Self-Certification Is Not a Real Thing - an IAF article

R

Reg Morrison

#1
Every once in a while we hear of a company that claims to have a self-certification to ISO 9001 ? or some other management system standard. The company ?certifies? that its organization conforms to the requirements of ISO 9001. It sounds pretty good until you start to ask what this self-certification actually means.

For a quality management system (QMS) to be considered certified, the certificate must be received from an independent, accredited certification body upon completion of an assessment against specific documented criteria. It?s possible to be certified by an unaccredited certification body, but these certificates are of questionable value since they don?t carry the backing of an accreditation body. (More about this later.)

read more.....
 
Elsmar Forum Sponsor

Big Jim

Trusted Information Resource
#2
Every once in a while we hear of a company that claims to have a self-certification to ISO 9001 ? or some other management system standard. The company ?certifies? that its organization conforms to the requirements of ISO 9001. It sounds pretty good until you start to ask what this self-certification actually means.

For a quality management system (QMS) to be considered certified, the certificate must be received from an independent, accredited certification body upon completion of an assessment against specific documented criteria. It?s possible to be certified by an unaccredited certification body, but these certificates are of questionable value since they don?t carry the backing of an accreditation body. (More about this later.)

read more.....
Thank you for bringing this up.

I occasionally run into companies that either claim to be certified to a CB or dubious status, or companies that claim to be complaint.

The ones that claim to be certified but it has been done by a CB with dubious accreditation or no accreditation have been duped and discover that their certification is of no value only after one of their customers tell that that their certificate is bogus.

Most nearly all of the companies that claim to be compliant are just pretenders. For the most part they are not fooling anyone, usually not even themselves.
 

normzone

Trusted Information Resource
#3
I tell my peers that while compliance is easy to claim, it's just as much work to maintain.

If a supplier claims compliance and is auditable with no worse of findings than I would expect from a certified organization, all is well and good. That's rare though.

As I understand it, the only reason to do compliance without certification is to save the expense. I can understand that argument for small organizations.
 

Marcelo

Inactive Registered Visitor
#4
It?s interesting that there?s no mention on the NEED for a certification, and the text seem to imply that certification is good by itself (well, it comes form IAF, anyway). I?m not against certification (I think it?s very valuable in fact), but I think most of the problems come from a basic misunderstanding from companies on WHY a certification is needed (and there?s cases in which a certification is clearly not needed).
 
P

pldey42

#5
Perhaps the core elements of the IAF piece are these:

"There is no such thing as self-certification. It?s just an attractive catchphrase with no substance. There are also organizations that self-declare that they are ISO 9001 compliant. This phrase is at least not dishonest."

And

"Without the certification body, there?s no unbiased appraisal and no evidence that a thorough assessment has even been conducted by competent individuals. Bottom line: There is no such thing as self-certification. It?s just an attractive catchphrase with no substance."

The author - a certified lead assessor - quotes no evidence for this second statement. One wonders whether it's a statement of belief or the result of having audited a sample of self-certified organizations.

The thrust of the piece is that organizations that self-certify are dishonest, and that's objectionable without hard evidence.

The substance behind self-certification is simple: some clients - including substantial chunks of the British Government - will accept self-certification, treating it like an assurance. Whether that's right or wrong is a different debate, but they do it, so for many, self-certification is the way to go. Not only is it cheaper, you don't have strangers wandering around asking questions and writing findings that might, or might not, be useful. If you are confident in your own governance, why bother?

It's not just small companies either. Large organizations self-certify too; the idea that since they're large they can afford to is a myth. It's not so much the money, it's the organizational turmoil that poor auditors and findings can cause - evidenced to some extent by some of the questions here at Elsmar.

According to the Oxford English Dictionary, to certify is "to formally attest or confirm."

Neither ISO nor the IAF can claim the sole exclusive right to use words from the English Dictionary, whether Oxford, Websters, Longman, or Chambers.

