You’d think they’d update their script, but ISO consultants are apparently not the smartest folks. Over 20 years since Oxebridge launched “Rapid 40-Day ISO 9001 Implementation,” competing consultants continue to trot out tired, old tropes to defend their practices of milking clients through endless, year(s)-long contracts, or to dupe people into subscription-based “cloud QMS” solutions that lock them into decades of contracted services.
I had already published a debunking article called “Yeah, We Can Do That” over ten years ago, but apparently, that’s not enough. So let’s run down the long-since disproved claims made by the “40-Day ISO is Impossible” crowd:
CLAIM: ISO 9001 requires a minimum of XX months of records.
FALSE. First, each consultant will just make up the actual number (some say 6 months, others 12), showing it’s just invented from thin air. But a review of ISO 17021-1, the standard which governs certification audits by accredited registrars, as well as related standards or IAF rules (including those for AS9100) show not a single rule which dictates minimum record requirements prior to certification. Not one. This “rule” is entirely made-up by consultants who seek to extend their contracts and, thus, bill clients more.
This also conflates implementation with certification. Oxebridge sells implementation services, not certification. See next claim.
CLAIM: A QMS cannot be “mature” enough to pass an audit at only two months.
FALSE. Again, this also conflates implementation with certification. Oxebridge sells ISO 9001 implementation, not certification. A company can wait as long as it wants from the time Oxebridge is finished to when it undergoes an audit. If they want to trigger an audit at the end of two months, they can, and the system will be compliant enough to pass; some clients wait many months before pursuing their audit, to allow them to mature further.
Furthermore, “maturity” is wholly subjective and not a requirement. The truth is that ISO 9001 is a minimum baseline standard, and sets the stage for maturation (called “continual improvement”) over time. It is not expected that a company will have a QMS of the same maturity during their first audit as they will their 10th audit, many years later. There is no requirement to prove “maturity” as part of an ISO 9001 certification audit.
CLAIM: You need “management commitment” in order to achieve ISO 9001, and that’s not possible in two months.
FALSE. Again, “management commitment” is a subjective concept, and is not some binary construct that you either have or not. Instead, one can implement ISO 9001 so that the requirements — as written in ISO 9001 clause 5.0 — are met. There is no need for cultish brainwashing of executives.
The argument is traditionally used as a pre-emptive escape clause that a consultant can use later when things go sour. “You didn’t pass your audit because you never gave me your full commitment!” It’s a sure sign that a consultant has had prior failures, and working to protect themselves. Oxebridge can implement ISO 9001 in a company where the management is outright hostile to the concept. As a professional, it’s my job to turn that view around, and sometimes that means showing management the benefits after I have finished the job.
Imagine an auto mechanic prefacing every repair job with the statement, “Your attitude doesn’t meet my made-up expectations, so I may not be able to fix those windshield wipers.”
CLAIM: 40 Days is A Month
FALSE. I’m not sure where this one comes from, but it reveals that ISO consultants can’t do basic math. If work weeks are five-days each, then 40 days is two months (eight weeks.) Imagine what you could do if you had someone working on ISO 9001 implementation for two months straight, and nothing else.
CLAIM: You can’t do 40-day ISO in huge companies.
TRUE. That’s why we don’t say we can. But for companies up to a few hundred employees, yes, we can. If you’ve got 500 employees, it will take longer due to increases in training time and internal audits.
CLAIM: Oxebridge is a hypocrite: it fights “certificate mills” but then offers quickie ISO implementation.
FALSE. This is a false dichotomy and conflates the issuance of fake ISO 9001 certificates by unaccredited or self-accredited bodies — who may not even conduct an audit — with ISO 9001 implementation speed. Hundreds of companies have undergone Oxebridge Rapid 40-Day ISO 9001 Implementation using fully-accredited registrars like BSI, Intertek, Bureau Veritas, SGS and TUV, without issue.
CLAIM: Maybe you can do that for ISO 9001, but not for AS9100.
FALSE. Implementation of AS9100 requires no additional time above that required for ISO 9001.
CLAIM: Maybe you can do that for ISO 9001, but not for IATF 16949
DUNNO. Oxebridge doesn’t do consulting for the automotive industry.
In the meantime, click here to get an accurate proposal for Rapid ISO 9001 and see what we can do specifically for your company.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
As a 99 & 44/100% (remember Ivory soap?) retired consultant, I had no problem getting smaller companies ISO 9001compliant in 40 days or even less. But to get them certified in that short time-frame usually depended on 2 issues:
1- The CB’s almost always wanted 3 to 6 months of QMS required records. This was not much of an issue since any company that had a decent system to begin with had most of the records already and we just generated the few others, e.g., CA Management Review & Internal Audits, as part of the implementation.
2 – The real stickler was getting a decent CB Auditor scheduled in that time-frame. The good CB Auditors are usually booked at least 3 months in advance or more.
But your point is well taken and valid in my experience. I knew several other consultants that dragged the implementation and certification out for way longer. They were usually the ones that provided a “canned” system such that the client had to rely on them to hold their hand at every step of the certification process and be present for every CB audit forever. My approach was that after the client got certified, they owned the QMS and there was no reason I needed to be at every CB audit. My ongoing involvement was usually as the Internal Auditor because, as a small company it didn’t make sense to spend money training internal staff to do the internal audit and they were spread thin so that they could not take the time away from their normal duties to do internal audits.
Love your weekly posts – keep up the pressure on the jerks at TC-176, ANAB, etc.