Do companies still require ISO-9000 certification from their suppliers?

Factual Questions
1

Saw this post and it got me wondering:

Based on my observations, a *lot *of companies obtained ISO-9000 certification in the late 1990s. But it doesn’t seem as big of a deal today; I don’t see the “We are ISO-9000 certified!!” banner in nearly as many advertisements as I used to.

Is the number of companies w/ ISO-9000 certification declining in the U.S.? If so, why? Was it a fad that ultimately proved to be a worthless endeavor? Do buyers for large manufacturers still require ISO-9000 certification from their suppliers?

2

Well, one requirement of ISO certification is evaluation of your suppliers. The way most ISO-certified companies (be it 9000 or 14000) do it is through a questionnary, where the first question is along the lines of

  1. Are you 9000/14000-ISO certified? If yes, go to the last page, date and sign. If no, continue answering.

The next few questions may ask about similar certification systems (but only if the person who wrote the questionnary didn’t copy it wholesale); the rest are the same questions someone would be asked as part of their own certification process.

In the automotive industry it’s common to require QS9000 certification; I’ve had recent clients who were installing SAP because a large prospective client refused to buy from them until they had it. But those requirements are private; the general public doesn’t know the difference between EFQM, ISO9000, QS9000 and an Acme portable hole; most people don’t care what management software a company uses.

The certification “stamps” are there for the general public; they’re not linked to requirements from your clients, they’re a way to mislead people into believing that since you got a certification, your quality (not your quality management system) is superior to that of your non-certified competitors. Once everybody in a sector is certified, it loses a lot of value.

So,

  1. many companies do not require ISO certification from their suppliers, but being certified once every couple years can be more cost-effective (without getting into other advantages) than filling several dozen questionnaries every year;
  2. using the stamps as part of your publicity is done only so long as it’s perceived by your target public as a differential advantage;
  3. those companies which have requirements for their suppliers can have all sorts of requirements (someone mentioned in another thread a county which requires specific colors for files as a function of which party is presenting them and kind of document), but those are usually handled privately. That large automotive company I mentioned before doesn’t advertise “our suppliers must use SAP.”
3

The Federal Government often makes ISO9000 or similar a requirement in their Requests for Proposal. My experience has been that it only guarantees a slightly larger management structure, and therefore higher overhead costs. I’ve seen no correlation in the quality of actual product from my suppliers.

4

“We still make crap, but now we can PROVE it’s crap”.
Where I worked it mostly consisted of faking up the paperwork retrospectively.

5

In my last job also, this was the norm. In fact departments used to support each other by faking papers just when auditors wanted it .:wink:

6

We (a major national research laboratory) are certified to 9001, 14001, and 18001 but not because our customers require it - they don’t. We need a comprehensive management system to control quality, safety, and the environment and the standards provide a reasonable model to work to. Having set up the management system, going for certification does not cost much in either money or time and having external auditors visit keeps you honest - it is too easy for managment to lie to itself about the state of the system!

And no, we do not require our suppliers to be certified to 9001. We do require them to operate a suitable quality management system but don’t put much faith in the certificate on the wall. 9001 is a very open standard and - as **Mk VII **says - it is pretty easy to get the tick in box while producing crap

7

My company, a small defense contractor, is going ISO 9001 sometime this year. Most of the large defense contractors are now requiring certification from all their subcontractors.

We already do a bunch of documentation for other similar certification systems, so it won’t be a great burden on us. What might be a burden is if we’re required to require our own subcontractors to be ISO 9001. Below some company size, the overhead is too costly.

I don’t think these programs improve the quality of the products. But I do think it makes it easier to track down a problem when something goes wrong (or assign blame).

8

Just got off the phone with my brother who works for UL. He goes from place to place doing ISO 9000 and 14000 audits, and has done so for the past 10-12 years.

He said that about half of their business is with ISO 9000 audits.

So I guess that means, yes, yes they do.

9

I pushed our company through ISO-9001 certification several years ago, and saw it through two follow-up audits. It’s a royal pain, and it got harder every year to make sure people stuck to it. I deliberately tried to make the paperwork as light as possible without being obsessive. And I can say that we didn’t fill in anything retroactively.

But it DID take up all my time for most of a year, setting that up. I wouldn’t wish it on anyone.

