- What does "registration" mean?
- What does "certification" mean?
- When an organization says it's "ISO compliant," what does that mean?
- How do I find out if a company is ISO registered?
- What exactly is a "registration body"?
- How do I find a reputable registration body?
- What are the general steps of the registration process?
- What if we fail registration audit?
- What happens after registration?
What does "registration" mean?
"Registration" is a process by which your management system – ISO 9001, ISO 14001, OHSAS 18001, etc. – is assessed (fancy term for "audited") by a registration body and found to be compliant with the relevant ISO / OHSAS standard. The registration body literally "registers" your name in a book – and usually to a list on their web site – and issues a "registration certificate" to you.
What does "certification" mean?
For all practical purposes, same as registration. Technically, registration is the correct term.
When an organization says it's "ISO compliant," what does that mean?
Some organizations call themselves "ISO compliant" to try to gain the credibility of ISO registration without actually becoming ISO registered. "ISO compliant," used in this context, is an empty promise, a "trust me." Only genuine registration to ISO-9000 or 14000, OHSAS 18001, etc. assures that the organization has in fact been independently and objectively assessed, initially and on an ongoing basis.
How do I find out if a company is ISO registered?
Ask for their certificate. The registrar's name and dates of registration appear. Then check with the registration body to verify. Many registrars post this information on line.
What exactly is a "registration body"?
Registration bodies – there are dozens of them – are private, for-profit firms that to audit your quality / environmental / safety management system for compliance to the relevant Standard(s).
A reputable registration body is accredited (that is, certified / authorized to audit/register organizations in defined scopes of operation) by one or more accreditation bodies operating in the United States as well as overseas in places like Great Britain, the Netherlands, and elsewhere. (Registrars to ISO/TS 16949 are accredited by the International Automotive Task Force.) Each accredited registration body is itself audited for compliance to an international standard pertaining to registrars.
To assure objective audits, registrars are not allowed to consult. This prohibition is often flouted.
There are roughly 70 registration bodies operating in the United States. They range from highly credible, reputable firms / virtual household names - to real rum-dums.
How do I find a reputable registration body?
Take the time to do the research.
- Check out ads in trade publications in your field.
- Ask for referrals from people in your field that are already registered.
- Request our recommended registrar list.
When you've found some candidates, check out their bona fides.
- Verify that they are appropriately accredited – not only in the U. S. (American National Accreditation Bureau) but also in whatever overseas markets you may operate, or wish to operate, in. (Note: The list of approved ISO/TS 16949 registrars is available here.
- Ask them probing questions. (Request a list of these here.)
Then ask for quotes. In most cases this can be done on line. Carefully compare and contrast the quotes – they are submitted in many different forms and it is sometimes not easy to sort apples with apples.
Finally: Narrow the list to two or three and conduct interviews – in person or by phone. While cost is clearly an important consideration, it's just as important (if not more so) that you feel comfortable with the registration body you select.
What are the general steps of the registration process?
- Documentation review. Usually the assessor asks to see your top level management system documentation in advance. This is to assure that, at least on paper, you have a system that conforms to the relevant Standard(s).
- Readiness review. Some registrars offer a kind of "pre-audit" or "pre-assessment." Carried out on site, this process is a fairly quick and general look at your management system – so that the assessor can satisfy him/herself that the major components of the system are in place and compliant. If problems arise here, the registrar usually offers to issue an interim report of some kind and suspend the rest of the process until you have resolved the identified gaps.
- Registration assessment. This is the detailed review of the management system to determine the extent to which it meets the requirements of the relevant Standard(s). It is usually a fairly high level look – seldom does it probe to the depth of the typical internal audit.
- Unlike many forms of business audits, the quality / environmental / health-safety management system audit is not purely a paperwork exercise. Good assessors spend most of their time "in the field" (office, plant, workplace) – talking to people of all levels, observing activities, asking questions, seeing what's really going on "on the ground."
- The assessors almost always provide a snapshot of their interim findings at the end of each audit day. If there are noncompliances that will most likely cause registration to be deferred, these will be brought to your attention at once.
- Findings. At the close of the final audit day the audit team presents their findings. Supported by evidence as appropriate, these findings are composed of:
- System strengths – aspects of the system that are particularly good.
- Major noncompliances – significant gaps in compliance to the Standard(s), and/or serious system breakdowns.
- Minor noncompliances – random / occasional gaps in compliance to the Standards; relatively low level problems.
- Observations / opportunities for improvement.
- Recommendation. At this point, while still on site, the audit team will tell you if they are "recommending" you for registration. You will always be recommended for registration if the audit team found no major noncompliances and only a small number of minors. (Note: ISO/TS 16949 registration is not conferred until all identified noncompliances are corrected and closed out.)
- Registration. For all but ISO/TS 16949 organizations, the registrar issues its registration certificate upon reviewing and approving the audit team's recommendation. (ISO/TS 16949 organizations receive certificates when they have corrected and closed out all noncompliances, major and minor.)
What if we fail registration audit?
In actuality there's no such thing as 'failing' an audit. Major noncompliance delays registration until corrected. The only way really to fail registration is to decline to correct major noncompliances.
What happens after registration?
First of all you must continue to operate your system!
Second: you must correct the minor noncompliances that were identified during registration assessment.
Third: Consider the observations / opportunities for improvement, and act upon them as appropriate. (You have full authority to accept or decline these as dictated by the needs of your organization.)
And brace yourself, because you will undergo regular surveillance assessments by the registrar. These take place at semi-annual or annual intervals (depending on the program you agree to with the registrar) and are always scheduled, never random.
During surveillances, assessors:
- Review part of your management system
- Follow up on previous noncompliances
- Dig deeper, probing for continual improvement
- Issue findings (same as registration assessment) and audit report.
