Fakes, Frauds and Cheapsters – Navigating the Maze to Find Reputable ISO Providers (Part 1)
Obtaining ISO certification from a JAS-ANZ registered certification body tells your customers and the community that you have been assessed by a reputable independent body as meeting an internationally recognised standard of excellence. Ultimately, it is this reputation that can allow you to gain a significant competitive advantage in your market through achieving certification.
Unfortunately, more and more, I see companies ISO 9001認證 selling themselves and the industry short through a lack of understanding of the different grades of players in existence in the very competitive marketplace of ISO certification. All providers are not equal and, sad to say, not all are ethical.
Read on for some tips on emerging unscathed from encounters with lower quality and unscrupulous providers.
Part 1: Beware of offers of super quick and cheap ISO system development (especially INCLUDING certification)
When you are looking at organisations to assist you to set up your ISO system and to get certified, you need to be beware of offers that appear to be extremely quick, much cheaper than other providers or simply too good to be true.
Quote from the article Beware of Quick ISO 9001 or APIQ1 Certification Offers “it’s highly improbable that anyone can deliver on this promise.”
I have summarised below what I believe are the best tips around this issue.
Tip 1: “Buying” certification: the risks
There are some organisations out there that will almost let you buy your ISO certification after spending a matter of days to “develop” a system for you… but… the resulting system may well turn out to be worthless or a costly mistake for the following reasons.
The real story:
The only real way an organisation can offer to provide an ISO system (sometimes including certification) at a super cheap price is by having created a “1 fits all” generic manual with policies and procedures that, by their very template nature, cannot hope to match your actual operating environment and will not work unless significant time (read: your cost) and energy is spent customising them.
Tip: One of the warning signs is when there is no offer for a consultant to assist you to implement the system, in which case it will then fall to you the client to work it all out after your “system” and “certificate” have been delivered in a large binder.
Also, in general, the only way a company can include “certification” in that very cheap price is (best case) by using a non-accredited certification body or (worst case) using a false certificate.
NB I am not here referring to reputable companies who bundle consulting and certification from two different entities into a competitive price. The key word here is “reputable”.
Using non-accredited certification bodies or false certificates.
The bad news:
Most customers, and particularly government organisations, who insist on ISO certified and/ or compliant suppliers will not recognise a certification unless it is from a certification body accredited by JAS-ANZ. So if your tender has external certification as a prequalifier, your certificate will be checked by the tenderer. If they find the certification body is not accredited by JASANZ, you will not only be ineligible for that tender but may also be discredited as a future applicant.
The good news:
Many customers (except large corporations and government departments) are happy with a “certificate of compliance“- especially as a starting point. This can be a very cost-effective alternative to external certification while you are testing out the ROI on your compliant system in the market. You can always get externally certified in a short timeframe if you maintain your compliant system after it has been implemented.
What’s a “certificate of compliance”?
You need to understand the difference between a “certificate of compliance” and a “certification” to an ISO standard as provided by an approved certification body.
A company or consultant can legitimately provide you, as ICS frequently does, with a (in our case- free) “certificate of compliance” after a sample audit of your system by a registered auditor. This basically says that you have been audited by a qualified auditor and based on the sample looked at, the consultant believes you are compliant.
The important distinction is that nowhere should the certificate mention that it “certifies” or “registers” or “accredits” you to any Standard.
If you are offered one of these certificates, what matters is that the difference is explained to you, the wording on the certificate is accurate and you are not under the impression that you are now “certified” instead of just “compliant”.
Tip 2: What’s wrong with quick?
3 things someone should have told you:
1. First, all ISO systems are in essence guidelines for creating a best practice business management framework; designed to control and manage all relevant aspects of the running of a business for the life of the business. Knowing this, common sense would then tell you that you cannot build an entire business system in a matter of days or even weeks, – and any such undertaking deserves serious (not cursory) consideration.
2. Second, in order to pass you at the audit, a reputable Certification Body’s Auditor is required to verify that your documentation, procedures and activities have been in place and actively used for a minimum of 2-3 months prior to seeking certification and you must be able to provide this with concrete evidence i.e. records.
Quote from the article Beware of Quick ISO 9001 or APIQ1 Certification Offers “most Registrars require at least two (2) to four (4) months of QMS records to be available as evidence of conformity to ISO 9001 and/or API Q1 requirements”.