April 10th, 2020
Auditors at various levels are essential to maintaining certification in ISO standards. Cavendish Scott offers training and guidance that can help all aspiring auditors whether they want to perform audits as company employees, help conduct internal audits for companies like Cavendish Scott, or work as lead auditors for certifying organizations.
Lead Auditor Training
The most important course for aspiring auditors to take is the one related to the International Register of Certified Auditors, IRCA ISO 9001:2015—Lead Auditor Training. Cavendish Scott was the first source in the U.S. to offer this class, which is recognized by auditor registration organizations including Exemplar Global. It is essential for registrar auditors and those involved in auditing a quality management system, especially those who interact with lead auditors from certifying organizations.
Before taking the course, participants need to have a solid background in ISO standards, something they can achieve with support from Cavendish Scott. For those who wish to take the IRCA exam and become IRCA registered auditors, IRCA requires knowledge of the following:
The Plan, Do, Check, Act, or PDCA, cycle The core elements of a management system and the interrelationship among top management responsibility, policy, objectives, planning, implementation, measurement, review, and continuous improvement The fundamental concepts and the seven quality management principles presented in ISO 9000 The relationship between quality management and customer satisfaction Commonly used quality management terms and definitions, as defined in ISO 9000 Knowledge of the requirements of ISO 9001
Over the 40 hours of training in IRCA ISO 9001:2015, participants learn from experienced Cavendish Scott instructors who are working in the development, implementation, and auditing of quality management systems. The course includes exercises, group work, role-playing, and a live audit of a local company. Participants leave with all of the comprehensive course materials, including checklists, forms, and other tools.
What Cavendish Scott Seeks
From time to time, Cavendish Scott needs to expand its contingent of auditors, either by adding full-time employees who act as consultants and auditors or by hiring contract auditors for specific assignments.
Ideally, applicants for full-time positions have experience with ISO9001, ISO 13485, ISO 14001, and other standards, as well as experience in auditing. Whether applicants have gaps in experience or not, all new hires receive training and support as needed so they can conduct audits with colleagues and on their own. Full-time applicants also need to have a base in Colorado and the ability to travel extensively, usually five to ten days a month within the U.S,
Cavendish Scott contract auditors are reliable, trustworthy professionals and they usually have auditing, but not consulting, clients with whom they’re already working. Contractors are often required to travel and they are sometimes able to transition into full-time positions with Cavendish Scott.
Openings are posted as they become available on our employment page . Applicants should submit emails of about 10 lines or 300 words expressing their interest and telling briefly about themselves and their qualifications. While technical requirements are important, Cavendish Scott is most interested in personality and overall ability.
Considerations Around Lead Auditing For Certifying Organizations
Requirements for lead auditors are somewhat vague, but registrars generally prefer that the people they hire as with contractors or full-time auditors are certified either by IRCA or the Registrar Accreditation Board and Quality Society of Australasia. Additional qualifications may also be valuable, as explained in our FAQs How Do I Become an Auditor .
Those who seek to work full-time as lead auditors for certifying agencies often find the work is scarce, poorly paid, disrespected and grueling. Most who complete lead auditor training add the qualification of lead auditor to their resumes and employers understand the value that reflects.
Cavendish Scott offers consulting, training and auditing to help organizations obtain and maintain certification in a full range of standards. Additional information is available at cavendishscott.com.
Seeking an opportunity to become a Lead ISO Auditor? Explore the options with Cavendish Scott by clicking below to review our current openings.
Review Open Positions
October 29th, 2009
By Todd Vesty
One of the most daunting aspects of an ISO 9000 project is the documentation. Many managers stay awake nights with visions of ream upon ream of bureaucratic paperwork. Often, people are forced to re-visit old fears from high school English class, where their papers were not well received. While it is possible that these fears will be realized, it is not really necessary. There are several techniques that can make the process of creating a documented quality system easier, more effective and less intimidating.
These techniques range from simply using the appropriate tools, and applying the appropriate structure, to using the right personnel. As always, proper planning, clearly defining responsibilities, and controlling the process are imperative in its success. There are five areas that must be addressed in order to develop a quality system with the least headaches. These are process definition, structure, tools, format/grammar and flexibility.
Process Definition
Many pundits will tell you that each person at the company must write their own procedures in order for them to be effective and appropriate. They argue that no one knows the process better than the person who performs it every day and that if they are not the one’s to document it, they will have no ownership. While this argument has some merit, it only works well if everyone at your company is a capable writer with a proper word processor and has the time and inclination to write procedures.
The reality is probably that much of the staff, even those at management level, aren’t capable writers and don’t have access to or sufficient practice on word processors. Involving many people in the construction of a set of documentation will yield different styles, levels of detail, formats, etc. creating considerable problems for the person responsible for pulling it all together. This person has probably already invested considerable time and effort in the training and support of people who will likely never write another document for the organization. In addition, few people have the time to devote to procedure writing. Because of this, everyone’s involvement is a goal that is unachievable at most organizations.
Who then, should write the procedures? The company should designate a person who is responsible for the generation of procedures. That person should decide format and structure for the procedures and will do most, if not all of the writing. Designating a single person assures that the procedures are written in a timely manner without excuses and without people shirking their responsibilities. It also enables the company to assign a capable writer with the appropriate skills to determine the processes involved, identify the right level of detail, and document them in such a way as to avoid the “ownership” issue. Finally, having a single person write the procedures ensures that there is a consistent format and structure. This is one area where considerable benefit can be achieved with the use of an outside consultant. This frees up internal resources to focus on the key purposes of the business and ensures an expert job.
