What is ISO 9001 Certification?

Some customers require their suppliers to be ISO 9001 certified because want assurance that their suppliers have a basic, formal QMS (Quality Management System).

When researching ISO 9001 certification, many people are surprised to learn that ISO (the International Organization for Standardization) does not provide ISO 9001 certification! In fact, ISO 9001 was NOT written with certification in mind. Instead, the certifications are provided by independent “Certification Bodies” (CBs). And there are two types of CBs, accredited & non-accredited.

• Accredited CBs operate in accordance with the requirements on an accreditation body (e.g., ANAB), primarily specified in ISO 17021-1. This accreditation provides credibility and confidence that their Certification will be recognized by those customer(s) invoking the requirement to be certified (often driven by governments or multi-national corporations and “flowed” down through their suppliers). Accredited CBs are more expensive because they must pay to maintain this accreditation. And, if selecting an accredited CB, you should ensure that CB holds accreditation from an internationally recognized body. For example, ANAB (ANSI National Accreditation Board) is recognized by the International Accredited Forum (IAF).
• Non-Accredited CBs operate with complete independence and no oversight. While non-accredited CBs are typically far less expensive than accredited CBs, their credibility is limited to their reputation. The absence of oversight creates a lack of confidence… resulting in a significant risk that certificates issued by those CBs will not be accepted/recognized by customers invoking the requirement for certification.

After selecting a few Certification Bodies (CBs), the first step in the certification process is to obtain a formal quotation (covering a 3-year certification period). The CB will require you to provide information that typically includes:

• The desired “scope” of the certification, including any exclusions (e.g., specific processes, product lines, services) for EACH site covered by the certification (Ref. The free ISO 9001 Auditing Practices Group “Guidance on Scope and Applicability”)
• Identification of any “outsourced” or “subcontracted” processes (e.g., heat treating, chemical processing, coating, welding, brazing, destructive or non-destructive testing)
• The physical address(es) to be covered by the certification (audits of multiple sites may be based on a sampling of the locations rather than 100%)
• If certifying more than one site, the CB will need to know the “central location” from which the QMS is being administered (typically the HQ)
• The number of personnel (by Shift) performing quality-related activities covered by the scope of certification at each site (incl. full-time, part-time, contractors & seasonal workers)
• Language(s) spoken at the sites (which may necessitate a translator).
• Identification of any quality-related statutory or regulatory requirements applicable to the products and/or services provided (e.g., ITAR)

The quotation should include a mandatory “Stage 1” audit (sometimes called a “Document Review”), where an auditor will ensure that your company is prepared for the certification audit (Stage 2). This includes but is not limited to, ensuring that you have the required documentation (e.g., scope, quality policy, quality objectives), and have completed at least one full internal audit and one management review.

The “Stage 2” audit covers the entire QMS that YOU specified in your certification scope. The “Stage 2” audit normally takes place 15-30 days after the “Stage 1” audit… but can be scheduled later than that if you need additional time to finalize implementation.

The “Stage 2” audit will be followed by annual “Surveillance” audits (coving approx. half the applicable standard) for 2 years. This completes the first 3-year certification cycle.

After completing the first 3-year cycle, the contract with the CB must be renewed.

Upon renewing your contract with your CB, a re-assessment will be scheduled and performed covering all of the applicable requirements of the standard. This will be followed by two (2) “Surveillance” audits… and the process repeats.

At any point after your initial certification, you can “transfer” to a different CB… for any reason.

If you “transfer” during your “Surveillance” period, the new CB will need to perform a “Special Audit” to verify that all of the previous nonconformities (identified by your current CB) have been closed.

If you “transfer” during your “Surveillance” period, the new CB will need to perform a “Stage 1” audit (essentially re-creating the “Initial Certification” process).