ACHC Proves a “Model” For Complaints Handling – Registrars Should Listen

By Christopher Paris
VP Operations

Recently, for what is nothing more than coincidence, Oxebridge has file a few complaints against registrars in the ISO 9001 world. This seems to happen in spasms, and there’s no rhyme or reason to it, with the exception that sometimes we get information that probably warrants complaints and choose not to file anything because the evidence is weak, or it really doesn’t rise to a level of complaint, and can be worked out with a simple email or phone call. So there are constant back-and-forths going on between Oxebridge and the registrars, as well as with ANAB, to ensure that ISO 9001 and AS9100 registrars are following the rules, but only the formal complaints get “print time”; and the resulting buzz.

This seems to be one of those times when there’s a spike in not only formal complaints, but registrars mishandling them… something my 20+ years’ experience in ISO 9001 has told me over and over is a systemic flaw in the system. Routinely, registrar representatives react with contempt and hostility when someone dares hold them accountable to ISO 17021, even while their job is to hold others accountable to ISO 9001, and to do so while adhering to the requirements of ISO 17021. It seems to be a psychological flaw amongst certification body employees, from the lowly auditor all the way up to senior management within the registrar companies; after all, their jobs are to “play God” and to decree whether their clients comply with ISO 9001 or not. After a few years of doing nothing but judging other people, it must come as a shock when someone else judges you.

ANAB

Now, to be fair, ANAB judges the registrars. Each certification body must undergo two audits per year, a desk audit of procedures, and another on-site audit of records, financials, and other compliance requirements to ISO 17021. In the past (under the rule of Robert King), ANAB audits were a bit anemic, and tended to find little. King was openly defensive of the “market” of ISO 9001 registrars, and that put his role as “top cop” in serious question. A cursory review of certification suspensions seems to show that ANAB has gotten a bit more muscle under the new leadership of John Knappenberger. Whether it’s coincidence or not, I cannot say. Frankly, King’s rule put such a bad taste in my mouth, I haven’t followed ANAB to any close degree.

But even still, far too many end users are timid and won’t file complaints against registrars through ANAB, leading ANAB leadership to believe the picture is far rosier than it is. As I love telling Randy Daugherty, ANAB’s VP, “it’s a nightmare out there.” Stories of sexual harassment, drunken auditors, racist comments being made by auditors to workers, auditors showing up late, showing up early, failure to write nonconformities with any objective evidence, shouting, crying, yelling… since the fall of RAB’s training (and the takeover by RABQSA), no one will disagree that auditor training has declined to the point of total failure. As I like to joke, nowadays, if you can fog a mirror, you are qualified to audit under ISO 9001.

The Bad Registrar’s Script

Routinely, when we (Oxebridge) file a complaint against a registrar, there is a script that plays out. It’s a script, mind you, that is totally unsupported by any accreditation rules, and only betrays the emotional insecurities of the individuals at the CB office, despite their attempts to cite nonexistent rules — or exaggerate existing ones — in order to ensure the complaint is buried, and never recorded.

Of course, we never let THAT happen.

First, the script says, never record anything. Make a phone call and try to resolve (or just bitch about) the complaint without any record. Tell Oxebridge it’s being tossed in the trash bin. Make sure nothing is recorded. The intent here is to leave no audit trail that ANAB could find out about, but of course this almost always results in Oxebridge escalating ot to ANAB, forcing ANAB to ask “why wasn’t this written down?” — making matters worse for the registrar.

If that doesn’t work, Script Step # 2 is to try to have the complaint thrown out on the grounds that Oxebridge — a consulting firm — doesn’t have the right to say “boo” about anything in the world of ISO9001, and any complaints can be thrown out on the basis of “client confidentiality” or that ISO 17021 does not require a registrar to respond to complaints from stakeholders or anyone other than customers. Unfortunately, this isn’t true, and even though the wording in 17021 is weak on the matter, ANAB’s complaint process is very clear that it accepts complaints from anyone, so when the registrar tries to invoke this phony dodge, it guarantees escalation to ANAB, with the addition of a new complaint covering the failure to respond to the FIRST complaint.