The remaining problem is how to write the procedures. The person writing the procedures must ensure that the process is accurately depicted. This is typically done by interviewing the staff in the area for which the procedure is being written. The interview is used to gather needed information about the process and to determine how compliant the process is. It also allows the staff to have input into the procedure, so they don’t feel “out of the loop” and can feel “ownership” of the documents once created. From the information gathered in the interviews, the writer writes the procedure, reviews and edits it with the staff.
Structure
Before writing the documentation, it is important to determine the structure. It is a very common mistake to get the structure wrong and usually occurs in two ways. The first is having too many, too few or improperly structured levels of documentation. The second is structuring the documentation around the standard as opposed to the business.
A proper ISO 9000 quality system is written in three levels. Level one consists of the Quality Policies. This usually takes the form of a Quality Manual. Level two consists of the standard operating procedures. Level three refers to the work instructions, checklists, forms, and other task specific documentation. This is the structure which has proven successful the world over and is alluded to in ISO 100013. Some consider that records are the fourth level, but this is not the case. Records are evidence of facts and history; they are not documents that are maintained up to date. Once a form is filled and filed away it is not pulled out a year later because the format of the form has changed. The format of the form is a level three document but once filled in, it becomes a record. Yes, records are part of the “documentation” of the system but it is a mistake to assign them a level and assigning them a level serves to confuse the important difference between and procedure and a record.
There is often some confusion about what a quality manual is. Often, the company will bundle its entire quality system including procedures and forms into one manual and call it the Quality Manual. Although this is one possible definition, it does not help an organized structure. A Quality Manual is a document that describes the policies for quality, defines the structure of the quality system and defines the structure of the organization and responsibilities for employees. It does not include detail of operations and should avoid the specifics of procedures.
A typical Quality Manual would include several sections. First, it would define the structure of the organization. It might do this by including and organizational chart and by defining the responsibilities of key personnel. It would also describe the structure of the documentation used in the quality system. Finally it would reiterate each requirement of the standards and state briefly how they will be addressed. In many cases, simple acknowledging the requirement and stating that they will be met is enough. Again, the Quality Manual is not the place to describe specific procedures.
This brings us to level two. Level two refers to the procedures. These describe how the company operates on a department by department basis. Procedures typically do not include detailed task specific, or order specific instructions but focus on the management level information. How is the department organized? What information is received? What happens with that information? What tasks are performed? What reviews take place? And where does information go or get filed?
When writing procedures, it is important to structure them around your business, not around the standard. Too many organizations take the easy route by generating one procedure for each element of the standard. If you don’t have a product identification and traceability department, then you shouldn’t have a product identification and traceability procedure. This requirement of the standard should be included in your other procedures where it applies. Consequently it is clear that when procedures have been structured around the standard, the system has been designed to gain compliance, not to add value to the way the company is organized and managed.
Level three refers to the detail oriented, lower level documentation. This might include checklists, blank forms, task instructions, blueprints, drawings or order specific documentation. It does not include completed forms or other records.
Tools
Documenting an entire system is a sizable task. Before embarking on such a task, it is helpful to gather the appropriate tools. First, this means a current word processor. Having a modern computer and word processor will pay for itself in cost savings and avoided frustration. The modern word processor includes automated spell checking, grammar checking, and many formatting features.
Before diving into procedure writing, it is important to know how to use these features on your word processor. Before starting, experiment until you are comfortable using the word processor’s features. By doing this, you will be able to incorporate these features into your first documents, rather than having to incorporate them later.
A variety of software tools are available to help generate and manage ISO 9000 documentation and systems. Generation software suffers the danger of leaving you with a boiler plate system, twenty procedures and focussing on compliance. Management software can be useful as the sophistication of the requirement increases. Managing large numbers of instruments internally might warrant calibration control software, for instance. However, considerable sophistication already exists in current word processors, spreadsheets and databases that come with your computer. These tools are often expensive, sometimes complicated and do not always yield the promise.
Format/Grammar
When writing procedures, there’s no need to be Ernest Hemmingway. Writing procedures does not require creativity or a huge vocabulary. In fact, all of these things can hurt the process more than help it. The best procedures are simple, clear and concise. All you need to remember is to avoid passive voice and avoid excessive wordiness.
Passive voice makes procedures difficult to read, and should be avoided when possible. For example:
The Packing List will be signed by the Receiver and entered into the system. (passive voice)
The Receiver will sign the Packing List and enter it into the system. (active voice)
As you can see, the passive voice sentence is less clear and is longer.
Excessive wordiness or the use of complex words also makes procedures difficult to read. It is important to keep procedures simple and appropriate for their audience.
The Receiver will be cognizant of any discrepancy in the materials prior to signing the Packing List. (difficult to understand)
The Receiver will note any damage or defect in the materials before signing the Packing List. (easier to understand)
Flexibility
Another common mistake when creating documentation is to create rigid procedures that are difficult to follow and maintain. Procedures should be written in a manner that they are flexible and don’t paint you into a corner. Also, they should avoid hard references, complex numbering schemes and other unnecessary bureaucracy.
Several hard references are shown below:
If a nonconformance is found, the employee will document it according to SOP 4.14. rev 5
If a nonconformance is found, the employee will document it according to SOP 4.14
If a nonconformance is found, the employee will document it according to section 5.5 of this procedure.
