framework for managing quality and creating real and sustainable business improvement.

lean,

Welcome to the Cove. That is quite a first post! If I didn't know better, I'd say Jim Wade (another Cove member with whom you will be aquainted soon, I'm sure) changed names!:vfunny:

I agree with much of what you say as I'm no big fan of the certification game and have posted this opinion often, but I have to disagree with part of your first point. There is no requirement that I am aware of in 9001:2000 for either users or certification agencies to "demand" the mention of, or use of, 9004:2000 with 9001:2000. In fact, 9001:2000 says they "have been designed to complement each other" but they "can also be used independently". Perhaps the ideal situation is to use them both, but I do not see it as a failure of conscience for either users or certification agencies not to do so.

Again, welcome to the Cove. I hope to see you jump in and participate often.:bigwave:

Mike S. - the consistent pair of ISO 9001:2000 and ISO 9004:2000 may be thought of as requirements (ISO 9001:2000) and obligations (ISO 9004:2000). Recognizing and committing to the obligations, while not required by certification, is, I would argue, necessary for developing a proper ISO 9000 QMS. Accepting the requirements without the obligations is like getting a cart with no horse to pull it. Show me one Japanese company whose management doesn't feel obliged to manage for quality. Therein lies one of the greatest weaknesses of certification - its focus only on requirements and meeting them. Cheers,

Lean

Jim, I've seen that article from Anderson School. I don't dispute that some companies receive some benefits from implementing ISO 9000 quality models. What I would dispute is that third-party certification is a necessary and value-adding part of the process. In all likelihood, the companies in the Anderson survey would have received the same benefits even if certification had not been part of the equation. And the Anderson survey, as I recall, did not look at the long-term benefits - a must, in my opinion, when you are dealing with quality management, which has a prime objective of building sustainability.

If the benefits from certification are so clear, I wonder why the certification community itself seems to have such a hard time articulating clearly, precisely and quantitatively what they are.

My point is that there are other viable models for implementing ISO 9000 besides third-party certification. I don't see it in anyway as being necessary, value-adding, or even helpful. Cheers,

Lean

Jim Wade said:

Did you know that - in the UK at least - BSI will sell you a Business Performance Improvement Review based on ISO 9004:2000?

Expect other registrars to follow suit.
Jim, I note that the BSI page you cited contains the following:

BSI Business Performance Improvement Review Certificate
On successful completion of the review, we will reward
you with a BSI Certificate. This provides recognition that
your organisation is working beyond the requirements of
ISO 9001:2000 and is performing in line with the principles
of ISO 9004:2000. Focus on Improvement, Business and appropriate BSI Business Performance Improvement Review

My intepretation of this BSI offering is that it is BSI's attempt to extend their services beyond providing a mere ISO 9000 certificate to providinge a "super certificate" if you will. Why is this necessary? Why could a company not go beyond ISO 9001:2000 certification without this "super certificate'? ISO 9004:2000 tells you everything you need to know and it even contains a self-assessment tool in Appendix A - which is all the BSI methodology probably is, except your paying for it (and the certificate). Cheers,

Lean

Jim Wade said:


They compared business results of 350+ ISO 9000 registered firms with a control group of non-ISO 9000 companies

Broadly their conclusion is that "firms experience significantly better performance, after deciding seek their first ISO 9000 certification, than a control group of firms with similar perfoirmance prior to that decision".

I'll try to get a PDF of the article to post here.

rgds Jim
I'd love to read the article, Jim. I wonder just who was in the "control group". Did they have any QMS at all? Were they companies that were mostly ISO compliant but did not want to pay the $ and the hassle for the cert? I certainly agree a company with a good QMS will outperform one without a good QMS, but I have doubts that companies with the cert will significantly outperform those who are compliant without the cert. But I'm willing to look at the data and change my mind if I'm wrong.

Also, I wonder who paid for the study? Was it fair and unbiased or was the methodology rigged to arrive at a certain answer?
:confused:

Jim Wade said:

Their figures (four measures for each of three SIC codes) cover a six year period, Lean.
The article looked 3 years both prior to and beyond the certification date. I think a flaw in the study is that it fails to distinguish between certification and implementation, i.e, would a company which implemented an ISO 9001/2/3:1994 QMS have received the same benefits as one which went ahead and had its QMS certified? By failing to distinguish between "implementation" and "certification", the study conveys the notion that the results were attributable to the certification process itself. An interesting study would be to compare the performance of two groups of companies - one group which has implemented ISO 9000 QMS's but not certified them, and the other which has certified them. This would show us the befits from certification per se. Cheers,

Lean

Jim Wade said:

Lean, you are a cynic!

I can't tell you how much I value that attribute in a person. :bigwave: :agree:

But there is a clear and obvous problem with your proposal. If a company did as you suggest, BSI would get no extra revenue to offset their shrinking 9001 reg market.

rgds Jim
Exactly, Jim, and therein lies the problem - this new offering from BSI has probably little to do with helping companies mature beyond a base ISO 9001:2000 certification (for which they don't need BSI's help anyway); its all to do with preserving market share and revenue (for BSI) and creating another edifice which they can slap a certificate on to.

Given the latest report in QSU (Quality Systems Update) that "at least 10% of all auditors employed by registrars around the world may not be able to make the transition to ISO 9001:2000", and that there is an acknowledged paucity of auditors with the required BUSINESS knowledge to audit to the new standard, BSI may be a bit presumptious in suggesting that they can help companies move to a new level of business performance.

Jim Wade said:

By the way, what is interesting for me in the article is simply the apparent correlation between implementing ISO 9000 and increased business performance. Assuming the study is legit, I may have to rethink at least a bit of my prejudice.
Jim, it does not surprise me that the study showed some benefit from implementing ISO 9000. To argue that it is a result of certification, though, is another story.

Read your article, and it is another powerful blow against certification, eloquently put. You have also hit upon the tragedy of ISO 9000 - that it does contain a useful and viable model for quality management and improvement but that it has been hijacked by the third party industry, and they have conned us into believing that certification is the only way to go.

BTW, regarding that BSI article, it also sounds very much like consulting - another dance routine the third-party boys have become expert at. Cheers,

Lean

This is from a while ago - I saw a bot spidering the page and thought - heck, why not a poll.

So - Going beyond whether ISO is value added or not, Is 3rd party registration here to stay? Or is it on the way out?

I looked at the poll beyond ISO 9001 and meeting the requirements of the Standard. Why? Because there is enough of a debate going on as to how much longer ISO 9001 will be around. :)

With recent events such as Enron and Nortel, I have feeling that 3rd party auditing, certification/registration, and recognition will be here for a while. Of late, we have been burned by people fudging the results and what they do. 3rd party audits will be around for a long time to come...much longer than 50 years, but I feel that the associated recognition that comes with a successful audit will be here for at least that long, as well...at least until our faith in human and good business practices is once again restored.

"With recent events such as Enron and Nortel, I have feeling that 3rd party auditing, certification/registration, and recognition will be here for a while. Of late, we have been burned by people fudging the results and what they do."

Not trying to be argumentative on this but I doubt that any third party audit (at the depth of the ISO audits) could have avoided those. I also doubt that third party audits will ever gain enough credibility to ensure trust in a company until such time as the inherant conflict of interest is removed.

"Of late, we have been burned by people fudging the results and what they do."

Why would we have any warm fuzzy feeling that the 3rd party registrars wouldn't be doing the same thing? We already have a vast difference in registrars and my general impression is that just because you have a certificate doesn't mean the quality system is any good.

When you boil it all down, the consumer will decide if the system will stay or go. They want good quality and a low price. The 3rd party system is driving the price up and so far it has done very little for quality. There are companies outside the system who are putting out better quality and selling at a lower overall cost. Those companies are killing some of the traditional companies. If sales keep going to the "other guys", and the traditionals find little or no difference in certificatied companies other than price, the 3rd party system will be dropped like a hot iron and it won't take any 10 years for it to happen. Bottom line is sales and if the 3rd party system can't guarantee top quality at a bottom price, you can kiss the registrars good-bye. If the companies on the top (and I am talking automotive) drop the system, all the thousands that jumped on the wagon will jump off. If the mandatory certification goes, so will 75% or more of the certifications.

