by Randy A. Dougherty
My entire professional career has been in voluntary standards and third-party conformity assessment. I declare this up front because I acknowledge that this gives me a biased perspective and perception about the value of voluntary standards and third-party conformity assessment. I link standardization and conformity assessment because they have been linked throughout my career. The standards establish the requirements, and conformity assessment is the activity of determining conformance to the requirements.
I believe that voluntary standards and third-party certification add value to every party directly involved with them. They also benefit the general public, which may not even be aware of their existence.
Voluntary standards add value in that all parties can influence their requirements. Third-party conformity assessment adds value in that an impartial, competent party makes an assessment to determine conformity or nonconformity to the requirements. However, this value is known only when the third party can communicate conformity through an attestation, such as a certification. (When an assessment determines nonconformity, this is usually confidential between the conformity assessment body and the body being assessed.)
ISO 9001 was first published on 1987. It was revised in 1994, 2000, and 2008. The standard reflects the collective expertise of quality professionals from all industries and from around the world. It advanced quality from a subjective idea to a tangible measurement. In addition, it created the concept of a management system. In the case of ISO 9001, the objective of the management system is the quality of a product or service. (In the case of ISO 14001, the object would be reducing the environmental footprint of an organization, or, in the case of ISO 22000, the object would be safe food.) However, because ISO 9001 describes a generic quality management system (QMS), it cannot be used in isolation to ensure the quality of a specific product or service. Thus, it provides more specific requirements to be included in a QMS for specific products or services.
Third-party conformity assessment bodies are called certification bodies (CBs) or registrars. Certification, by definition in ISO/IEC 17000, is a third-party activity. This is important because the CB’s decisions regarding conformance to standards should be based on objective evidence. Of course, the CB must also be competent to undertake the assessment for others to have confidence in the results. If these conditions are met, an organization’s certification to ISO 9001 should give its customers confidence that the quality of its products or service will be high.
Applied effectively, ISO 9001 contributes to the improvement of the quality of an ISO 9001-registered company’s products or services and helps it become more efficient and successful. However, I emphasize that this is when the standard is effectively applied by the organization.
Certification to ISO 9001 adds value when it’s granted only to those companies that truly conform to all of the standard’s requirements and when certification is denied, suspended, or withdrawn when companies don’t conform.
Certification and ISO 9001
ISO 9001 is the most widely recognized International Organization for Standardization (ISO) standard. More than one million organizations worldwide hold certifications to it. Users around the world have come to rely upon ISO 9001 certification as evidence that potential customers can be confident of the quality of the products or services they provide. They justifiably get upset when they have a problem.
Because of its widespread use and high expectations from users of ISO 9001, the standard and certification have been criticized when these expectations aren’t met. I have been reading about and listening to the criticism since becoming involved with ISO 9001 certification in 1992.
Accredited certification to ISO 9001 can meet users’ expectations when it’s effectively applied by the organization and this is confirmed by an independent, impartial, and competent CB that conforms to ISO/IEC 17021, as confirmed by an accreditation body that conforms to ISO/IEC 17011.
Although most people are sincere and honest, not all are. Human error, competition, and commercial issues can get in the way of effective implementation (some companies simply want the certificate on the wall) or in the way of independent, impartial, and competent conformity assessment (CBs reducing audit durations to lower costs). No standard is perfect. We have to continually improve the standards and the processes by which we operate conformity assessment processes to increase the effectiveness of third-party conformity assessment.
Because I know that users can have confidence in an effectively implemented accredited certification to ISO 9001, I have a passion to improve the systems to meet these expectations. I have found it easy to get involved… in fact, too easy. Usually all it took was opening my mouth to say that something must be done and I found that I was assigned to a group to do it.
Improvement actions ramped up in a big way around 2002 when the ISO 9000 Advisory Group (IAG) was formed and jointly chartered by ISO/TC 176 and the International Accreditation Forum’s (IAF) Technical Committee. At the time, the concern was the delay in companies transitioning from ISO 9001:1994 to ISO 9001:2000. Although many felt the delay was due dissatisfaction and disillusionment with accredited certification to ISO 9001, in retrospect I think it was delayed by the economy, which was not so good back then. As the economy was bouncing back and the deadline was approaching, companies refocused efforts on becoming re-certified to ISO 9001:2000.
However, using the cause-and-effect diagram the examination process created of potential causes (and I emphasize this because the ISO 9000 Advisory Group never undertook a validation process), the IAG initiated actions at ISO and IAF to improve the standard and accredited certification.
One was promotion of the concept that “Output Matters.” This became the subject of many published articles by leading experts from ISO/TC 176. This concept was also embodied in the IAF Strategic Plan. The culmination of this is the recently published joint ISO and IAF Communiqués on Expected Outcomes for ISO 9001 and ISO 14001 (go to www.iaf.nu to read it).
Working Group (WG) 21 of ISO’s Conformity Assessment Committee (CASCO) undertook a separate initiative. This was the development of ISO/IEC 17021, the standard of requirements that apply to bodies that audit and certify management systems. The work started out to transform ISO/IEC Guide 62 for QMS CBs and ISO/IEC Guide 66 for EMS CBs into one standard for management systems CBs. It expanded its efforts to include new requirements to address some of the perceived or proven weaknesses in past conformity assessment processes and practices, including better controls on impartiality.
ISO/IEC 17021 was published in September 2006, and ISO and IAF agreed upon a transition period of two years. The transition was completed on schedule; globally, 68 CBs had accreditation withdrawn or suspended because they didn’t comply with it by the deadline of September 15, 2008.
The IAF-ISO Action Plan, which was formalized late last year, includes several specific actions that had their roots in the discussions by the IAG and the IAF TC re-engineering task force. These include some proposed new tools and techniques for accreditation oversight of certification. One proposal is the identification and measurement of indicators of performance that CBs periodically report to accreditation bodies. Another proposal is for direct market surveillance (i.e., validation audits) by accreditation bodies.
Further improvement of certification is underway with development by ISO/CASCO WG21 of a second part to ISO/IEC 17021 to improve the management of competence and CBs’ management of audit processes. The goal is to publish part two in late 2010 or early 2011.
It’s easy to become disillusioned and discouraged by the continuing criticism about accredited certification to ISO 9001, but with all the actions that have been taken and those still in development to improve it, I am optimistic about the future.
About the author
Randy A. Dougherty is vice president of the ANSI-ASQ National Accreditation Board (ANAB). He oversees the activities of a staff of five and 25 contract assessors. Dougherty holds a master’s degree in public health administration from the University of Michigan in Ann Arbor and earned his bachelor’s degree from Lake Superior State College.
Dougherty has more than 30 years of experience in third-party conformity assessment. He was the president and CEO of NSF-ISR Ltd., from 1996 to 2000. He was employed by NSF International, an ANSI-accredited standards-development organization and third-party product certifier, from 1975 to 1996.