Feedback mechanisms around the use of ISO 9001

In support of some work taking place in TC 176, I did some research into feedback mechanisms and have reproduced a summary below.

Feedback on ISO 9001 text

If you are interested in contributing to the development of ISO 9001 or have any questions about its use they are your first point of contact.  There are many National Standards Bodies (NSB) participating in the work of ISO TC 176 and, in particular, those that participate in developing ISO 9001 may have their own national committee that mirrors the work of ISO TC 176 / SC2. The list of NSBs – is available on the ISO web page for TC 176 SC2 here.

If, as a user of ISO 9001, you have a question about the interpretation of the standard requirements you can take this up with any certification body or other user (see the section on ‘Concerns with certification’ below). If you are unable to find the resolution of your query you may take this up with your NSB. Any NSB may submit a request for interpretation to TC 176 SC2 of any requirement of ISO 9001. NSBs should refer to the Guidance on the interpretations process and apply for an interpretation using the “Request for an Interpretation” form.

ISO TC 176 SC2 operates the interpretation process for the requirements of ISO 9001. A Working group considers any requests for interpretation submitted by any participating NSB and will provide the opinion of the ISO/TC 176/SC 2/TG 4 experts’ evaluation of the request for interpretation. These results are published on the ISO TC 176 website – here.

Claims of ISO 9001 certification

ISO impartiality

ISO is an organisation that develops International Standards, including for management systems. Management systems standards such as ISO 9001 and ISO 14001 may be used for certification but ISO is not involved in their certification and does not issue certificates. This activity is performed by external certification bodies. For this reason, an organization cannot be certified by ISO and should not claim to be ISO certified.

Through ISO’s Committee on Conformity Assessment (CASCO), ISO produces a number of standards related to the certification process, which are then used by certification and accreditation bodies. Follow the link to read more about CASCO Standards. There is more information on the CASCO standards in sections below.

This information is copied from ISO’s web pages. The original text can be viewed here.

The role of certification bodies certifying an organization’s QMS to ISO 9001

TC 176 activities related to certification

CASCO liaison

Although ISO and TC 176 are not involved in certification we recognize the need for consistency in the use of ISO 9001 for quality management system (QMS) certification.

TC 176 maintains active links with ISO’s Committee on Conformity Assessment (CASCO) providing feedback from TC 176 members on the effectiveness of QMS certification with a view to ensuring ISO’s portfolio of conformity assessment standards for QMS certification are fit for purpose. The main CASCO standard for QMS certification bodies is ISO/IEC 17021-1:2015 – Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements.

Also note that ISO/IEC 17021-3: 2017 Conformity assessment — Requirements for bodies providing audit and certification of management systems – Part 3: Competence requirements for auditing and certification of quality management systems is a requirement for certification bodies certifying an organization’s QMS. This standard outlines competence requirements for CB personnel involved in the process and will provide further requirements you may expect to be applied by any credible CB, particularly those accredited by IAF members.

Through its liaison with CASCO TC176 believes the ISO 17021 standards are fit for purpose. We continue to work with CASCO to feedback the TC 176 position. If you have any questions please feel free to contact me and I will pass the comments on.

Auditing Practices Group

A number of guidance papers on the auditing of quality management systems can be found on the website of the ISO 9001 Auditing Practices Group. These have been developed by a group of quality management system experts, auditors and practitioners from ISO/TC 176 and the International Accreditation Forum (IAF). Although they are not requirements for the accreditation of certification bodies offering certification to ISO 9001 we believe these papers represent good auditing practice and may be used as an expectation of certification body auditors. If you have any questions about the APG papers and their use you should include these in discussion with your auditor, CB and AB in the sections below covering concerns with assessment and certification.

IAF liaison

TC 176 maintains an active liaison with the IAF and provides feedback from TC 176 members on the effectiveness of QMS certification with a view to ensuring that IAF’s oversight of QMS certification helps improve and maintain the credibility of the scheme and provide customers and consumers with confidence in products and services provided by certified organizations. This section looks at the role of the IAF with particular application to QMS certification bodies.

Accreditation bodies are established in many countries to ensure that QMS CBs are subject to oversight by an authoritative body. The IAF maintains a list of member accredited bodies – here. Each AB maintains a list of accredited QMS CBs. This list is often available on the AB website. Some ABs also maintain a register of organizations certified by CBs that they have accredited.

Note there are some certification bodies operating outside the IAF framework. These CBs may, in turn, be ‘accredited’ by an accreditation body that is not a member of the IAF. TC 176 has no influence in these areas and cannot offer any recommendations for how to manage any concerns.