Notice I did not say the QMS will be dropped. I think most companies have already found the value in a good QMS. Unless the registrars clean their own house and gain some credibility, they will be on the outside looking in.

Just my humble opinion of course.

Dave

So - Going beyond whether ISO is value added or not, Is 3rd party registration here to stay? Or is it on the way out?
Marc, in my opinion the third-party certification system, as presently delivered, is not sustainable.
Based on my personal experience, which includes first hand auditing, teaching, coaching, mentoring as well continual and long term exchange of information and intelligence with professionals in the field, including this forum, at large, the 3rd party system is NOT delivering the value that would it make a long term, desirable service.

Theoretically, there are two primary stakeholders interested in meaningful, value added certificates: the certified organization and their customers. However each stakeholder has a different objective: The certified organizations basically wants their registrar to be VERY understanding, flexible, cause the least amount of disruption and impact as little as possible. The certified organization’s customers would like their suppliers registrars to be tough, thorough, demanding, boosting their confidence in the supplier’s capability.

As most of us know, organizations for the most part, only go for certification, after their customers mandate, strongly encourage or force them into it. As someone said in this forum before, it is, for the vast majority of the cases, a grudge buy. So, many organizations, once made the decision to go for certification chose wrong partners, i.e., the path of least resistance, the cheapest, the one that bundles (“well” disguised) consulting and certification, guaranteeing results, etc . . .And then, they complain that they do not benefit from the audits….Unfortunately, as long as ISO 9001 certificates are perceived as an attribute and not a variable, as long as customers are “dumb” about their suppliers choices of registrars, the brainless approach to certification will prevail for a large percentage of the market. Further, since there is a tremendous variation in registrar performance, who is monitoring and correlating suppliers performance and registrar?

Over and over and over again we talk about the fact that a percentage of 3rd party auditors are incompetent, lazy, adversarial, corrupt, etc. Unfortunately we don’t spend enough time talking about the few relationships between certifiers and certified organizations that are really a partnership, with competent individuals in both sides. 3rd party auditing CAN be meaningful, with benefits to ALL stakeholders. But not in the present’s scenario. We seriously need to revamp the whole process from auditor qualifications to registrar accountability to more and better policing and crackdown of illicit behavior.

A few Sectors, realizing the weaknesses of the process, try to boost their controls, such the Automotive Sector bypassing the accreditation process and “policing” Registrar conduct and performance directly thru the IATF (IAOB, etc.). Another example is the Aerospace Sector, trough an enhanced accreditation Industry Controlled Oversight Process (ICOP). Still, the effectiveness of policing is and always will be limited.

So, back to the original question, I believe that the 3rd party certification process will have to significantly evolve/change or risk disappearing and be replaced with something else. Even though there are a few serious and competent players in the marketplace, at large the process is faltering. It is NOT sustainable.

In order to become sustainable, registrars have to make two radical changes, to satisfy the two major stakeholders, mentioned above: to the certified organizations, we need to shift our focus from effectiveness to efficiency, assisting them in improving business performance. To the certified organization’s customers we need to be more accountable for the performance of the systems we certify.

The archaic accreditation/certification protocols need to be modernized and transparency and confidentiality have to be better balanced.

Personally, I am not sure if we will ever be able to make the fundamental changes to the certification process, that are necessary to make it added value, meaningful to ALL stakeholders and sustainable, but I have little doubt that, if changes are not made, the downward spiral I have been talking about since 1994 will not be reverted.

Just my 3 cents.

I read Sidney Vianna’s posting with much agreement, an interesting 3 cents – good value for money I must say.

As ever with the likes of the cove we are never going to get to the answer, not through want of trying but because we don’t have the influence where it matters, with the registrars and the accreditation bodies. Certification is a young industry and, if it is to grow into a respectable middle age, then there are a number of changes that have to take place. But, as with all things, the changes will be driven by market forces. So, for what it’s worth my 3 cents worth, taking it from the top:

(1) accreditation bodies need to look at the grumbling in the market place about different quality of certification process and differing standards and deal with those registrars that do not offer high quality certification – this may mean losing business in the short term by taking away accreditation.

(2) Registrars need to deal with their own process variability – mainly due to variation in raw material quality – the auditors. This requires a degree of calibration of an auditors process that will require huge resources and may result in auditors being released, leading to a shortage of high quality audit capacity – again at least in the short term and having to turn companies away.

(3) Registered companies may end of being “found out” by the higher standards of the auditors above and either need to buck up some ideas or give up the badge on the wall.


Reading through the 3 phases each of them relies on someone giving up turnover or recognition – how likely is that? How much more likely that the status quo will win through?

I would say it is here to stay, at least for the next 10 years, because the people responsible for funding the registration will continue to use it for marketing and selling to Europe, despite the fact that the registration bears absolutely no evidence of actually adgering to the standard.

Some companies will actually use the standard and benefit from it and will find registration easy to maintain regardless.

Just my opinion.

Carl-

I read Sidney Vianna’s posting with much agreement, an interesting 3 cents – good value for money I must say.

As ever with the likes of the cove we are never going to get to the answer, not through want of trying but because we don’t have the influence where it matters, with the registrars and the accreditation bodies. Certification is a young industry and, if it is to grow into a respectable middle age, then there are a number of changes that have to take place. But, as with all things, the changes will be driven by market forces.
I pretty much agree with Sidney, but I have predicted a rise in ISO 9001 registrations since 1994 while at the same time lambasting it as unneccessary other that with respect to liability issues it addresses.

I popped the poll in and 'revived' this thread because over the last couple of weeks I've been cleaning out my files going back to the 1980's I bought a scanner (finally - my old one was over 8 years old and didn't work on this Mac) which pops out pdf files (or different graphic files or pretty much whatever you want including OCR) left and right (it has a sheet feeder). As I've been going through a lot of the old stuff i had I realized how much was total garbage. This, of course, led to reminescing and thinking in ten and 20 year blocks. Having just turned 54 I realized I've been messing around with ISO 900x since 1991. Thirteen years isn't forever, but the standard is only 17 years old.

As I've watched the standard evolve, it has been an interesting ride. With the talk about how the number of registrations is decreasing, I tried to think out 20 or 30 years - by which time I may well be dead and buried - and where, or rather if, ISO 9001 and it's companion documents will still be around, and, if they are, whether ISO9001 will still be significant and/or relevant. QS-9000's 'real' life span was 1994 through 2002 - 8 years. It morphed into TS 16949 so in many ways we can for all intents and purposes say QS-9000 is still with us in an evolved state. I'm not convinced the controls, such as the IATF (IAOB, etc.) will make a difference such that TS 16949 will be 'more successful' than QS-9000 was.

What I hear most is it's not 'value added'. I've seen cases where it is and cases where it's not. I guess I compare it to bank or financial institution audits where the intent is suppposed to make sure they're complying to laws and such. I'm not convinced it can be value added in every case no matter what you do.

Yeah, Paul - We'll never get a definite answer, per se. In the mean time...

Just some thoughts.

Somewhat related to this thread, is anyone else curious about what happened to the ISO reporting on the results of certification in 2003?

Seems to me this information should have been published by now, especially since 1) the infrastructure for capturing and analyzing it has long been established since this would be the 13th reporting cycle, 2) if most agree that the number of overall registrations has dropped (relatively speaking), then there's less data to process, hence, a quicker reporting turnaround and 3) most importantly, we are already over halfway into 2004.

I wonder if the reason I can't seem to find this info anywhere is because the figures don't look too good (and might support some of the perceptions noted in this poll and in other areas of the Cove). Isn't anyone else curious about this? I find it especially ironic, coming from an organization (ISO) that expects registrars/clients to monitor the efficient collecting of quality data, analyze it and act/react on it, all in a timely fashion. Yet, they don't seem to be too concerned about following their own guidelines (Do as I say, not as I do??). Did I miss the posting of this info? Can anyone help out?

Thanks

Lean Machine... You the Man! :agree1:

Somewhat related to this thread, is anyone else curious about what happened to the ISO reporting on the results of certification in 2003? Can anyone help out? Thanks

jc, feel free to contact

Roger Frost
Press and Communication Manager
Public Relations
Tel. +41 22 749 01 11
Fax +41 22 733 34 30
E-mail frost@iso.org

He's always been accessible when I had an enquiry. You might be surprised. Personally I don't think the 13th survey is late.