All of these references pose problems. The first one references a procedure by number and references a revision. That means that every time the referenced procedure is updated, this procedure would have to change also. This is difficult to maintain and likely to be forgotten. The second one references the procedure by number only. This eliminates the revision problem, but is still subject to number changes. It is also difficult for the reader to follow. The third one may seem simple enough, but it may still pose a problem. If a section was added to the procedure before section 5.5, then the number would change and the reference would be wrong.
A more appropriate method follows:
If a nonconformance is found, the employee will document it according to the Corrective Action Procedures.
This is clear to the reader and is unlikely to require changes.
Many companies number their procedures. This practice is not necessarily a problem. It does, however, have the potential for problems. The most common problem is the use of ISO 9000 section numbers (“SOP 4.5 – Document Control”, “SOP 4.18 – Training”). This may deem logical, but there may be instances where there are several different procedures that address a single ISO clause. There may also be instances where a single procedure addresses several ISO clauses. How would these be numbered? In addition, the year 2000 revision of the ISO 9000 standard does away with the 4.X numbering system. This will make 4.X numbering systems obsolete. If your document numbering system is cumbersome, eliminate it. ISO doesn’t require document numbering.
Finally, it is important to write procedures in a flexible manner so that they don’t restrict your employees unnecessarily. In short, don’t make a rule unless it’s necessary.
The employee will retrieve the document and will stamp it in the upper left corner with a red “obsolete” stamp.
The employee will retrieve the document and will clearly mark it as obsolete.
The first statement would mean that you would have to train all of your employees to stamp in red in the upper left corner. You would also have to ensure that the employees have access to red ink and a stamp. Even after taking these steps, it is likely that the procedure often isn’t followed. The second statement provides the same protection, but does not restrict the manner in which the employee complies. It is just easier to follow.
Conclusion
ISO 9000 documentation is an involved task – it has to be! Done properly it will add value to your business. Before embarking on your own documentation investigate the situation thoroughly and ensure you have expertise in the subject and time and resources to see the project through. It will save you a lot of time and effort.
Finally, do not make the mistake of starting with the work instruction documentation. This is the most common and wasteful mistake of ISO 9000 projects. ISO 9000 does not call for any level three, work instruction documentation, unless it is necessary – and if its necessary, it already exists. This type of documentation may add value by better defining processes or enhancing training, but you are not doing it for ISO 9000 compliance. Make sure you want it.
Need to begin implementing ISO 9000 but feeling overwhelmed and unsure where to start? Come get our free guide on the basic steps to ISO 9000.
Download Now
October 15th, 2009
by Colin Gray
Tucked away in section 4.1.3 Quality Policy Statement, is a requirement that management formulate objectives for quality. This is one area that is frequently overlooked when implementing ISO 9001 and just as frequently is overlooked by auditors during ISO 9000 assessments.
Generally speaking, and this case is no exception, objectives should link strategy and policy to plans and procedures. In a quality system, quality related objectives should contribute towards achievement of the stated policy.
While there is no requirement in the ISO 9000 standard to guide in the choice and formulation of objectives, Juran provides excellent information in his Quality Control Handbook. He states that objectives should be: Measurable, Optimal to the overall result (no individual objective should contribute to a bias result which subjugates the overall aim), All-inclusive (objectives should cover all activities so that all are equally high priority), Maintainable (elements can be revised without redesigning others), Economic (the value of achieving objectives must be greater than the cost of setting them). He also points out that, in order to work, objectives must be perceived as: Legitimate (undoubted official status), Understandable (language of those faced with meeting them), Applicable (fit with the conditions in which they are to be used), Worthwhile (preferably to those working towards the objective as well as the whole organization), Attainable and Equitable (the difficulty in obtaining them should relate to reward).
Companies usually run by numbers. There are numbers for sales targets, budgets for production materials, labor costs, etc. All the ISO standard is asking is for management to identify numbers which will indicate quality performance. These numbers will be different depending upon the business type, quality system structure and management focus. In fact many of them may already exist. Common numbers include turnaround time, throughput rates, scrap levels, yields, rework costs, on-time delivery rates. However each company, each management structure needs to work out its own numbers. Having picked the measures, these need to be recorded, trended over time and the formalization of plans to improve the numbers.
Formalizing the process forces management to make sure they are focusing on the right information and to ensure that the numbers are working. One client highlighted how successful their customer satisfaction was by the low frequency of customer returns and the low value of returned product. An objective viewpoint however, that of their President, was that the cost of the returned material included, shipping, restocking and loss of face with customers. His numbers indicated that there was work to be done.
Successful companies rarely happen by accident. Somebody somewhere is watching, and controlling, the numbers. This ISO requirement extends this thinking to the quality field, positively impacting quality issues, and then the business as a whole.
October 10th, 2009
The process of attaining ISO 9000 is not only misunderstood but often feared. Media coverage, hearsay, and business-related horror stories have all contributed to its threatening image.
If you believe the hearsay, you may also believe that ISO 9000 is an intrusive set of unrealistic and unwelcome rules and regulations that will make doing business unbearably difficult in the short run and moderately difficult forever thereafter.
This is not the case. On the pages that follow, we at Cavendish Scott will examine and refute many of the common myths about ISO 9000. As you read on, keep two things in mind. In the first place, ISO 9000 was designed to help standardize business practices across the globe, making it possible to do business more predictably and more efficiently. Secondly, at Cavendish Scott, we’ve seen it all. With more than 400 clients on two continents, we have witnessed virtually all of the potential pitfalls — and the simple ways to avoid them.
We invite your interest and your feedback . And we hope that the information that follows will help make your road to ISO 9000 interesting, beneficial — and even enjoyable.