Then there’s step # 3: the registrar processes the complaint, but pretends it is some personal attack against an individually (usually the person who is tasked with processing complaints, whether or not he — or she — is mentioned in the complaint itself!), and therefore dismiss it as not being a report against a perceived systematic failure. This never works, because we always cite paragraph and clause of the specific violations we perceive, and only mention individual names if there is evidence to support the issue, and that evidence includes the actions of an individual. Always, we ask for a systemic review, and never ask for any punishment of an individual. This isn’t about people, it’s about processes and systems… it’s sad that registrars have to be reminded of that basic ISO 9001 fact.

Finally, there’s Step # 4, which I am not supposed to know about (but I have so many contacts in so many areas of the ISO 9001 world, I find out a lot that I am not supposed to know about.) That’s the back-room dealing with ANAB. They pull all the stops out from the previous steps, but do it during a hallway session at an IAAR meeting, without Oxebridge present, and basically whine about us in the hope of winning sympathy with someone from ANAB. This doesn’t appear effective either, and may only draw more attention to the problem. It’s desperate, and fortunately rare.

Registrar Blacklists

Ridiculously close-minded, short-sighted and bafflingly self-abusive reactions by registrars about. A few cases in point. Both UL and Intertek have “blacklisted” Oxebridge from submitting any of its clients for quotes of their services; of course very, very rarely ever mention Oxebridge to the registrar when requesting a quote, so how these registrars intend on enforcing this blacklist is beyond me. The other curious thing is that blacklisting a consultant’s clients only punishes the registrar, not the consultant or the client. Consultants are a source of free referrals for registrars, at a time when registrars are shrinking, merging, or going out of business entirely. (I am speaking of the US situation only, of course.)

Oxebridge has an impeccable record with clients, and a 100% success rate with any registrar, even the “troublesome” ones. When it comes to “who do you trust?”, the registrars inevitably fall pretty low into the pit, and clients will simply choose a registrar who can work with their consultant, whether that’s Oxebridge or someone else, not one that takes an adversarial position. Clients know it’s a three-legged stool — the client, consultant and registrar must work as a team to get that client certified, if they meet the criteria. Registrars are intentionally cutting their own leg off (double metaphor intended), punishing only themselves, and making the stool topple. All a client need do is plug in a different registrar. Pretty simple.

Why would a registrar intentionally cut off a source of free referrals? What possible damage do they think they are passing onto Oxebridge, who doesn’t care whatsoever which registrar is used? Naturally, when things get really hostile or strange, we are free to pass that info onto our clients, who will usually not use a registrar who plays such dirty tricks in response to courteous complaints. After all, the registrar is judging the end user organization on its ability to respond to customer requirements, why should the registrar itself not follow the same rules? If an ISO 9001 certified company reacted to a complaint by banning its customer, would the registrar allow their certification to stand very long? I don’t think so.

UL Blacklist: Cut Nose, Meet Spited Face

UL’s way of handling complaints was particularly disgusting. Approaching me out of the blue was their newly hired Six Sigma Black Belt, Ken Berger, who wanted some feedback from Oxebridge’s clients on what it could do to improve, as part of their Six Sigma program. We suggested it reduced the page count of its contracts, which were many times the size of competing registrars, and were causing some clients to balk and sign with other CB’s just because the UL contracts were too complex. A few months later, UL took our advice and cut the size of the contracts. Everyone was happy.

So then UL wanted more feedback. Remember, now.. they approached US. So I proposed that they may want to tweak their marketing language for training services, which (at the time) had come very, very close to offering “tailored” training, something prohibited by ISO 17021. For this feedback, suddenly the Black Belt went silent. Months passed and there was no word from UL. They were blowing it off, in typical registrar style. So I escalated it to a complaint, and nothing happened. So then, it got sent to ANAB. Despite the marketing language being questionable, ANAB ruled that its investigation found that in practice, UL wasn’t doing anything wrong. We printed a story saying that we still thought the marketing language was a bit dodgy, but would stand by ANAB’s ruling. No harm, no foul. We trust ANAB on these matters, because that’s their job.

Later, however, we found that UL was no-bidding new clients presented to it through Oxebridge. (When asked by a client, we routinely provide three to five registrar contacts to a client, and let them decide who to pick.) As we dug deeper, we found that UL’s Michael Caruso had put Oxebridge on a blacklist because he was angry about the complaint… even though UL won the ruling and Oxebridge never appealed, choosing instead to agree with ANAB.

