Fakes, frauds and cheapskates: Navigating the maze to find ISO accredited providers (Part 1)
Obtaining ISO certification from a JAS-ANZ registered certification body tells your clients and the community that you have been assessed by an independent body accredited as meeting an internationally recognized standard of excellence. Ultimately, it is this reputation which can enable you to gain a significant competitive advantage in your market through certification.
Unfortunately, more and more, I see companies selling themselves and the industry out of a lack of understanding of the different tiers of players that exist in the very competitive ISO certification market. Not all vendors are created equal, and unfortunately not all vendors are ethical.
Read on for some tips on how to come out of encounters with lesser quality and unscrupulous vendors unscathed.
Part 1: Beware of super fast and cheap ISO system development offers (especially INCLUDING certification)
When looking for organizations to help you set up your ISO system and get certified, you should beware of offers that appear to be extremely fast, much cheaper than other providers or just too good to be true.
Citation from the article Beware of quick offers of ISO 9001 or APIQ1 certification “it is highly unlikely that anyone will be able to deliver on this promise”.
I have summarized below what I think are the best tips on this topic.
Tip 1: “Buy” certification: the risks
There are some organizations that will almost let you purchase your ISO certification after spending a few days “building” a system for you… but… the resulting system may be useless or a costly mistake for the following reasons.
The true story:
The only real way an organization can offer to provide an ISO system (sometimes including certification) at a super cheap price is to have created a generic “one size fits all” manual with policies and procedures which, by their very nature of template , they cannot be expected to match their actual operating environment and won’t work unless A lot of time (read: cost) and energy is spent customizing them.
Tip: One of the warning signs is when there is no offer for a consultant to help you implement the system, in which case it will be up to you, the customer, to figure everything out after your “system” and “certificate” have been delivered in one big folder.
Also, in general, the only way a company can include “certification” in such a low price is (at best) by using a non-accredited certification body or (at worst) by using a fake certificate.
NB: I am not referring here to renowned companies that combine consulting and certification from two different entities at a competitive price. The key word here is “reputable.”
Using non-accredited certification bodies or false certificates.
The bad news:
Most customers, and in particular government organizations, who insist on ISO certified and/or compliant suppliers will not recognize a certification unless it is from a JAS-ANZ accredited certification body. So, if your offer has an external certification as a prequalifier, your certificate will be be reviewed by the bidder. If they find that the certification body is not accredited by JASANZ, they will not only be ineligible for that tender, they may also be discredited as a future applicant.
The good news:
Many customers (except large corporations and government departments) are content with a “certificate of compliance“- especially as a starting point. This can be a very cost-effective alternative to third-party certification while you are proving the ROI on your compliant system in the market. You can always get third-party certification in a short period of time if you maintain your compliance system a once implemented.
What is a “certificate of compliance”?
You should understand the difference between a “certificate of compliance” and a “certification” of an ISO standard provided by an approved certification body.
A company or consultant can legitimately provide you, as ICS frequently does, with a “certificate of compliance” (in our case free of charge) after a sample audit of your system by a registered auditor. Basically, this says that it has been audited by a qualified auditor and based on the sample observed, the consultant believe you are compliant
The important distinction is that the certificate must not mention anywhere that it “certifies” or “registers” or “accredits” it to any standard.
If you are offered one of these certificates, what matters is that the difference is explained to you, that the wording on the certificate is accurate, and that you do not get the impression that you are now “certified” rather than simply “compliant.”
Tip 2: What’s wrong with fast?
3 things someone should have told you:
1. First of all, all ISO systems are, in essence, guidelines to create a best practice business management framework; designed to control and manage all relevant aspects of running a business throughout the life of the business. Knowing this, common sense would tell you that you can’t build an entire trading system in a matter of days or even weeks, and any such undertaking deserves serious (not perfunctory) consideration.
2. Second, to pass the audit, an auditor from an accredited certification body is required to verify that its documentation, procedures and activities have been implemented and actively used for a minimum of 2-3 months prior to seeking certification and you must be able to provide this with concrete evidence, ie records.
Article Citation Beware of fast ISO 9001 or APIQ1 certification offers “most registrars require at least two (2) to four (4) months of QMS records to be available as evidence of conformance to ISO 9001 requirements and /or API Q1”.
3. Third, only the elements required being in place to comply are quite extensive and require time to create or customize their operations; including training staff. You will need to show evidence that all mandatory requirements have been met before an accredited certification body will accept your audit request.
In short, creating any worthwhile management system will take work and time, often several months, as other business priorities must be taken into account. An accredited certification body will require a certain system maturity with evidence acquired over months before they certify you.
Final tips on how to avoid unscrupulous providers:
! Beware of implementing an ISO system that is not based on a site visit or gap analysis of your organization
! Beware of a company that doesn’t take the time to explain how the certification process works or that seems “in a hurry to make a sale.”
! Always ask for references or testimonials and be suspicious if they are not provided. Insist on talking to other companies that have used your service.
! Beware of companies that advertise that they will create all your procedures and provide you with ISO certification to say you meet the requirements in just a few days or weeks. Some of these companies are scams and the certificates are worthless. Those that are not will be on the list of accredited certification bodies, so check them out.
! If they do not appear on the JAS-ANZ registry, then they are not an accredited body that can issue ISO certifications.
Resume:
ISO certification may be a true sign of the quality of your operations and that you use best practices throughout your organization. The risk associated with the process is that unscrupulous, sales-focused organizations may try to trick you. By being aware of their tactics, you can identify and avoid many of the pitfalls knowing that you are receiving your ISO system and certification from a reputable and accredited organization and can confidently proceed to use your certification for future growth.
Credit must be given to the article. “Beware of fast ISO 9001 or APIQ1 certification offers” for several of the ideas included http://www.astontechconsult.com/blog/2011/07/beware-of-quick-iso-9001-or-apiq1-certification-offers/