September 9th, 2009
In the Jack Nicholson film “Five Easy Pieces,” there’s a memorable scene that takes place in a diner. He orders toast, and the waitress answers that they don’t serve toast. His reply: “You make toasted sandwiches, don’t you? Bring me a toasted chicken sandwich. Hold the mayo, hold the tomatoes. And hold the chicken.”
That anecdote says something about keeping it simple and about the human tendency to complicate matters. Likewise, ISO 9000 can be easy, or it can be complicated. Following is a “Five Easy Pieces” approach to understanding and simplifying the process of certification.
Piece One: What are you hungry for?
“Where are you?” and “Where do you want to be?” Realistic answers to those two simple questions will help put you on the right track to successful certification.
First, make a personal visit to every department, and examine the individual operations to determine exactly what each one does. Double-check the standard itself to make sure you are not missing any facet of the business.
As you do this, arrange to get copies of all existing documentation. That means everything, from every department: policies, written procedures, work orders -everything. Categorize these documents by department or function, and index them so that you can find what you need when you need it.
Now that you have the documentation in hand, identify what’s missing. What still needs to be written? What must be rewritten to ensure a consistent style? What must be changed completely in order to comply with the standard?
After it’s clear what remains to be done, you can take the first steps toward ISO 9000. One good way to move the project forward is to have a goal – an actual date by which you hope to be certified – and make a plan for reaching that goal. Set the date, and commit to it. Without an EDC (Estimated Date of Celebration), the project lacks the urgency and importance required to generate support from all levels of staff and management.
Piece Two: Hold the Mayo
The best way to handle this piece of the project is to ignore the standard (initially, anyway) and write documentation that describes the business fully and intelligibly. As for structure, the most logical one is based on company departments, but some multi-department functions or company-wide functions may have to be covered under general procedures.
For each department, write only about the management processes. The procedures should describe what happens and how it happens – not the particular products or services produced by the department or the company.
Your main concern at this stage is the documentation that describes your business – not compliance per se. As you complete the documentation, consider whether you’ve explicitly covered everything in the standard and whether it might be advisable to make minor changes in emphasis.
Documentation gives you a unique opportunity to take a good look at what is being done and what improvements might be made. It’s a rare chance to modify procedures in a seamless fashion, which, according to many who have achieved certification, often results in unexpected improvements in business operations. Do be careful, however, about making major management shifts at this point. Changes like these can confuse the issue and undermine your staff’s commitment to ISO 9000 in general.
Piece Three: Briefings du Jour
Which brings us to a critical issue: awareness. What you don’t want is to have your staff inadvertently and possibly unconsciously sabotaging your certification efforts. You can avoid that possibility by making sure everyone – and we mean everyone – is aware of what is happening at each stage.
Many companies schedule employee meetings to explain what certification is and what it will mean to them. It’s an excellent time to dispel any hearsay rumors, and insecurities that might surface. If you schedule these briefings in a pleasant setting (say, over complimentary coffee and doughnuts first thing in the morning), you’ll find the staff more willing to listen, understand, and support your efforts over the months to come.
You might also consider using posters, flyers, bulletin board reminders, and your company Newsletter to conduct an ongoing public relations campaign to keep the subject fresh in the minds of employees and to maintain positive momentum.
In addition to employee awareness training, there’s also a need for formal training of internal auditors. Often, the most cost-effective and non-disruptive approach is to send one person to an external training program and then have that person train your internal auditors. Just like Pieces One and Two, auditing is yet another opportunity to fine-tune your operations and you should be sure your internal auditors keep that possibility in mind.
Piece Four: Send it Back?
ISO 9000 will help you in many ways: by allowing you to meet customer requests for certified suppliers, to do business internationally, and to maintain a competitive edge. You may find that its greatest benefit, however, is in the way it helps you streamline company operations. To do that, it must produce procedures that work – for every department.
To make sure it does, let the people who will use the documentation evaluate it. Ask them for feedback and expect several revisions. Act as the devil’s advocate. Look for problems, and then look for efficient ways to improve the systems.
Now it’s time to send in the internal auditors – and to give them plenty of support, especially at the beginning. Suggest that they question everything. It’s likely that they’ll suggest further changes to the documentation, which is an extremely healthy process. You can also ask others (your customers, for example) to audit you. You’ll find it helpful, since they have a different agenda and fresh point of view.
After you’ve had at least two internal audits, you should schedule a dummy assessment. Use someone with plenty of experience, such as a consultant, a customer or associate who has already been through the process.
Have them verify that the documentation accurately represents your company and truly covers the ISO 9000 standard. Is it really on the mark – that is, not overly detailed, but comprehensive enough to cover all of the business in light of the standard’s requirements?
Double-check the standard section by section and note, in writing, precisely where in the documentation you’ll find each section addressed. Notes from this exercise will not only help guide the assessor on Assessment Day but also help justify your own interpretation of the standard.
Piece Five: Dinner is Served
You will no doubt choose your Registrar carefully and can therefore expect an experienced professional who will let you know how you’re doing along the way, with no last minute surprises.
Keep in mind that you may disagree with a judgment over minor non-compliance. If you do, you are free to say so. Your only real cause for concern would be a matter of major non-compliance, in which case you may be able to point out that the alleged non-compliance is merely the result of a misunderstanding. Whenever possible, negotiate majors down to minors.
Compliments to the Chef
Now it’s time to honor your employees, who deserve the credit for your earning a distinction that belongs to only a few thousand companies in the United States: certification to ISO 9000. So schedule the party, bring on the champagne – and hold the chicken.
