Choosing an ISO 9001 registrar with auditors familiar with our industry

[embedded]

Our current ISO 9001 registrar is great at finding problems (it pretty amazing they seem to always find issues, which is good as I want to know about them), but isn't familiar with our industry and seems to have some really strange opinions about how to run a business. The auditor speaks very matter of factly (comes across as a know it all), so this results in lots of debate when it appears they tell us what we need to do, but it doesn't make sense from a small business standpoint(e.g. you shouldn't be making any decisions without first collecting data, you should have a metric on every process in your business) or things that don't make sense in our industry(you need to calibrate all of your test equipment - we are in the electronics industry and use functional testing where the equipment is also designed in house or you need to have the drawings available for final inspection - that doesn't make sense to give them the board schematics)... Anyway, over the years we've worked with some really really great auditors, primarily from large electronics companies (GE and Ingersoll Rand). It was a night and day difference, one audit is full of debate about what the auditor suggested or wanted and us debating that doesn't make any sense for our business or our industry and the other audit isn't a debate but feels more like getting coached/mentored. One audit you leave hopeful and excited with new ideas you haven't thought of and the other audit ends with a headache and frustration... Needless to say we're looking for a new registrar auditor. We'd love to have an auditor that understands our industry(huge step forward as we'd be on the same page out of the gate), and ideally one that is more practical(understanding of small businesses) and has a less confrontational approach (e.g. Socratic Method). I've already contacted our auditor asking if there were other auditors and they told me we have the only auditor available in our state.

What would you recommend for finding a registrar that is a better "fit" for us? Keep in mind at the end of the day I want to learn more myself (I"m new to quality) and I want to drive improvements in our business without alienating others. The owner thinks ISO is something we have to do to work with big companies but it's silly, and having a registrar auditor like we have is only making this worse as other complain to him about what the auditor told them we need to do that made no sense.

 

[John Broomfield]

Update your registrar selection criteria to include:

1. Must have clients from our industry (i.e. our competitors)
2. Must offer resumes of their auditors for our review
3. Must deliver well-crafted nonconformity statements (seek examples)
4. Must not offer advice (seek objective evidence of system weakness instead)
5. Must protect our intellectual property (see 1 above)

Best of luck,

John

 

[Randy]

Just remember E-I-R and + to -...

I much prefer the small entity 2 - 100/200 over some of the places I go that can have 10K people working and electronics, your phone, laptop, server or any number of things may have been manufactured by places I spend a lot of time, including the silicone, and fancy metal thingies in the chips.

Finding an auditor that knows your business, especially if it's a smaller brick & mortar will be tough. I have what I consider to be some specializations and maybe unique fits, but alas, seldom do I get to work in them because other things come up and they might get someone as lost as a duck in a tornado.

Good luck with your quest.

 

[dsanabria]

Our current ISO 9001 registrar is great at finding problems (it pretty amazing they seem to always find issues, which is good as I want to know about them), but isn't familiar with our industry and seems to have some really strange opinions about how to run a business. The auditor speaks very matter of factly (comes across as a know it all), so this results in lots of debate when it appears they tell us what we need to do, but it doesn't make sense from a small business standpoint(e.g. you shouldn't be making any decisions without first collecting data, you should have a metric on every process in your business) or things that don't make sense in our industry(you need to calibrate all of your test equipment - we are in the electronics industry and use functional testing where the equipment is also designed in house or you need to have the drawings available for final inspection - that doesn't make sense to give them the board schematics)... Anyway, over the years we've worked with some really really great auditors, primarily from large electronics companies (GE and Ingersoll Rand). It was a night and day difference, one audit is full of debate about what the auditor suggested or wanted and us debating that doesn't make any sense for our business or our industry and the other audit isn't a debate but feels more like getting coached/mentored. One audit you leave hopeful and excited with new ideas you haven't thought of and the other audit ends with a headache and frustration... Needless to say we're looking for a new registrar auditor. We'd love to have an auditor that understands our industry(huge step forward as we'd be on the same page out of the gate), and ideally one that is more practical(understanding of small businesses) and has a less confrontational approach (e.g. Socratic Method). I've already contacted our auditor asking if there were other auditors and they told me we have the only auditor available in our state.

What would you recommend for finding a registrar that is a better "fit" for us? Keep in mind at the end of the day I want to learn more myself (I"m new to quality) and I want to drive improvements in our business without alienating others. The owner thinks ISO is something we have to do to work with big companies but it's silly, and having a registrar auditor like we have is only making this worse as other complain to him about what the auditor told them we need to do that made no sense.

First - talk to your registrar, request an auditor that has common sence, experience in a small electronic environment and one that adds value to your processes. If not - search for one that does - not sure where you are located but be mindful of travel costs.

 

[Randy]

First - talk to your registrar, request an auditor that has common sence, experience in a small electronic environment and one that adds value to your processes. If not - search for one that does - not sure where you are located but be mindful of travel costs.

It's not that simple and don't kid yourself. You'd think I would be the perfect fit for an audit involving the manufacturing of M1 Tanks with my being the only, ONLY, auditor with hands on experience as a qualified M1 Tank Commander, but NO, I've never set foot in the place in all this time, or with a helicopter manufacturer being the ONLY licensed A&P as well as the ONLY auditor with over 5000 crew hours in multiple rotary wing aircraft and 20+ years of helicopter maintenance. But because of industry codes and non-specificity of the work required there are many other people that do qualify.

On the other hand there is work I continuously get assigned because of the experience factor and an industry code that might create a unique situation that very few people can meet but I can.

