A Registration Certificate...

[Sidney Vianna]

so I will be sure to update that in our wording.

In a previous post on this thread I linked another thread that claims you can have an ISO 9001 Certification from an IAF umbrella accredited CB and both the AB and the CB are, for a lack of a better term, a joke. So, the IAF “pedigree” is no longer a reliable standard in my opinion. They have allowed the market to spiral itself into an unreliable standard, despite all the marketing spin they promote. If I were requiring my supplier base to attain ISO 9001 Certification, I would limit the acceptable CB’s to those who belong to augmented scrutiny programs such as the IAQG ICOP and the IATF schemes. Even though your supplier might not be certified for AS9100 or IATF 16949, these CB’s are under higher level of scrutiny and are more “reliable” than fly by night scam artists.

 

[blackholequasar]

In my previous post on this thread I linked another thread that claims you can have an ISO 9001 Certification from an IAF umbrella accredited CB and both the AB and the CB are, for a lack of a better term, a joke. So, the IAF “pedigree” is no longer a reliable standard in my opinion. They have allowed the market to spiral itself into an unreliable standard, despite all the marketing spin they promote. If I were requiring my supplier base to attain ISO 9001 Certification, I would limit the acceptable CB’s to those who belong to augmented scrutiny programs such as the IAQG ICOP and the IATF schemes. Even though your supplier might not be certified for AS9100 or IATF 16949, these CB’s are under higher level of scrutiny and are more “reliable” than fly by night scam artists.

Oh! I meant to say, the link in your post wasn't working for me - but I did go and check out the core of what you were saying and it really is quite disappointing. I guess I had always kind of grown up in manufacturing thinking that ISO certification was a gold standard, but it looks like that has tainted.

I'm not sure how to hold folks accountable to it, you know? People can certainly preach at a pulpit and hold up an ISO cert, but in the end it comes down to the quality of what they're providing. Previously, our suppliers have been completely uncontrolled. We make things for military installations now that require a lot more attention to quality and traceability. Most of the time, ISO feels like a rubber stamp-of-approval. "Do they have ISO? Okay, they're good to go" and maybe that's not a great habit to be in.

 

[Jen Kirley]

Having spent something like 1,000 days doing the audits and hundreds more in pre & post audit activities (not including travel) I must say I am sad and disappointed to find my profession has lost its reputation. Not all registrars are on the same level, but in mine most of my associates really do care about providing value and helping organizations improve.

Auditor performance also varies for many reasons that I won't go into here.

The mills that don't show up are doing a lot of damage. There is a (very old) Quality Digest article that contains quotes from the person I previously referenced; he asserted he was innovative (didn't use that term) for doing virtual audits and that his customers really wanted them. Of that, I have no doubt. There really are organizations whose uppermost concern is getting the paper but without the bother of an actual, in person, in-depth review of controls and conditions. Those are the ones to be concerned about. Unfortunately it takes more than a certificate to find out what an organization is made of.

 

[jmech]

I'm not sure how to hold folks accountable to it, you know? People can certainly preach at a pulpit and hold up an ISO cert, but in the end it comes down to the quality of what they're providing. Previously, our suppliers have been completely uncontrolled. We make things for military installations now that require a lot more attention to quality and traceability. Most of the time, ISO feels like a rubber stamp-of-approval. "Do they have ISO? Okay, they're good to go" and maybe that's not a great habit to be in.

I agree that this is a challenge. I think there are at least two aspects to consider:
1. What do my customers (and my CB and/or government regulations, if applicable) require me to require from my suppliers?
2. What do I need to do to appropriately control the risks of nonconforming product from my suppliers?

Hopefully the first aspect is fairly clear - it ends up being the bare minimum for the applicable suppliers.

The second aspect is more complicated and depends on your assessment of the risks and mitigation options. What do you need to do to optimize your likelihood of getting conforming parts and/or catching any nonconforming parts before they get to the customer? For suppliers of some products, you might be able to rely solely on receiving inspection; for others, you may need ISO 9001 certification from a reputable CB and/or performance of your own on-site audits and/or other product verification steps (inspection, sacrificial testing, etc.).

 

[blackholequasar]

Having spent something like 1,000 days doing the audits and hundreds more in pre & post audit activities (not including travel) I must say I am sad and disappointed to find my profession has lost its reputation. Not all registrars are on the same level, but in mine most of my associates really do care about providing value and helping organizations improve.

Auditor performance also varies for many reasons that I won't go into here.

The mills that don't show up are doing a lot of damage. There is a (very old) Quality Digest article that contains quotes from the person I previously referenced; he asserted he was innovative (didn't use that term) for doing virtual audits and that his customers really wanted them. Of that, I have no doubt. There really are organizations whose uppermost concern is getting the paper but without the bother of an actual, in person, in-depth review of controls and conditions. Those are the ones to be concerned about. Unfortunately it takes more than a certificate to find out what an organization is made of.

