ISO 9001:2008 and Reasons to Obtain Third-Party Certification

Reviewing confidential files, training records, human resources files

Q: I have a question regarding an excerpt about ISO 9001:2008 — Quality management systems –Requirements, from the ISO webpage, which is below:

“…Although certification is not a requirement of the standard, the quality management systems of about one million organizations have been audited and certified by independent certification bodies (also known in some countries as registration bodies)…”

Our ISO 9001 quality management system (QMS) has been registered through third-party audits since 1994. But according to this statement, we should be able to represent ourselves as an ISO 9001 organization by simply meeting the requirements of the standard. These requirements, of course, don’t require third-party certification.

Is this the case? If not, isn’t the statement on the website misleading, in as much as certification is an implicit requirement of the standard?

A: I am a U.S. Technical Expert for ISO 9001 and associated QMS standards, have been involved with QMS standards since 1975 and am a published Quality Press author.

You are correct when you state, “we should be able to represent ourselves as an ISO 9001 organization by simply meeting the requirements of the standard. These requirements, of course, don’t require third party certification.” Many organizations use ISO 9001 as the basis for their quality management system without engaging in third-party audits. If you want to claim certification, I guess you could claim that you are “self-certified,” but I am not sure this would mean anything to anybody.

There are a variety of reasons for incurring the cost associated with obtaining an ISO 9001 certification:

  • Internal use: Many do this based on a perception of market advantage and use the certificates in advertisements promoting their goods and services. Some organizations use third party audits and certification to verify for their own management the adequacy of their quality management system.
  • Supplier qualification: The historical use for a quality management system standard is as a basis for qualifying the quality management system of suppliers. Development of quality management system standards dates to the 1950s. One of the early standards of this type was MIL-Q-9858A used by the Department of Defense for use in qualifying some of their suppliers.

Today, ISO 9001 is widely used as a qualification requirement for suppliers in many different product and service sectors. The automotive, aerospace, telecommunications and other industries have sector specific versions of ISO 9001 that are used with suppliers. These all require third-party certification.

  • Regulatory requirement: The European Union, FDA, Japan, Australia, Canada and many other countries use ISO 9001 as the quality management system for meeting certain regulatory requirements. Some regulatory bodies require third-party certification, others conduct their own audits (second-party audits) to verify compliance.

Bottom line: you should determine for yourself if you have a need for certification to ISO 9001 and act accordingly.

Joseph Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 on Quality Management and Quality Assurance (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 Quality Management and Corresponding General Aspects for Medical Devices (AAMI)

For more on this topic, please visit ASQ’s website.

Leave a Reply