More Questions?
If you’ve any questions about the right approach to implementing ISO 9000 or want some advice about your own program, feel free to call us at 303-480-0111, or fax your questions to us at Denver 303-481-9000 or Boston 781-431-7681.
Alternatively, click on this link to email us your questions: ISO 9000 Expert We’ll be pleased to help you determine the truth about ISO 9000 and, at your request, to provide a free evaluation visit to establish exactly where you stand on the path to ISO 9000.
August 20th, 2009
Implementing ISO 9000 has been occupying your time for many months. Your not insignificant effort is starting to yield real benefits and it is now time to crown your achievement by seeking registration from one of the many ISO 9000 registrars. But who to select? With nearly 100 registrars in the US alone how do you decide which is best? Like most things there are a number of factors to consider when deciding and with a methodical approach to these factors, the correct decision should be easy.
Accreditation agency
Each Country appoints a body responsible for controlling the activities of Registrars. These bodies ensure the registrars have their own ISO 9000 equivalent quality system and act responsibly, consistently and professionally. They maintain lists of accredited registrars and maintain surveillance to ensure they continue to meet standards.
In the UK the organization is the UKAS (United Kingdom Accreditation Service), Holland has the RvA (Raad voor de Accreditation) and in the US the de facto body is the RAB (Registrar Accreditation Board). These bodies are worth mentioning in particular as they are the most common and oversee the most registrations. However, a registrar with accreditation in another Country might have benefits if, for instance, an important customer is resident in another Country.
Many registrars comply with the accreditation requirements of a number of different agencies. Thus when they conduct an assessment it is possible for them to do it in such a way as to provide you with accredited registration in compliance with the controls of two or more different countries.
Accreditation agencies accredit registrars to conduct assessments in particular market, industrial and commercial sectors. It is important, very important, to ensure that the Registrar has your SIC (Standard Industrial Classification) code within their accredited scope – for both/all accreditation agencies. Make certain of this one. Get it in writing and ensure that their interpretation of your business matches yours by checking and suggesting SIC codes. Sometimes registrars do not have the sector in their scope but “promise” to get it. This is not an unreasonable approach as registrars’ businesses are growing. However, discuss what will happen, discuss when they will get it, what can you claim in the meantime and what if they don’t!! And get it in writing.
In simple terms: Ensure your registrar is accredited. Do not even consider a registrar who is not accredited!
Profile of the Registrar
The profile of the Registrar is sometimes important. The profile of a registrar might be important for any of three reasons; they are perceived as the best in the industry, they are the one that an important customer knows and will recognize, they are one that relates to the industry sector.
The problem with the best is.. Who is it? The best means different things to different people and will the people that matter to you, your customers, have the same perception. An ISO 9000 Consultant might be able to help because of their greater exposure to and use of a range of Registrars. But it is the customers that are important.
Customers sometimes have no concept of what ISO 9000 is but they recognize the logo of the registrar who is noted for other issues. For instance, some product standards in the US are tested by Factory Mutual and their stamp and logo are found on products. Similarly the UL mark is often found on products. Although the registrar is a separate and different organization people in the right industry sector may recognize the logo and associate ISO 9000 registration with the same stamp of approval.
Finally, there are some registrars who are set up to service specific industrial or commercial sectors, such as The Ceramic Industries Scheme and Construction Quality Assurance. Using an industry sector registrar will bring with it some instant recognition.
Service
Quality of service is a difficult subject. Some registrars attempt to differentiate themselves by claiming better service. The important part of the service is conducted by auditors on the day of the assessment and all auditors are subject to professional controls to ensure they are suitable for the job. Also it is usually not possible for you to be involved in the selection of the auditor. The rest of the service is administrative in nature. The only way you can tell is from your own experience of dealing with the organization prior to selection. Ask such questions as; How long it will take to get the certificate after the audit?
Larger registrar organizations may have slick sales presentations but is their administrative operation as effective? Who precisely are you dealing with when negotiating for a registrar. Is it the President of the organization with whom you are forming a relationship or merely a representative? Who are you going to get to listen if you have problems.
There are some subtle differences in the actual service which may be questioned. Some registrars conduct surveillance visits every 6 months while others leave it a year and whilst an annual visit may sound appealing they are required to spend twice as long. Some registrars also require a full reassessment after three years. This can be a good thing requiring a full reassessment of your processes periodically. Other companies may find this intrusive and, of course, you have to pay for it. Some registrars will conduct a detailed review of documents prior to the assessment – even visiting your site to do so in some cases. Others will mere read the top level document. This prepares the auditor in different ways.
Smaller registrars are likely to be more approachable but profile might be important. Questions about specific service approaches might also be relevant in deciding.
Cost
Considering the similarities and differences of registrars, the issue often comes down to one of cost. The range of costs can be wide with the most expensive being twice as expensive as the cheapest. Some have schemes for smaller companies. Ask!
Be careful to ensure that when you ask for quotations that they are comparable. Costs may include, application fees, administration fees and document assessment fees before any auditor sets foot at your company. And be clear what they mean by “document assessment”. There will be fees for the assessment and there may be regular annual administration fees, sometimes called registration fees afterwards. There will also be a regular annual fee for the registrar to come back once or twice each year and continue to audit the system.
Be very careful as to whether the registrar will charge expenses or not. Sometimes just because they have a local office does not mean you will be without expenses. They might fly in an auditor from another location and expect you to pay for travel and accommodation. With registrars claiming local offices negotiate for no expenses.