It boils down to availability, industry codes (sometimes very broad) and other factors. It's a crazy business and world.

 

[Golfman25]

What you need is an auditor that keeps their opinions to themselves. I am not paying for "consulting." I am paying for auditing -- come it, do the audit, and leave so we can get back to business. Good luck.

 

[embedded]

I think there is a lot of confusion and debate that can be avoided if the auditor has familiarity auditing in a given industry - see my post here How do you know your test equipment is good? Functional testing and Golden Boards. I don't mean knowing the products we build, but having familiarity with best quality practices in the electronics industry. Having an auditor that understand functional testing, golden boards, etc would save hrs of debate if what we're doing is effective, when this is an industry standard practice.

I don't mind opinionated auditors, I had two that taught me a ton(black belts from large companies in our industry - I wish they'd come audit us more), the difference was they had really good suggestions, and they made if very clear when they were offering advice vs telling us what we have to do per the standard. If the auditor has bad advice(I know that's subjective) and they state it very matter of factly it creates a really confusing environment and make people think ISO is bad for business(our owner already thinks this and I'm trying to convince him otherwise) - that doesn't make any business sense yet ISO seems to be requiring us to do it as our auditor told us we need to do that. If helpful I think what makes sense for a huge company like Intel in regards to quality processes, probably does not make sense for a small company.

It sounds like we can look for other registrars and look at resumes, but at the end of the day it is risky as we don't know who our auditor will be so we don't know if they will be a better or worse "fit"... For me personally I want a less stressful audit next year, and I want people at my org to embrace ISO as a good thing we can use to help us improve as a company.

 

[Golfman25]

I think there is a lot of confusion and debate that can be avoided if the auditor has familiarity auditing in a given industry - see my post here How do you know your test equipment is good? Functional testing and Golden Boards. I don't mean knowing the products we build, but having familiarity with best quality practices in the electronics industry. Having an auditor that understand functional testing, golden boards, etc would save hrs of debate if what we're doing is effective, when this is an industry standard practice.

I don't mind opinionated auditors, I had two that taught me a ton(black belts from large companies in our industry - I wish they'd come audit us more), the difference was they had really good suggestions, and they made if very clear when they were offering advice vs telling us what we have to do per the standard. If the auditor has bad advice(I know that's subjective) and they state it very matter of factly it creates a really confusing environment and make people think ISO is bad for business(our owner already thinks this and I'm trying to convince him otherwise) - that doesn't make any business sense yet ISO seems to be requiring us to do it as our auditor told us we need to do that. If helpful I think what makes sense for a huge company like Intel in regards to quality processes, probably does not make sense for a small company.

It sounds like we can look for other registrars and look at resumes, but at the end of the day it is risky as we don't know who our auditor will be so we don't know if they will be a better or worse "fit"... For me personally I want a less stressful audit next year, and I want people at my org to embrace ISO as a good thing we can use to help us improve as a company.

Not to stray off topic, but if you want people/ownership to embrace ISO get rid of "ISO." Everything you do, ISO related or not, should have a valid value added business reason. If you ever have to say "the standard says," then you're in trouble.

 

[embedded]

I totally agree, but the problem is when I say we have to do it per ISO I can get certain things done otherwise I can't. As an example, we have to re-evaluate our suppliers per ISO. Right now we say we do this by monitoring on time delivery and ensuring they are above the goal(they can send us the wrong product and as long as they are on time we're OK with them). I'm advocating for us also tracking rejections by supplier(will require some work to setup a process), and when I bring this to ownership the answer is we'll do it if it's required by ISO, otherwise we don't want to spend the time and money. So am I better off saying yes it is required (as I'm confident this is an improvement for the business - I could argue from a risk based standpoint it's required), or saying no and trying to convince them why we should want to know rejection rate by supplier?

If helpful it's family owned business, where the kids of the owner run the business and they don't have any relevant experience, which may explain the odd predicament...

 

[Golfman25]

I totally agree, but the problem is when I say we have to do it per ISO I can get certain things done otherwise I can't. As an example, we have to re-evaluate our suppliers per ISO. Right now we say we do this by monitoring on time delivery and ensuring they are above the goal(they can send us the wrong product and as long as they are on time we're OK with them). I'm advocating for us also tracking rejections by supplier(will require some work to setup a process), and when I bring this to ownership the answer is we'll do it if it's required by ISO, otherwise we don't want to spend the time and money. So am I better off saying yes it is required (as I'm confident this is an improvement for the business - I could argue from a risk based standpoint it's required), or saying no and trying to convince them why we should want to know rejection rate by supplier?

If helpful it's family owned business, where the kids of the owner run the business and they don't have any relevant experience, which may explain the odd predicament...

Actually, under ISO you get to determine the criteria for evaluation and monitoring suppliers. So if your company is good with on-time delivery, then that's ok. You're making a big assumption with regards to monitoring rejections -- you assume it's an improvement. But how do you know. How many rejections to you receive? What is the impact on production/delivery? You're trying to use ISO to force a change that you have not made a business case for. You should start globally -- determine how many rejections you have and what is the impact, before creating an individual monitoring system. Let's just say supplier B sends you 80% of your rejections, but none have any impact on your business -- are you or can you even replace them? Worst thing you can do is force monitoring under "ISO" guidelines, and then have no follow up on "bad" providers.

I can tell you this. We monitor rejections because it is/was required by TS 16942. It is a complete waste of time. We are tuned in enough to know who is sending us what, what is getting rejected and why, and in many cases making a change is not worth the trouble. Just some food for thought.