I feel this so hard! I appreciate what ISO does, I want my processes audited and for people (including myself) to be held accountable. The company I work for now is very dedicated to quality and our CEO does have a good deal of dedication to the success of ISO in our facility. Seeing companies without those same values makes me question everything about what they are delivering me. If they don't care about having their processes verified and the growth of their company assisted through audits, then chances are they don't care if they're giving me good product.

I've always wanted to work my way up and into a position to work with a CB. But! I have no money for the education that it requires so I'll just follow it from my desk at the office haha

 

[Sidney Vianna]

I'm not sure how to hold folks accountable to it, you know?

Yes, I do know and have offered numerous suggestions over the 20+ years I have been contributing to this Forum. An example of my positioning can be perused at the Trusting ISO 13485 Certification of a Supplier... A Sad Story thread.

Any organization that wants to use a supplier ISO 9001 certificate as a component of the supplier approval & oversight process has to be prepared to engage with the supplier's CB, if and when the supplier shows not to be serious and sub-standard.

 

[jmech]

Any organization that wants to use a supplier ISO 9001 certificate as a component of the supplier approval & oversight process has to be prepared to engage with the supplier's CB, if and when the supplier shows not to be serious and sub-standard.

I would greatly appreciate improved CBs and greater accountability of CBs for their certification decisions. Engaging with suppliers' CBs seems like a good idea, especially if other organizations would do it (and I wasn't the supplier involved), but it's not likely to become common in the real world.

The problem is that engaging with the supplier's CB usually doesn't help the organization, except for maybe giving them remote hope that this will somehow drive the CB to improvement. Many of us who have dealt with CBs are cynical enough that we don't get our hopes up that they will improve.

If my supplier's nonconformance is small enough that I want the supplier to fix it and continue working with them, I'll work with them directly to get exactly the fix I want, and won't annoy them by involving a CB (who could overreact and suspend their certification and/or demand non-value-added corrective actions, both of which could hurt both the supplier and my organization).

Engaging with the supplier's CB will probably destroy the organization's relationship with the supplier, so I would not encourage my organization to do this unless we were absolutely sure that we never want to use this supplier again. Even then, I'd be careful depending on the power dynamics and risks of having other suppliers refuse to work with me because I reported one of them to a CB. I would have to expend effort/time/money to report the CB and I risk blowback for making the report; the remote chance at CB improvement is not a benefit that is worth these costs/risks.

 

[Sidney Vianna]

The problem is that engaging with the supplier's CB usually doesn't help the organization, except for maybe giving them remote hope that this will somehow drive the CB to improvement. Many of us who have dealt with CBs are cynical enough that we don't get our hopes up that they will improve.

Obviously, you are entitled to this opinion, but, anyone that thinks along these lines should NEVER have an ISO 9001 certificate demand from suppliers. There is absolutely no point in requiring something that you are not willing to challenge if and when it shows to be useless.

As I have reported many, many times, in the IAQG ICOP Scheme where the OASIS database facilitates feedback from organizations that are in the customer chain directly to CB's, ACCOUNTABILITY is maintained, because the CB's involved in the Aerospace Scheme DREAD having their accreditation suspended for failure to react to notices of certified supplier substandard performance without any reaction by the CB.
If a Management System certificate does not provide confidence to the customers of the certified organization, it is a meaningless certificate. If the users of such certificates don't want to engage with the providers of certification services, they are part of the problem.

 

[jmech]

Obviously, you are entitled to this opinion, but, anyone that thinks along these lines should NEVER have an ISO 9001 certificate demand from suppliers. There is absolutely no point in requiring something that you are not willing to challenge if and when it shows to be useless.

There are at least two points in asking for ISO 9001 certification from suppliers (while not solely relying on it):
1. It's a relatively easy way to (partially) meet my own ISO 9001 supplier approval requirements (and auditors from our CBs and customers like to see that our suppliers also have ISO 9001 certificates).
2. It shows that they have some sort of quality system. It might be crappy, it might be canned and barely implemented, but they have something and I have a basis of expectations that I can hold them to. If they don't even have ISO 9001 certification, they're probably not worth looking at as a supplier (unless there is some very special case), and if they lose it, we want to look into why.

In the general ISO 9001 scheme (outside IAQG and similar sector-specific schemes), there is no good mechanism for engaging with CBs. The only option is to send the CB a complaint (which will damage or destroy my relationship with my supplier) and involves the costs and risks I previously described but only a remote chance of any benefit. Why should I incur these costs and risks when the benefit that I can receive is so small and remote?

 

[Jen Kirley]

The only option is to send the CB a complaint (which will damage or destroy my relationship with my supplier) and involves the costs and risks I previously described but only a remote chance of any benefit. Why should I incur these costs and risks when the benefit that I can receive is so small and remote?

What makes you believe the supplier would know you were the entity complaining to the CB?

How would sending the CB a complaint about a supplier cost you if the supplier's performance is bad enough to complain about it?