• » Home
• » Your Needs
• » Products
• » Benefits
• » View Samples
• » Testimonials
• » Help

The ISO Certification
Process

 

In this Section:

• ISO Certification, Registration and Accreditation
• ISO Accreditation Bodies
• ISO Registrars
• ISO Auditors
• Considerations Before ISO Registration
• The Registration Process
• Publicizing Your ISO Certification

Other Introductory Sections:

• Introduction to ISO
• ISO Standards
• ISO 9000:2000 Standard
• ISO Quality Management Systems
• ISO Certification Process
• ISO Definitions

 

ISO Certification, Registration and Accreditation

Increasingly, European customers expect U.S. companies to have their quality systems certified (audited) or registered to one of the standards of the series. This involves having an accredited independent third party registrar conduct an on-site audit of the company's operations against the requirements of the appropriate ISO standard.

The terms certified, audited or registered are often times used interchangeably. For ISO purposes, certification is the same as registration. Once a company has passed an audit, the company is certified by that auditor and entered into an ISO directory or registered for a specific ISO standard.

Therefore, accredited registrars certify organizations through an audit process for registration in an official directory of companies that have passed ISO standards.

[ ^Back to Top^ ]

ISO Accreditation Bodies

ISO Member countries have organizations that are chartered to accredit Registrars. In the US, it's the Registrar Accreditation Board (RAB); in Canada, the Standards Council of Canada (SCC), and in the Netherlands, the Raad Voor Accreditatie (RvA).

The American Society for Quality (ASQ) established the Registrar Accreditation Board (RAB) in 1989. In 1991, ANSI and RAB joined forces to establish the American National Accreditation Program (NAP) for Registrars of Quality Systems.

On January 1, 2005, RAB and the ANSI-RAB NAP was replaced by the ANSI-ASQ National Accreditation Board (ANAB). ANAB accredits certification bodies for ISO 9001 quality management systems (QMS), ISO 14001 environmental management systems (EMS) and other industry-specific requirements.

These Accreditation Bodies publish the requirements that they set forth for Registrars to become accredited. These requirements generally follow other ISO documents. The Accreditation bodies regularly audit registrars' procedures, systems and audit practices to ensure they meet and maintain systems to the ISO requirements.

[ ^Back to Top^ ]

ISO Registrars

Their place in the system is to certify or register companies that meet the requirements of ISO 9001:2000. Registrars must meet the requirements of the ISO Accreditation Bodies. These requirements include things such as independence; Registrars cannot consult for instance. This system ensures uniformity in the registration process.

Finding ISO Registrars

Accreditation Bodies maintain directories of the Registrar organizations that they accredit. These directories are available on their websites. You can normally find these websites by doing a search on the Accreditation Body's name or initials.

A directory of registrars in the U.S. can also be found at the ANSI-ASQ National Accreditation Board website which offers access to a searchable database of accredited registrars in the United States.

In Canada, contact the Standards Council of Canada for a list of registrars. All other countries should consult the accreditation authority or member body for their country. Consult the ISO website for a complete list of ISO Member bodies.

Industry publications such as Quality Systems Update also list Registrars. Their website has a listing of Registrar's available in North America with website or addresse and phone numbers.

The Quality Digest Magazine conducts annual surveys of Registrar's clients and reports the customer satisfaction ratings in their July issue. This can be a valuable resource in selecting a Registrar suited to your needs.

Selecting ISO Registrars

Registrar qualifications are a key consideration. As you research Registrars you will notice that some appear to be very limited in scope just based on their names. Registrars must be accredited in a particular industrial sector in order for them to be able to certify a company in that sector. Some Registrars are accredited in several if not all sectors; others specialize in certain sectors. The best approach to evaluating a Registrar's qualifications for your industrial sector is to contact the Registrar.

After qualifications, price is always a concern. Be sure to evaluate the total cost including expenses, fees and the cost of surveillances.

Probably as important as price, within limits of course, is the overall experience a client gets with a registrar. Important areas to consider are the interpersonal skills of the auditors; the office support and ability to get questions answered; are the audits a value-added experience, will the Registrar work with you, how flexible are they in adjusting dates - how many weeks notice.

And make sure to talk to some of the Registrar's clients and review the Quality Digest articles on Registrars.

