The creators of isology®

One of the most crucial steps to gaining your ISO certification is the completion of a Stage 1 and Stage 2 assessment, conducted by an accredited Certification Body. A quick reminder – your certification doesn’t mean much if you haven’t received certification from an accredited Certification Body – so make sure you do your research!

Businesses going through their final Assessments to gain ISO certification may see any decisions made by Certification Body Assessors as infallible, however there’s still a very human aspect which can lead to some common pitfalls.

Last week we dived into the requirements of ISO 17021 – the Conformity Assessment Standard designed for Certification Bodies, and more specifically the requirements in relation to you as a client.

In this weeks’ episode, Steve Mason joins Mel once again to share some issues raised by Blackmores’ clients against Certification Bodies, and explains the related rules in ISO 17021 which Certification Bodies should abide by.  

You’ll learn

• What is ISO 17021?
• Key issues raised by Blackmores’ clients in relation to Certification Bodies
• Related ISO 17021 requirements

Resources

• isologyhub
• ISO 17021

In this episode, we talk about:

[00:24] What is ISO 17021? It’s the Conformity Assessment Standard designed for Certification Bodies. In effect, it acts as a service level agreement. These are the rules that these certification bodies need to comply with if they are accredited by an accreditation body like UKAS. Listen to the previous episode to learn more.

[01:10] What are we focusing on in this episode? There have been some issues raised by some of our clients time and time again over the last 6 – 8 months.  We want to break some of these issues down, and help listeners to understand what are the actual rules around these areas in relation to ISO 17021.

[01:40] Issue #1: Cancellations – Sometimes a cancellation is unavoidable, however there are still rules that any Certification Body needs to follow – most importantly they should notify the client.

Steve shares his experience with an Assessor who was due to show up on the 5^th September 2023, and never turned up! it turned out that whilst the date was in the previous report, it had been removed from his diary, but it hadn’t then been put into somebody else’s diary, and because it hadn’t been put into somebody else’s diary, there was no flag to anybody to let the client know that the visits should take place. Now that visit had to be pushed back into January next year, which is the only time we can make it.

[02:50] Balancing Expectations –  There’s an expectation from certification bodies that clients should not cancel a month or less than a month before they visit. Steve recommends that should apply to certification bodies cancelling for clients too.

There are many considerations to Certification Body visits, including:- cost, scheduling the right people to be present, setting time aside for the audit ect.

[04:30] One-sided penalties – Penalties seem to be very one-sided. For example: if the client cancelled two or three weeks beforehand because they had personal circumstances which meant that they couldn’t attend, they would be penalised and would have to pay in full for that visit. Yet the certification body can not show up on a day, and there’s no compensation whatsoever.

[05:10] This is not the norm for Certification Bodies – A reminder that the issues were raising are not the norm for Certification Bodies – however we are seeing an increase of complaints raised by our clients. This may have been exacerbated due to the recent shortage of Assessors.

[05:50] Issue #2: Planning Audits – Another issue that’s been cropping up is about planning audits – not just surveillance audits, but also stage 1 and stage 2 Assessments.

In regards to ISO 17021, Certification Bodies should be providing an Stage 1 Audit plan to the client to detail what will happen during the visit.

That plan is often not happening, or there’s a generic plan that gets sent out by the certification body which bears no relevance to what the assessor ends up doing. So that’s as useful as a chocolate teapot.

It should be sent a month ahead of the visit, not 2 -3 days before the visit takes place. Companies need time to organise the right people and Certification Bodies need to be considerate of that fact.

[07:35] Steve’s experience with a poor Audit plan from a Certification Body – Steve had an occasion where he had to write a plan on behalf of the Certification Body Assessor for the client as they’d neglected to even send one!

Steve used to be an Assessor, so is familiar with how these plans should be structured. The designated Assessor ended up using his plan – but this should not have been the case.

[07:58] Poor planning –  There have been instances where the planning has been so poor that they send the wrong Assessor to a client site. We’ve had experiences where an ISO 27001 Audit was due to take place and the Assessor turned up expecting to Audit against ISO 9001.

[08:50] What should Certification Bodies be providing following a Stage 1 Assessment visit? –  After your Stage 1, you should have another plan come out of that stage, after what’s known as the Programme Management Day.  The reason for that is because the assessor sometimes needs to go away, look at what they’ve written up, and take into account what they’ve heard from the client, and put a reasonable plan in place.

The assessor should then sit down with the client to discuss the plan and what sites are going to be visited during the Stage 2 Assessment.

[09:30] Using the right language –  Often we see plans come out with language in the plans that is alright for certification body, but the client has no idea what the assessor is going on about. Steve always used to sit down with his clients and say right, ‘what language do you want me to use?’ And then would use their language and would also put the clause from the related standard next to that and say ‘that’s the bit I’m going to audit’. You’re writing the plan for the customer, not for yourself.

It also acts as assurance for a potential replacement Assessor if the first Assessor is off sick and can’t make the next visit.

[11:33] What does ISO 17021 say? –  In clause 9, ISO 17021 states that: the certification should ensure that the audit plan is established prior to each audit identified in the audit programme to provide the basis for agreement regarding the conduct and scheduling of the audit activities.