Concerns with QMS certification

This section is broken down into 3 areas:

• You have concerns with your assessment or certification to ISO 9001
• You have concerns with a provider of products or services including any claims of certification to ISO 9001
• You have concerns with another ISO 9001-based certification scheme

You have concerns with your own assessment or certification

If you have recently had an assessment and have concerns with the process as it has been applied to you the process can be managed through a series of steps with each step considered and escalation on the previous step(s). In this section, we concentrate on accredited certification of quality management systems. Some of the activities may relate to other management systems standards such as ISO 14001 and ISO 45001. Further information may be available on the IAF pages covering feedback and complaints.

• Raise it with the auditor concerned, ideally at the time of the audit but, if not, as soon as possible afterwards. All auditors, whether full-time or contractors are bound by the policies and processes used by their CB employer. If you have concerns also ask them if they are certificated by an auditor certification body such as Exemplar or CQI/IRCA. If they are they will also operate to a code of practice. Where you feel a nonconformity is not justified you should explain why and refer them to your understanding of the requirements of ISO 9001 and also you may reference the APG papers covered above.
• If the individual auditor does not appear to take your concerns into account and you still believe a nonconformity is unjustified or have concerns about the conduct or outcome of an audit you should raise this with the CB concerned. Under ISO 17021 – 1, all CBs are required to maintain an appeal and, separately, a complaints process. Provide the CB with any supporting evidence including any requirements of ISO/IEC 17021 – 3 that you believe have not been met and any links to relevant guidance such as APG papers or TC 176 interpretations that cover the area in dispute.
• If the CB is not responding to your query about an individual auditor or you have concerns with their decision contact the relevant auditor certification body. Both Exemplar Global and IRCA maintain registers of their certificated auditors.
• If the CB is not responding to your query about the audit, or you have concerns with their decision contact them again and make it clear to them that you would like to have the query logged into their complaints process as required under ISO/IEC 17021 – 1 and that you plan to contact their accreditation body to escalate the complaint.
• Contact the accreditation body responsible for accrediting your CB and ask them to investigate your query. Provide them with as much information as possible. I recommend you allow them to disclose your information when investigating with the CB concerned, this allows them to proceed directly with the CB with the knowledge that a complaint has been raised and that they will be investigating based on your escalation of the complaint to them.
• If you have some concerns over the role of the AB and they do not satisfactorily resolve your concerns then you can establish whether the AB is a member of an IAF Regional Accreditation Group. These groups exist to recognize the equivalence of their members’ accreditations. The AB complaint can be escalated to the region.
• The final escalation process is to the IAF itself. The IAF has overall accountability for the effectiveness of accredited third-party quality management system certification and operates a code of conduct for its members. Contact them with full details of the complaint and let them know that you are dissatisfied with the findings of the relevant AB.

You have concerns with a provider of products or services including any claims of certification to ISO 9001

If you have a concern with a supplier of products and services and the organization claims to have ISO 9001 certification there are several stages to dealing with the concern. You can establish whether the organization holds ISO certification by contacting them. Some organizations holding accredited certification are listed on the IAF Certsearch database. Individual accreditation bodies may have their own databases.

• Firstly, notify the organization that you are not satisfied with the product(s)/service(s) provided. They should accept your feedback and look to remedy the situation.
• If the supplier organization does not appear to take your concerns into account or is not prepared to remedy the situation and you have concerns that their certified quality management system is ineffective, then you should raise this with the CB that has certified their quality management system. Provide any supporting evidence including any requirements of ISO 9001 that you believe have not been met and any links to relevant guidance such as APG papers or TC 176 interpretations that cover the area in dispute.
• If the CB fails to investigate and/or does not satisfactorily resolve your complaint use the escalation process(es) outlined above to involve the AB, Regional AB group and the IAF.

You have concerns with an ISO 9001 based certification scheme

There are other certification schemes that use ISO 9001 as a base document. Some of these are listed below:

• AS 9100 – The scheme is managed by the IAQG and they maintain a list of approved CBs. IAQG approved CBs are all accredited by IAF members so the feedback and complaints system is similar to those outlined above.
• IATF 16949 – The automotive industry provides its own oversight for CBs auditing automotive suppliers to the requirements of IATF 16949. They publish a list of IATF approved CBs. Initial query resolution and complaints follow the same process as above. Once the CB has finished its investigation any outstanding queries have to be taken up with the appropriate IATF Global Oversight office.
• TL 9000 – the Quality Management System standard is intended to meet the supply chain quality requirements of the worldwide telecommunications industry. TIA QuEST Forum maintains a list of Accreditation Bodies and Certification Bodies approved under the scheme. The feedback and complaints process is the same as for ISO 9001 assessment and certification. Additionally, TIA QuEST Forum maintains an anonymous feedback system for the assessment process.

ISO/TS 22163 – the standard has been designed for the rail industry and oversight of the IRIS certification scheme is currently provided by IRIS. They maintain a list of approved CBs and of organizations certified under the certification scheme. Initial query resolution and complaints follow the same process as above. Once the CB has finished its investigation any outstanding queries have to be taken up with IRIS.