A: You are the victim of aggressive marketing campaigns from non-accredited ‘certification bodies’.
These bodies are not accredited by UKAS but, unfortunately, there is no legal requirement for them to be. At least one of these bodies has been successfully prosecuted under the Trade Descriptions Act but the fine was not sufficient to cause them, or others, to cease trading.
The ‘certificates’ sold by these organisations – although they look impressive – are totally worthless, as they will not be accepted by any discerning customer.
John Jeffery has visited two organisations displaying these ‘certificates’ and both failed to meet many fundamental requirements of ISO 9001. They also would certainly not have achieved registration from a UKAS accredited certification body either.
A: This depends on the nature and size of the organisation.
Most accredited certification bodies operate a ‘small business scheme’ offering reduced rates when certain criteria (typically headcount and turnover) are met. A recent survey of some of the larger certification bodies resulted in prices within the range of £3,000 to £6,000 for application, initial certification and ongoing surveillance for three years.
This is obviously only the certification body costs. There could also be other costs e.g. if you wish to engage a consultant.
A: The time can vary on a client by client basis.
Recently I have taken the following organisations to successful registration:
Be aware that the certification bodies have recently had some additional requirements placed on them by UKAS, resulting from the introduction of ISO 17021. One of these requirements is that the initial ‘desktop review’, where the certification body assesses your documented QMS against the requirements of the applicable standard, must now be carried out on-site. Formerly the assessment body had the option of reviewing off-site. This new requirement will invariably result in delays and increased cost.
A: Typically, consultants are engaged to assist with the following:
A: Assuming the organisation already has ISO 9001 then the implementation time depends on the state of the quality management system i.e. how easily can the additional requirements of ISO 9001 be incorporated into the existing management system.
The implementation should only require addressing the specific requirements of ISO 14001, taking less time than ISO 9001 and should also require less consultancy days.
A: They should be competent on the basis of having an appropriate education, training, skills and experience. They should also be familiar with the requirements of the appropriate management system standard. Being objective, impartial and not permitted to audit their own work are also key requirements.
ISO 19011 defines the following personal attributes:
A: Many reasons are quoted but these seem to be the key drivers:
Processes may be considered ‘not applicable to the organisation’ if they are not required by customers, not carried out and the organisation does not have the resources to carry them out. Such processes need to be identified and justified (e.g. within a Quality Manual).
Strangely, the current (2015) standard does not contain any boundaries around what can and cannot be considered ‘not applicable’. However, I have experience of one certification body taking it upon themselves to insist that all requirements must be included within a QMS to the point that it insisted that a distributor/carrier organisation implemented processes for design!
A: You must continue to operate your management system on a day-to-day basis. This must include the internal auditing and management review processes.
You will be subjected to annual or biannual surveillance visits. Generally, a reasonable amount of prior notice will be given. Each of these visits will review internal audits, management reviews and corrective actions. The remainder of the requirements of the standard will be reviewed over the course of a three-year period (a UKAS requirement).
A triennial review will then be carried out to ensure that the entire system has been assessed and that no trends of non-conformance are evident. Some certification bodies include this triennial review within the three year cycle, but some carry out an additional visit.
A: Yes, although very rarely (we have never come across this situation).
Certification bodies are very reluctant to withdraw certification as it means losing a customer (and therefore income). However, if you were to have a major non-conformance identified during an assessment e.g. a total breakdown of a critical process, then you will be required to take corrective action within a reasonable (agreed) timescale.
The certification body would then make a ‘special visit’ (at additional cost to you) to verify the effectiveness of the action. A successful outcome would result in continued certification; a less than successful outcome should result in your certificate being withdrawn. (There is a much easier way to have a certificate withdrawn – just forget to pay your certification body fees!)
A: Go to the UKAS website www.ukas.com. There are approximately 80 certification bodies listed who can offer ISO 9001, and slightly fewer for other management system standards. Each has a schedule of accreditation detailing the types of organisation that they can offer registration to. These scopes can be downloaded as PDF documents.
Select a few certification bodies that have your business activities included within their scope. Contact them and request quotations. Compare the quotations by adding all the costs to obtain an initial registration and maintain it for three years.
The reason for suggesting this method is that the various bodies have different pricing policies. Some charge very little for the initial registration then have high annual costs. Others have a higher initial fee, then charge less for ongoing certification. By taking the total three year cost it is easier to compare them and ascertain who is offering the best value for money.
A: None whatsoever.
This standard is very applicable to ‘high risk’ organisations such as heavy engineering and chemical plants but does not offer many benefits to ‘low risk’ organisations. At the end of the day, every organisation has to comply with relevant H&S legal requirements such as risk assessments, regardless of whether they have ISO 45001.
The drawback for office-based organisations seeking registration is they will be obliged to have things like an incident investigation procedure and will have to analyse accident book entries – neither of which are likely to add any real value to the business.
A: Although many organisations use these packages quite successfully, they are not recommended.
They are limited to a few processes, typically being document control, audit management and corrective & preventative action. These processes can be easily managed by simple in-house systems based on everyday Microsoft Office applications. The off-the-shelf packages tend to be expensive, require frequent (expensive) ‘updates’ and, due to their rigid structure and format, tend to exist as ‘stand-alone’ systems outside the normal business processes.
If you are starting from scratch then yes, they could be useful, but there is a lot more to ISO 9001 than is contained within these packages!
A: All ISO management system standards are very similar in content and indeed have many identical requirements.
An organisation that is adopting the requirements of more than one management system standard would be advised to have one ‘system’ covering the requirements of all the adopted management system standards. This would then avoid duplication of procedures etc.
Note that the term ‘integrated management system’ assumes that all processes are integrated, including internal audit and management review. Some organisations choose not to integrate these processes and their systems are known as ‘aligned management systems’.
A: If you know the certification body, then most have a facility on their website to check their registered clients. If you do not know the certification body then you need to go to the online QA Register (www.quality-register.co.uk).
There is an annual subscription (it is not cheap). Each entry lists the name and address of the organisation, the standard(s) against which it has been assessed and the complete wording of the scope of certification.
The register only includes entries which have been provided by certification bodies that have been accredited by UKAS. The register includes certifications for organisations with sites both within and outside the UK.
Data on the register is fully searchable by the name of the organisation, geographical area, standard and awarding certification body. Keyword searches can also be used to identify organisations providing products or services to the standards listed in the register.
Still unsure of something? Get in contact with John today for advice!