If they fail to put a plan in place, they are not meeting a requirement.

ISO 17021 also says that if you’ve got an organisation that’s got different sites, then the plan should take into account the different sites and whether the visit is going to be on site off site – as remote audits have become more common place post-pandemic.

[12:35] Steve’s experience with a flimsy plan provided by a Certification Body –  ‘I came across an audit plan which was just a list of all the requirements a standard. It was across 5 days. But there was no indication as to which day those requirements were going to be assessed. There’s no indication as to how long each of those requirements are going to be assessed? So what could the client do to prepare for that?’

Steve did say to client send it back and get a proper plan, but they have absolutely no joy with the certification body.

[13:50] Issue #3: Unnecessary charges –  Mel recounts a recent incident where a Certification Body cancelled 2 site visits, and due to the long delay between rebooking, the client had moved office. However, they only relocated a few doors down in one instance and across the road in another. The client then received a quote for an extension to scope – amounting to 3 extra days due to the address change!

Mel checked ISO 17021 and confirmed that an extension to scope is only applicable if changing what you’re doing or you’re adding a new location to the scope – however if you’re using the exact same scope and are only moving your business from one location to the next – it is not an extension to scope, it’s just a change of address.

Steve recounts a similar instance where a client was charged £160 for the address to be changed on their certificate! Which is a ridiculous and unnecessary admin fee which only serves to upset the client.

[17:50] Issue #4: No disclosure of the appeals process –  if client a company isn’t happy with their nonconformities, there is an appeals process, which is a requirement of ISO 17021.

Steve highlights an incident where an Assessor told a client ‘don’t bother with the appeals process because it’ll only delay the delivery your certificate’ – Which was highly unprofessional of that particular Assessor to say.

The appeals process there is there to help clients if they disagree with their assessor, and allow them to go to a sort of third party that’s within the certification body and say, look, I don’t agree with this. Can you explain why it’s a nonconformity?

Top tip: If you do get a non-conformity that you’re confused about – Ask the Assessor to show you where in the standard it requires you to do that. If an assessor cannot show you that, then it is not a nonconformity.

[20:30] The complaints process –  The complaints process really is not about appealing against a nonconformity, but complaining against perhaps not getting your plans in your reports and all that sort of thing.

[21:20] These issues are not the norm – don’t be put off ISO certification! –  While we have noticed an increase in complaints in the last year, we also want to highlight that these have mostly been for 1 or 2 select Certification Bodies.

On the whole, Certification Bodies provide a wonderful service to their clients. We just wanted to bring their code of practice to your attention, that you can check ISO 17021 to verify that the Certification Body is being fair to you and fulfilling their own requirements in relation to customer service.

[23:35] Receiving reports –  Lastly a reminder that reports to clients following visits should not take months to get to them. Clients should expect reports from Assessors in 2 – 3 days – not months!

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on Twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes’:

Stitcher | Spotify | YouTube | iTunes | Soundcloud |

So this is for our ISO Show listeners that are already certified to ISO Standards, in some cases – not that often, some companies can get really fed up or frustrated with their certification body provider.

Now on the whole, accredited CB’s are great – however over the last 14 years we’ve come across the good, the bad and the ugly too!

So, this podcast is for those companies that maybe looking to switch, so we’ll cover…….

Why companies decide to change CB’s

• Can’t get hold of anyone to help them – inform them of change in business and the CB is not adaptable.

• Frustrated with lack of organisation – not keeping client informed, assessor showing up to audit the wrong standard.

• Their CB is not listening to them

• Not happy with the assessor – No really a hard reason – Just request a different Assessor

• Lack of value – assessor shows up later and leaves at 2.00pm and you don’t get the report for another 2 -3 weeks after chasing.

Why switch?

Because you can – you have a choice

• You are the customer – if you raise your concerns and are not being heard, go to another CB that will look after your every need.
• You may get a more competitive service and costs – example clients grown through acquisition
• You are expanding internationally – need a CB with an international presence

How to switch

1. Here in the UK – If you are certified by a UKAS accredited certification body the switch is free of charge to another UKAS accredited CB.
2. Establish your scope of certification and requirements – sites, services, standards.
3. Review your timings – should it be before or after your next surveillance visit?
4. Get three quotes from accredited Certification bodies – explain you’d like a quote for the period of certification including the recertification costs.
5. Provide your requirements – also explain why you are looking to change CB’s as you want assurance that they will be able to provide you with the service you need.

• Consider –
  • Costs
  • number of assessors for your standards on the payrole,
  • Continuity of assessors
  • Location of assessors and your locations
  • Support
  • Key Account Manager / customer services
  • Experience/reputation in your sector / standards
  • Any value adds i.e. webinars, whitepapers, events.

How we can help? – Free service to send an RFQ to CB’s so you can get comparative quotes. We don’t have an exclusive relationship with any 1 Certification Body, but we can help you gain a quote as a free service we offer. If you need help getting a quote, contact us!

