What happens when a company loses ISO 9001 recertification?

John Broomfield

Leader
Super Moderator
Instead of using certification as your goal why not help everyone appreciate the value of your management system conforming to the system standards that you recommend and top management agree are valuable for keeping/making your business more effective or world class?

Dropping certification need not mean that your company is ignoring international standards.
 

Big Jim

Admin
I didn't see anyone else mention this point. One common reason for a major non-conformity is the auditor believed your system had widespread deficiency(s). When resolving the 2 audit non-conformances, it is not enough to correct the few specific examples identified in the audit report - you should re-audit your system to uncover and correct all similar deficiencies which were not uncovered in the limited time-frame of the outside audit. Your root cause investigation must go beyond the specific examples cited - as an example, why was form 1234 missing an approval signature - to the more fundamental question - what is missing from your document control process that forms missing approval got processed and no one noticed, no one questioned the missing approval (just as an example for this comment). In this way, you show leadership in addressing a systemic deficiency, if that is indeed the reason for the major findings.

Interestingly enough some CB have recently altered their nonconformance form to include showing how you explored the extent of the issue.
 

rogerpenna

Quite Involved in Discussions
Based on this response @rogerpenna , then I am at a complete loss as to why Top Management would have allowed the status of the ISO 9001 implementation (the effectiveness of the QMS) fall into such a state as being at risk of having the certification pulled.


Comment "1"...
1 - the ISO standard helped us achieve reduction in costs and lessen our risks in several areas ....

...is contradictory to your later comment...
"Which will mean that if Top Management think the cost of stopping some departments to do the external audits amid a crucial time (election year, our income is through the roof and nobody has time to spare) is worse than the cost of re-doing the certification."

The later comment causes me to believe top management does not really believe/is not committed to comment "1".

Be well.


I see no contradictions.

The ISO STANDARD can be followed even if you don´t have a certificate. You can do internal audits to maintain the standard. You must do external audits to maintain the CERTIFICATION.

There is a difference between a quality system standard and a certification.

Again, I said the ISO "standard" helped us achieve those things. Not the ISO certification. In fact, the ISO certification is useless to us, besides some pride. To avoid bias from internal audits, we could very well hire an external consultant to audit us to the ISO standard, in a more proper timeline, while at the same time telling bye bye to the certification.
 

rogerpenna

Quite Involved in Discussions
I didn't see anyone else mention this point. One common reason for a major non-conformity is the auditor believed your system had widespread deficiency(s). When resolving the 2 audit non-conformances, it is not enough to correct the few specific examples identified in the audit report - you should re-audit your system to uncover and correct all similar deficiencies which were not uncovered in the limited time-frame of the outside audit. Your root cause investigation must go beyond the specific examples cited - as an example, why was form 1234 missing an approval signature - to the more fundamental question - what is missing from your document control process that forms missing approval got processed and no one noticed, no one questioned the missing approval (just as an example for this comment). In this way, you show leadership in addressing a systemic deficiency, if that is indeed the reason for the major findings.

is this the correct thread??
 

rogerpenna

Quite Involved in Discussions
Instead of using certification as your goal why not help everyone appreciate the value of your management system conforming to the system standards that you recommend and top management agree are valuable for keeping/making your business more effective or world class?

Dropping certification need not mean that your company is ignoring international standards.

well, yes, exactly! Which is basically my explanation why I see no contradiction in my statements, as John Abnet found.


EDIT: in fairness, Abnet asked why my organization was ISO CERTIFIED. And my answer, in part, was more along the lines of "why our organization followed the ISO standard". So yes, if he reads all my points as "why my organization is CERTIFIED", then there are contradictions.

Maybe I should clarify that answer then.

-Historically, probably the first time the organization decided to get ISO, was because external audits, from which ISO depends, resulting in an official certificate, would have more impact on the employees, a sense of urgency, etc So instead of only following the standard, the decision was to get a certificate
- Historically, the ISO standard was a first step to get the PBQP-H standard, which is based on ISO 9001 but with higher requirements, more complicated. And we wanted PBQP-H because there was expectation, when it was created, that it would be a factor in the public bidding process in our country.
- As it became a flag of pride more than anything else, YES, we could let the ISO CERTIFICATION expire and keep the STANDARD for the good it does for our company. That's why I said it's a calculation of harm and costs... we are not calculation the cost of keeping the standard, which is invaluable to us, but the calculation of keeping the PRIDE FLAG of the CERTIFICATE against difficulties caused by COVID in the external audit process, difficulties in a proper timeline in a year that unlike the rest of the country and maybe the world it's being VERY GOOD for us (and next year should be worse), etc.
 
Last edited:

Kronos147

Trusted Information Resource
What happens if I lose my ISO certification for not doing the external audits?

Is this a question about doing audits at suppliers?

What does your system say? Does the procedure say something like "1 per month minimum" and you are behind\not doing it?

If so, an organization can do one of the following:
1) Open an internal corrective action and fix the issue
2) Discuss it in management review or a special meeting and allow for a 'deviation' from the process for a specific reason (low on resources, special projects, COVID-19), and plan to get back on course
3) Send an internal e-mail from the process owner to top management and all supplier auditors that you are re-vamping the program and the internal requirement is on hold.
 

rogerpenna

Quite Involved in Discussions
Is this a question about doing audits at suppliers?

no, no, it's a question about the certification body (Bureau Veritas Brazil) wanting to do the external audit in the next two months, and we wanting to postpone it to next year due to different factors.


actually, I got the answer to this question from BVQI itself after I inquired them. I wanted to know what it would be the cost in time+money to do a new certification instead of just re-certificate.

and yes, it's a much longer and thus expensive (in man hours) process.
 
Top Bottom