[ ^Back to Top^ ]

ISO Auditors

Auditors work for or contract to Registrars to perform registration assessments and surveillances. They are the "front line" in the process. The Registrars are responsible for ensuring Auditors meet qualification requirements. Their requirements include training in auditing, ISO 9001 training, and at least one member of the audit team must have experience in the industrial sector of the company being audited.

Verify credentials. If a person claims to be certified as an ISO 9000 lead auditor, ask to see proof of his or her certification. Make sure the certification is current by checking the expiration date. Facts about ASQ's certification are available via the ASQ website.

Auditors collect the objective evidence demonstrating the effectiveness (or lack thereof) of the company's quality management system and make registration recommendations to the Registrar. The Registrar has the ultimate decision, however.

Considerations Before ISO Registration

Ensure that your system is fully implemented, procedures are being followed and records are maintained. Conduct both an internal audit and a management review noting any exceptions before the registration process begins.

• Internal Audits Use internal audits to ensure your system is in place. Make sure your records show all elements have been audited at least once.
• Management Review Conduct at least one Management Review and ensure records (meeting minutes for example) are maintained showing all required items were discussed and appropriate action items assigned.
• Exceptions If you have any exceptions, make sure they are noted with appropriate rationale in your Quality Manual.

[ ^Back to Top^ ]

ISO9000 Registration Process

The ISO9000 Registration Process is fairly straightforward. Normally, the Registrar is selected while the system is still being developed and implemented. The Registrar will communicate any specific requirements that they may have or that the Accreditation Body may have imposed. Typically, the Registrar's requirements clarify their expectations regarding implementation. For instance, a complete round of internal audits and a management review meeting must be held before the registration assessment.

When the Registrar is selected, target dates for the registration assessment are usually set. As the date approaches, usually one or two months in advance, the Registrar should be contacted to commit to firm dates. Obviously, the state of implementation of the system must be considered in setting the dates. The availability of key personnel in your company and the availability of auditors on the Registrar's side both influence the final dates selected.

The number of auditors and the number of days of the registration audit depend on the size and complexity of your organization. The Registrar usually communicates the total time in the quotation. This is reaffirmed and the number of auditors to be used is defined when the firm audit dates are set. When more auditors are used, the duration of the audit is shorter, for example, one auditor for four days or two auditors for two days. Keep in mind however, that each auditor will require an escort.

The registration process itself consists of six basic steps:

1. Application or Contract

The application also may be called a contract. It defines the rights and obligations of both parties including:

• The registrars access rights to facilities and information
• Confidentiality issues
• Rights to appeal or file a complaint
• Instruction on use of registration certificates
• Conditions for terminating the application

2. Document Review

The Registrar will require a copy of your Quality Manual, implementing Quality Procedures and Reports and Forms for a Document Review.

The Document Review is a desk audit of your system to verify all requirements of the ISO9001:2000 standard are addressed. The Registrar will notify you of any corrections to the documentation that may be required before the Registration Assessment can be conducted.

3. Preassessment

Most Registrars require a Preassessment; others offer it as an option. The Preassessment is an initial review of your Quality Management System to identify any significant omissions or weaknesses in the system and provide your organization an opportunity to correct any deficiencies before the regular registration assessment is conducted.

NOTE: Only one preassessment may be conducted and Registrars CANNOT provide consulting or advice on system implementation. Evaluating the quality system and documentation to meet ISO requirements is allowed but registrars cannot provide guidance on how to implement a quality system.

4. Assessment or Audit

In conducting the audit, the auditors follow ISO 10011. The lead auditor will provide an audit schedule or plan in advance of the audit. This allows personnel to schedule their time appropriately to ensure they are available at the appropriate times.

In general, the flow of activities during the audit is as follows:

1. Opening Meeting. An introduction of the audit team and key personnel in your company. The scope and general approach to the audit is discussed. This is also the time to question anything that is unclear in the audit schedule and communicate any last minute changes to the system or schedule.
2. Brief tour of the facility. Keep it brief, the auditors just want to get a general feel for the layout and processes involved. This may also be done at the preassessment.
3. Additional review of documents. Audit team members review documentation for areas they will audit.
4. Examination. The audit is conducted, personnel are interviewed, and objective evidence is collected to show the system has been effectively implemented.
5. Daily review. At the end of each day or the beginning of the next, the audit team reviews any issues identified during the assessment. Potential findings or nonconformities may be clarified at this time.
6. Closing Meeting. The audit team states their conclusions regarding the audit and presents any findings or nonconformities that were identified along with any observations they may have.
7. Audit Report issued. Within a few weeks of the audit, the Registrar issues the audit report. The report generally restates what was discussed in the closing meeting.