In the beginning third party made sense. I can recall, when being audited by the customer, being told "Jimmy, if you ever get certified to ISO you will never go through another audit from me. In fact you will most likely never see me again." Customers do not want to maintain a supplier audit group (too expensive). If third party can be "relied" upon customers will do away with the supplier audit groups.
Of course the key word is "relied". I have been on the receiving end of Customers who are ISO certified only to find that there blueprints, drawings and specifications leave much to be desired.
A former employer once hired a laid off engineer from an ISO certified Customer. This Engineer was astonished at the condition of the drawings from his former workplace.
So there is no guaranty! We gleefully follow the yellow brick road and put our heads in the sand when we hit a bump.
The third party has to go unless some how it can be policed.
Who will audit the auditor? :magic:

The third party has to go unless some how it can be policed.
Who will audit the auditor? :magic:

Registrars/Notified bodies are "policed"/audited by the Accreditation Bodies RAB UKAS etc..

Registrars/Notified bodies are "policed"/audited by the Accreditation Bodies RAB UKAS etc..
Yes, I am aware of what RAB, UKAS, etc. is supposed to be doing, my point is its not being done very well! If it was, we would not be reading the negative responses in this thread.

In fact, the RAB is openly encouraging "interpretation" of the standard, creating a situation which is impossible to police.

If you ask me, the whole deal is criminal. (Not that anyone asked me)

Carl-

Yes, I am aware of what RAB, UKAS, etc. is supposed to be doing, my point is its not being done very well! If it was, we would not be reading the negative responses in this thread.


I guess we need to look at the whole picture. Of all the companies that are ISO/QS/TS/AS Certified/Registered, how many of them think the Registrars/Notified Bodies are not being "policed" well enough? I can only speak from my experiences but I know the RAB audits the two Registrars I do work for on a frequent basis.

Hi All,

I voted that it should stay for 50+ because we don't have anything better, at the moment. I figure that our Certification states to our customers that we are willing to give quality a go. I know that having ISO 9000 etc does not guarantee that we make a quality product and I think this is the sticking point. Our customers do not want to know that we have a Quality Policy and Structured Manual, KPIs, KRAs, Job Statements, Document Control Systems etc. They want to KNOW that we can deliver the product they ordered, on time, to the right place and to the right specs EVERYTIME. The certification system does NOT guarantee this! We need registrars to audit our outputs against our specs and report on that. How many companies would be willing to put their NC stats out for the world to see??? Not many!!! So then everyone would be forced to IMPROVE and cut down on NCs to get the competitive edge. Watch how fast the QA/QC departments would grow if Senior Management immediately saw the REAL facts of what an audit should be....and the ramifications of inaction. They would have to act and not leave it up to the QA people. Auditing the ISO standard does not guarantee a quality product or business benefit. :2cents:

Greg B

Greg, I completely agree with your last sentence.

" Auditing the ISO standard does not guarantee a quality product or business benefit. "

So why doesn't it?

There is no way a nuclear regulatory standard or FDA standard would be treated so cavalier, even the health inspector for a Diner has a true standard to go by that assures certain criteria are met.

The RAB isn't about to pull any auditor certifications and the registrars are not about to fail any ISO registrations because it would effect their pocketbook.

You are right, we don't have anything better for the moment, but we should.

Carl-

Nothing new here, but for those interested in this thread, you should definitely read the article available @ http://www.iso.org/iso/en/iso9000-14000/articles/pdf/debate_2-02.pdf
with a compilation of responses to the late Dr. Eicher's plea for this sector to police itself. As many expressed in here, and also my opinion, the future of 3rd party certification is intimately connected with the oversight process, but other considerations are important. This article sheds light in some other aspects.

We will not see it leave soon. Why? It's simple Money $$$. Right or wrong value add or not it is driven by money. The big Registrars will never let it happen.

The big Registrars will never let it happen.Could you elaborate how the Registrars can force themselves ONTO the industry? I really don't understand your statement. How can Registrars FORCE organizations to maintain certification?

Easy : If we were not registered we would lose 80% of our client base, as they require us to be registered. To maintain registration we must have audits by a registrar. You cannot deny there is big money involved. My experience is when big money is involved change is always slow. My customers FORCE me to maintain certification which in turn feeds the the Registrars.

So, according to what you just said, your CUSTOMERS, not the registrars have the power to maintain the 3rd party certification process alive. So, when you first said: "... The big Registrars will never let it happen.. ." you should have said My customers will never let it happen....

Registrars are guilty of many things, but we can NOT create or maintain this business, if Industry, at large, does not want it to happen.

Registrars are guilty of many things, but we can NOT create or maintain this business, if Industry, at large, does not want it to happen.
That might be true Sidney, but without you folks, I would be out of a job! :mg:

Just to add to the debate. The IQA has published another article from John Seddon about ISO 9001.2000 in his usual forthright terms. It will be interesting to see what cove members think.

https://www.iqasecure.co.uk/publication/qw_nov04_02.asp

So, according to what you just said, your CUSTOMERS, not the registrars have the power to maintain the 3rd party certification process alive. So, when you first said: "... The big Registrars will never let it happen.. ." you should have said My customers will never let it happen....

Registrars are guilty of many things, but we can NOT create or maintain this business, if Industry, at large, does not want it to happen.I may regret this post in the future (much as I regret NOT asking a girl named Dorrell for a kiss in fourth grade), but FWIW:

What is the true advantage to a customer in FORCING his supply chain to become registered to a Standard?

Background:

Most of us agree registration to a Standard has no direct relationship to product quality.
Many suppliers "forced" to register emphasize only "form" and not "intent" of the Standard.
Many suppliers report that the cost of dealing with registration is not recaptured in business efficiencies, but is a "cost of business" to compete in certain markets. (The cost is passed on to customer one way or the other.)
Do powerful OEM customers (like Big Three automotive) neutralize any advantage of a supplier adhering to a Standard when the OEM adds a layer of "customer specific" requirements to the order?
Before you get out your bashing sticks, remember I am a great proponent of "voluntary compliance to a Standard." This means I have absolutely no animus toward a Standard per se.

What is the true advantage to a customer in FORCING his supply chain to become registered to a Standard?



Background:

Most of us agree registration to a Standard has no direct relationship to product quality.
Many suppliers "forced" to register emphasize only "form" and not "intent" of the Standard.
Many suppliers report that the cost of dealing with registration is not recaptured in business efficiencies, but is a "cost of business" to compete in certain markets. (The cost is passed on to customer one way or the other.)
Do powerful OEM customers (like Big Three automotive) neutralize any advantage of a supplier adhering to a Standard when the OEM adds a layer of "customer specific" requirements to the order?

Wes, I always welcome the chance to "dialogue" with people like you who have "gray matter" and a lot of professional experience.

In answer to your question. In theory if your supplier EARNED registration to a QMS Standard, such as ISO 9001, AS9100, TS-16949, etc. you, as the customer, have an INDEPENDENT ATTESTATION that the supplier HAS the capability to fulfill your order. As long as this thing called BUSINESS exists, customers want to have CONFIDENCE in the suppliers’ ability to deliver what was ordered, when they need it. So, for the customers, if everything was being done correctly, placing orders with certified suppliers would be a benefit for them, since they would have to spend less effort in overseeing that supplier’s performance.

When you say that registration to a Standard has no direct relationship to product quality., I offer this: In theory if the CUSTOMERS CLEARLY AND ACCURATELY specify the products and place the order with an ISO 9001 certified supplier, who, IN THEORY, has the capability to REVIEW the order prior to accepting it and has the capability to realize and deliver it, we would have a CLEAR business advantage.

You know as well as I know that, many times, the problem is NOT the supplier, but the CUSTOMER, who mis-specifies, or poorly specifies the products/services they are ordering. Just today, you related an example of an order that was OVERKILLED. Was that your fault as the supplier? No, It was your customer’s faults.

You know as well as I do, that the QMS Standards are not product related. The following paragraph comes form ISO 9001:2000 “…The quality management system requirements specified in this International Standard are complementary to requirements for products….”