The next company I worked for was also ISO-9001 certified, but I didn’t have anything to do with it, thank og, aside from giving them advice.

Actually, it’s more like being able to show that you know where you obtained your pre-crap constituents, and can tell where you shipped your crap. ISO auditors actually don’t care whether the stuff you made is crap or not, as lomng as you can trace its history.

10

First of all, you get registered to ISO 9001. Not ISO 9000. And demand is still growing, though certainly not the way it did in the 90s. It’s certainly true that very large companies still ask for it, like auto manufacturers, defense contractors, utilities, and the like. It helps get government contracts, too.

You have terrible auditors, and should fire them and get a new registrar.

If your auditors don’t care about the quality of the product they’re either illiterate or dishonest. By definition, an ISO 9001-compliant quality system is supposed to ensure the product meets customer requirements. Customer needs must be met and customer satisfaction enchaced, or you are not meeting the standard (Element 5.2). Top management, in fact, has to be involved; some things cannot be fobbed off on underlings. If you’re pumping out crap, the system isn’t working, unless you’re a manure distributor. If you think the standard’s all about tracking material in and out, you’re missing the point (or, again, have awful auditors.) No offense, but that’s, like, a miniscule part of the standard, and none of the REALLY important parts.

It is, quite unfortunately, the case that a lot of very poor systems have been implemented out there, in many cases due to dishonest and inept consultants who’re looking to empty the company’s pockets and whose understanding of quality management is stuck in about 1991. (Nava’s example of companies reviewing their suppliers by sending them questionnaires is a classic example. Questionnaires are almost always completely worthless as a supplier review tool and are not required by the standard.) If ISO 9001 isn’t helping your company you aren’t doing it right and your auditor’s a shithead for not telling you so.

I guarantee one day with me and I’d find ways to save you time, money and make you start to think it was actually worth it. Fortunately, the industry’s grown up a bit, and we’re beginning to weed out the bad ones.

I wonder, to be honest, if the explosive growth in demand in the 1990s wasn’t part of the problem with bad systems, consultants, and auditors. Too many people who didn’t really get the point were brought into the industry. Too many consultants got away with producing cookie-cutter manuals.

QS-9000 is a dead standard. It was superseded by TS 16949 a couple of years ago.

11

I was going to start a thread the other day, asking what ISO certification means? RickJay, I’m glad you posted - could you elaborate?

12

When I did consulting I found it was often explained to me when I audited this is what I should EXPECT to find. What this ment was if I didnt find it, it would be bad for me. Therefore I should FIND what they said I SHOULD EXPECT to find.

If your an independent auditor and don’t find that, the company will find an independent auditor that will tell them it’s fine. And then no one will hire you.

As other posters noted the corruption factor is high and too easy to fake. It renders the program worthless in reality, though I believe the intentions are good.

13

Wow–where were you ten years ago when I was working at a place where getting ISO 9001 certification was the reason our company–and many like it–were thrown into a tizzy by it? History proves that there was a lot of bad information out there about it, and we sure could have used a straight-shooter to tell us about it. As I recall, we got a lot of information that may or may not have been accurate, which started the rumour mill working, and we lost a lot of time to official and unofficial arguments about how we were supposed to implement the ISO standards.

14

I might make the absolutely best submarine screen door, produced to exacting specifications provided and made from the highest quality steel whose production process I can track back to when the iron was created from fusion in a long dead star, but it would still be a piece of junk no one really wants.

It’s not to say that ISO certification is a bad thing - there are a lot of very good things that have come out of the process. But it doesn’t make anyone suddenly want to buy your product if they weren’t interested in the first place. ISO certification won’t help the manufacturers of battery-free* solar powered flashlights.
*Solar Powered Flashlights, once said to be one of the major Polish inventions along with the submarine screen door, are now widely available, but obviously have batteries to store power.

15

If you are a successful company, and even if you’re not ISO9001 certified, you’re probably doing about 90% of what the standard implies anyway.

Successful companies cannot do business without revision control of documents. They cannot satisfy customers without a method for controlling non-conforming material. They cannot stay in business without a method for identifying problems and correcting them. They cannot create new products without a scheduled and controlled product design strategy. And the list goes on…

All of this is business common-sense 101. ISO9000 is not about creating meaningless paper trails. It’s about planing, executing, and verifying, If you’re a CEO and can’t grasp that processes need to be described, and monitored for effectiveness then you are really missing the big picture. There are fundamental business principles that are common whether you’re making telecommunication switching equipment or whether you’re making pizzas; customers define your requirements, and you need to have the tools in place to monitor their satisfaction. If you don’t, the pizza place down the street will put you out of business.