To claim self-certification might be disingenuous, misleading possibly, but dishonest? No. Dishonest is claiming accredited certification when you don't have it.

Some indeed do claim self-certification, knowing they'll mislead ignorant clients. But like any claim, until one looks behind it, one does not know if it can be substantiated or not. Nor is there evidence that all claims of self-certification are dishonest, because they aren't.

Several years ago the Board of the company I worked for fired its CEO and brought in a new one. He looked at my plans for getting us certified to ISO 9001, promoted me from something that sounded junior to Quality Director, reporting to the CEO - and said, "Pat, we're going to do everything we have to to get Certified - except we will not call in the auditors." He did not trust them, did not believe they were competent enough (he wasn't wrong; we'd had visits from two auditors from a leading accredited CB, one incompetent, the other fine). He had learned quality with Crosby and knew it well, I had learned auditing from the SEI, different style from ISO but ok, and the CEO demanded independence of mind from me - which won me few friends at work, and that was fine too. Had we gone ahead and claimed self-certification (we didn't because I had evidence we were missing key elements like contract review, planning and design review) and had I been accused of dishonesty, I would have been insulted.

Over the last seven years I've taught monthly accredited lead auditor classes in the UK. There are many companies and government institutions over here that have many, many customer requirements, some for formal certification, some for things like "treat patients and cure them" and "don't lose confidential data," and many for assurances regarding quality and information security that welcome formal certification but do not mandate it. Due to European "austerity" they are very low on funds. They can't do everything. So many self-certify - they "formally attest or confirm" that their system conforms with ISO 9001, or ISO 27001. Sometimes, their internal auditors were on my courses to learn the formal audit methods that we use in the ISO world; most passed the exam with grades commensurate with those of people entering the accredited certification world. So, contrary to the IAF writer, I have anecdotal evidence that self-certifying auditors are competent to the extent that they can pass an accredited lead auditor exam. My feeling for many of them, not all, but many, was that they would do as good a job as a CB assessor, because they knew their stuff and had personal integrity.

Middle managers, faced with too many targets, sometimes decide to forgo accredited certification. They knowingly take the risk, agree that it's not perfect but say that other programmes (e.g. caring for patients) take priority.

Some of these self-certifying organizations were short of cash due to bullying by either politicians or sociopathic commercial managers. The IAF should target these people, not the auditors doing their best in difficult circumstances.

If there are so many self-certifications, sufficient to warrant this kind of treatment, maybe they're an indication that the claims made by the accredited certification industry lack sufficient evidence of adding value and auditing itself effectively, all of which was taken as an article of faith in the IAF piece.

I think that while formal accredited certification has a useful function for some, it needs to improve its game in providing evidence it works and an open system of governance in the accreditation system. The recent ISO survey was not nearly enough because all it said, really, was that lots of people use ISO systems; it did not say how much quality had been improved as a result, or by how much exposure to security risks had been reduced.

Accusing hard-working people who choose not to use accredited CBs of dishonesty is shameful.

Just my 2c,
Pat
 

Illek

Involved In Discussions
#6
I have reviewed several suppliers for vendor audits. Suppliers that are "compliant" sometimes are more reliable than the "certified" suppliers. Some "certified" companies seem to think now that thy have the certification their wall they are done with AS/ISO until the next CB audit. The supplier may start off as being higher risk since they are not certified but prove themselves through performance. I am not saying certification is bad just that not some "certified" companies undermine the process too.
 

Marcelo

Inactive Registered Visitor
#7
I think another aspect of the problem is that many people fail to understand (or ignore on purpose) that it?s their responsibility to assure compliance, not the responsibility of any certification or assessor body.

Too many times people tend to think that, if they passed an audit, they are compliant - this is not true. An audit is a sample, and thus only scratches, in this case, the QMS. It may show that you have problems, but you may also have a lot of problems and pass an audit. Even so, it?s the responsibility of the one implementing the standard to be compliant.
 
