Working as the ISO Administrator for a small company that is seeking to become ISO 9001 certified. They are owned by a parent company, and this parent company provides some support. However this parent company is not ISO certified. I have never seen this come up before and am concerned that this could become an issue when it comes time to get certified. I've always seen it where if a company receives support for a process, they want to see audits from the providing company that shows that support being given. Do you think this will be an issue?
ISO Cert and Parent Company is not Certified
- Thread starter crhoads
- Start date
Welcome to The Cove.
What are the processes that are "outsourced" to /performed by the parent company?
What are the processes that are "outsourced" to /performed by the parent company?
The system of a subsidiary company can gain accredited certification.
But you may need a Service Agreement to govern whatever the parent company does for your system. The SA specifies the services required and is signed off by a properly authorized person. The SA is used as criteria for monitoring and audit and is subject to review and improvement. These controls are included in the SA itself.
But you may need a Service Agreement to govern whatever the parent company does for your system. The SA specifies the services required and is signed off by a properly authorized person. The SA is used as criteria for monitoring and audit and is subject to review and improvement. These controls are included in the SA itself.
Tagin
Trusted Information Resource
Just my opinion: I don't see it as a problem - it seems that the parent company is providing outsourced services, unless you mean something different by 'support'.
As long as you don't make it part of your ISO policies that entities providing outsourced services must be ISO certified, then you only need to address it via however you address 9001 8.4.
Edit: remember that your ISO scope statement will set the boundaries of what is included in your ISO certification. Everything else (including the parent company) is external to that boundary.
ChrisM
Quite Involved in Discussions
What Tagin said; I've known of companies that have ISO9001 certification but the parent company does not. Draw the boundary around your system well, and make sure that the parent company complies with the relevant procedures etc that you draw up for selecting, supporting and controlling external suppliers
Considering that you might look at the parent company as being the provider of outsourced processes / products, you should make sure that your arrangements meets the requirements of "8.4 Control of externally provided processes, products and services ", especially "8.4.2 Type and extent of control". The control you might need to exert on the parent company might raise issues.
Randy
Super Moderator
Yep, 100 times and it's no big deal