The CQI policy on third-party certification to ISO 9001

The CQI position - third-party certification to ISO 9001


Third-party certification to ISO 9001 is a frequently specified requirement to participate in the global market place and it has significantly reduced the multiple second-party audits that organizations are subjected to by their customers who have accepted third-party certificates as evidence that their suppliers meet the requirements of ISO 9001.

For purchasing organizations:

  • Third-party certification to ISO 9001 is not a guarantee that a supplier will provide the quality of service or product specified by customers.
  • Third-party certification to ISO 9001 should provide confidence that the supplier has a management system that is focused on consistently providing their customers with conforming products and services. However, there is still significant variation in the quality and value of third-party certifications carried out by the various certification bodies across the world and for this reason some purchasing organizations have reduced confidence in ISO 9001 certification*.

For certified organizations:

  • Third-party certification can provide a level of confidence to customers that you have a management system focused on consistently providing your customers with conforming products and services and is often a base requirement for supplying.
  • Third-party certification can provide an outside view of your organization's ability to consistently satisfy customers and continually improve.

The issues

The CQI believes that:

  1. When purchasing goods and services organizations must evaluate the risks associated with poor quality and late delivery and use the most appropriate and cost effective measures to manage their exposure to these risks. For certain risks simply specifying that a supplier must be certified to ISO 9001 will be adequate but for the supply of products or services where the risk is high additional measures may need to be specified, e.g. supplier evaluation, demonstration of process capability, surveillance or inspection, etc. Where the risk is low no risk management measures may be needed.
  2. Organizations should be aware that ISO 9001 certification does not address the integrity issue, i.e. if a supplier is dishonest in their dealings with customers, having an ISO 9001 certificate will not guarantee to change this approach.
  3. The current certification model exhibits potential conflicts of interest that have not been adequately addressed, e.g. organizations that simply want a badge on their wall may seek the cheapest certification body with the most lenient interpretation of the requirements of the standard or when faced with withdrawal of their certificate organizations may seek alternative certification bodies that may interpret the standard to their advantage.
  4. Standards within the global certification industry are very variable with certification bodies applying a wide variety of interpretations of the standard and auditors having widely differing competencies in various parts of the world*.
  5. Certificates issued by unaccredited certification bodies or CBs that have not been accredited by a national accreditation body that is a member of the IAF may not meet their customers' requirements.
  6. No certification body should provide both QMS implementation consultancy services to an organization and certify their QMS.

The CQI acknowledges that:

  1. Governments around the world are acting to resolve local problems concerning the variability of accredited certification*.
  2. The ISO 9000 series of standards is the result of cooperation between a significant number of countries' national standards bodies and that all of these have 'national positions' which have had to be negotiated and harmonized during the process of developing and up-dating this series of standards.
  3. Specifying the requirement for micro-enterprises to be certified to ISO 9001 may not be the most appropriate way to manage the risk of receiving non-complying products or services from them. The CQI has developed the CQI small business standard to provide such organizations with a basic management system model and an evaluator to undertake a self assessment against the small business standard. Asking micro-enterprises to submit a self assessment or an assessment by the local chamber of commerce against the small business standard is an alternative approach to managing the risk.

Note: * Reference to accredited certification refers to certification undertaken by certification bodies that are accredited by members of the IAF unless otherwise specified. See also the CQI policy on accredited certification for more detail.

The CQI advocates that

Government:

  • Supports and promotes the use of accredited certification in all instances when purchasers specify 'certification to ISO 9001' whether within the public or the private sectors.
  • Adopts the quality management and risk assessment principles throughout government procurement and implements the associated decision-making processes.

Accreditation bodies:

  • Address as a priority the issue of the significant variation in the quality and value of third-party certification carried out by the various certification bodies across the world*.

Certified organizations:

  • Do not select their certification body solely on price, but assure themselves that the proposed certification service includes sufficient appropriate resources (competent auditors and adequate auditor days) to provide confidence that the management system is delivering value.

Procurement professionals:

  • Adopt the quality management and risk assessment principles as fundamental to their procurement policies and the associated decision making processes.
  • Always specify certification by a certification body accredited by an IAF member (e.g. UKAS) when they have identified 'certification to ISO 9001' as one of the risk management criteria required for selection of the product or service that they are specifying.

Management professionals, quality professionals and quality management consultants:

  • Promote the appropriate use of accredited third-party certification as defined in this policy.

The CQI

Will work with government, procurement professionals, management professionals, quality professionals and quality management consultants to:

  • Periodically review and update this policy
  • Encourage the effective implementation of this policy
  • Periodically report on the implementation of this policy to all stakeholders

CQI Policy

T: + 44 (0) 20 7245 8510
F: + 44 (0) 20 7245 6788
E: rchrystie@thecqi.org
CQI: www.thecqi.org
IRCA: www.irca.org

My CQI

Please log in to access CQI member services, update your details and pay subscriptions

Log in Register

See Also

About the CQI

The CQI (previously the Institute of Quality Assurance - the IQA) exists to provide leadership, education and assessment in the field of quality in the UK and globally.

The CQI's 10,000 members and IRCA's 14,000 certificated auditors are located in over 120 countries making it the leading international quality membership organization and the largest international auditor certification body in the world.

Find out more