I realized that many people are confused about the companies that typically get involved when a factory wants to get its quality management system (QMS) certified to ISO 9001 or ISO 13485.
Let’s break it down into the logical steps to get to a certification.
1. Gap analysis
You need to know what the gap is. This is necessary in order to draw a QMS implementation plan (along with a budget).
You may call in a certifying body (more on them in section 4, below). But, if there really is no quality system in place, it won’t be helpful — they will simply indicate that all is missing or very immature. They can’t say much more than that, actually.
The best is usually to have the QMS implementation consultant(s) carry out this analysis, as they need to understand how far exactly the organization is from being compliant. They need far more than yes/no answers.
A well-implemented quality system will make sense for your processes, will make your life easier, and will save you money.
A poorly-implemented system will do all the opposite. It won’t be very helpful, and it will add a heavy paperwork load onto your people. I wrote before about 10 Signs of a Bad ISO 9001 Implementation.
This is usually best done by an experienced consultant who takes the time to understand the business (remember step 1, the gap analysis), will set up an appropriate plan, and will provide guidance on the way to implement the plan.
3. Training courses
A consultant alone will not be able to do much that sticks in the long run if some people in the company don’t understand the basic concepts behind quality assurance and quality improvement.
Find a few people who will do the implementation support work (writing SOPs, doing internal audits, etc.) and send them to a decent training course. There are many such courses. Some are offered by international companies such as BSI, TUV Rheinland, SGS, etc. and an auditor certificate is issued, but that’s not a must. Focus on the end result you need — people who understand the standard and what they have to do!
4. Certification and ongoing re-certifications
At this point, you need to talk to a certifying body. Again, it is companies such as BSI, Bureau Veritas, SGS, etc.
They will send auditors to the factory and they will deliver the certification if they find it is in compliance. They are accredited as certifying bodies, and they need to comply with ISO 17021, an important standard that ensures they remain impartial.
In step 2, I did not mention those companies. That type of consulting is NOT allowed by ISO 17021 (imagine a company gets paid for helping a client, and then that same company gets to audit that same client for certification – a blatant conflict of interest).
There is a lot to be said about that whole third-party certification process, as I wrote before:
The ISO certification (or ‘registration’) process
An objective of ISO 9001 is to give a common standard for different actors in a given supply chain.
But, how to make sure these different actors really follow that common standard? They can be certified. It sends the signal that they have established a QMS and comply with the minimum requirements spelled out in ISO 9001.
It reduces ‘audit fatigue’ — the need for a company to keep auditing all its suppliers and partners. Get audited once, comply with the standard, and get the certification. That’s the logic at play here.
Who issues those certifications/registrations? A few companies are authorized to do this by the national governing bodies — they are the ‘registrars’.
However, something went wrong in the certification process
The company pursuing certification is the one that picks its registrar. That’s a fundamental issue. Soccer teams can’t pick their own referees, and pigs can’t pick the door enclosing their paddock, and for good reason…
Large international bodies (Intertek, Bureau Veritas, TUV Rheinland, SGS, British Standards Institute, and so forth) try to follow the same standards in China as in other countries.
However, a large number of ‘certificate mills’ — companies that have been accredited and yet don’t fulfil their mission — have popped up, and their certificates are sometimes not worth more than the paper they are printed on.
I should add that this is never “done”…
How did your QMS implementation go, or maybe you’re thinking about undertaking it right now? Let me know by leaving a comment.