The certification to any standard is supposed to mean an organization has attained a certain level of achievement, and then a trusted third party formally attests that this achievement is true. In the case of ISO 9001, certification is supposed to mean the company has a quality management system that fully complies with ISO 9001, and that the certification body has verified this.
Now meet reality, ver. 2021. In this day and age, we now see ISO 9001 certificates given out like candy to anyone who can pay, and then retained even when irrefutable proof emerges that the company’s quality system is a dysfunctional disaster. Deadly products are released to market, sometimes killing people, and yet the certification body continues to re-issue ISO 9001 certificates to the perpetrators without missing a beat.
The end result is that ISO 9001 certificates can’t be trusted, because money has so infected the system, it’s now a pay-to-play scam that breeds corruption. Worse, because the money flows upwards through the accreditation scheme, those with the most responsibility to ensure there is no corruption have the least incentive to do so.
So once again it falls on Oxebridge to fix what greed broke. The Oxebridge Q001 standard has proven popular because (a) it’s free, and (b) you don’t need a law degree to understand it. It fixes ISO 9001, making it easier to understand, easier to implement, and easier to audit.
But one small feature inserted near the end fixes ISO 9001’s biggest problem and strips out the corruption with only a few sentences.
The clause is called “10.4 Incident Investigation,” and it requires the organization to apply its corrective action system whenever there is a product recall, scandal, disaster, or other events that would raise questions about the validity of the quality management system.
The clause is comprised of three sentences, so we can easily read the entire thing:
The organization shall investigate any incident involving defective or nonconforming products or services delivered to customers or released to the market, whether reported by the customer, media reports, or other third parties. At a minimum the investigation shall be performed according to the corrective action requirements of 10.2.
Top management shall oversee the investigation and records shall be maintained.
Next, the surrounding Q001 accreditation rules flag clause 10.4 as a “Major Fallout Clause,” meaning that it carries additional weight during any certification audit. A failure to comply would prevent the company from obtaining Q001 in the first place, or would cause them to lose Q001 certification if they had it already.
This is groundbreaking. ISO has never been able to craft words that would ensure the validity of the certifications surrounding its standards, but the task was not particularly difficult. Perhaps ISO is afraid this would cut into their sales of ISO 9001, a concern that also doesn’t factor into the Q001 scheme since — as I said — the standard is free.
Auditing 10.4 isn’t difficult either. Q001 auditors are not required to make judgments on the “incidents,” but merely must determine if the company has processed the incident as a formal corrective action in its system, complete with root cause analysis, action plan, and follow-up (if closed). If the certification body reads about a scandal involving a Q001 company, and later finds no corrective action plan on the books, the company loses its Q001 certification. Done.
None of this is rocket science, and the solution emerged organically since Q001 has already stripped out the greed from the scheme. Standards look very different when polluted by the financial needs of those developing them.
I frankly invite ISO to adopt this approach within its own standards, but none of us would be blamed if we didn’t hold our breath.
For now, though, the Q001 standard is available here, and yes, you can get certified to it now. We have certification bodies around the world already waiting for their first batch of pilot clients.
RELATED ARTICLE: How Q001 Will Remove Auditor Conflicts of Interest.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.