So if both of us compete in the “power supply” business and your product has an MTBF of 10,000 hours and mine has an MTBF of 7,500 hours, thus less reliable than yours, would you say that my product is of lesser quality? What if mine costs 40% less than yours and the power supplies are installed in products with a life cycle of 5,000 hours? Would you think that, just because my product has (by design) a shorter MTBF, my company would not be deserving of an ISO 9001 certification?

I have said it, many, many times. The CONCEPT of third-party certification of Management Systems is a tremendous boost to fair trade, especially when we consider the globalization phenomena. The problem is the REAL-WORLD deployment of this concept with scams, frauds, trivialization, incompetence, poor to non-existing policing, no accountability at ALL Levels etc…

When an organization requires their suppliers to “be certified” but disregards the fact that some of the suppliers will chose the path of least resistance registrars, and continues to ship junk, who is at fault? The supplier? the customer? The Registrar?

What we need is a system that brings accountability to ALL levels. We don’t need to have entities in this business that don’t add value. A certificate should be earned, not bought.

“Nuff said.” Back to you.

Just to add to the debate. The IQA has published another article from John Seddon about ISO 9001.2000 in his usual forthright terms. It will be interesting to see what cove members think.

https://www.iqasecure.co.uk/publication/qw_nov04_02.aspThe article is available to IQA members only. I suspect that most Covers are not IQA members. Sorry mate, but I don't think you will have much feedback due to the simple fact that we can't access the article.

Wes, I always welcome the chance to "dialogue" with people like you who have "gray matter" and a lot of professional experience.

In answer to your question. In theory if your supplier EARNED registration to a QMS Standard, such as ISO 9001, AS9100, TS-16949, etc. you, as the customer, have an INDEPENDENT ATTESTATION that the supplier HAS the capability to fulfill your order. As long as this thing called BUSINESS exists, customers want to have CONFIDENCE in the suppliers’ ability to deliver what was ordered, when they need it. So, for the customers, if everything was being done correctly, placing orders with certified suppliers would be a benefit for them, since they would have to spend less effort in overseeing that supplier’s performance.
I don't agree. "Capability" is NOT assessed by a third party auditor. Only whether the Quality acivity matches the Quality plan. There is no auditor alive who attests to "capability" to produce a product or perform a service.


When you say that registration to a Standard has no direct relationship to product quality., I offer this: In theory if the CUSTOMERS CLEARLY AND ACCURATELY specify the products and place the order with an ISO 9001 certified supplier, who, IN THEORY, has the capability to REVIEW the order prior to accepting it and has the capability to realize and deliver it, we would have a CLEAR business advantage.

You know as well as I know that, many times, the problem is NOT the supplier, but the CUSTOMER, who mis-specifies, or poorly specifies the products/services they are ordering. Just today, you related an example of an order that was OVERKILLED. Was that your fault as the supplier? No, It was your customer’s faults.

You know as well as I do, that the QMS Standards are not product related. The following paragraph comes form ISO 9001:2000 “…The quality management system requirements specified in this International Standard are complementary to requirements for products….”
OK. So what advantage have I gained as a customer if the supplier follows the contract review process, but the contract is flawed because of some glitch on my part?


So if both of us compete in the “power supply” business and your product has an MTBF of 10,000 hours and mine has an MTBF of 7,500 hours, thus less reliable than yours, would you say that my product is of lesser quality? What if mine costs 40% less than yours and the power supplies are installed in products with a life cycle of 5,000 hours? Would you think that, just because my product has (by design) a shorter MTBF, my company would not be deserving of an ISO 9001 certification?
Precisely! Why does customer need either supplier to be registered to a Standard if his criterion is MTBF or "hours of use per dollar" (since I may only need to run the product for a short time?) How does the Standard affect that cost calculation?


I have said it, many, many times. The CONCEPT of third-party certification of Management Systems is a tremendous boost to fair trade, especially when we consider the globalization phenomena. The problem is the REAL-WORLD deployment of this concept with scams, frauds, trivialization, incompetence, poor to non-existing policing, no accountability at ALL Levels etc…
Right! If I "globalize" my supply chain, I still have to determine whether the product or service meets my requirements. Voluntary or involuntary compliance to a Standard by the Supplier doesn't confer immunity from customer getting nonconforming product. What's the worst penalty that can befall a supplier who adheres to the Standard, but delivers poor product? Loss of the contract from the customer. The supplier's registration to the Standard will remain unsullied for the next unsuspecting customer to be roped in. It would seem, therefore, that registration is a false hope of level playing field.


When an organization requires their suppliers to “be certified” but disregards the fact that some of the suppliers will chose the path of least resistance registrars, and continues to ship junk, who is at fault? The supplier? the customer? The Registrar?

What we need is a system that brings accountability to ALL levels. We don’t need to have entities in this business that don’t add value. A certificate should be earned, not bought.

So. It sounds to me like you agree the customers should just eliminate the practice of REQUIRING registration to a Standard and concentrate on getting products and services which meet their requirements, since the certificate of registration does not confer any "value added" to the product or service.

The article is available to IQA members only. I suspect that most Covers are not IQA members. Sorry mate, but I don't think you will have much feedback due to the simple fact that we can't access the article.Right. The "s" in the url "https" is the clue this is a secure site.
We have had other things from and about Seddon in the Cove. Why not write to John directly and ask if he will release copyright to post the text here in the Cove? (or will post it himself?) If yes, then there is no problem as long as his release is posted with it. You DO have to explain to Mr. Seddon that once posted in the Cove it becomes fair game for EVERYONE, since we do not protect copyright once posted.

I don't agree. "Capability" is NOT assessed by a third party auditor. Only whether the Quality acivity matches the Quality plan. There is no auditor alive who attests to "capability" to produce a product or perform a service.
I did not say that. A third party auditor assesses if the management system complies with a given Standard. Now, if you do not agree that there is a correlation between complying with, lets say, ISO 9001 and the organization’s capability to fulfill orders, we should stop this dialogue here and now, because, then we would have no common ground.
OK. So what advantage have I gained as a customer if the supplier follows the contract review process, but the contract is flawed because of some glitch on my part?
The advantage to you is the fact that you know that you can TRUST your supplier and implement corrective action internally in your purchasing process. Hopefully you can effect changes internally (to your organization) more easily that externally.
Precisely! Why does customer need either supplier to be registered to a Standard if his criterion is MTBF or "hours of use per dollar" (since I may only need to run the product for a short time?) How does the Standard affect that cost calculation?
Let’s imagine you are trying to qualify a “power supply” supplier in Tasmania, but you do not have the budget to send a supplier quality engineer to spend a week traveling to the other side of the World to check for himself if that supplier has a QMS in place that can be trusted. The certificate, as long as trustworthy, could have saved you thousands of dollars in this trip alone.

Right! If I "globalize" my supply chain, I still have to determine whether the product or service meets my requirements. Voluntary or involuntary compliance to a Standard by the Supplier doesn't confer immunity from customer getting nonconforming product. What's the worst penalty that can befall a supplier who adheres to the Standard, but delivers poor product? Loss of the contract from the customer. The supplier's registration to the Standard will remain unsullied for the next unsuspecting customer to be roped in. It would seem, therefore, that registration is a false hope of level playing field.
If you, as the customer, receives non-conforming product form a certified supplier, and you have exhausted your corrective action requests to the supplier, assuming that the supplier is at fault, you should try to make the registrar accountable and demand action from the registrar. If that registrar fails to take appropriate action, you as an indirect user of that registrar’s certificates, should then escalate the complaint to the appropriate accreditation body. Failure by the accreditation body in take appropriate action should be followed by complaints to the IAF and notification to other stakeholders such as ISO, media, etc . . .You have always been a proponent of “lighting a candle”, instead of complaining about the darkness. In this case, escalating the complaints would be lightning the candle….
So. It sounds to me like you agree the customers should just eliminate the practice of REQUIRING registration to a Standard and concentrate on getting products and services which meet their requirements, since the certificate of registration does not confer any "value added" to the product or service.
I am not (and never have) advocating registration of suppliers to a Standard as a REPLACEMENT mechanism for proper supplier oversight. What I suggest is that the CONCEPT of third party certification of management systems could be a very useful COMPONENT of a supplier oversight process. It is and it will always be the customer’s responsibility to adequately monitor its suppliers.
As a related comment, since TRUE supply chain management involves you (as the customer) starting to question how your suppliers manage their suppliers and, since your supplier’s registrar is one of their suppliers and their registrar’s performance might affect your supplier performance, shouldn’t you start wondering about your supplier’s registrar selection? Did they choose a valuable registrar or the “path of least resistance”?

