Does BSI require suppliers to be ISO 9001 Certified?

imwilliam

Involved In Discussions
Morning,

A customer contacted me and told me that they'd just been through a "BSI Audit", something they went thru because they're now selling medical devices in Europe, and that one of the things that came out of that audit was that I, as a supplier to them, have to get ISO9001 certification.

I don't believe that 13485 requires that; as a supplier to this company, I have to be 9001 certified. Can anyone shed any light on a "BSI audit", I think it refers to British Standards Institute, and whether it actually requires that the suppliers of a US medical device company be ISO 9000 certified?

I'm a one man shop, I've looked at this ISO 9000 certification before and I'd really rather not do it, for a multitude of issues, some practical, some philosophical.

For what it's worth, my customer acts like they're being forced to require it of me and that they wouldn't bother with it if they didn't have to.

Any insight/advice would be appreciated.

Billy
 

Tidge

Trusted Information Resource
It's likely that your customer responded to a question (from the auditors) in the area of supplier controls; in such circumstances it is entirely possible that the manufacturer being audited simply agreed to implement some (trivial, for the manufacturer) requirement on suppliers of raw materials to be certified to something like ISO 9001. It is not uncommon for auditors to make specific suggestions like this, but it is more often the case that the medical device manufacturer responds to an auditor's particular question with something along the lines of "what if we required our suppliers to be ISO 9001 certified, can we avoid a finding?"

You can ask for more details from your customer, as it is possible that (your) specific certification is just a shortcut for the manufacturer to avoid having to do some other activities.

Working for a medical device manufacturer: I've worked with suppliers that couldn't get certified to tell time, but we still buy components from them... it's just that we have all the controls we need in-house to handle such components.
 

imwilliam

Involved In Discussions
Thanks for your responses Sidney and Tidge.

So any ideas about the best way for me to handle this?

Hard for me to imagine that the people I deal with there on a regular basis don't want to work with me anymore, I mean they wouldn't need an excuse to stop sending me work if they didn't want to, so I'm guessing this specific group isn't lying.

But it is a big company, most likely this is coming from someone in quality or compliance, or whoever dealt with the auditor. Quite possibly someone that doesn't even know the name of my company.

Is there something I can give to the people I work with that will allow them to push back against whoever's claiming the requirement?
 

Sidney Vianna

Post Responsibly
Leader
Admin
Is there something I can give to the people I work with that will allow them to push back against whoever's claiming the requirement?
The (13485) standard, which they are certified to, has no requirements for their suppliers to be 9001 certified. So, that is an undisputed fact.
If they claim to be a BSI mandate, they should be able to produce a verifiable copy of the document. And, obviously, BSI would not impose such policy as it would put them at a competitive disadvantage in the marketplace. Anybody who knows anything about the management system certification marketplace knows, without a shred of doubt, that certification bodies will not create any policy that makes their certification programs more restrictive than what is required by the accreditation rules.
 

yodon

Leader
Super Moderator
As *everybody* has (rightly) noted, BSI can't impose such a requirement. What I have seen is that if a supplier is considered "critical" and they aren't certified then BSI will audit them (on your customer's dime).

One other thought is that your customer may have boxed themselves into a corner by having in their procedures that suppliers are required to be certified.
 

Sidney Vianna

Post Responsibly
Leader
Admin
What I have seen is that if a supplier is considered "critical" and they aren't certified then BSI will audit them (on your customer's dime).
I believe this scenario would be in the context of a Notified Body oversight, not in the context of a “simple” ISO 13485 certification program. And, even then, there is no requirement for the critical supplier to be certified to any standard.
 

imwilliam

Involved In Discussions
I believe this scenario would be in the context of a Notified Body oversight, not in the context of a “simple” ISO 13485 certification program. And, even then, there is no requirement for the critical supplier to be certified to any standard.

Sydney, in what scenario would I be subject to this "Notified Body oversight" audit?
 
Top Bottom