How many times would you let Joe’s Pizza get away with delivering the wrong pie to your door before you started calling Jim’s pizza? Really ISO9000 is that basic. Have key processes in place; monitor, measure and continually improve them, and keep track of how all of this satisfies your customers.

16

ISO is the International Organisation for Standardization, a worldwide federation of national standards bodies (that’s lifted from the preface to ISO9001:2008 :slight_smile: ). ISO have a wide range of Technical Committees that get together to agree standards in everything from acoustics to zinc alloys. Amongst all these standards is ISO9001 on Quality Management Systems. Once ISO has agreed a standard this is then issued by the national standards body so in the UK ISO9001 is actually BS EN ISO9001 showing it is both a British and European standard as well as an international standard.

ISO9001 is based on a widely accepted model of how an organisation can ensure the “quality” of its products. There are other models but 9001 is very generic and can be applied to most organisations - as I say we use it for research, it is obviously used by manufacturers but it is also used by police forces, hospitals, etc. The point about 9001 is it sets out requirements that the organisation must follow if it is to comply with the standard. This means that an assessor can carry out an audit to confirm whether the organisation meets the standard. There are a wide range of commercial companies that will take your money and carry out this auditing and issue a certificate saying you meet the requirements of the ISO standard.

Obviously if a customer is going to rely on this certificate there has to be some sort of check of the certification body. In the UK this is done by a not for profit body called UKAS, the UK Accreditation Service. They go out and audit the certification companies against another ISO standard, 17021. If the certification company is accredited by them they can then issue certificates with the UKAS symbol. In the US I believe the equivalent is ANSI-ASQ.

So the end result of all this is that an organisation can say, “We have ISO9001 certification” but unless the certificate was issued by an accredited company it is not worth much. In fact, whoever issued the certificate, it should still be treated with caution. As you have probably gathered up-thread, meeting all the requirements of the standard can be just a paper chase by the organisation to satisfy the auditors and not tell you all that much about how they will produce whatever they are supplying to you.

Hope this makes sense!

17

I was working for a consulting company. I guess you should’ve hired us :slight_smile:

In fairness, the standard at the time was version 1994, which was hopelessly inferior, and much more difficult to use, than the new versions. You could do it right but it took some creativity to say the least. The 2000 version of the standard was a huge, huge upgrade, a total rethinking of how it was supposed to work, and a lot of the changes were made BECAUSE of the tizzy the standard threw people in to.

And please, be patient and understanding with our industry. If you think about it, this sort of thing’s really only been around for 20, 30 years, and wasn’t very commonplace until the mid-90s. It’s an industry in its adolescence, and in my opinion we’re just now starting to get good at it. And we still have some bad apples to weed out.

So why’s my employer seeing an upswing in applications? We’re not in the business of just telling people what they want to hear.

Look, I’ve been doing this job for years. I’ve audited famous companies. Ever hold a BlackBerry? I audited their system. If you think RIM doesn’t want honest auditing, boy, you don’t know them very well. Sure, a few customers only want to hear good news, but most are quite honestly thrilled at the value a good, honest audit brings. Our customers often profusely thank us for our findings, 'cause we save them money and help them make more.

glowacks, of course you are correct in that if you sell a product for which there is no market, ISO 9001 will not create a market. But nobody ever said it would.

18

Talking of bad apples, the advert under RickJay’s post was for this bunch. These are the sort of “consultants” that undermine trust. They say:

It’s clear they’re providing a plaque on the wall - not helping the business to develop a management system that will actually support the mission and lead to improvement.

Oh, and reference my previous post, they are not UKAS accredited for any of the standards they offer certificates for.

19

On their very first page, they indicate they do the consulting, create the system and then audit it.

So, it’s totally worthless. An independent auditor cannot be involved in creating the management system, or else he’s not an auditor.

20

Our auditors knew zilch about our products and how they were made. The ideal isn’t customer satisfaction, but traceability.

And we don’t hire the auditors – they’re sent out by the auditing agency, and were hired by them. I can no more fire them than I can fire the chief of police.