posted 04 April 2001 12:54 PM              

You make some good points.

The company I work for is not registered as yet and the customers do not require us to be registered so loss of business in my situation is not a real concern. I try to stay away from using registration as a means to gain or keep business anyway. My feeling is, if you actually adhere to the standard, the business will probably come as a result of your quality management success. Of course I realize that some companies require registration, but I would bet they do not specify registration to an RAB accredited registrar in most cases.

As far as how would you know if I am qualified, I don't really think you know an RAB auditor, or registrar for that matter is truly qualified. Seems like a pretty gray area to me. I have worked with some very knowledgeable registrar auditors, and I have worked with some real dolts who represented very reputable firms also. Besides, if you were the customer, you would not have to believe that I was qualified. You could send in your own "qualified" auditor to check up on me as often as you liked. Keep us honest so to speak. I know it would not work for many companies, especially those which deal internationally, because it would be cost prohibitive to send someone to check up on the supplier, but for those companies that deal mostly domestic, dont require registration and have fairly regular contact, I think it is a viable solution to paying registrars a lofty fee to confirm what you already know.

"We declare we are compliant to ISO 9001 2000 and our doors remain open for your inspection" is a fairly strong statement.

posted 04 April 2001 01:22 PM               

You've brought some great points to the table. I must admit I have never been fond of the certification process. Becopming certified is no guarentee that your quality level will remain where it is. My start in the quality world began with defense contractors. We were required to comply with certain military specifications governing quality systems. The representatives from the Department of Defense would never certify a contractor, but simply state that at a particular time (pre-award or post-award of a contract) the quality system was deemed acceptable. DoD certainly knew how quickly a company could go from good to bad, so they never endorsed anyone. Which is why I have never been fond of the cetification process. We persued our certification process only because our customers asked for it. Frankly, IMHO, most companies have passed the buck, so to speak, on vendor approvals by asking their suppliers become certified. I am sure it has been benificial to large corporations with large supplier bases. And specific industries developing their own standards based on the ISO documents are great - needed to be done years ago.

posted 04 April 2001 01:45 PM               

"Of course I realize that some companies require registration, but I would bet they do not specify registration to an RAB accredited registrar in most cases."

Carl, only Registrars that are RAB, RVA, JAB etc. accredited can issue you a certificate to ISO.
I am not saying you should get registered to keep or gain new customers that is the wrong reason to do it. You say your doors are open to you customers, and they are more than welcome to audit you. IMO, from what I have seen from our customers, they send people to audit us who are not qualified to audit.

"As far as how would you know if I am qualified, I don't really think you know an RAB auditor, or registrar for that matter is truly qualified. Seems like a pretty gray area to me."

If you do you research before selecting a Registrar you will have a good idea if they are qualified. If you feel during your Registration/Survillance audits that the auditor is not qualified you have every right to make a complaint to that Registrar or the Accreditation Board.

"Besides, if you were the customer, you would not have to believe that I was qualified. You could send in your own "qualified" auditor to check up on me as often as you liked."

IMO if you were Certified then I as a customer would feel more comfortable about your system (Depending on who your registrar is of course), which would allow me not to go thru the extra expense of auditing my suppliers.

posted 04 April 2001 02:19 PM              

I only disagree with one point:

ISO Guy states:
Carl, only Registrars that are RAB, RVA, JAB etc. accredited can issue you a certificate to ISO.

Show me evidence where it states that.

Maybe only registrars that are RAB, RVA, JAB
HAVE issued certificates, but I have yet to see anything that states that group xyz CAN'T issue a certificate. As long as it is not misrepresented, who is going to stop them? The RAB Police? It is understood of course that the credebility of whomever granted a certificate would be in question, but what if a sharp group of auditors got together and cut through all the bull**** and red tape and started doing serious, in depth audits and granted certification outside the RAB scheme? What if an RAB Provisional Auditor worked for a company and was willing to sign a Certificate? What if a non-RAB registered auditor who was better versed than most RAB auditors granted a certificate for his own company?

Don't take this too seriously, I am only playing Devils advocate and appreciate all your comments. I am strongly considering declaring compliance because of my situation. I realize that my situation may be unique, then again, maybe it isn't.

posted 04 April 2001 03:43 PM               

If the company self declares and actually follows all of the ISO requirements because they recognize it as a good way to manage the company AND their customers don't demand certification, only quality product on time, then the self declaration is probably for the right reason.

If the company self declares in an attempt to try to stay competitive without the cost of certification, then the reason is probably wrong.

