Miriam,
Interesting article. Thanks.

Would you consider the ISO 9001 registration valid if the company personnel you actually talk to, including QA people, know little or nothing about the principles of ISO 9001 and have little or no interest in actully applying the principles?

How often is ISO 9001 registration just "quality theater?"

All the best,

Bill Corcoran
Mission: Saving lives, pain, assets, and careers through thoughtful inquiry.
Motto: If you want safety, peace, or justice, then work for competency, integrity, and transparency.

There is no regulation preventing an organization from self-certifying to ISO 9001 and issuing a document to that effect.

Of course, the self-issued certificate cannot misrepresent the conditions of certification, nor can it use the service marks of any certification body nor can it make inaccurate claims.

Considering the current sorry state of quality systems registrars, I would find out how an organization self-certifies before I would dismiss their claims of compliance with ISO 9001.

Thanks Miriam, good article; describes what should be rather than what is though. I feel.
ISO 9001 is a litany of requirements to be used in a procurement process; the onus for compliance is on the supplier not the certifier (or registrar as they're known Stateside).
Since certifiers pay very little for auditors, whether they be contractors or staff, and they allow ridiculously short amounts of time for their audits, the chances that a certifier’s view of the integrity of your supplier’s quality system is of value as a qualification criterion is limited at best.
On the other hand, certification does tell you that the supplier feels that something is needed but the extent to which they are committed to ISO 9001's awesome message is simply not demonstrated by the certificate. And since that accreditation systems the world over have let this situation develop over the last 25 years is to their eternal shame, their imprimatur is worthless. In reality you are left with testing the supplier yourself.

So what's the alternative?

I recommend the following as tests to see if an ISO 9001 certification is valid. More to the point though, we're more interested in checking that the supplier can demonstrate effective implementation of a QMS that meets ISO 9001 than we are that the supplier pays a certifier.

!. Ask for a copy or sight of the quality manual that addresses ISO 9001/4.2.2. In particular make sure that 4.2.2 c) is well covered and makes sense. My guess is that the whole notion of this requirement as it addresses ISO 9001/4.1 a), b) and c) will have been missed.
2. Ask who is the management rep as per 5.5.2. If that person is not the business owner or Chief Executive, assume there is little commitment to ISO 9001. The focus here is the word "ensuring" in 5.5.2 a).
3. Ask for the last internal audit report. If it shows only conformity checking with procedures, take it that there is no effective internal auditing at all. Systems effectiveness is what you’re looking for.
4. Ask the supplier for a copy of their last two certification audit reports. If the reports make any sense to you, there's a glimmer, if they are trivial ....etc, etc. And check out the time spent on the audit. If you think you could check out the supplier in that length of time, there’s another glimmer, if not…etc, etc..
5. If you can be bothered contacting the certifier, ask for a copy of the auditor's CV. If you would employ this person to do your vendor assessment then there's a glimmer, if not....etc etc

Hope this helps……one last thought, get your suppliers to run the evaluation against ISO 9004:2009 and let you have a copy. If they’re OK to let you see it, they are probably OK to deal with!
All the best.

That is, a Registrar's accreditation can be suspended for one or more industry sectors, even when the Registrar is big: it happened in the past in critical industry sectors like food making, construction; it can happen again and the certificate user will certainly not be allowed to these information. Testing the validity of ISO 9001 - or 14001, to speak of the most common - certificates is a very tricky business because both the seller, the registrar and the accreditation body are interested parties, and none of them will give out any information that can damage them. Though costly it might be, the only effective way to test the soundness of a supplier's management system is to directly audit it or to have it audited by a reliable local third party. We must not forget that certificates are paper sheets and that they mean themselves. 

I didn't read the other readers' comment before writing mine. If I were at ISO I wouldn't sleep well tonight: it's not a question of "losing faith" but it's certainly a fact that raises doubts on the reliability of auditors, registrars and accreditation bodies. That there are no two registrars alike is quite disgraceful, especially when both are controlled by the same accreditation body: that's all but objectivity and equality. Despite all the standards put on registrars by the various acrreditation organizations, it seems that registrars are allowed to freely operate in a certification jungle. Of course, names can't be made, but I myself know of quite a number of cases of registrars' misdemeanours, and I don't only mean validity of certificates. If we dig deep enough, we'll open a pandora's vase.

This article is misleading and should be corrected before re-circulated by Quality Digest. 

1. A company can self certify.

2. And anyone can provide an ISO 9001 certificate. However, not anyone can provide an accredited ISO 9001 certification. The number one thing to look for is an accreditation mark from the registrar / auditing organization. If you pay me $20, I would be happy to provide your organization with an ISO 9001 certificate. MS Word's Word Art has some terrrifc fonts and graphics. 

Miriam, I enjoyed your article.  I did expect though that you might provide at least some generic examples of invalid ISO 9001 certificates.  As a Certification Body contract auditor, I have added some audits indirectly as a result of customers who questioned the validity of ISO certificates of potential suppliers.  In several cases, an entire industry association was issuing ISO 9001 certificates to its members.  In another case, a consultant prepared a manual and procedures, did training and internal audits and issued an ISO 9001 certification with the mark of a certification body that they created, "validated" by another organization that they created. 

how can i find and see or get a copy of an iso certificate on certified companies? is there a site for downloading?

[posted by Quality Digest on behalf of Elizack]