Can We Require ISO 9001 Certification?

Suppliers, supplier management

Q: My company has bought another company in Canada and we are outsourcing to them. They are not certified to ISO/ANSI/ASQ 9001:2008 Quality management systems–Requirements.  Do we have the legal right to require them to get certified since we are?

A: Thank you for contacting the ASQ Ask the Experts Program.  With regard to your question, there is no requirement in ISO 9001 that requires any organization or their suppliers to be certified by a third-party. Certification is only needed if it’s required by a customer contract/purchase order, or if an organization has opted to be ISO 9001 certified.

However, as an ISO 9001 certified organization, your quality management system must include controls to maintain control over outsourced processes. This requirement is stated in clause 4.1. The control over outsourced processes may include all or any of the following:

1.    Use of an approved suppliers list (see clause 7.4.1)

2.    An onsite supplier quality audit (see clause 7.4.3)

3.    Review and approval of equipment, processes, procedures, methods, and personnel qualifications for processes that require validation such as welding, nondestructive testing, heat treatment or others (see clause 7.5.2).

In summary, ISO 9001 certification is a management decision and not a requirement.  Organizations that follow the ISO 9001 requirements and have outsourced processes should have controls in place to manage those processes.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

For more on this topic, please visit ASQ’s website.

Is it Legal to Require Certification to an ISO Standard?

Contract, requirement, legal, standard

Q: Can a contract include a requirement stating that the manufacturer of the materials to be installed as part of the job must be ISO 9001 and ISO 14000 listed? My question is in reference to a contract I received that is requiring this.

A: In general, contracts between business entities are enforceable unless they violate laws or are contrary to public policy. Private businesses entering into commercial contracts have a great deal of freedom in establishing contract terms.

One of the common uses of ISO standards is to clearly delineate requirements in commercial contracts.   This can, and often does, include requirements for third-party certification of suppliers to ISO 9001-2008: Quality management systems–Requirements and/or ISO 14001-2004: Environmental management systems – Requirements with guidance for use.

This requirement is usually met by providing a copy of the certificate issued by a third-party certification body (registrar) that lists the name of the organization certified and the scope of the certification.

Based on the information provided along with your question, it appears that the question actually relates to a material specification that was included as part of a request for proposal (RFP) from a governmental entity. Note: the contract has not been included with this post to protect the anonymity of the questioner and the governmental entity.

The authority of governmental contracting officers is more limited.  They must comply with applicable purchasing statutes and regulations.  Whether or not a requirement for certification to ISO 9001 and/or ISO 14001 is permissible would be determined by reviewing these contracting rules.  These rules also often provide mechanisms for contesting the award of a contract if it is believed to be unfair.

There are often opportunities to request clarification of information included in a government-issued RFP. This may be something to consider in this situation since the requirements in this RFP appear to be unclear, such as:

  •  There is no comprehensive “list” of certified companies so there is no mechanism for a manufacturer to be listed.
  • There is no ISO 14000 standard.  There are over 20 different standards in the ISO 14000 family – each with a different number.  I assume the RFP is referring to ISO 14001.
  • It is not clear which of the materials specified in the contract must be manufactured by an organization that is certified to the ISO 9001 and ISO 14001 standards.

(Note: the contract has not been included with this post to protect the anonymity of the questioner and the governmental entity).

I hope this helps.

Thea Dunmire, JD, CIH, CSP
Chair, ASC Z1-Audit Subcommittee
ENLAR Compliance Services, Inc.
Largo, FL
www.enlar.com

For more on this topic, please visit ASQ’s website.

ISO 9001: Product Development and Customer Satisfaction

Manufacturing, inspection, exclusions

Q: Does a company certified to ANSI/ISO/ASQ Q9001-2008 Quality management systems — Requirements that produces raw materials for a customer according to their written specification also, as a raw material supplier, have a responsibility under ISO 9001 to meet the customer’s needs for their design intent and intended and known use?

In simple language, I sell a raw material to a customer who takes my raw material and then designs a product and sells it to a customer who uses it in the field. I wonder where does the ISO standard application stop for the raw material supplier?  How can a raw material supplier under ISO 9001 meet the needs of a customer’s trade secret designs, or further down the intended use of the product where the raw material supplier has no control over how it will be used or maintained?

A: Your question is more a legal one than a quality one. You are offering a product to a customer. This is your finished product and their raw material. When both parties agree to the terms and conditions (payment, form, fit, function, shipping, etc.) a contract exists. We call this a purchase order (PO) and part of that PO is the specification for your product. If they place an order to your spec, you have done the design work under ISO 9001 and they are accepting your design. END OF YOUR RESPONSIBILITY for future application and use. If you accept an order to their spec, they have done the design work and you are obligated to make sure your product meets the stated (and often implied) form/fit/function requirements. We call this quality control and you do this by testing in the lab prior to shipment.

Most firms address the issue of application by stating quite clearly in the contract terms that you are selling your product as-is and you do not warrant the product as fit for ultimate use. This is the kind of thing the lawyers require.

Having said all this, there is a requirement in ISO 9001 for you to measure customer satisfaction. You must state in your manual the concept (strategies) for doing this and have some defined processes – usually called procedures – to carry it out. Of course, part of this is the regular management review. Quality, marketing, and sales all provide input on how well the customer needs are being met. Your registrar should be examining how you do this.

If there is a trend showing that customers are unhappy with how the stuff performs under end-use conditions, ISO says you should address those issues. (Ignoring them is an option, if it is deliberate). Mature firms will work on building customer-supplier partnerships, getting their engineers to talk to your engineers. Although this is technically outside of the quality function, it is still part of your overall quality management system.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

For more on this topic, please visit ASQ’s website.