I did not say that. A third party auditor assesses if the management system complies with a given Standard. Now, if you do not agree that there is a correlation between complying with, lets say, ISO 9001 and the organization’s capability to fulfill orders, we should stop this dialogue here and now, because, then we would have no common ground.

The advantage to you is the fact that you know that you can TRUST your supplier and implement corrective action internally in your purchasing process. Hopefully you can effect changes internally (to your organization) more easily that externally.

Let’s imagine you are trying to qualify a “power supply” supplier in Tasmania, but you do not have the budget to send a supplier quality engineer to spend a week traveling to the other side of the World to check for himself if that supplier has a QMS in place that can be trusted. The certificate, as long as trustworthy, could have saved you thousands of dollars in this trip alone.


If you, as the customer, receives non-conforming product form a certified supplier, and you have exhausted your corrective action requests to the supplier, assuming that the supplier is at fault, you should try to make the registrar accountable and demand action from the registrar. If that registrar fails to take appropriate action, you as an indirect user of that registrar’s certificates, should then escalate the complaint to the appropriate accreditation body. Failure by the accreditation body in take appropriate action should be followed by complaints to the IAF and notification to other stakeholders such as ISO, media, etc . . .You have always been a proponent of “lighting a candle”, instead of complaining about the darkness. In this case, escalating the complaints would be lightning the candle….

I am not (and never have) advocating registration of suppliers to a Standard as a REPLACEMENT mechanism for proper supplier oversight. What I suggest is that the CONCEPT of third party certification of management systems could be a very useful COMPONENT of a supplier oversight process. It is and it will always be the customer’s responsibility to adequately monitor its suppliers.
As a related comment, since TRUE supply chain management involves you (as the customer) starting to question how your suppliers manage their suppliers and, since your supplier’s registrar is one of their suppliers and their registrar’s performance might affect your supplier performance, shouldn’t you start wondering about your supplier’s registrar selection? Did they choose a valuable registrar or the “path of least resistance”? Wow, Sidney! I knew I was in for a "strenuous" interlude. I didn't expect quite so much so soon.

Let's just take one aspect for now. I highlighted portions of your response in blue. Let's just concentrate on those for now as the most pertinent, since they strike to the heart of the "third party auditor" system.

I seem to recall posts here in the Cove about failure to rouse empathy. let alone action, from registrar or the entity which empowers registrars to be registrars.

In fact, one thread, which you initiated, pointed out an obvious error in advertising a company's status as an ISO registrant, yet we still have no response, let alone action from anyone contacted about the matter.

When you talk about questioning "which" registrar a registrant chooses, you are getting into "creepy territory" for me. If I can't trust the body [which empowers a registrar to be a registrar] to have weeded out bad registrars (despite my own biases and prejudices), why should I, as a customer, be faced with the choice of introducing that bias I may have for or against a registrar to enter into my decision to select a supplier? Isn't it easier for me to concentrate on the features and requirements I have of the supplier itself, rather than learn how to judge a registrar?

My contention is that if I follow your suggestion, then I am putting myself in a position of judging the ability of the third party registrar, rather than concentrating on getting products or services which meet my requirements. Certainly, no court anywhere in the world would allow me to claim, let alone collect, damages from the third party registrar for the time, trouble, and inconvenience I suffer as a result of relying on a third party registrar's assessment of a supplier. I'd be willing to bet your own carrier for errors and omissions insurance would hurt himself laughing if I were to make such a claim.

The reality is:

3rd party audit only gives some assurance the supplier has a minimum system in place to "try" to deliver conforming goods and services.
3rd party auditor accepts no liability for wrongs of the auditee
even if I am successful in getting a supplier's registration pulled, I will have wasted time and energy protecting other organizations, not my own. In fact, I will be out the additional time, funds, and energy it took to pursue the matter - even I don't "cut off my nose to spite my face."
Big 3 automakers and others recognize the conundrum and issue additional "customer specific" requirements to try to protect themselves a little more.
:topic: Off topic, but not much - I am suddenly reminded of the big hoorah Motorola had with a foreign partner which Motorola claimed (and some courts agreed) swindled Motorola out of hundreds of millions of dollars. Motorola seized some real estate apartments the foreign corporation had in New York, but has been spectacularly unsuccessful in getting relief in foreign courts. How much more secure would Motorola had been if they appealed to a 3rd party auditor? They sure aren't getting anything out of CPAs who claim they were deceived also and had not been hired to conduct a forensic audit.

My own bottom line:
I put as much faith in a "self-assessment" form I adapted from various Standards as I do in most 3rd party audits. This means I send the multipage form to the previously unknown supplier prospect. Depending on the responses to the questions, I do one of the following:

ask some clarifying questions because the initial response was vague or ambiguous

tentatively agree to a sample order

make a personal visit or send my own choice of agent to confirm the self-assessment
say "thanks, but no thanks" and move on to next prospective supplier.
If the supplier is running a QMS remotely similar to ISO9k2k, he should be able to complete my "self-assessment survey" in less than 20 minutes. If supplier chooses not to fill it out - it's the same as saying, "don't do business with me, because I probably will ignore a CAR and will be unresponsive to other requests."

Obviously, I only use this self-assessment survey on potential custom suppliers (products made to my blueprints.) If the supplier makes a proprietary item available to many buyers, I can judge the product on its own merits and don't need to know its QMS.
(When was the last time anyone checked whether Dell Computer was registered to ISO9001:2000 before buying 1 or 100 computers from them?)

In fact, one thread, which you initiated, pointed out an obvious error in advertising a company's status as an ISO registrant, yet we still have no response, let alone action from anyone contacted about the matter.

Exactly! My point about lack of accountability.

When you talk about questioning "which" registrar a registrant chooses, you are getting into "creepy territory" for me. If I can't trust the body [which empowers a registrar to be a registrar] to have weeded out bad registrars (despite my own biases and prejudices), why should I, as a customer, be faced with the choice of introducing that bias I may have for or against a registrar to enter into my decision to select a supplier? Isn't it easier for me to concentrate on the features and requirements I have of the supplier itself, rather than learn how to judge a registrar?

Why didn’t the SEC weed out Arthur Andersen, prior to the Enron scandal? Just like a driver’s license don’t make anyone a good driver, an ISO 9001 certificate does not make anyone a good supplier, a certificate of accreditation does not make a registrar a good one.

If you believe that supply chain management does involve assessing how your suppliers choose and monitor their suppliers, you should pay attention to their choice of registrars. If you don’t care who your suppliers do business with, then your supply chain management is one level deep. Obviously it is your call. Nobody forces you to scrutinize how your suppliers make business decisions.

My contention is that if I follow your suggestion, then I am putting myself in a position of judging the ability of the third party registrar, rather than concentrating on getting products or services which meet my requirements.

You seem to think that these activities are mutually exclusive. It is my contention that they are not. Both can be accomplished. Actually I think they are complementary and can be used to maximize the value of each other.

The reality is:
3rd party audit only gives some assurance the supplier has a minimum system in place to "try" to deliver conforming goods and services.

I agree!
3rd party auditor accepts no liability for wrongs of the auditee

Just like most organizations accept no liability for their suppliers wrongs. But just because you don’t accept, it does not mean that a court would not hold you liable.
even if I am successful in getting a supplier's registration pulled, I will have wasted time and energy protecting other organizations, not my own. In fact, I will be out the additional time, funds, and energy it took to pursue the matter - even I don't "cut off my nose to spite my face."

You might consider wasting your time and effort. Personally I would consider it as valuable as the amount of time you spend here at the Cove, providing very worthy comments, suggestions and advice to your fellow Covers.
Big 3 automakers and others recognize the conundrum and issue additional "customer specific" requirements to try to protect themselves a little more.