In either case, I suggest the buyer beware when they are dealing with a self declaring company. Many companies that state they are compliant simply aren't. They often have no structured internal audit system, an ineffective (if any) internal C/PAR system, and document control issues. They often DO have a strong process control and inspection system (and produce a quality product because of it), but two elements doesn't make for compliance.

The customer can only be sure if they perform their own audit. And if I were the customer and found the self declarer lacking, I'd be concerned and probably a bit skeptical regarding future business.

On that note, I caution companies to be cautious in self declaring compliance. If your doing it for the RIGHT reasons, more power to you. If you're doing it for the wrong reasons (to make yourself look good to your customer base) then be careful you don't get caught short.

posted 04 April 2001 04:26 PM            

Once upon a time, in a land far away, I worked for a company whose customers did not care if we were ISO or QS certified. At that time, they weren't either. At that time, they all wanted us to be compliant with the standard so we upgraded our existing quality systems to conform and told them we were compliant and our doors were always open.

We had customers in almost every week to do their own audits on us. It took LOTS of time and really drained our resources to lead their auditors (and I use that term very loosely) around and basically teach them our business. We spent lots of time teaching our customers (or trying to) the difference between a requirement of the standard and an individuals wish list. Each of their auditors wanted us to do business the same way they did even though their businesses might be union ours was not, they used certain softwares, we used something else, etc., etc.

We finally said "Enough is enough, our quality system is compliant, we are tired of all the hassles." We hired a registrar, got our certificate and sent out an announcement to all the customers that had been coming in once or twice a year to "audit" us that we had gained certification and invite them to continue to come in as often as they wanted.

Our audits by customers went from 60-75 per year to one. That one came the first year and never rescheduled an audit. All of those customers still came in to visit ocassionally but they never once tried to tell us how to run our systems after certification.

Is self declaration ok? Sure, as long as you are willing to actually be compliant and defend yourself constantly to people who may or may not be qualified to assess your compliance. But in the long run we saved enough by having our people doing their jobs and not playing ringmaster for the dog and pony shows to put a really big dent in the cost of hiring a registrar.

posted 04 April 2001 04:42 PM              

That is a nice bedtime story, but I am based a bit more in reality. I work for a company that makes Big $ but only has a couple of customers, only one of which would be inclined to audit. I think if the audits became too burdensome, I would simply default to the same thing I have done several times in the past with registrars, ask them to show me where it says that in the standard.

posted 04 April 2001 06:51 PM               

2. I would not have a problem putting on paper that an organization had a system in place "conforming" to the standard, if I had verifiable, objective evidence (with me doing the conformance audit as a 3rd party) to that fact. I would say that based upon my audit findings etc, etc, that XYZ's system substantially conforms to ******* (only if they really, really did of course). Then the organization could use that as well as all their other stuff in place as evidence of conformance. Some system of follow-up audits would have to be set up over an extended period, or the organization could even use a different 3rd party.

posted 04 April 2001 09:12 PM               

quote:

---

Originally posted by Carl:
SteelMaiden,

I would simply default to the same thing I have done several times in the past with registrars, ask them to show me where it says that in the standard.

Besides, and I have to point out, I am being VERY hypothetical, what if you DID have a registration to the standard from a source other than an RAB blah, blah, blah source?

---

You are 100% correct it does not state in ISO that you have to be an Accredited Registrar.
Unless I am misunderstanding you, you say you want to be able to issue a Cert. to say a company is ISO Registered? Well thats fine you can do it but what do you have to back you up? As as customer IMLO I would look at it and say thats nice that Joe the Consultant feels you are ISO, but thats not good enough for me. I want to know who is evaluating you, as the Accredatation Boards do the Registrars. Yes even Registrars get audited by someone, and yes their auditors also must go thru a witness audit by someone from the Accredatation Board. Kind of gives the Registrar Certificate some credance. Makes me feel better knowing someone is checking up on them, whos checking on Joe the consultant that is issuing the Certificates???? Just my thoughts not saying mine are right and I am not saying yours are wrong, just a differnce of opinion.

Sorry about my spelling I know it stinks! LOL

Keep the thoughts coming I love to see what others think, thats what makes us all better is getting ideas from others in the same profession!

posted 05 April 2001 08:22 AM              

I agree, it would be a pretty impossible task to prove your credibility in most situations without the backing of a major player like RAB,ASQ etc.

If you had a good reputation in a fairly small area that did not deal internationally, you might pull it off though.

My situation is somewhat unique. We have one MAJOR customer and and they are not ISO. Self declaration would likely be fine with them and could save us money over the years. I think this is the first company I have worked for that it would be possible though.

