Subject: Re: Client concern From: Christopher Paris Date: Tue, 16 Nov 2010 12:20:31 -0700 To: zachary.pivarnik@sgs.com CC: "Holder, Debra (Rutherford)" , ralph.mclouth@sgs.com SGS: I am escalating this, with my client's permission, to a formal complaint. ISO 17021 allows for complaints to be issued by any stakeholder, not just directly from clients. Oxebridge routinely files concerns and complaints on behalf of ISO 9001 end users in an effort to improve the validity and value of accredited certifications and quality systems worldwide. This particular complaint is being issued, along with others for other CB's, in an effort to stem the misinformation being given to ISO 9001 end users on the requirements for maintaining compliance to ISO 9001:2008. The attached audit report of [CLIENT REDACTED] shows a nonconformity issued by SGS auditor Ernest Blanchard, citing that the company had not implemented ISO 9001:2008. Specifically, the finding reads: "The organization has not fully implemented ISO 9001:2008 in its entirety. For example, although the QMS has been revised to account for the new version of the international standard the internal audit and management review has not been performed toward the ISO 9001:2008 version. This does not meet the requirements set forth by ANAB as communicated by SGS to its client organizations." Further complicating matters is the fact that SGS had already certified [CLIENT REDACTED] to ISO 9001:2008 during a previous surveillance audit, and they were current on their ISO 9001:2008 audits with SGS at the time Mr. Blanchard wrote his finding. Had [CLIENT REDACTED] not implemented the standard "in its entirety" it would have been impossible for SGS to have issued a certificate. ISO 9001:2008 presents no new requirements, and there cannot be an instance where an existing, ISO 9001 certified company would receive a nonconformity for having failed to implement the 2008 edition of the standard. Certification transition from 2000 to 2008 is automatic (assuming the client maintains their regularly scheduled audits and continues to pass them, which [CLIENT REDACTED] has), without any need to change anything in the quality system. The ISO TAG 176 committee (which I am on) and ISO itself, along with ANAB have all published statements emphasizing that the 2008 version is NOT a "revision" but an "amendment" and does not include any new requirements. More specifically, there is no requirement to conduct a specific management review or internal audit to the new standard. Here is the official press release from ISO: http://www.iso.org/iso/pressrelease.htm?refid=Ref1180 Here is ANAB's release: http://www.anab.org/HTMLFiles/docs/HeadsUp/HU155.pdf ANAB's three "Heads Up" informational releases support this understanding, and make it clear that the only requirements to convert a client from IS O9001:2000 to ISO 9001:2008 are to be done by the CB, not by the client. In a letter from Randy Dougherty of ANAB, he specifically wrote me on this problem, indicating, "The only way I can see that a CB [registrar] can write a nonconformity under ISO 9001:2008 that would not have been a nonconformity under ISO 9001:2000 would be where that CB had misunderstood ISO 9001:2000 and has now had that misunderstanding corrected by the clarifying wording in ISO 9001:2008." What he is saying is that when a registrar such as SGS writes up a finding such as this, they are in error. And, as final proof, here is SGS's own press release on it, indicating the same: http://www.sgs.com/iso-9001-2008-update?serviceId=10127207&lobId=5554 Finally, there is no case, nor has there been, of "requirements set forth by ANAB as communicated by SGS to its client organizations" as quoted by Mr. Blanchard. The complaint therefore requests corrective action on the fact that: 1. An SGS auditor has written a finding that is not supported by the ISO 9001 standard or related accreditation standards or interpretations 2. The SGS certification review committee, responsible for reviewing the report, did not catch this error and allowed the nonconformity to pass through to the client. An investigation should consider how many clients have been issued a similar finding, a systemic review of why (if so) the certification committee is not addressing these, and overall auditor training. Thank you. Christopher Paris VP Operations Oxebridge Quality Resources International LLC