In some respects the registrars are controlled in what they might charge. The number of days that they spend conducting the assessment is set by criteria, typically number of employees, defined by their accreditation agency. There are allowed to deviate for this if they can justify the situation. For instance if there are a lot of employees but they work outside of the scope of the assessment or the process is extremely simple e.g. warehousing, then fewer days can be spent on the assessment. Consequently it makes sense to compare the length of the audit proposed by different registrars and negotiate appropriately.
Summary
Consider accreditation scope, cost, profile, industry focus, locality and friendliness/helpfulness when selecting a registrar.
Key Questions about Choosing a Registrar
Having chosen, when should I commit to a Registrar?
You should commit to a registrar as soon as possible. It is important to start to develop your relationship with the registrar at the earliest point and once you have negotiated a deal the relationship can begin. Having committed to a registrar, it is more likely that the registrar will be willing to provide help and put time into assuring you of the processes involved.
What help can I expect from the Registrar?
The registrar should be able to explain the detail of the assessment and registration process and particularly point out their specific approach.
Also, in the development of the ISO 9000 system, there are likely to be some questions of interpretation that should be clarified before assessment. Whilst the registrar cannot and should not offer advice, carefully phrased questions about specific interpretation issues can be agreed. In this way the possibility of surprises during assessment can be avoided.
More Questions?
If you’ve any more questions about helping you select a Registrar, about Specific Registrars, or about ISO 9000 in general, call us at 303-480-0111. Or fax your questions to us at Denver 303-480-9000 or New England 781-431-7681.
Alternatively, click on this link to email your stories and questions: ISO 9000 Expert
We’ll be pleased to help you determine the truth about ISO 9000 and, at your request, to provide a free evaluation visit to establish exactly where you stand on the path to ISO 9000.
Ask the experts. Cavendish Scott’s internal auditors can give you all you need to know to secure your ISO certification.
Tell Me More
July 8th, 2009
According to ISO 9000:2005, quality is, “[the] degree to which a set of inherent characteristics fulfills requirements.” ISO 9000:2005 also defines the terms characteristic and requirement . Characteristic is defined as, “distinguishing feature.” Requirement is defined as, “need or expectation that is stated, generally implied, or obligatory.” So, replacing the words with their definitions, we arrive at the following definition for quality: “[the] degree to which a set of inherent distinguishing features fulfills needs or expectations that are stated, generally implied, or obligatory.”
Roughly, a quality product is one that meets the needs of the customer. For metal products, customers often state their needs in terms of material composition requirements, dimensional and tolerance requirements, finish requirements, etc. Such product requirements are typically captured on blueprints. When a supplier provides a customer with parts meeting all requirements stated on a blueprint, the parts are considered to be of good quality. When parts do not meet applicable requirements, they are not considered to be quality parts. Even when all product requirements are met, the issue of quality is not closed. Customers typically also have needs or expectations for timely delivery, proper packaging and paperwork, etc. The degree to which these needs or expectations are met also impact customers” perception of quality.
In some cases, customer needs or expectations are not stated. On a cold snowy day, a deli patron would not need to state that she wants her chicken noodle soup to be served hot. If the soup arrived cold, the patron would rightly send it back because it does not meet her (unstated) expectation of hot soup. Cold chicken noodle soup is not quality product.
In still other cases, organizations are obliged to comply with product requirements that may be unknown to the customer. For example, medical devices are subject to many statutory and regulatory requirements (e.g., FDA, MDD) that pertain to all medical devices, regardless of the customer or manufacturer. An organization engaging in the manufacture of medical devices is obliged to comply with all such requirements–else the product is not deemed suitable for customers in the first place.
Quality is precisely what customers expect of a product when they decide to purchase it. When a customer awards an order to a supplier, the supplier is expected to provide quality–good product delivered on time. In other words, when supplier organizations accept orders, they are expected to keep their promises of quality. So in the end, quality can be thought of as keeping promises.
March 19th, 2009
By Dan Nelson
This document describes the means by which compliance to the ISO 9000 series of standards will be determined as registered companies change from their current revision (1994) to the year 2000 revision. Bear in mind that transition criteria may vary slightly from Accreditation Body to Accreditation Body (and therefore from Registrar to Registrar), just as the interpretation of the current requirements varies somewhat.
Six Registrars were surveyed regarding the transition. The following questions were asked of them:
Assuming that a company is currently registered to ISO 9001:1994, how and when will a Registrar determine if the company’s quality system meets the requirements of ISO 9001:2008?
What criteria or guidelines have been established to make this determination?
The Registrars surveyed were among those known to have an active presence in the area: ABS, BSI, BVQI, NSAI, Orion and TUV. Some background for each Registrar is provided below, as are any specific thoughts offered in response to the above questions. Three Accreditation Bodies were also queried: RAB, RvA, and UKAS. Their responses are addressed later.
Despite the uncertainty felt by many companies faced with changing standards, registrars feel that they know basically how their organizations will handle the transition.
Although the specific language of the standard is uncertain, the Registrars’ auditing approach will probably be affected very little. Orion seemed to capture the sentiment of the of the group: “It’s really no big deal…” Not to imply that the Registrars are unconcerned, but rather they are confident that the transition will not be difficult—even with the uncertainty surrounding the details.
There is a distinct possibility that some transition guidance will emerge from TC 176, from the International Accreditation Forum (IAF) and/or from Accreditation Bodies. If no such guidance is produced, however, the year 2000 transition would most probably be like the 1994 transition.