Look out for our directory of recommended CB’s in 2021.

We’d love to hear your views and comments about the ISO Show, here’s how:Share the ISO Show on twitter or Linkedin

Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Fail to prepare, then prepare to fail.  If you don’t want to fail an assessment before you’ve even begun, be prepared.

I’m just going to take you through the top 5 mistakes companies make that can lead to stress and failure – now this isn’t a definitive list – there are of course many things that could go wrong, I’m just going to share with you my 5 favourite blunders that you can very easily avoid.

1. Not informing employees

Yes – pretty obvious, but you’d be surprised to hear how many times a Management systems is just kept to one person and a communications plan has not been implemented to inform all employees.  The best informed employees make the best people to be assessed.

Imagine – you are an assessor and you rock up only to hear an employee when asked about their process say ‘What process? What Environmental Policy?

• Business Continuity Planning – What’s the point in having a BCP if no one know how to how to respond to an incident?
• By not informing employees – As it triggers bad vibes i.e nervous, wary, stressed
• Communication plan – CEO, Champions, agenda of meetings, launch, newsletter updates, online comms i.e. slack

• Not having access to the right people
• The assessor doesn’t need to see every single person.
• Does need to see the key process owners and some representatives from the leadership team.
• Quality – operations, HR, key process owners i.e. heads of functions
• Environment – Facilities Managers, an Environnemental Champion.
• Information Security – IT, back-ups, incident reporting, HR (starters/leavers) and physical security i.e. Office Manager or if you are in services offices – give the person on reception the heads up.
• Make sure you have the agenda for the visits well in advance – all reputable UKAS accredited certification bodies should send this to you weeks in advance – if they haven’t chase it.
• This helps you to ensure that the right people are available at the right time.

• Not having access to your management system

Sounds silly, but you’d be surprised.

• We’ve even come across cases of rogue consultants where the Management system is owned (IP and all) by the consultant – not the company. Scary!
• Make sure you have access to your policies, procedures, documents and templates
• These can be online, displayed, hard copy or audio/visual
• Nothing more embarrassing than missing a key document or you’ve got 3 versions of it, and no one know which is the right one.
• Accessiblity is key – Sharepoint/intranet/wiki’s/dropboc

• Not having access to your records.
• Stage 2 Assessment is a ‘Show and tell’ –make sure the right people and have access to the right records.
• Pre-empt any pitfalls  – a disorganised business will have records all over the place – because there is no structure.
• Also, make sure your supplier records are compliant – one of the main causes of non-conformities in Environmental management and Health and Safety is lack of accurate supplier records
• Waste records, Lift maintenance records, FGas records – most of these aren’t ISO Standards requirements – they are LEGAL requirements.
• Legal register/due diligence

And last but not least……

• Don’t make any assumptions

• Don’t make any assumptions that that your assessor will know your business inside out – they won’t understand your culture, vision, values and USP’s.
• Use this as an opportunity to showcase all the strengths of your business and how well managed it is.  With our clients we’ll always get the representative of the leadership in the room for the kick-off meeting –
• Don’t worry the assessor doesn’t need to be glued to the assessors hip all day every day, 30 mins attendance at the kick-off meeting max is suffice. This shows the business is serious about their ISO Commitment and demonstrates that there is full leadership support and that employees are onboard. 
• Likewise – don’t assume that your assessor knows nothing about your industry – in many cases, if you are in a sector, chances are that your assessor i.e. construction, engineering, manufacturing your assessor has seen the good, the bad and the ugly.
• Take notes, so you can refer back to these – as there can be some valuable observations that an assessor may make which you could take back to your continual improvement process.  Don’t assume that these will be captured in the report at the end of the assessment.

So to recap – the 5 mistakes to avoid in an ISO assessment are……

1. Not informing employees
2. Not having access to the right people on the days of the assessment
3. Not having access to your management system
4. Not having access to your records.
5. Don’t make any assumptions

And don’t forget, these mistakes can easily be prevented if you prepare well before an assessment.

In the words of Benjamin Franklin, By failing to prepare, you are preparing to fail.

If you need any assistance with ISO standards, contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:Share the ISO Show on twitter or Linkedin

Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Certification is the last step on your journey to gaining an ISO. Join Mel as she discusses the certification options available and what you need to consider when using a third party Certification Body.

On this week’s episode Mel covers the following:-

• Why choose certification?
• Why not self-certify?
• Make sure they’re UKAS accredited
• Expertise in your sector – SIC codes are issues to assign an assessor to an industry
• Geographical location – Are they local or being flown in from another country due to UK resource issues?
• Availability to fit in with your timescales
• Responsiveness and flexibility – You can ask to change dates if needed
• Make use of other value added i.e. Webinars, e-learning and events
• Access to support
• Flexibility in terms of additional standards (multiple badge assessors)
• Willingness to with you – is the price / number of days negotiable?
• Do they use sub-contractors or their own employees?

Blackmores offers a Free of Charge request for quote service. We send this out to 3 certification body’s and you simply pick which one best fits you. If would like to make use of this service, feel free to contact us.

To help out the ISO Show:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and I read each one.