Frustrations with the ISO9001-2008 certification process

Dear gentle readers,

Today’s post is going to be a bit of a rant. I have been involved in the implementation and management of quality systems for over 25 years. Every once in a while something happens that makes me think I’m just bashing my head against the wall, wasting my time. Such an incident occurred last week.

I was called in to do the annual internal audit for a very small metal services company here in Southern California. I had helped to implement ISO9001-2008 at this company 3 years ago, and I was on hand during their initial registration audit to make sure things went smoothly, which they did.

As anyone familiar with the ISO9001-2008 certification process will tell you, it’s one thing to implement an ISO9001 quality management system, but it’s something altogether different to keep it up over time. It takes some work. It takes some time. ISO9001-2008 certificates aren’t supposed to be handed out to anyone who ponies up the thousands of dollars charged by ISO registrars.

Unfortunately there are quite a few companies out there that really want to have a pretty certificate on the wall, but don’t want to do the work required to keep the certificate. And here’s the worst part: Apparently there are auditors out there who do such a bad job of auditing that they let companies keep their certificates, even when it’s painfully obvious the companies have made almost no effort in maintaining their quality system.

My client called me in to do an internal audit. I hadn’t seen them in 2 years, so I was curious as to what I would find. Now, I won’t say the company had done nothing in the past 2 years. After all, they did write up one corrective action in that time. They had also done an internal audit and a management review. The internal audit did note some nonconformances, however no corrective actions were written. The management review was rudimentary and did not cover all topics required by the ISO9001-2008 standard.

The funny thing is, the auditor sent by the registrar last year either didn’t bother to look at the company’s records, or he ignored how incomplete they were. The registrar’s auditor did not write a single nonconformance.

During my internal audit I wrote 9 nonconformances. The previous auditor, sent by the registrar, had done such a poor job that I am contemplating sending a letter to the registrar to tell them what I found. Maybe the registrar doesn’t care. Maybe they’re primarily interested in getting paid, and their integrity has gone out the window.

I realize that the ISO9001-2008 certification process is a business. But when I see such a lack of integrity, and such shoddy auditing, it really makes me question the point of the entire process of quality system certification.

Similar Posts:

One Response to “Frustrations with the ISO9001-2008 certification process”

  1. Rolando says:

    I found the articles posted to be very helpful especially to young QMS like ours. I just wish there will be more articles covering educational institutions. Thank you very much.

Leave a Reply