According to that scenario, here’s what’s likely to happen:
Each Registrar, as an organization, will adopt a set of internal criteria for handling the transition. These criteria will address not only the changes to the requirements of the standard, but they must also include a scheme by which they recommend existing clients for certification to the revised standard.
The Registrars will then create a plan for achieving the changeover. They will document this plan (a quality plan) as required by their own quality system, just as a company certified to ISO 9001 will “define and document how the requirements for quality will be met”. (Certainly at this juncture, as part of planning, Registrars would consider any advisement of their Accreditation Bodies or other authorities, if any is provided.)
Certainly this planning will address the revision of checklists to incorporate the new or revised requirements. It will also include plans for training the organizations’ auditors to interpret and assess the new requirements. Most Registrars also plan to provide their clients with guidance for how to address the new criteria.
For companies that are already registered, the Registrar may plan to audit them to the new requirements during a surveillance audit, or perhaps over the course of two or three surveillance audits. Some Registrars re-certify their clients every three years anyway, so they might plan to audit entire systems for compliance to the new requirements as part of a re-certification audit. For those companies pursuing certification for the first time, they will be audited to the new standard.
Registrars will then submit their transition plans to their respective Accreditation Bodies. Accreditation Bodies ensure that Registrars’ auditing activities remain in compliance with ISO Guide 62, the guide applying to, you guessed it, the auditing activities of Registrars. Just as a Registrar determines compliance of a quality system to ISO 9001, the Accreditation Body determines compliance of a Registrar’s system to ISO Guide 62. So, Accreditation Bodies will review the Registrars’ plans to ensure that systems are in place to handle the transition and that the systems remain compliant with the guidelines of ISO Guide 62. (If the Accreditation Body provided a Registrar with guidance earlier, the body would also here determine if the guidance was properly addressed.) As plans are approved by the Accreditation Bodies, Registrars will return to their business of determining compliance to quality standards.
The Registrars’ auditors will then assess their clients’ quality systems according to their revised checklists. As mentioned earlier, this may be done during surveillance audits or during recertification audits. The Registrar might assess compliance to just one of the new elements, planning to capture the balance of the new requirements during subsequent surveillance audits, or the entire system may be audited for compliance to all of the new elements at once.
When an audit is concluded, the Registrar will send the Audit Report to the Accreditation Body (or Bodies). The Accreditation Body will review the Audit Report (and will occasionally conduct audits) to ensure that the Registrar is sticking to the stated plan. If everything is in order a certificate will be issued, much like business as usual.
As can be seen from this account, Registrars have successfully ushered in transitions to new revisions of standards with little or no guidance from external bodies. So, any guidelines or directives provided to them (supplemental to any Accreditation Body advisement) will be more guidance than they had with the 1994 transition. Perhaps this is partially the basis for the Registrars’ confidence that the transition will not be difficult to achieve.
The Registrars
Registrar Services/Courses Offered Accreditations Ongoing Assessment Scheme
ABS (American Bureau of Shipping)ISO 9000
RAB
6-month or 12-month surveillance without*
ABS had very little to say about the transition. They believed that a transition guideline would be published by TC 176, but a draft of the document would not be available for “a few months”. To their knowledge, the document is not yet titled.
Registrar Services/Courses Offered Accreditations Ongoing Assessment Scheme
BSI (British Standards Institute)ISO 9000
UKAS
6-month surveillance without renewal or recertification*
BSI says that they will allow their clients two years to complete the transition. They will determine compliance during surveillance audits.
Registrar Services/Courses Offered Accreditations Ongoing Assessment Scheme
BVQI (Bureau Veritas Quality International)ISO 9000
RAB
A 3-year certificate is issued.* Surveillance audits are usually conducted every 6 months, but they may be done at 9 or 12 months, if appropriate. There is a recertification audit after 3 years.
BVQI speculated that they will offer their clients a choice. They will either audit the system for compliance to the new requirements during a client’s three-year recertification audit, or, they will audit the new requirements during surveillance audits. They will recommend the client for certification to the year 2000 revision (or whatever year it happens to be) only after compliance to all of the new elements has been verified. This latter option may take a year or two to complete.
Registrar Services/Courses Offered Accreditations Ongoing Assessment Scheme
NSAI (National Standards Authority of Ireland)
ISO 9000
RAB
6-month surveillance without recertification at the 3-year mark*
NSAI said that they will complete the transition with their clients within one year after the new standard is adopted officially. NSAI will also determine compliance during surveillance audits.
Registrar Services/Courses Offered Accreditations Ongoing Assessment Scheme
Orion ISO 9000
RvA
6-month or 12-month surveillance without recertification at the 3-year mark *
Orion says that they will offer their clients a choice for for handling the change-over. Either it will be done in one audit prior to a three-year renewal or it will be done in increments during surveillance audits. They said it may take a year to a year and a half to implement the change according to the latter option.
Registrar Services/Courses Offered Accreditations Ongoing Assessment Scheme
TUV Management Services ISO 9000
RAB
Surveillance audits are conducted either every 6* or 12 months. When it is done every 12 months, a recertification audit is conducted after three years.
TUV said that to his knowledge, TUV handled the 1994 transition in a unique fashion. TUV honored the validity of the expiration date for all ISO certificates. So they gave their clients until the expiration date on the (three-year) certificate to be compliant to the revised standard. TUV said that, barring any external direction, the year 2000 transition will be handled just like the 1994 transition.
