A few years ago I attended a training to become a certified ISO 9001 Lead Auditor. At that time I had already been auditing chinese suppliers and asian manufacturers for several years based on this standard but I wanted to make sure I understood very well and very deeply the standard so I took a formal training.
I eventually got the certification being passed but this was not the most important. The most interesting was actually what I learnt during the training about this ISO 9001 standard: its real weaknesses . Some things that many people simply ignored.
In the mindset of most of people, the words "ISO 9001" immediately trigger the synoym "quality" or "product with guaranteed quality". I heard several clients and prospects telling me : " I need you to source me a manufacturer with ISO 9001 certification because I want to make sure the quality of my products". Yet, if you take the time to decipher the ISO 9001 standard documentation you actually find out that there is a general misunderstanding about what ISO 9001 standard is.
I was relatively shocked by what I learnt during the training session and by what I discovered. I then understood why ISO 9001 certification simply doesn't guarantee or even has no relationship with product quality.
Below are a few points I want to mention which will help you to understand why a supplier being certified against ISO 9001 standard doesn't guarantee you a product without quality issue.
ISO 9001 doesn't say the process is performing well
As I said earlier, one of the biggest misconception or misunderstanding of ISO 9001 is to assimilate the acquisition of standard certification by a company to the product quality standard that a company deliver. This is a mistake to think so because the standard doesn't have influence on product quality itself, it only look at the company internal behavior and its related organization. Indeed, what the ISO 9001 standard say is that :
- there is a process approach via an established documentation about processes. It doesn't say the established documentation is adapted this process
For example, if a manufacturer got a production line being certified for the assembly or TV, the auditor will check if there is a documented process for assembling TV. However, the auditor will not take any opinion wether the assembling steps are performed in the right order to assembly the product.
- there is traceability being established on the documentation with versioning. It doesn't say this versioning is well adapted to avoid mistake
For example, if a company use a versioning writing on his documentation being 3-1-4-5-2 instead of a logical 1-2-3-4-5 (which would reduce risk of mistake) then the auditor would still validate this point as passed
In short, ISO 9001 certification means the supplier has established a controled organization among its business process. It doesn't mean those controlled process are appropriately controled and adapted to deliver a product without defects.
The certification may apply only to a restricted scope
Something that most people ignore is that when you apply for ISO 9001 certification, you have to mention which part of your process you want to certify. Some companies decide to certify their whole process and whole business units (procurement, finance, engineering and product development, manufacturing, sales, marketing etc...) whereas other companies will restrict their certification only to a small parts of their business process (manufacturing).
For example, a manufacturer A could decide to get only its packaging process certified, whereas a manufacturer B could decide to get his whole engineering (design, prototyping, testing) and manufacturing business unit(including inspection, assembly and packaging) being certified. In both cases certification is issued but not the same processes have been awarded with ISO 9001 certification. Auditing a full engineering and manufacturing process take much more time to prepare and to audit than only a packaging process, hence the cost for the certification is also higher in the case of manufacturer B than in the case of manufacturer A.
So, next time a manufacturer tell you they are ISO 9001 certified, ask them on which business scope their certification applied.
|Here the scope is extremly detailed and the term design and development are not equal||Here the scope is also detailed but the term development doesn't appear.|
|Here only the term manufacture is included in the scope of this chinese factory|
For many supplier, certification is like an exam
Although one of the pilar of ISO 9001 standard is a "continuous improvement", there is actually no real quantification of this continuous improvement or simply of maintaining it after certification is acquired. Of course, the most serious and the most structured company will really implement the standard, but many will just prepare to get it the same way sometimes you prepare an exam. Like everywhere you have people who work to pass exam, and you have some who work to learn something they can really use later in their daily working life.
When a company get certified, his certification get validity for 3 years. After those 3 years they have to do a recertification. Normally, they get audited annualy by the certifier to make sure the quality management system is still implemented. Yet, without one year many things may happen, particularly deviation in the processes or in the controls. Audit are usually announced in advance so the supplier have time to make and put everything in order at D-1 before the audit. It doesn't mean everything was in order and running properly at D-2.
So, in short a supplier can pass the certificatin but it doesn't mean the skills/ process and organization are maintained over the time.
avoid-china-auditor-bribery-corruptionIn the audit and inspection industry, we all know some companies are specialized to get their auditors to deliver certifications against an "envelope". This is not only specific to ISO 9001 certification, I heard it apply to many different certification standard. What I heard is that briberies particularly takes place when there is a potential big order which can be seized by the supplier if he pass the certification (I particularly think about some retailer audit). My personnal thinking about bribery issues is that westerners are much less inclined to accept them than asian auditors. Don't get me wrong, not all asian auditors are corrupted. However, it seems the envelope methodology is quite cultural and much more accepted as "normal" in Asia than in Europe or in the USA.
Yes, you are reading well, some certifications can be "bought". So, what to think about those certification really ?
Certification doesn't equal proper implementation
We may think that because a supplier is certified, then he is in good shape. Yet, I have seen many supplier being certified against a Quality Management System but not really implementing it. For example, they will have a heavy pile of sheet of paper with template sleeping in a binder in a shelf, but those documents are actually never used, never even read. They have been printed and placed in a binder just to show to the auditor the day of the audit.
When I got my training done, I remember what the instructors said : "If they have a documentation, then they have it. As an auditor, you can not challenge the organization on the usage of this documentation". I was shocked, because when I audit, I usually attempt to verify if the suppliers really implement what they claim.
There is a real difference between implementation and certification.
In Asia, and particularly in China, many supplier see an ISO 9001 certification like a marketing and sales tool rather than like a way to really improve their organization by living and breathing the standard.
For all those reasons, you can understand now why a supplier being certified against ISO 9001 standard simply doesn't guarantee you a product with quality and without defect. When I select and qualify a supplier, I would prefer to use a supplier who doesn't have an ISO 9001 certification but who have a real implementation of a Quality Management System (QMS) in place which I can see they really implement on a daily life, rather than a supplier who got a paper writen ISO 9001 issued from a company XYZ but not implementing really a QMS.