I agree with you. It is much easier to accept someones credentials if someone is checking up on them and keeping them honest.

Thanks,

posted 05 April 2001 08:49 AM               

1. When you require a supplier to be ISO registered, what specifically do you require (or expect) above and beyond what you expect from a non-registered supplier ('compliant' or not)?

2. Can you provide evidence that registered suppliers are giving you something non-registered companies are not? Please do not give the answer "It will give me confidence that....". We all know that's a joke.

If you're going to point out that you are audited less by customers or that you audit suppliers less - that is nothing less than a cost shift. Most of my clients tell me that registration did not significantly reduce audits by customers.

Folks - this has become nothing less than an industry. A cost of doing business.

And for those of you who think audits are subjective now, think about the future.

The changes will require an internal or external auditor to look at the organization's processes and audit them and their output as they occur, rather than audit compliance with the requirements of the standard. The new standard requires significant changes in auditing methods for both internal and external auditors. Auditing must now be more subjective and less objective, relying more upon questioning than hard evidence. This means opinions of an auditor are now more of factor than ever before.

A company wants to 'self-0certify' and they have objective evidence - possibly though internal audits and a compliance matrix - hey. Why not. I've seen plenty of companies with 'favourable' auditors/registrars which had no basis on which to be registered, not to mention compliant. I have seen a number of registered companies with major noncompliances that were simply too visible for the auditor to have missed.

Yes - it's a business whose real value is still questionable.

posted 05 April 2001 09:37 AM              

Well said.

All that I would add is that if you actually do use the standard, it is a pretty good document. The rest, including the registration process has largely become the cost of doing business.

posted 05 April 2001 10:14 AM               

My problem is this has become nothing less than a business cost. Companies are asking suppliers to be ISO registered, but when you ask them why it's another matter.

If I am supplying you good product and you're happy, ISO isn't going to make a difference. If I'm supplying you with garbage you won't care if I'm registered - you'll stop buying from me.

For those out there who assert that ISO does help, pray tell me how. But let's hear some details.

As far as continuous improvement, if a standard has to dictate that your company 'continuously improve', then - well, I think you have a problem anyway. Continuous improvement is nothing more than evolution of products and processes. Worse, the new standard is written such that audits will now be more of an auditors opinion as to whether you're continually improving. Oh, my! Talk about subjective!

Customer focus is another silly thing. Companies that do not will not - I cite the telecos. Typically customer focus is a large part of ever companies. Heck, how many of you work in a company where marketing is not constantly looking at what customers think. How many times have engineers gotten pissed with another hair-brained suggestion from sales that was rooted in one or more customers asking for a feature?

ISO 9001 is nothing more than a business of telling other businesses minimum Good Business Practices. It is sold as something that will '...Give others confidence in...' a company which is registered. Now - what does 'Give Confidence in..." mean? Confidence in what? Does this mean you will in some way 'trust' a registered company more than one which is not? Just what will you trust that you wouldn't with an un-registered company.

If I was seeking a supplier I would ask whether they were registered but if it was to be an important supplier I'd want to visit and see what they have. Less important? Maybe send me a copy of your systems manual. Buying copy paper? Couldn't care less about their quality system.

For a company to tell me they're registered means very little in reality. Them and how may other companies. Ask them what that will buy me and I'll get the same, tired sales pitch - "...We do things consistently!" or "...We have a customer focus!" Give me a break.

posted 06 April 2001 10:53 AM              

I think it boils down to visionaries enterprising on your #1 and #2 points and forming entities to line their pockets with the almighty dollar, and I am not buying it.

"Mother Q never raised such a foolish child."

I and several collegues have been discussing this at depth recently. We continually hear subjective terms like "degree of compliance" and "spirit of the standard" on various forums, in print and from trainers, consultants and registrars. We are fed up with this subjective outlook on a discipline whose very foundation is based on producing evidence and we have overwhelmingly come to the same conclusion:

1. The registrars (with VERY few exceptions)know little about the standard or how to interpret it. Collectively we have worked with 7 different ones.

2. The consultants and trainers know even less. (I can't count how many of these we have worked with)

3. Considering we know more than they do, WE are the experts. We can prove it and yes, we have the credentials, ASQ and RAB registered and all the documents to back it up.

4. It is time to start thinking "out of the box" and stop paying for useless training and useless certification audits.

I say if your customer requires certification, get your system in order, declare yourself certified to the ISO 9001 2000 revision, get a plaque for 20 bucks that says "ISO 9001 2000 certified" and hang it in your lobby. If they ask for a certification number, give yourself one.