* Some Accreditation Bodies require Registrars to renew or recertify clients every three years, especially if the Registrar performs annual surveillances. Therefore some Registrars (like ABS, Orion or NSAI) may, at the end of the 3-year mark, review the client’s quality system documentation and examine any trends in surveillance audit results over the 3-year period. If no major negative trends are discovered, the certificate will be re-issued or renewed. Some Registrars (like BVQI) will conduct a full system audit after a 3-year certificate expires, and then will recertify the client. Other Registrars (like BSI) will conduct surveillances every 6 months and will not ever require renewal or recertification. Still other Registrars (like TUV) will offer a choice between these options or some combination thereof. Of course all of the above depends upon the requirements of the Registrar’s Accreditation Body.
The Accreditation Bodies
Registrar Accreditation Board (RAB)
The first way that transition guidance may be established for an Accreditation Body is through the direction of an external organization, such as the body who promulgated the standard, in this case TC 176. They said that the external organization might also establish a date by which the transition must be complete.
If no direction is provided as described above, Accreditation Bodies may determine how the transition will be accomplished according to the direction of the IAF, a group of (currently sixteen) Accreditation Bodies.
The IAF may prescribe an implementation plan that will be communicated to all Accreditation Bodies, who will flow down the requirements to Registrars. Accreditation Bodies may also directly contact each other to ensure that their courses of action are consistent. If the IAF provides no direction, the scenario described earlier for what happened in 1994 takes precedence. In this case, the Accreditation Body will often provide Registrars with a “Letter of Advisement” outlining any necessary transition guidance, sometimes including a date by which the transition must be complete.
RAB speculated that guidance for the year 2000 transition will be developed according to the first method described here, although they declined to speculate as to whom this guidance would apply. If it applies to Accreditation Bodies, the guidance may be incorporated in a Letter of Advisement, which would be sent to Registrars as described above. Or, if it applies to Registrars, the Registrars will include the guidelines or directives as part of their quality planning. Then the process described for the 1994 transition could then be followed again, except the Accreditation Body would not only verify the Registrar’s internal plans for the transition, but the body would also verify that the Registrar’s plans incorporate any applicable external guidance or directives.
Raad Voor Accreditatie (RvA)
RvA said that they have not yet set a policy for handling the transition, as they are awaiting final acceptance and translation of the standard. They expect that the RvA will not have an official policy until mid-2001. They said that normally when a new or revised standard is adopted, the RvA will establish a policy and procedure for how to proceed with assessing and recommending clients for certification. The procedure will be flowed down to Registrars, who will normally give their clients one year to comply.
United Kingdom Accreditation Service (UKAS)
UKAS said that the year 2000 revisions will require more auditor training than the 1994 transition did. This is so because the year 2000 standard will be more geared toward improvement, whereas the 1994 standard is more concerned with compliance. So they believe that some extensive, skill-based training will be in order. UKAS is also awaiting publication of the final draft before making any definitive statements about how they will handle the transition. They surmised that the transition will be similar to the 1994 transition, except that they, too, expect some guidance from the IAF or TC 176. They said that UKAS will develop a transition plan, including a completion date, and will communicate the plan to all of its Registrars. UKAS will likely allow one year to complete the transition (as they did in 1994).
Two Final Notes
According to a document posted on ISO’s website, “A major requirement of the ISO 9000 revision process is that organizations which have implemented the current ISO 9000 standards will find it easy to transition to the revised standards. . . transition planning guidance is being produced.” The nature of this “transition planning guidance” is not addressed, but this entry may well be alluding to the guidance being developed by TC 176.TC 176 is indeed developing transition guidance. The level at which such guidance will be introduced is as yet undetermined. Its method of publication has not yet been determined and neither has its content been finalized. As mentioned before, RAB would not speculate as to whom this guidance would apply—the Accreditation Bodies, the Registrars, or the end users. Being “close to members of TC 176”, RAB said that they do “not expect final answers to these questions anytime this year”. RvA and UKAS felt that the guidance document will most probably be geared toward Registrars and/or users of the standard and not Accreditation Bodies. The publication of such a guidance document represents a difference from the transition between the 1987 and the 1994 version. No guidance document was ever published by ISO to facilitate the change-over from 1987 to 1994. However, the 1994 revisions to the standard were relatively minor when compared to the proposed year 2000 revisions.
The year 2000 revisions to the ISO 9000 series of standards will most likely have some effect on other ISO 9000-related standards like ISO 14000, QS 9000 and AS 9000.ISO TC 207 (the committee responsible for ISO 14000) has considered revising ISO 14000 to accommodate the revision to ISO 9000. However, further consideration is pending the official publication of ISO 9000:2008. Since QS 9000 recently underwent revision to the 3rd Edition (last year), not much is being said yet about how it will be revised to accommodate the change in ISO 9000. According to representatives from SAE the body responsible for revising AS 9000—the American Aerospace Quality Group (AAQG)—met two weeks ago. During the meeting, two major suggestions for revision to AS 9000 were considered. The first came from Boeing, who presented 17 specific proposed revisions to the standard. The second source of proposed revisions dealt with the goal to harmonize AS 9000 with EN 9000 (the European standard containing requirements for the Aerospace industry above those contained in ISO 9000). Currently the group is most concerned with addressing these two bodies of revisions. The committee is not speculating about how or if AS 9000 will accommodate the year 2000 revisions to ISO 9000. Scott suggested that the committee would most likely harmonize AS 9000 with EN 9000 and incorporate the Boeing suggestions first, and then when the official revisions to ISO 9000 are adopted they will consider revising the harmonized AS/EN 9000 standard to be aligned with the new ISO 9000 standards.
