WIXLIB

ISO 9001ISO 9001What does it meanin the supply chain ?

ISO 9001What doesit mean inthe supplychain ?

ISO 9001As someone who is involved in theselection of suppliers and, possibly,responsible for making purchasingdecisions, you may have seen or usedproducts and services that are promotedusing reference to ISO 9001:2015,or, more simply, “ ISO 9000 ”.What does this mean ? How can this help you ? Howcan you be sure that your suppliers understand whatyou expect from them, and are capable of consistentlyproviding you with products and services that meet yourneeds and expectations ? This informative text providessome answers to these questions and will inform youabout how you can get the most out of using ISO 9001as a supply chain tool.ISO 9001 in the supply chain –1

What is ISO 9001 ?ISO 9001 is an International Standard that givesrequirements for an organization’s quality management system (QMS). It is part of a family of standardspublished by the International Organization for Standardization (ISO) and often referred to collectively as the“ ISO 9000 series ” or “ ISO 9000 family ”.For this reason, you may sometimes hear your suppliers refer to being “ ISO 9000 certified ”, or having an“ ISO 9000-compliant QMS ”. This will normally meanthat they are claiming to have a QMS that meets therequirements of ISO 9001, the only standard in theISO 9000 family that can be used for the purpose ofconformity assessment. It is important to understand,however, that ISO is the body that develops and publishes the standard – ISO does not “ certify ” organizations, as will be explained later in this text.The objective of ISO 9001 is to provide a set of requirements that, if effectively implemented, will give youconfidence that your supplier can consistently provideproducts and services that : Meet your needs and expectationsComply with applicable regulationsISO 9001 in the supply chain –3

ISO 9001 adopts a risk-basedto resolve customer complaints,(“ preventive ”) approach to qual-corrective actions, and a require-ity that covers a wide range ofment to drive improvement. Lasttopics, including your supplier’sbut not least, there is a require-top management commitmentment for your supplier to moni-to quality, its customer focus,tor your perceptions about thethe adequacy of its resources,quality of the products and ser-employee competence, processvices it provides to you.management (for production,ISO 9001 does not define specificservice delivery and relevantrequirements for the products oradministrative and supportservices you are purchasing. Itprocesses), quality planning,is up to you to make your owndesign of the products andneeds and expectations clearservices it provides, review ofto your supplier. You might,incoming orders, purchasing,for example, refer to product orthe appropriate monitoring andservice specifications, drawings,measurement of its processes,national or international stand-products and services needed toards, supplier’s catalogues, orensure conformity, its processesother documents as appropriate.4 – ISO 9001 in the supply chain

What does “ conformityto ISO 9001 ” mean ?This means that your supplier has established a systematicapproach to quality management and is managing its business toensure that your needs are clearly understood, agreed and fulfilled.A statement of conformity to ISO 9001 should not, however, beconsidered a substitute for a declaration or statement of productor service conformity.

How doesISO 9001 help youselect a supplier ?ISO 9001 provides some require-ments for the purchasing processthat include you as the customer.These requirements address thefollowing topics : Requirements regarding thepurchasing information that youshould provide so that suppliersclearly understand your needs Any specific approvals thatmight be needed to confirm thatthe supplied products and services meet your requirements,and any monitoring or inspections that you might require atyour supplier’s premises6 – ISO 9001 in the supply chain

You have an important role to play by specifying to yoursupplier what you actually want. You may need to consult with your own internal technical staff (the actualusers) in this process. If you don’t do this, you mightfind that you receive a product or a service that meets allyour stated requirements and the applicable regulatoryrequirements, but which is absolutely wrong for yourintended application. So, first of all, you should concentrate on specifying your needs related to the intendeduse of the product or service.To help in this task, you may consider the following : What is the specific product or service you arebuying ?What impact does this have on your own business ?What are the risks to your business if you experience problems with this product or service ?How can you be sure that the product or service youreceive will actually meet your requirements ? What do you know about the reputation andhistorical performance of your supplier ? What level of confidence do you need in yoursupplier’s ability to provide you with conformingproducts and services on a consistent basis ? If you decide that conformity to ISO 9001 isimportant (based on your assessment of therisks associated with the products and servicesyou are buying), how can you be sure that yoursupplier does have a QMS that meets ISO 9001requirements ? Are the products and services you require coveredby your supplier’s QMS ? (You may need to askfor a copy of your supplier’s actual certificate ordeclaration of conformity to find this out !)ISO 9001 in the supply chain –7