You want a visionary? How about this, my buddies and I form a group and offer ISO audits for $250.00 per day plus expenses. If it doesn't clearly state that you have to do it in the standard, then your company doesn't have to do it. We audit for a couple of days and give them a cert. The cert is good for the life of the company. (because it does not say anywhere in the standard that your system must be audited by and outside auditor or registrar and makes no reference to the auditor of your system needing any credentials whatsoever.) Actually, we don't even have to go to the company. They can e-mail us their Quality manual, procedures evidence of internal auditing and continuous improvement data and we can mail them back a certificate. Yes you too can be ISO 9001 registered for a $1000 or less!

Now THAT is visionary!

The standard is good, but the rest of the system has become ridiculous.

posted 06 April 2001 01:08 PM              

Nah, no point.

Guess I am just "unregistered" at everything.

Don't take my posts so seriously guys and gals. I just like to question things I guess.

I do not mean to offend.

posted 06 April 2001 07:21 PM               

Forgive me if I missed an earlier point in one of your (and many other) posts.

The direction of your posts under the "Registrars & Registration" forum are directed towards ISO, do your comments also apply to QS-9000 3rd edition?

I think QS-9000 is more definitive (page 119) in defining who is approved to register companies to QS-9000. (ASQ)

I tried to use the web site posted in #34 on page 119 and guess what? It is a dead page.

Guess that is not a surprise.

posted 08 April 2001 08:32 PM              

My exposure to QS is much more limited than ISO. My understanding is that it is similar, yet much more specific, however someone is welcome to correct me if I am wrong. To my knowledge, there is nothing in the QS standard which requires an RAB registered registrar either.

Most of the registrars (and consultants for that matter) work with both QS and ISO and the auditors that audit both are probably equally subjective in their interpretation.

I had a post about a month ago and stated that I could not understand why ISO did not make the standard less subjective when they revised it to the 2000 revision. I have since come to realize that it really isnt that subjective, we have just been brainwashed into thinking that it is. It boils down to this. If it does not SPECIFICALLY state that you have to do it in the standard, you do NOT have to do it! I have been coerced before by registrars because when they are in doing a registration audit, you do not want to risk anything by challenging their "Interpretation". I have also challenged auditors concerning their "Interpretation" and have been successful.

Although I understand, nothing is completely black and white, I think as quality professionals, it is our duty to remove as much of the gray as possible.

I am done with interpretation, I want EVIDENCE!

I don't know if this answers your questions, but if you have anything more specific, let me know, I will try.

posted 09 April 2001 12:34 PM              

Secondly, Can one certify ones self? I know we all issued CofC's for product, but I also know that courts have said that a Cert of compliance is implied by shipping the product.

Being in business implies that you are working in your customer's best interest. i.e. good products, on time, and cost effective.

Any other "certification" is just so much extra.

I think of registration like baptism. "An outward sign of an inward change."

Happy to have found this board.

posted 09 April 2001 01:40 PM               

I just looked through my 9K:2K draft and I am very surprised that ISO didnt state a clear requirement regarding certification by a qualified body. Oversight? I would be interested to read any accounts of a challenge to that qualified body requirement.
Meanwhile, I see potential here for a new startup business (haha)

posted 09 April 2001 02:05 PM              

I alluded to it earlier in this thread and I will say it again, There is NOTHING keeping companies from self REGISTERING to ISO 2000 rev. If anyone sees different, show me EVIDENCE.

I am 100% confident that I could certify most small to mid sized companies(up to about 100 employees) for $1000 to $2000 and could provide evidence that the company met all the criteria stated in the ISO 9001 2000 rev. and I would never have to step a foot inside their facility.

Your info on QS is enlightening, maybe ISO will do something similar to further lock down their theiving Monopoly on quality registration in the next revision. Maybe in 2007 or so (because you KNOW that they are not going to hold to their own procedure of taking action to reaffirm, revise, or withdraw the standard no later than five years after publication)

Anyone ever stop to think:

Who audits ISO to insure they are following their own procedures? Is the RAB registered? Is your Registrar registered?

Just thinkin' out of the box.

posted 10 April 2001 07:19 AM               

I am not real sure but I think this was part of a PDF on ISO's site used to give an overview of 14000. The sentiment may be intended for 14000 only, but from the parodistic nature of the cartoon it would seem to be a general ISO perspective.

Just an observation.

posted 10 April 2001 12:00 PM              

I agree.

"Usually" says it all.

That means not always.