Last edited:

Sidney Vianna

Post Responsibly
Staff member
Admin
#8
Too many times people tend to think that, if they passed an audit, they are compliant - this is not true.
How true, Marcelo. I've said it here before, but in my experience audit results are much more dependent on the auditor than the system being audited. The same system being audited by different auditors with different levels of competence would end up with different audit results.

When we see so many times people boasting that they went through audits with zero nonconformities, it makes me wonder: What is this organization's customer satisfaction performance? Do they have any product returns? Do they have product failures?

Any organization who has quality problems* and zero external audit nonconformities should realize they are not getting their monies worth with their auditors....

*How would they know if they have quality problems? Their customers are telling them.
 
Last edited:
#9
I have reviewed several suppliers for vendor audits. Suppliers that are "compliant" sometimes are more reliable than the "certified" suppliers. Some "certified" companies seem to think now that thy have the certification their wall they are done with AS/ISO until the next CB audit. The supplier may start off as being higher risk since they are not certified but prove themselves through performance. I am not saying certification is bad just that not some "certified" companies undermine the process too.
This is true. We have to be careful that ISO 9001 - or any other standard - isn't a supplier performance based standard or guarantee. It merely provides for a set of basic "blocking and tackling" on which to start a supplier agreement.


Certification doesn't mean you won't have problems (you may be certified too, but still cause your customers to be concerned). There's a fundamental principle which is often overlooked which is having a QMS meeting ISO 9001, it so you can avoid costly supplier development! I understand that a CB auditor MAY not know exactly how effective a calibration programme is, but as a Supply Chain Quality Manager (in the dim distant past) I shouldn't have to hand hold a supplier through this basic practice - as I have done! Same for all those other things!

Until people have lived through the nightmare of having 5 pcb suppliers who never did a risk/capability analysis on a single pcb design before making it, so that EVERY delivery was wrong and trying to work with them (it was almost impossible) and then finding a new one who did it right, it will be tough to truly understand how much easier it is when a supplier at least understands what their customer is talking about! The resulting benefits were huge too!

ISO 9001 and certification isn't an end to supplier problems. It was never intended as such.
 

Big Jim

Trusted Information Resource
#10
One of the big tell-tale signs that a company truly has an effective quality management system is from their Quality Objectives/KPI.

If they have difficult to understand and track objectives, they are far from having and effective system.

If the objectives make sense, are easy to track, and known by the whole company, they are on their way.

When the results of these metrics are stellar, and they are honest, They have arrived.

I take great pleasure in auditing companies that have 99+% customer satisfaction, almost no rework and customer returns, and have not had a late delivery in several years.

The likelyhood of them getting there without using ISO 9001 (or a related standard) gets pretty slim.

It is painful to audit a company that really doesn't know where they are or what they want, and certainly don't have any idea of how to get there.
 
