How to choose your ISO auditor
My client made a face. "Does it matter?" Kate asked. "They're all pretty much the same, aren't they?"
It's a common belief, but very mistaken. Who to choose as your auditor is, after deciding to "go for ISO", a very important decision. The proper name is ‘certifier’ or ‘registrar’ (different countries prefer different terms). No matter which, they are the organisation that audits you against the Standard and decides if you meet it.
Like Kate, many people don’t understand what they do, let alone how important they are.
Why? Because you're going to have a business relationship with the certifier, and particularly the person they assign to your company as Lead Auditor. They interpret the Standard(s) and the requirements. They inspect and test your system against the requirements you want to be certified for. And decide if your system measures up – ie, meets the requirements. So the decisions they make will affect you a lot, not least in whether you achieve (or continue) your certificate.
I suggest you consider and compare at least 2, preferably 3. And before you choose one, think about what you need, and which criteria are most important for you. Don’t just go with the one with the logo you remember, or the most well-known name. How do you find them? Like any other supplier: phone book, ask other people, ask consultants, search the web.
Pre-qualifying
Before you put anyone on your list to consider, you need a yes to these 2 questions:
a. Are you accredited by a signatory of the IAF?
b. Are you qualified to audit in our field?
a. Accreditation
Make sure they are accredited by a signatory (member) of the IAF (International Accreditation Forum). That ensures they meet the required standards, follow protocols, & are subjected to controls by the Accreditation Body, including regular audits to verify they are meeting requirements.
In Australia, the accrediting body is JAS-ANZ, in the US it's ANAB, in the UK it's UKAS in the UK, and so on. (If you want to know more about why it’s a good idea, ask. For now, just take my word for it and don’t consider anyone who isn’t!)
b. Qualified
To ensure your certifier is competent to evaluate your company, certifiers are accredited to specific scopes. There are 39 defined by the International Accreditation Forum. Again, don’t consider anyone who isn’t!
Once qualified, you can ask more specific questions, depending on your particular needs. Here are 9 suggestions:
1. Approach
What’s their approach and philosophy to the area you want certification for?
I believe this is the most important factor to assess. If it's ISO 9001, you want and need an organization whose approach and philosophy to quality is compatible with yours. For example, are they focused on risk and importance, or on conformance and process? What does their organization say about itself? What are they like to deal with: in person, on the phone, via their website. Do they publish anything official? How long have they been accredited? You want someone who’s been around for a while, and is likely to remain.
2. Price
Ask for an all-inclusive quote for the full 3-year cycle of your registration, detailing precisely what is included. Before you get this, most certifiers (and all good ones) will need specific information from you.
Then you can compare pricing, and consider all costs. In my experience, you get what you pay for. The cheapest possible price isn’t necessarily the best.
Do note that different companies charge differently, so make sure you evaluate them against the same criteria. Don’t assume they all do exactly the same thing, the same way. Check particularly:
- Does the quote cover everything required for the 3-year period?
- Do they bill for travel time? Travel expenses (if any) will be billed, but check travel time isn’t also billable.
- Is there any extra not included, that you would be charged for? If it’s mandatory, it should be included in the cost. An example of non-mandatory would be a ‘desk audit’ of your documentation before the audit: if you have it, they charge separately. If you don’t, no charge.
- Are there any extra costs involved in using their certification mark / symbol on your company material? Any restrictions or particular terms of use? If so, what are they? If your MD intends to use the logo post-certification in a way they won’t permit, better to know this now.
3. Schedule
How flexible is it? Can they fit in with your expected date? If time is very short, put this high on your list.
4. Their People
What kinds of auditors do they have? How do they train them? Ensure they remain up to date with changes and developments? Do they have an auditor in your area? Travel expenses add significantly to cost. With a local auditor, it isn’t an issue, and may also help with scheduling.
Can you meet your Lead Auditor beforehand? (If not, why not?) The person assigned as your primary (lead) auditor is very important – you need to feel comfortable with them, so you should at least be able to talk by phone, even if not in person. If you don’t hit it off to begin with, it rarely improves.
5. Differences
What happens if you have a difference of opinion with their auditor, or aren't happy? (It happens) Is there anything beyond the strictly formal appeals process? For example, a technical audit manager, to ensure differences are resolved constructively and effectively?
6. Major nonconformance
You hope not to get one of these (and won't if you use Mapwright). But if you do, how do they handle these? Most certifiers require a special visit takes place (which you are charged extra for) to verify your corrective action.
7. Support
Do they offer technical support that you can access if needed? (If you’re using a good consultant, this is unlikely to matter to you.) Remember the certifier cannot consult to you, or advise you that ‘if you do x, then you’ll definitely pass’. This would be a breach of ethics and conflict of interest.
But they can provide some limited guidance, eg, indicate if you’re on the right track or not. And if you’re going it entirely alone, then you may want all the help you can. When a question comes up about how to interpret a particular requirement, for example, you’ll need some informed guidance.
8. Other
- In their certification contract, do they have any additional requirements for the management system beyond those in the Standard (eg, ISO 9001:2000)? If so, what (because when you sign their contract, you agree with whatever is in it, so check first).
- Can you choose only one or two accreditation marks on the certificate? Some have multiple accreditations and bill you for each accreditation mark, whereas mostly you only need those for the country or countries you do business in.
- Has their accreditation ever been suspended or revoked? If so, why and what occurred?
- How long (on average) would you expect to wait for their audit report to be delivered?
9. Other People’s Experience
Talk with other certified organizations, perhaps key customers, other companies in an allied field. Contacting customers means you can publicise your plan for certification. They may have a strong preference for a particular certifier, and if everyone in your particular field is certified with Bloggs, perhaps you should too.
These questions have all focussed on the certifier as a company. But for most of the time, you’ll be dealing just with one main person: ‘your’ auditor. It’s critical you are comfortable with them. I’ll write more about that in another article.
May you flourish & continue improving.
~~~~~~~~~~~~~~~~~~
Jane Bennett is a quality management consultant, a business coach and author of the 'DIY ISO 9001 Pack'. www.mapwright.com.au
~~~~~~~~~~~~~~~~~~~
Need to get ISO 9001 but don't know how? Tired of struggling with it?
You can get ISO 9001 fast, without spending a fortune. Click here>
** Ezine editors / Site owners ** Feel free to reprint this article in its entirety in your ezine or on your site so long as you leave all links in place, do not modify the content and include my resource box as listed above. If you do use the material please send us a note so we can take a look. Thanks. © Mapwright Pty Ltd
posted by JaneB at 6:21 PM
<< Home