The CSRs have always existed. What the Big 3 and other large Automotive OEMs did were to stop relying on the accreditation bodies to police the registrars and, through the branches of the IATF, they are monitoring registrar’s performance DIRECTLY . So, my conclusion is they were not too happy with the effectiveness of the accreditation policing.

My own bottom line:
I put as much faith in a "self-assessment" form I adapted from various Standards as I do in most 3rd party audits. This means I send the multipage form to the previously unknown supplier prospect. Depending on the responses to the questions, I do one of the following:

ask some clarifying questions because the initial response was vague or ambiguous
tentatively agree to a sample order
make a personal visit or send my own choice of agent to confirm the self-assessment
say "thanks, but no thanks" and move on to next prospective supplier.
If the supplier is running a QMS remotely similar to ISO9k2k, he should be able to complete my "self-assessment survey" in less than 20 minutes. If supplier chooses not to fill it out - it's the same as saying, "don't do business with me, because I probably will ignore a CAR and will be unresponsive to other requests."
Good for you. From what you describe, you have a good, solid process in place. You might want to consider your suppliers to become educated in the Self Declaration Guidance issued by ISO. Check http://www.iso.org/iso/en/commcentre/pressreleases/2004/Ref939.html (http://www.iso.org/iso/en/commcentre/pressreleases/2004/Ref939.html)



Ref.: 939
11 November 2004

Suppliers' declarations of conformity given added weight by new ISO/IEC standard

A new ISO/IEC standard defines requirements for suppliers (including manufacturers) to meet when they make formal claims that products, services, systems, processes or materials conform to relevant standards, regulations or other specifications.

Claims that meet the requirements of ISO/IEC 17050 are expected to inspire greater confidence among governments, regulatory authorities, consumers and end users than claims without such backing. This is because the standard represents an international consensus on good practice and establishes a benchmark that can be applied in all business sectors and in all countries.

ISO/IEC 17050 offers a framework for what is designated technically as a "supplier's declaration of conformity (SDoC)". An SDoC is one of the ways in which a supplier may seek to demonstrate conformity. This might be required, for example, by health, safety or environmental regulations - or is desirable because conformity gives potential purchasers greater confidence.

Other ways are by inviting the customer to verify conformity, or by engaging a specialized independent body, such as a testing laboratory or inspection service, to issue a certificate of conformity (e.g. product certification). An SDoC is less time-consuming than either of these options, which means that products can be developed and brought to market faster. It is also cheaper and the economies made by the supplier can be passed on to the customer.

The publication of ISO/IEC 17050 puts at the disposal of suppliers and manufacturers an SDoC methodology with greater transparency, added rigour and globally harmonized practice - which is likely to increase the use of this option in world trade. While streamlining the conformity assessment process, it does not remove the obligation of suppliers and manufacturers to conform to relevant regulations and other legal requirements - which is likely to encourage its acceptance by authorities, as well as the confidence of customers.

The new standard is in two parts. Part 1 specifies the general requirements for an SDoC. Its intent is to increase the value of an SDoC by establishing a clearly understandable International Standard for this conformity assessment option, and also to encourage its use by making the SDoC more acceptable to government and regulatory institutions. Part 1 includes a sample SDoC.

Part 2 is on supporting documentation to substantiate an SDoC, for example, results of tests carried out by the supplier or an independent body in order to meet legal requirements. Again, the intent is to encourage acceptance of an SDoC by customers and authorities.

ISO/IEC 17050 was developed by Working Group (WG) 24 of ISO/CASCO, Committee on conformity assessment. WG 24 Convenor, Joel Urman, comments: "The cost and time savings that result from SDoC unquestionably benefit suppliers of products, processes, services and systems. SDoC also significantly benefits their customers and all those who use and need their offerings."

ISO/IEC 17050-1:2004, Conformity assessment - Supplier's declaration of conformity - Part 1: General requirements, costs 47 Swiss francs. ISO/IEC 17050-2:2004, Conformity assessment - Supplier's declaration of conformity - Part 2: Supporting documentation, costs 34 Swiss francs. Both are available from ISO national member institutes (see the complete list (http://www.iso.org/iso/en/prods-services/ISOstore/memberstores.html) with contact details) and from ISO Central Secretariat (see below).

From what you describe, you have a good, solid process in place. You might want to consider your suppliers to become educated in the Self Declaration Guidance issued by ISO....
This is an interesting addition to the debate. I'm going to look it over for a while. I may be back to ask questions about it.

:topic: Since you mention Anderson and Enron, I wonder if authorities will be sniffing around the KMart/Sears deal. It might seem VERY suspicious that the big real estate player bought into Sears just a few days before the KMart deal was announced. It seems interesting that very little mention was made of the 14 or more percent of Sears stock held by the guy who controlled KMart when the purchase of approximately 5% was made by the real estate outfit. The subsequent runup in stock prices of both retailers made some huge windfall paper profits for those investors. I wonder how the folks who SOLD the 5% of Sears early in November feel about the deal? Do you suppose they feel like they've been eaten by a pack of coyotes and pooped over a cliff?

In the Vol.4, No.6 issue of the ISO Management Systems magazine,
Mr. Joseph Bransky, from General Motors, makes a very compelling case for raising the credibility of third-party certification. Since GM is one of the largest organizations in the World and a very interested stakeholder in the process of management system certification, it will be interested to see if we start seeing changes ....http://elsmar.com/Forums/images/smilies/appl.gif For the contents of the magazine, click (http://www.iso.org/iso/en/iso9000-14000/pdf/IMS0406-content.pdf).

http://www.iso.org/iso/en/iso9000-14000/images/ims0406.jpg

In the Vol.4, No.6 issue of the ISO Management Systems magazine,
Mr. Joseph Bransky, from General Motors, makes a very compelling case for raising the credibility of third-party certification.Is there a scheme to do so or is it just a statement that it is a 'good idea'?

Marc, I believe that many large stakeholders will start pushing some serious buttons. Remember, the Automotive Sector decided to bypass the Accreditation Bodies and monitor directly the registrars involved with TS-16949 audits. This represents tremendous loss of revenue for the Accreditation Bodies. One could hope that the Accreditation Bodies would have learned a lesson by being displaced from the TS Scheme.
Unfortunately, for the credibility of this process to be maintained, we need a much stronger policing than what we have at present. Failure to effectively police the marketplace might lead to the conclusion that the accreditation bodies are making themselves irrelevant.
Personally, I am glad to see something that I was hoping would happen: Certain Industrial Sectors trying to make all the players accountable.

ISO and IEC believe that the new 17011 document can help boost confidence in the Accreditation Process.

http://www.iso.org/iso/en/commcentre/pressreleases/2004/Ref941.html

Ref.: 941
15 November 2004

ISO/IEC standard for "one-stop accreditation" to boost cross-border trade

A new International Standard aims to harmonize requirements worldwide for organizations that assess the competence of "conformity assessment" bodies.
It will provide a global benchmark for "accreditations bodies" to ensure that they operate in a consistent, comparable and reliable manner worldwide, thereby providing confidence to purchasers and regulators and facilitating cross-border trade.

Conformity assessment bodies (CABs) check that products, materials, services, systems or people measure up to the specifications laid out in a relevant standard. A lack of confidence in their competence to perform these tasks may result in redundant, costly and time-consuming assessments by different accreditation bodies in different countries. Such costs could be drastically reduced if a CAB could be assessed once and the results accepted globally. This process is known as a "one-stop accreditation".

ISO/IEC 17011:2004, Conformity assessment - General requirements for accreditation bodies accrediting conformity assessment bodies, sets out a uniform set of requirements for bodies that verify the activities of conformity assessment bodies - from testing, inspection, management system certification to personnel certification, product certification and calibration.

It will also prove useful in the peer evaluation process for mutual recognition arrangements between accreditation bodies which will allow the contracting parties to recognize the results of each other's inspections, testing, certification or accreditation for goods and services traded internationally.

"An adequate accreditation system should provide confidence to the purchaser and regulators and, in so doing, facilitate cross-border trade," said Mario Wittner, Chair of ISO Committee on conformity assessment (CASCO). "The new standard will have an important impact on the operations of the accreditation bodies as well as on the some 22 000 accredited laboratories and 4 000 certification and inspection bodies across the world."