Thread starter Similar threads Forum Replies Date
M CE self-certification for Class I device (face mask) EU Medical Device Regulations 9
K ISO 13485:2016 Self Certification for Class I (annex 9) Stand-Alone Software? ISO 13485:2016 - Medical Device Quality Management Systems 3
A R2 Certification vs Self Declaration to ISO 14001 and OHSAS 18001 ISO 14001:2015 Specific Discussions 3
D Self-certification of LVD Electronic Device & Charger CE Marking (Conformité Européene) / CB Scheme 4
S ISO/TS 16949 and/or ISO 14001 Self-Certification IATF 16949 - Automotive Quality Systems Standard 14
kmyers CE Training that is offered about Self Certification CE Marking (Conformité Européene) / CB Scheme 2
A CE Marking - Is self-certification OK? CE Marking (Conformité Européene) / CB Scheme 3
V Self Certification & Self Issued Certificate? ISO 14001 ISO 14001:2015 Specific Discussions 22
F Is there a proper protocol to follow for Self Certification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
O Self Proclamation of ISO 9001 Certification and Compliance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 72
S Supplier Self certification - DCX Forever Requirements supplement IATF 16949 - Automotive Quality Systems Standard 2
A Certified to ISG 9000 - A 'Self Certification' Scheme Registrars and Notified Bodies 5
M Informational US FDA – Ear, Nose, and Throat Devices; Classification of the Self-Fitting Air-Conduction Hearing Aid Medical Device and FDA Regulations and Standards News 0
K Intended Use-Class I Self Certified - Intended Use and Indications for Use statements EU Medical Device Regulations 1
Ed Panek Part 11 Self Certify Memo - What else should it cover? Qualification and Validation (including 21 CFR Part 11) 5
M Informational TGA Consultation: Review of the regulation of certain self-testing IVDs in Australia Medical Device and FDA Regulations and Standards News 0
J Good Documentation Practices Self Test? ISO 13485:2016 - Medical Device Quality Management Systems 6
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
MichaelDRoach Oganization's Self Declaration of Conformance to ISO 28000 wording example wanted Supply Chain Security Management Systems 1
M Medical Device News TGA – Regulator Performance Framework: Self-assessment Report, July 2017 to June 2018 Medical Device and FDA Regulations and Standards News 0
A Selling CE marked self-test in Malta - any additional requirements? EU Medical Device Regulations 0
M CE self-certify, or needs testing by 3rd party? CE Marking (Conformité Européene) / CB Scheme 12
M Notified Body Involvement with Self Declared Products EU Medical Device Regulations 7
S Help: Need Control Self Assessment Questionnaire for HR Departmental Functions Process Audits and Layered Process Audits 0
T IVD - Self Declaration - Technical File - Template wanted Various Other Specifications, Standards, and related Requirements 9
R Documenting Self-Training and Effectiveness - ISO 13485:2016 Training - Internal, External, Online and Distance Learning 4
S ISO9001:2015 and ISO14001:2015 Readiness/Self Evaluation Checklists wanted ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
N MDD Class I Medical Device Self Declaration Articles/Supplementary Documents EU Medical Device Regulations 1
A Self-study plan to improve fluency in English speaking, writing After Work and Weekend Discussion Topics 3
Crusader Interval for Self-Calibrating Measurement Device? Calibration Frequency (Interval) 15
T Transition Time for Self Declared IVDs EU Medical Device Regulations 3
Z IVD Self Test Pregnancy - Assessment Route? EU Medical Device Regulations 5
S Anyone know the self-selection study for home use medical device Other US Medical Device Regulations 2
D Off-Label Self Promotion - What to do EU Medical Device Regulations 3
B Own Brand Labelling and Distributors - Self Test IVD's EU Medical Device Regulations 3
S Creating goals and objectives with targets and measurables for self-evaluations Management Review Meetings and related Processes 2
C Help with Risk/Benefit Analysis Self-help Device for Diabetics ISO 14971 - Medical Device Risk Management 3
B Self Contained Biological Indicators as internal PCD Other Medical Device Related Standards 2
T Self Declaration for CE Class I, Non-Invasive Medical Device EU Medical Device Regulations 10
T Should a supplier self assessment form be a controlled document? Document Control Systems, Procedures, Forms and Templates 9
C Vendor Self-Survey to Qualify Vendors/Suppliers - AVL Question ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
S Annex III self declared IVD to be in use with Annex II List B IVD EU Medical Device Regulations 1
S SAE AS9015 Supplier Self Verification Process - Delegation Programs. AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
B FDA Product Classification - Self Treatment Software Applications 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
P Changing from contract manufactured to self manufactured 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Marc Ford - Self-parking technology called Fully Assisted Parking Aid World News 1
L IVDD 98/79/EEC - Can I self declare? EU Medical Device Regulations 2
P ISO/TS 16949:2009 Compliance - Self Declaration Audit IATF 16949 - Automotive Quality Systems Standard 4
B CCNA (Cisco Certified Network Associate) Self Study Help? Professional Certifications and Degrees 3
T ASQ CQA (Certified Quality Auditor) - Self - study help Professional Certifications and Degrees 3
Similar threads


















































Top Bottom