During the audit, if the auditors find anything that does not meet with the requirements of the ISO standard or that does not meet the requirements of your procedures, they determine the severity and issue a finding. Audit findings are usually called nonconformities and fall into one of two categories depending on severity.

• A Minor Nonconformance deals with minor infractions of procedures or minor failures of the system in meeting the ISO 9001:2000 requirements. These will not hold up your registration.
• A Major Nonconformance deals with issues where nonconforming product is likely to reach the customer or where there is a breakdown in the Quality System that results in the system not being effective in meeting the requirements of the standard. This will hold up your registration.

The primary difference to you between a major and minor nonconformance is that your registration cannot proceed until all major nonconformities are closed and verified by the Registrar. This usually involves a re-audit of the involved areas and, of course, the associated costs. Minor nonconformities require a corrective action plan and they are closed at the first surveillance.

5. Registration

After the audit and report are completed, and all nonconformities are addressed as appropriate, the company will receive a registration certificate that identifies the quality system as being in compliance with ISO 9001:2000.

The company will also be listed in a register maintained by the third party registrar. The company may publicize this registration and use the third party registrar's certification mark in advertising, letterheads and other publicity materials but it cannot be used on the actual product itself.

6. Surveillances

After you are registered, the process doesn't end. ISO 9001 certification is not a one-time activity. Achieving certification means that you have developed, implemented and are maintaining a quality management system that minimally meets the requirements of ISO 9001. To ensure the system is maintained and changes don't result in deficiencies in the system, Registrars perform regular surveillances of your system.

Generally, every six months to one year, depending on the company size and your Registrar, surveillance is conducted. The surveillance is similar to the registration assessment only smaller in scope. Not as much time is spent and only a portion of the ISO standard is covered. Over the three-year period of your certificate, the surveillances cover all elements. Nonconformities are handled in the same manner as the registration assessment.

[ ^Back to Top^ ]

Publicizing Your ISO Certification

The International Organization for Standardization website has detailed explaination on publicizing your ISO 9001:2000 or ISO 14001:2004 certification. Also available as a PDF document, this section contains useful information on using your certification for advertising or public relations. For example, you may not use ISO's logo or trademarks. A number of different rules and restrictions apply so it is important to read this document before you broadcast your certification to the public.

QSU Publishing Company publishes the ISO 9000 Registered Company Directory, North America, on CD-ROM. This fully searchable tool gives you instant access to essential quality certification information on over 48,000 companies in the US, Canada and Mexico, including:

• Company name, address, phone and fax
• Standard under which company site is registered
• Name of registrar performing the assessment
• Scope of company's registration
• Effective date of registration and certificate number

To be listed with QSU Publishing Company, certified companies and/or registrars can print, fill-out or mail/fax a MS-WORD form to QSU. Your company will be featured in their Registered Company Directory and Quality Systems Update and/or The Environmental Management Report. The deadline for submission is the 1st of every month.

Mail / Fax To:
Attn. Scotty Hoopes or Andrew Hadfield
QSU Publishing Company
3975 University Drive, Suite 230
Fairfax, VA 22030
Phone: 703-359-8464 or 703-359-8463
Fax: 703-359-8462
Or E-mail the form to shoopes@qsuonline.com

Next: ISO Definitions

 

[ ^Back to Top^ | Back to ISO 9001 QMS ]

Copyright © 1999-2008 Bizmanualz, Inc. All Rights Reserved | Privacy | Sitemap | About Us | Policies and Procedures Home

---

Best Deals | Procedures Manuals | Process Training | Process Improvement Consulting
Accounting Procedures | Finance | Human Resources | Computer & IT | Sales & Marketing | Security & Disaster | ISO Quality
Employee Handbook | Construction Policies | Medical Office | Non-Profit | Banking | Software Development | Procedure E-Books