How can you haveconfidencethat your suppliermeets ISO 9001 ?There are various ways in which your supplier can claim that its QMS meets therequirements of ISO 9001. These include : “ Supplier’s declaration of conformity ” : A declaration by yoursupplier itself affirming that its QMSmeets ISO 9001 requirements, usually supported by legally bindingsignatures. This declaration can bebased on your supplier’s internalaudit system, or on second-partyor third-party audits.Second-party assessment :Your supplier has been assesseddirectly by its customer (forexample by you, or by anothercustomer whose reputation yourespect) to check if its QMS meetsISO 9001 requirements and yourown requirements – sometimesused in contractual “ business-tobusiness ” transactions.Third-party assessment (oftenreferred to as certification orregistration) : Your supplier hiresan impartial third party (a certification body or “ registrar ”)8 – ISO 9001 in the supply chain to conduct an assessment to verifyconformity to ISO 9001 requirements. This third party then issuesa certificate to your supplierdescribing the scope of its QMS,and confirming that it conformsto ISO 9001.Additional confidence may bederived from the fact that somecertification bodies (registrars) areaccredited by nationally or internationally recognized accreditationbodies that verify the certificationbody’s independence and competence to carry out the certificationprocess. Many accreditation bodieshave multilateral arrangementsunder the umbrella of the International Accreditation Forum (IAF)to promote worldwide mutualrecognition in support of WorldTrade Organization (WTO) free tradeprinciples. Figure 1 explains thisin simple schematic terms.

International Accreditation Forum (IAF)The IAF is an association of accreditation bodies andother interested parties from around the world, whowork together to promote confidence and consistencyin the ISO 9001 accreditation and certification process.Accreditation bodyThe accreditation process provides additional confidence that the certification body is competent andhas the necessary integrity to issue an ISO 9001certificate. Accreditation is usually carried out bynational or regional accreditation bodies, and theiraccreditation mark will appear on the certificate.Certification body/registrarA common way for a supplier to demonstrate conformityto ISO 9001 is via an independent (“ third-party ”) certification process. A certification body (sometimes known as a“ registrar ”) conducts an audit of the supplier and if all isOK, they will issue a certificate of conformity.“ The organization ” (your supplier)If you know your supplier well and have confidence in them, it may besufficient for you to accept a “ Supplier declaration of conformity toISO 9001 ” issued by them. Alternatively, you may choose to audit yoursupplier yourself or rely on audits that have been carried out by otherreputable customers. These are known as “ second-party audits ”.“ The customer ” (you !)You are the one who is buying the goods or the services from the supplier.You need to make sure you tell them clearly what you want. Depending onhow well you know your supplier, the confidence you have in their products,and the importance of their products for your own business, you might noteven need them to demonstrate conformity to ISO 9001 at all.Figure 1 – Some ways of demonstrating conformity to ISO 9001ISO 9001 in the supply chain –9

Note that ISO 9001 was recently revi sed (September 2015) and althoughISO 9001:2015 incorporates some changesin approach compared with the 2008 edition, the core objectives remain the sameand conformity to either version shouldprovide similar levels of confidence inyour supplier’s QMS. The IAF has defined a“ coexistence ” period for the two versions ofthe standard until September 2018, duringwhich time accredited certificates issuedagainst ISO 9001:2008 and ISO 9001:2015will both be recognized as valid.

Can suppliers claimthat their products or servicesmeet ISO 9001 ?No. The reference to ISO 9001 indicates that the supplier has a quality management system that meets therequirements of ISO 9001. As mentioned earlier, thisshould provide you with confidence in your supplier’sability to provide consistent, conforming products orservices. ISO 9001 requires your supplier to monitorthe levels of satisfaction of its customers (this includesyou !), and to feed back this information in order toimprove the effectiveness of its QMS.

What to doif things go wrong ?In the event that you are nothappy with specific products orservices you receive, you shouldfirst of all bring this to yoursupplier’s attention. You willtypically do this via the normaltechnical and/or commercialcommunication channels thathave been established. Yoursupplier is obliged to investigateyour complaint and should takeappropriate actions to avoid orreduce the chances of it happening again.If, however, you are dissatisfiedwith the overall performanceof your supplier (if for example they continue to providenon-conforming products andservices, do not address yourcomplaints, or are not takingappropriate corrective action),then this is an indication ofproblems in their quality management system.12 – ISO 9001 in the supply chain

Depending on the responses you receive, you should be aware that you canescalate your complaint via the steps described below.1. If your supplier has a QMS thatmeets ISO 9001 requirements,they are required to haveestablished communicationchannels for monitoring customer satisfaction, obtainingcustomer feedback and dealingwith complaints. You shouldmake a formal complaint usingthese channels.14 – ISO 9001 in the supply chain2. If you are still not satisfied withthe response from your supplier, and if they are certifiedby an independent (third-party)certification body (registrar),you should bring the matter tothe certification body’s attention. You can find the certification body’s name by looking atyour supplier’s certificate. Thecertification body will investigate the problems during theirsurveillance audits of your supplier’s QMS, or, in critical cases,may decide to carry out an additional specific investigation.