Failure of ISO Certification - Who is responsible?

2010-05-02T23:27:00.000-07:00

I have often received these comments from many of the organizations willing to get certified to an ISO standard that "ISO certification can be managed! .... It's no big deal!! .... Anybody gets certified!!!.....We have seen organizations who have been certified, their system sucks; we are far better than these certified organizations!!!" Doesn't this reflect the failure of ISO certification?

It seems that ISO certification offers no benefit to the organization and that the certification is a mere tag to say that we are certified. That's it! I am not saying all of them think this way, there are a few organizations who have realized and are reaping the benefits of ISO standards. But these are limited to a minority of the certified organizations, maybe less than 5%!!!

Who is responsible for this status? Is it the organization? Is it the Certification Body? Is it the Consultant? Or is it the customer of the organization? I say "ALL OF THEM!!!"

An organization who deploys an ISO management system does it so to acquire that tag in from of their name, "this is a ISO certified company". They do it so to add to their brand image in the market and to gain some more business or market entry. They don't look at the internal benefits that they can derive out of such deployment. Normally this kind of perception comes from the top management of the organization. It starts their and slowly peculate down to the lower level of the organization thereby eliminating the opportunity to gain internally from these deployments. The end result? The organization gets certified, but with no change in the internal functioning. Further, the employees feel that they are brought into much more documentation than they need and that too unproductive ones!!!

The consultants are mostly driven by the client demands. The client desires to have the certificate only and the consultants then drive the exercise only to that effect. And this is not the only reason. The clients more often do not tend to pay for the value addition the consultant offers to give back to the client while deploying the ISO standard. The consulting fees are dependent on the effort level required. If the client is willing to pay only for the certification, the consultants will alter their effort level to match the certification requirements. They will not bother if the client is getting benefited internally or not. Their goal will be simple, prepare the mandatory documents and complete the awareness training, Internal Audits and MRM. And in most circumstances the corrections / corrective actions will focus only the compliance related issues rather than the process related improvements. One more factor that influences the quality of consulting deliverable is the competence of the consultant itself. About 90% of the consultants are acquainted with the certification requirements only. Seldom are they experienced on process improvement. Also the interpretation skills are limited. They don't spend time on exploring how a particular requirement from the ISO standard gets interpreted in the organizational context and how it can add value in the business model. They would just follow the conventional interpretation and offer a stereotype solution. Many times this becomes a burden on the organization. Take for example 'change requests'. Most consultants will require the client to implement a 'Change Request Form' which becomes an additional step in the process. In reality, there is no stated requirement for a 'Change Request Form'. The ISO standards requires that the 'changes' are evaluated before implementation. This can be achieved in many ways. Such evaluation / approval of changes can be embedded in their routine process. The consultants need to study the existing process and offer a viable solution. But who will put in those extra efforts, if the client is not paying for that!

The certification bodies too are driven by their own business goals. There is a fierce competition in the market. Every day there is a new certification body entering the market. There is a cut-throat competition with regards to the certification fees. The clients are aware of these are they negotiate heavily with the certification body. In turn the certification body offers the certification in lowest possible audit man-day rates. Now to keep up with that rate, the certification body is forced to hire Auditors who can work in such lower rates. Their skills and experience in off-course not adequate. What will such auditor offer during the audit. First of all due to his in-competencies, he does not dare to audit the processes thoroughly. Secondly, he is pressurized to complete his no. of audits so that he is promoted to a higher grade of Auditors. The certification body also ensures that these auditors do not issue any 'major nonconformity' and in turn deprive the client of the certificate. The certification body needs to retain the client so that they themselves sustain in the market. So even if the client has not implemented the system adequately they will still certify the client. Ironically this is a fact that no certification body can avoid.

Lastly and importantly the end-user / consumer / customer of the certified organization, who plays an important role is sadly not aware of his importance. The customers would normally satisfy themselves only looking at the certificate of their supplier. They would not bother to verify the scope and genuineness of the certified system. They are not aware that by working with a certified organization, they have a right to gain insights of the system. If they are not satisfied with the products / services, they have a right to lodge a complaint with the organization, the certification body and as a last resort the accreditation body that has authorized the certification body to issue certificates. And this unawareness amongst the consumers has resulted in a lack of control over this whole certification business.

To correct this situation, first of all the customers should first start taking this certification seriously and set their expectations clearly with their suppliers. The certifying organizations should focus on the internal benefits rather than the certificates and drive the ISO standard deployment process to such internal gains. Look at the Certificate as a by-product. Consultants should help the clients to realize the benefits that can be achieved by implementing an ISO standard. The Certification Body should calibrate their auditors for value-added audits to demonstrate where the organization can improve the system. They will still continue to certify the organizations but with a focus on adding value to the certified client's implemented system.

As I say, there are many ways all these players can bring-in a overall effectiveness in the certification process while maintaining the commercial goals as are involved in a 'certification-only' approach.

Let's start somewhere!!!

About Author: Yashodhan Sawant is the CEO of ProcessLOGIX Consulting Pvt. Ltd., a Mumbai based ISO Consultant. For more information about the company, please visit http://www.processlogixconsulting.com

Determining the need for an ISO consultant

2009-11-10T04:16:00.000-08:00

Most organizations that intend to implement an ISO standard such as ISO 9001, ISO 27001, etc. can very well do it themselves, but some help from an experienced consultant greatly improves the effectiveness of the implementation as well as builds assurance of getting certified.

Before the organization decides to hire a consultant, the organization needs to do some self assessment and determine why it requires a consultant. The reasons maybe:

To conduct a gap analysis for verifying whether and how much the organization already complies to the requirements of the chosen standard
To plan the implementation programme
To guide the implementation team to prepare all required documents. (Consultant may be required to provide samples of working documents in this case)
To impart relevant trainings - awareness, documentation, implementation, auditing, etc.
To conduct internal audits, if employees are not to be trained (not recommended)
To prepare the organization for certification
To conduct a pre-assessment of the implemented standard to verify the certification readiness

There may be more reasons apart from the ones listed above. The organization should list out all such requirements first and then assess if some of these can be internally managed or if a consultant is required to manage the tasks. While deciding this the organization should clearly hold in mind that hiring a consultant does not mean outsourcing the task to an outsider. It is merely a guidance that is sought. The tasks have to be implemented by internal resources only under the guidance of a consultant.

About Author: Yashodhan Sawant is the CEO of ProcessLOGIX Consulting Pvt. Ltd., a Mumbai based ISO Consultant. For more information about the company, please visit http://www.processlogixconsulting.com

Hiring an iso consultant

Failure of ISO Certification - Who is responsible?

Determining the need for an ISO consultant