(See update below.)
Winter Haven FL — A formal complaint has been issued by Oxebridge Quality Resources International on behalf of its client and other ISO 9001 end users alleging that the certification body SGS allowed an unsupported audit finding to stand, even after its internal certification review committee reviewed the audit report. The finding, issued by SGS auditor Ernest Blanchard, alleged that the Oxebridge client had failed to implement ISO 9001:2008, inferring that the new standard requires specific additional requirements. As was previously published by Oxebridge, the new standard includes no new requirements, and certification to the standard is automatic, provided the client maintain its regularly scheduled audits.
Specifically, the nonconformance issued by Mr. Blanchard cited the company as follows:
The organization has not fully implemented ISO 9001:2008 in its entirety. For example, although the QMS has been revised to account for the new version of the international standard the internal audit and management review has not been performed toward the ISO 9001:2008 version. This does not meet the requirements set forth by ANAB as communicated by SGS to its client organizations.
In its complaint to SGS, Oxebridge points out that ISO, ANAB and even the ISO Technical Committee 176 (responsible for releasing the standard) have all posted statements clearly indicating that the 2008 version includes no new requirements. Ironically, even SGS’ own website had included this information (the previous link, here, is now a dead page).
A review of ANAB’s “Heads Up” informational releases reveals that there are no “requirements” from it as cited by Mr. Blanchard.
Moreover, there are no requirements that internal audits or management reviews must specifically address ISO 9001:2008, especially when — as Mr. Blanchard acknowledged — the documentation had been updated to reference the 2008 edition. Since there are no new requirements between the 2000 and 2008 versions, a management review or internal audit program which addresses ISO 9001:2000 is automatically compliant whether it mentions “2008” or not.
In a strange twist, the finding was written even though SGS had already certified the company to ISO 9001:2008 during a previous surveillance audit, which would have been impossible had the company not implemented the standard, as indicated by Mr. Blanchard. Furthermore, if a company has not implemented the standard “in its entirety,” this would meet the definition of a major nonconformity, and prevent certification entirely; instead, Mr. Blanchard wrote this as a minor nonconformity.
Oxebridge’s complaint cites SGS as follows:
- An SGS auditor has written a finding that is not supported by the ISO 9001 standard or related accreditation standards or interpretations
- The SGS certification review committee, responsible for reviewing the report, did not catch this error and allowed the nonconformity to pass through to the client.
Oxebridge goes on to request that SGS conduct an investigation to determine how many other clients have been issued a similar finding, and that SGS perform a a systemic review of why (if so) the certification committee is not addressing these, and to consider faults in overall auditor training.
In 2008, an SGS auditor arrived at an Oxebridge client a day early, against accreditation requirements which prohibit “surprise” ISO 9001 audits, and then issued a finding against clause 5.6 Management Review because the minutes of the last meeting, which had been held the day prior, had not yet been typed and signed off. Oxebridge contacted SGS’ management and reported that had the auditor conducted the audit as scheduled, this would not have been an issue, as the client had planned a final signoff of the minutes that very day. Nevertheless, a representative of SGS told Oxebridge that “SGS stands by its auditors and does not question their findings” and allowed the nonconformity to stand. At that time, Oxebridge’s client — fearing retribution by SGS — elected not to file a complaint.
Accreditation rules mandate that a certification review board review each auditor’s reports, and that they remove any finding not supported by a requirement or evidence. Oxebridge has long alleged that registrars’ certification boards are not performing as required, allowing too many unsubstantiated nonconformities to remain in reports, affecting ISO 9001 end users and requiring untold hours of unnecessary corrective action.
Oxebridge is working to dispel rumors and misinformation on the transition from ISO 9001:2000 to the 2008 release. It recently filed a complaint against the registrar Smithers Quality Assessments for promoting an ISO 9001:2008 upgrade checklist that was co-branded with a consulting organization owned by a former senior manager of Smithers, in alleged violation of ISO 17021, the rules governing ISO 9001 registrars.
If your company was cited a similar nonconformity by SGS or any other accredited registrar, feel free to contact Oxebridge.
UPDATE DEC. 1, 2010: Since the filing of this complaint, it was discovered that the client in question was not yet certified to ISO 9001:2008, but only to ISO 9001:20008. However, given that the 2008 version of the standard contains no new requirements, this is moot and Oxebridge’s position remains the same.