The standard's potential for facilitating cross-border trade is witnessed by its recent adoption by the International Laboratory Accreditation Cooperation (ILAC) and the International Accreditation Forum (IAF) as the base set of requirements for their national and regional members.

Chair of IAF Dr. Thomas Facklam explains its significance: "ISO/IEC 17011:2004 is the result of several years of difficult work that successfully combines into one standard several previous documents related to accreditation bodies. This one-stop accreditation standard will now provide a strong basis for future accreditation practice, and help enhance the reputation of accreditation as a central mechanism for establishing the competence and recognition of conformity assessment results on a global basis."

According to the Chair of ILAC Mr. Daniel Pierre, ISO/IEC 17011:2004 is also important for emerging accreditation activates in economies in transition and developing countries. "The standard establishes clear requirements for the structure, management and functions of existing and future accreditation bodies, and should be taken into account within international donor programmes, mutual recognition agreements and by accreditation bodies themselves."

ISO/IEC 17011:2004 replaces three sets of overlapping requirements for the same attributes: ISO/IEC Guide 58:1993 (laboratories), ISO/IEC Guide 61:1996 (certification bodies) and ISO/IEC TR 17010:1998 (inspection bodies).

In collaboration with ISO, a transition period has been agreed by IAF and ILAC members for accreditation bodies to meet the requirements of the new ISO/IEC 17011:2004 by 1 January 2006. For more information see the joint IAF-ILAC-ISO Communiqué (http://www.iso.org/iso/en/comms-markets/conformity/pdf/iaf_ilac_iso_communique_2004.pdf).

ISO/IEC 17011:2004, Conformity assessment - General requirements for accreditation bodies accrediting conformity assessment bodies, costs 97 Swiss francs and is available from ISO national member institutes (see the complete list (http://www.iso.org/iso/en/prods-services/ISOstore/memberstores.html) with contact details) and from ISO Central Secretariat (see below). The new standard was developed by CASCO's working group WG 18, Accreditation, in partnership with the IEC (International Electrotechnical Commission).

A very well written and informative (imo) article on the "state of the certification business" was published in the IRCA Inform newsletter.

Mr. Simon Feary is the author and the article is available here. (http://www.irca.org/inform/issue8/SFeary.htm)

I disagree slightly with one of the conclusions as the IAF being the target for hope. The IAF has, without a doubt, a critical role to play. But the pressure for the accreditation and certification bodies to clean up their act has to come from Industry at large. Since they are the ones who rely(?) on the value of accredited management system certificates.

A post focusing on TS 16949 registration has been split off of this thread: Is TS 16949 Third-Party Certification (Registration) on the way out? (http://elsmar.com/Forums/showthread.php?t=15475)

In the Vol.4, No.6 issue of the ISO Management Systems magazine,
Mr. Joseph Bransky, from General Motors, makes a very compelling case for raising the credibility of third-party certification. Since GM is one of the largest organizations in the World and a very interested stakeholder in the process of management system certification, it will be interested to see if we start seeing changes ...

is interested in 'ISO' registration, even if Mr Bransky is. In my experience, the folks who write sector specific documents like QS-9000 etc, rarely represent the entities they work for. As in the AIAG's case, they have OEM representatives, but they aren't necessarily representing the entity (if you get my meaning). I seem to remember that was the issue when the AIAG first approached TC 176 about the impending changes to ISO9001.

But then I could be mistaken...........

Andy

A very well written and informative (imo) article on the "state of the certification business" was published in the IRCA Inform newsletter.

Mr. Simon Feary is the author.

I disagree slightly with one of the conclusions as the IAF being the target for hope. The IAF has, without a doubt, a critical role to play. But the pressure for the accreditation and certification bodies to clean up their act has to come from Industry at large. Since they are the ones who rely(?) on the value of accredited management system certificates.


Good article Sidney, thanks. I think this needs a push from the grassroots, and a pull by IAF and AB's. They strain at gnats, and ignore the very major sins and bad practices they already know about.

As you have stated before, approved CB's who issue accredited certs and unaccredited certs, should be told to cease and desist. Other blatently counter-productive practices should be challenged. It is not fair to expect industry to shoulder this themselves. We have to expect the highest levels to make it clear as well. Take out one or two bad players and the rest will sit up and police themselves.

...then, when you are done with that, come and witness whether I am doing my job right...

A very well written and informative (imo) article on the "state of the certification business" was published in the IRCA Inform newsletter.

Mr. Simon Feary is the author.

I disagree slightly with one of the conclusions as the IAF being the target for hope. The IAF has, without a doubt, a critical role to play. But the pressure for the accreditation and certification bodies to clean up their act has to come from Industry at large. Since they are the ones who rely(?) on the value of accredited management system certificates.

I agree with your disagreement, Sidney. IAF may help but I doubt it, they are too far away from the problem. The industry needs to look at all aspects of the certification business and I seriously doubt there is the will to do it. Let me try to explain my sweeping statement:

At the highest level the IAF needs to be more than a club and get to grips with variation between accreditation bodies in the different countries
Individual accreditation bodies need to behave much as Mr Feary describes and start looking at weeeding out or developing the weaker registrars
Certification bodies need to stop sticking their heads in the sand and start to control the processes they use to deliver third party registration
IRCA (and any other auditor approval body) can develop its auditor approval so it is more meaningful - more akin to the professional institutions, perhaps
Auditors need to look at their own professionalism and stop going through the motions on audit - leaving the client with a few "pet" non compliances without actually getting into how the organization operates
Customers of certification bodies have to be a lot more critical of the service they receive (not necessarily name and shame):lol:

I think that about covers it (in the time I have).

For our part we are going through (again) the process approach as that is still an issue (and judging by recent posts on the Cove there is still no consensus on what it means!) and trying to up the ante through training and witnessed audits for all of our full time and contract auditors

After following the Cove for a number of years, this thread has prompted me to break silence and 'come out' to add my tuppence h'penny (2 cents in your parlance) worth.

Imperfections considered, and there are many, third party certification does have a future and will survive. The simple reason is that it has become too important for global trade. In making predictions we need to look beyond our own national situations and see this in a wider context.

Remember that accreditation and certification are recent arrivals. And in a global context, even more recent. Governments have signed up to this as the preferred mechanism to facilitate trade and until there are better ones, accredited certification will continue to be supported. It isn't perfect. Many aspects cry out for improvement. But in due course they will be improved so we should regard the current problems as teething difficulties.

I can't disagree with any of Paul Simpson's BPs. But identifying the 'need tos' is the simple part, turning them into actions that will bring about the change we all recognize as necessary, and IMO inevitable, is much more difficult.

Any suggestions as to how?

Any suggestions as to how? I have many, but I am obviously biased. In my opinion, the FUNDAMENTAL problem with the process is the fact that the TRUE users of management system certificates are not involved with the inner aspects of accredited management system certification. The IAF, the ISO TC's, the AB's and the CB's dominate the process defining the rules. Even though Industry and other Stakeholders are supposed to have a lot of input into the rules, I don't think it happens.

Competence definition is another huge roadblock. For example, when it comes to Quality, the rules in place to determine auditor competence would allow (if not favor) someone that has worked as a quality inspector for the last 30 years as a good candidate for a QMS Lead Assessor position. This individual might never understand the difference between management OF quality and management FOR quality. The bar is set too low. ISO 9000 just like many other Quality "programs" has been trivialized ad nauseum.

Another point to be changed: ACCOUNTABILITY. At all levels. Management system certification of suppliers COULD be a good component of an organization's supplier risk mitigation process, but all too often, people managing suppliers do not keep them (suppliers and respective CB's) properly accountable.

If someone really wanted to change the 3rd party certification world, the most impacting action they could do:
Create some type of database where, over time, people could start correlating supplier performance and their choice of CB's. Only then, the CB's that try to perform MEANINGFUL assessments and hold suppliers to minimum levels of performance, before certifying them, would reap the profits they deserve. As long as 3rd party certification is (generally) perceived as an attribute and, for the most part, buyers do not care about suppliers choice of CB's, the path of least resistance will have a great marketing advantage. The problem is, when more and more certificates are granted without being deserved, the WHOLE concept is at risk.