In a discussion with Caruso, it got worse. Adamant that UL could “pick and choose” who it wanted to do business with (a possible violation of ISO 17021, which requires that the company provides its services to anyone in its scope, specifically to avoid problems like this), I then asked Caruso for access to UL’s Impartiality Committee, and was told that Caruso himself was the chair, and he wouldn’t recuse himself, as is also required by ISO 17021. Oxebridge still hasn’t decided whether or not to file an ANAB complaint on that one.

Again, the only party suffering is UL. Clients have over 100 registrars to choose from, they don’t need UL. UL needs the free referrals, but opted that playing by the rules and properly processing complaints, and treating stakeholders with respect, were something it couldn’t do, and was willing to throw dozens of clients to the wayside out of nothing more than spite. (A number of Oxebridge clients subsequently dropped UL.)

We saw an almost exact response by SGS’ Zach Pivarnik recently, and in that case we are definitely filing an ANAB complaint. In the past two days, I have since gotten two out-of-the-blue complaints about Mr. Pivarnik from end users who are frustrated with his responses to their complaints, and at least two (UPDATE Dec 13: it is now three) Oxebridge clients are not dropping SGS as their registrar as a result of this latest fiasco. Mr. Pivarnik may be attempting to protect his personal image, but it’s going to cost SGS tens of thousands of dollars, no matter what ANAB’s eventual ruling is. Ultimately, top management at SGS is going to have to compare Mr. Pivarnik’s salary against the lost annual revenue and impact on their reputation.

ACHC – The Model for How to Respond to a Complaint

Meanwhile, over in the CMS Medicare Accreditation world, sits ACHC — the Accreditation Council for Healthcare. Now, for Medicare Accreditation, it doesn’t quite follow the scheme of ISO 9001 registrars and accreditation bodies. They are not overseen by ANAB. Instead, the US Dept. of Health and Human Services “Centers for Medicare and Medicaid Services” (CMS) granted accreditation authority to 11 “Deeming Authorities,” roughly the equivalent of ISO 9001’s registrars. These DA’s audit client companies that want to bill under Medicare, specifically those companies that provide home medical equipment. Rather than ISO 17021, they have to follow rules established by CMS.

ACHC is the only Deeming Authority (I believe — this may have changed recently, so don’t quote me on it) that is itself ISO 9001 certified, by accredited registrar DNV (a registrar which, we should note, has never been the subject of an Oxebridge client complaint). ACHC recognized early on that having the ISO 9001 certification would place it above the competition, telling its end users that “hey, we get audited too!” ACHC chose DNV as its accredited registrar.

So when ACHC auditors (called “surveyors” in CMS parlance) were citing client companies with what Oxebridge considered “questionable” OSHA interpretations (see here), Oxebridge used the ISO 9001-required complaints process to raise the issue. While at first, ACHC reacted thinking that there was some “misunderstanding” of the rules, it nevertheless conducted a thorough investigation and eventually ruled that its surveyors were, in fact, quoting the OSHA regulations wrong, and (reportedly) performed training to revise the practice.

The response by ACHC was model, pitch-perfect and should be followed by all organizations.  They responded with a confirmation to Oxebridge (the complainant), then conducted its investigation, and then provided a formal, written response (on paper!) indicating their findings. There were no snarky phone calls, no nasty emails, no attempts to twist the definition of the rules to get out of processing (or documenting!) the complaint. Instead, they analyzed it, resolved it, and even did a root cause analysis.

So the registrars operating out there now could learn a lot from ACHC. Whether they knew it or not, they followed almost to the letter the requirements set forth in ISO 10002, the standard on complaints handling. Bravo, ACHC!

We have an open complaint with Smithers now, and it is fairly serious. (ANAB has already looked at it and says it warrants investigation, but they are holding off as Oxebridge gives Smithers the chance to prove its complaints handling system works internally.) I am hopeful and keeping my fingers crossed that Smithers proves itself another high-quality registrar that knows how to properly respond to complaints — even if it proves Oxebridge is full of it! — and we can avoid any unprofessional nastiness. If they do, expect a fair press release by Oxebridge crediting them for proper complaints handling, no matter what the outcome.

Meanwhile, for the UL’s and SGS’s and Interteks of the world… you are killing your own business by failing to play by the rules, or — at the very least — by failing to remain professional and courteous during the complaints process. This isn’t about ego. ISO 9001 can improve product quality and literally save both jobs and human lives. As a result, accreditation is important. ISO 17021 is important. In the grand scheme of things, no one really cares about your individual insecurities, guys.

Use the ACHC example as your model.