he reason for this question is quite simple. You are
paying money for certification, surveillances and re-certification of the system. For
this money, you must get something in return. The returns should be as follow:
- Auditors from certification body have to report truthfully
their findings; there is no reason to select a certification body just for
its name, while they will hide realities and findings of the system to you.
- Frequency of the surveillance visits has to be adequate.
The IAF Guide says that surveillance visits must take place at least annually,
and in a cycle of three years of certification, every process has to be audited
at least once. If you own or you are part of a large company, in our opinion
the frequency of the surveillances should be on a six month basis. For small
companies, the frequency should be annually. Explanation for this suggestion is simple:
on a six month basis surveilances, you will be able to get needed information on how
it works your system in time. This way, you can correct bad things when they are still small.
- The way of which the auditors conduct the audits; they
are not allowed to give advices on how to solve the non-conformances they found.
Their job is to report them to you, and it's up to you how you will solve them.
Just think on this example: on a surveillance audit, an auditor tells you how
to solve the problem. On the next audit another auditor comes and finds that what
you did before, based on the previous auditor's advice is a non-conformance. Who
you will blame first? Can you argue with the auditor by telling that his colleague
advised you to do that? What will happen if this second auditor will gives you
more advice, you will follow them by breaking what you did in the past and on
the next surveillance, another auditor will start all over? Quite messy, isn't
it? That's why you will have to carefully select the certification body based on
their ways of conducting the audits...
- Hiding costs related to certification, surveillance and
re-certification process. There are some certification bodies that feel normal
to charge you a fee for using the certificate. They are covering it under the
copyright law. Obviously it's legal, but how moral is it, as long as the
certification body already charged you some amount? Remember that there are middle
size certification bodies that will not charge you for using their certificate...
- Clear and well documented contract. Some certification
companies issues very simple contracts with you. They usually covers the
identification of contracting parties, a brief statement regarding the object
of the contract, well detailed (comprehensive) section regarding the money aspects, and final
clauses, along with signatures. Avoid these types of certification bodies!!!
Just remember that you have more rights than the certification company! But
all these rights have to be stated in the contract, otherwise is difficult to
get them in a court, mainly because of the interpretation of the standards
and guidance. Search for those certification bodies that give you a fully
and well documented contract, where you can see exactly what are your rights
and obligations, also their rights and obligations. The contract should state
the appeals ways, in case of disputes related to audits and not only.
- Consultancy and certification in the same contract.
We saw such contracts in Romania where was stated that the contract object represents
the conception, implementation and certification of the system!!! First
of all is not legal, because the auditing standard requires the independence
of auditors from audited company. If a certification body is proposing you
such thing, you can be sure that you will get nothing in return to your
money. As long as the impartiality is not assured, the results of the
audits are not objective; therefore no credibility can be given to certificate.
In simple words, it's a scheme provided to making rich someone else, on your back.
- Auditing reports provided to you. As we mentioned before,
you are paying a company to do something. In our opinion, it's not enough to
go through the audit process; you'll have to get a full audit report, as
detailed as possible, so that to understand yourself how were justified the
conclusions. Some certification bodies simply give you the audit plan,
meeting list, non-conformances reports and the summary of the audit (this
is the usual stuff). Would be good if you could get a detailed report of
the entire audit.
We suggest you to pay high attention to the above
issues when you are selecting the certification body.
- Avoid consultancy companies which say that they are in a partnership relation
with a certification body. It's more than obvious that systems made by them are designated
to satisfy more the "preferences" of certification body itself, rather than interests of
organization who implement them. Organization's interests are on a second level or even
lower. Such certification bodies are breaching the principle of independence, required
to perform good audits.
- We saw many companies paying huge amounts of money to certain
certification bodies, in return of "Oh, you are doing so well" – even if
they had a poor system, or
- "Don't worry, we understand that you have a busy time
right now, we will send you the report anyway, without visiting you".
- Another example is: "We found so many non-conformances,
however, we don't want to raise all of them officially..." which means "bribe me somehow".
- Avoid signing certification contracts "on the move" –
they give you the contract already signed by them and they are asking you
to sign it without too much reading, usually saying "we shall come
to an agreement, don't worry about what's written in the contract".
- You should become suspicious when someone from the
certification company is visiting your company prior to any agreement
and starts doing appreciations (most of the time positive) regarding
what they are seeing.