I am not so sure, as you are, about the long term viability of this offer. One thing that I know for sure is: When options exist, non value added activities are not sustainable in the long run.

Very good comments, Sidney. I would support some of these initiatives, if given an opportunity.

the auditors, as laid down by IRCA/RAB etc. These haven't changed (substantially) in many years. I believe that if auditors were qualified in much the same way as a 6 Sigma 'Green Belt' and a 'Lead Auditor' had to be qualified in the same way as a 'Black Belt', management would see some benefit, instead of having 'low hanging fruit' like document control etc written up during audits.:frust:

I'm guessing the new criteria for auditors will help, but until a substantial change in the abilities of (external) quality auditors is demanded, we'll get the same kind of results and third party certification (to ISO/TS/Whatever) will remain a necessary evil.:mg:

Andy

Hey, let's be fair here. At least half of the auditors I know are very competent, qualified, and perform very good audits. The same observation can be made to the auditors who post on this forum, many of whom are very intelligent and thoughtful, and demonstrate good skills.

And, I could add, many of the Quality Managers I meet are very good, competent, etc., however, many are not! Probably the same ratio as auditors, half demonstrate very good skills.

So, is the failure only to be laid at the feet of auditors? Every field has good practitioners, and many not so good...

I agree auditors should be more uniform and the weaker ones should be more competent, but that by itself will not solve all the world's ills. The same has to be applied to supplier and customer management. (IMHO)

that you'd say that 'H'. What I'm saying - yes, I'm a heretic, I know - is that management put more credence on 6 Sigma than on certification and, therefore, 3rd party auditors. :mg:

If it weren't demanded by customers, registration would go away, so would auditing. It is what it is. I'm not slamming the auditors per se, I'm saying that the qualification criteria haven't changed since I attended lead auditor class in 1986!! That's not keeping up with the customers' demands for value! So, we auditors (yes me too) are only required to meet qualification criteria which doesn't keep up with the (proven) quality techniques. :rolleyes:

The result is auditors tend to deliver simply compliance based results, not $$$ savings. We should be lobbying the RAB-QSA/IRCA etc to set us the challenge of a qualification program which delivers the same types of results as Green/Black Belts do. ;)

No personal attack implied or intended, 'H', just trying to raise the bar on a lack lustre situation. :yes:

Andy

NOTE: NOT SCIENTIFIC - JUST A PERSONAL OBSERVATION

When I was a kid, my father told me that 20% of people are 'below par' (such as a doctor, plumber, or whatever), 20% are above 'par' (will give you your 'money's worth' and are knowledgable) and the other 60% is (are) 'Everyman' (will do a good 'job' and means well, but isn't the best {unrelated to cost}). He said that applies to all 'professions'.

I see auditors in this light.

I could go into a diatribe about auditors and the incompetence of some, but on the whole I do think 80% are 'OK'.

After following the Cove for a number of years, this thread has prompted me to break silence and 'come out' to add my tuppence h'penny (2 cents in your parlance) worth. Is that pre decimal? As in the title - great first post. Thanks for your contribution.

Imperfections considered, and there are many, third party certification does have a future and will survive. The simple reason is that it has become too important for global trade. In making predictions we need to look beyond our own national situations and see this in a wider context. I agree with you that certification does have a future. My concern is that there may be too much focus on the negatives - we MUST have certification rather than we WANT certification. In order to do this we have to deal with some of the underlying issues - more later

Remember that accreditation and certification are recent arrivals. And in a global context, even more recent. Governments have signed up to this as the preferred mechanism to facilitate trade and until there are better ones, accredited certification will continue to be supported. It isn't perfect. Many aspects cry out for improvement. But in due course they will be improved so we should regard the current problems as teething difficulties. Very good points. I describe certification as an immature industry. The problems will arise if the industry doesn't get its house in order, then it gets marginalized or dies out. Unless the product is fixed you end up with outside influences that chip away at the edges - e.g. sector schemes such as QS-9000, AS 9100, ISO TS - they are all tinkering with a core product that should work on its own.

By writing new "standards" and setting up auditor qualification criteria, certification and assessment processes the relevant industry is saying existing practice for auditors having the competence to assess in this particular industry sector is not working and they have to step in.

It doesn't say much for the current certification and accreditation processes policing themselves.

I can't disagree with any of Paul Simpson's BPs. But identifying the 'need tos' is the simple part, turning them into actions that will bring about the change we all recognize as necessary, and IMO inevitable, is much more difficult. I agree. What I have done is reproduce my BPs with what I am trying to do against each. Each of us (as professionals) should be working in at least one of these fields if we believer in the process. Don't forget not everyone does - not even here on the Cove!

* At the highest level the IAF needs to be more than a club and get to grips with variation between accreditation bodies in the different countries Unfortunately I don't have a voice at this level. All I can do is post on the Cove and work on "my" accreditaion body. My organization belongs to the ABCB - the Association of British Certification Bodies and we are lobbying for wide and consistent application and recognition of accreditation.
* Individual accreditation bodies need to behave much as Mr Feary describes and start looking at weeeding out or developing the weaker registrars Again not really in our remit - we rely on accreditation bodies to be actively pursuing the cowboys
* Certification bodies need to stop sticking their heads in the sand and start to control the processes they use to deliver third party registration This we can do something about! We constantly look for opportunities to improve our own processes. We are dealing with industry criticism of certification by ensuring our clients have effective management systems and are requiring more information from our auditors to demonstrate system effectiveness to be reviewed "off line". We are also developing our auditors so that the base level of assessment is higher.
* IRCA (and any other auditor approval body) can develop its auditor approval so it is more meaningful - more akin to the professional institutions, perhaps Agreed with some other comments about who qualifies as a lead auditor. We choose to approve our own auditors and do not necessarily require IRCA (or other) approval as we believe this is quantity based instead of quality - we are more interested in how the individual audits and have a rolling programme of auditor qualification reviews to ensure standards are maintained.
* Auditors need to look at their own professionalism and stop going through the motions on audit - leaving the client with a few "pet" non compliances without actually getting into how the organization operates We have a programme of report reviews and are looking for trends in the reporting of non compliances. As an individual I pride myself on an ability to operate in unfamiliar surroundings and come up with a reasonable assessment on the effectiveness of the system - even if it means walking away without raising a non compliance (if the system is operating effectively).
* Customers of certification bodies have to be a lot more critical of the service they receive (not necessarily name and shame)
Again we are happy for feedback from any of our customers on the service we provide or from their customers on their performance and will deal with it. While we undestand there may be disputes in any contract we believe it is the registered firm's obligation to deal with any complaint and take it to resolution - even if that resolution is not to deal with that customer in the future! As an individual I have a policy of always complaining if the product or service doesn't meet my expectations - I am depressed, however with the level of brush offs received from companies who should know (and do) better.
Any suggestions as to how? Can't disagree with any of Sidney's post. There is a requirement for all the relevant groups to "get down and dirty" and do something rather than pontificate. That is the industry challenge.

NOTE: NOT SCIENTIFIC - JUST A PERSONAL OBSERVATION

When I was a kid, my father told me that 20% of people are 'below par' (such as a doctor, plumber, or whatever), 20% are above 'par' (will give you your 'money's worth' and are knowledgable) and the other 60% is (are) 'Everyman' (will do a good 'job' and means well, but isn't the best {unrelated to cost}). He said that applies to all 'professions'.

I see auditors in this light.

I could go into a diatribe about auditors and the incompetence of some, but on the whole I do think 80% are 'OK'.:topic: Overheard during a PTA meeting when teachers were giving some stats about the kids. This came from a parent: "Why can't all of our kids be above the average?"....:eek:

:topic: Overheard during a PTA meeting when teachers were giving some stats about the kids. This came from a parent: "Why can't all of our kids be above the average?"....:eek:


Some of you may recall that Garrison Keillor made a very good living on this: "Lake Woebegone, where all the women are strong, and all the kids are above average."

...I think he was a quality manager...?

I don't know, there are an awful lot of "My kids an Honor Student " bumper stickers though.

I don't even know what an "Average" SAT score is now!

Carl-

Poll closed - 2 July 2008.