It does not say "SHALL BE accredited"

I say that is where my buddies and I come in. External, Independent ISO certification/registration for $2000, no need for an on site audit, registration good for the life of the company. Send me your evidence of conformance and the check, I send you your cert with my signature on it. FedEx, within 48 hours. Furthermore, I will provide proof that MY registration service IS ISO registered.

QS registration to be offered soon.

posted 10 April 2001 12:32 PM              

Page 5: "Conformance to QS-9000 will be evaluated using the process described in Appendix A."

Appendix A, pg 80: : "The customer shall determine the method of verification of conformance to QS-9000. The alternatives are:
* Second party (customer) assessment - refer to SQA.
* Third party (quality system certification body/registrar) assessment and registration (see appendix I)

It gets a little fuzzy at appendix I, however in the glossary I find:

Certification Body/Registrar: For this document, a certification body/registrar is a qualified organization accredited by anational accreditation body to perform.....

and

Accreditation Body: An organization with authority, typically from the national government, to accredit bodies such as certification bodies/registrars for quality system certification.....

Seems pretty cut and dry for QS anyway.

posted 10 April 2001 01:41 PM              

OK, OK, QS might be a dead issue, but I am still seriously contemplating the ISO part of it.

posted 10 April 2001 03:10 PM              

Be careful,

I am completely comfortable taking on the powers that be in the quality arena, but I have been doing it for almost 15 years. I also know of no one who can match me in arguing the ISO standards (both 1994 and 2000).

You have to keep in mind your business objectives and play the game. If your customers will accept a declaration of conformity then I say go for it. If they require actual registration, I do not think you have a choice right now but to go with an RAB registered registrar.

I would not want anyone to do something that is not in their best interest because of something I or anyone else has written on this forum.

Check with your customers first. If it is acceptable to them, then you can save yourself a lot of $$, If it isn't and you have to go the registrar route, get ready to pay because registration is site specific to all the registrars I have worked with.

Keep checking back though, I may just Give Randy (from the thread above) a call and we can start a non-RAB registration company up on both coasts (I am on the East Coast) and work our way toward the middle of the US.

Best of luck.

posted 10 April 2001 03:28 PM              

As long as you are not claiming certification to Q 9000-2000 it does not matter.

The ANSI/ISO/ASQ Q9001-2000 standard that everyone will be audited against has no provision that states you must adhere to Q9000. It only states "ISO 9000 and ISO 9004 have been taken into consideration during the development of the standard."

On the next page it references that it is "aligned with ISO 14001:1996" You don't have to adhere to any of that standard either.

The only actual requirements stated are contained in Q9001-2000.

What do you think?

posted 10 April 2001 05:14 PM               

MHO

posted 11 April 2001 10:31 AM               

First I want to say thanks for a great thread. This discussion is enlightening and I beleive evolutionary.

Second - I'm in the Midwest - want to open an office here??? LOL

posted 11 April 2001 01:20 PM              

Absolutely! I would say you are our VP of Midwest operations. Randy is obviously our West Coast VP, may as well make him CEO of operations also because he jumped in first.

Hey gang, after reading ISOGUY's posting on the $2000 dollar fee for his registrar providing a Certificate, I was thinking we may as well charge for that service too. How does $5 bucks sound? I figure that would make it about......hmmmm...... $4 profit?

So grand total for registration of a 50 employee company would be about $2004.00.

I figure anyone remotely familiar with the standard can go through the evidence in about 5 hours. 20% back into the business (for our yearly meeting in Maui)

How does $320.00 per hour sound to everyone for wages?

What do you think?

posted 11 April 2001 04:03 PM              

Share the wealth! I always say.

I am in the Northeast, but there is probably PLENTY to go around!

There is only one book that I feel is subject to interpretation. The ISO standard is not it. Good luck and be careful with the registrar, I wouldn't want you to get in trouble.

If it comes down to it, ask him where it states in the standard that it is subject to ANYONE'S Interpretation. It isn't.

Best of luck, if I can help, let me know.

posted 13 April 2001 04:59 PM               

Though I was a bit dubious about this whole idea at first, I've given it some thought and maybe you have a hit. I just may have to fight with Carol for the midwest market. But then again, maybe there'd be enough for two!

posted 13 April 2001 06:46 PM               

This is the hottest topic on the board!!

posted 16 April 2001 09:16 AM               

I am sure there would be for two!!!

posted 18 April 2001 08:43 AM               

- Self certification was discussed considerably during the mid and late eighties, as we now know those with the loudest voice convinced others that 3rd party certification was the only way to go.

- As early as 1987 the Federal Government was condsidering ISO-9000 as a replacement for MIL-Q-9858.

- MIL-Q was obsoleted in the nineties