In a surprising — and really confusing — set of interpretations, both UKAS and ANAB have indicated that it may be possible for a client to “downgrade” to ISO 9001 in the middle of an AS9100 audit, if they start to feel they may fail the audit. Since ISO has less requirements, such a client may still pass ISO 9001, and the audit scope would be changed mid-stream. Both Accreditation Bodies (ABs) have said that it’s possible on a case-by-case basis.

It’s baffling for a number of reasons. First, we asked this of a few CBs about 5 years ago, and the answer was emphatically “no.” That was also the right answer, in my view. Now, of course, it’s reversed. The rules haven’t changed, mind you; only the CB position.

Next, however, it creates a system that allows clients to toggle their AS9100 on and off depending on how well they are doing at any point in time, including in the middle of an audit. That last part is astonishing because it violates a key ISO 17021-1 accreditation rule which demands the scope of the audit be agreed upon before the audit is started. Specifically, ISO 17021-1 demands:

9.2.3.1 General
The certification body shall ensure that an audit plan is established prior to each audit identified in the audit program to provide the basis for agreement regarding the conduct and scheduling of the audit activities. [Emphasis added.]

The audit plan must include, of course, the scope of the audit including the standard to be used. Then there’s also the issue of the audit application, which must be submitted before the audit is conducted:

9.1.1 Application
The certification body shall require an authorized representative of the applicant organization to provide the necessary information to enable it to establish the following:

d) the standards or other requirements for which the applicant organization is seeking certification [Emphasis added.]

From that, the CB is supposed to do all sorts of things, as part of an application review:

9.1.2.2 Following the review of the application, the certification body shall either accept or decline an application for certification. When the certification body declines an application for certification as a result of the review of application, the reasons for declining an application shall be documented and made clear to the client.

9.1.2.3 Based on this review, the certification body shall determine the competences it needs to include in its audit team and for the certification decision.

By allowing a client to switch standards in the middle of an audit, the CBs are changing the scope of the audit and thus changing the audit plan after it’s been developed, and then ignoring entirely the application review process. These are two clear and overt violations of ISO 17021-1, but we once again see the two major ABs — ANAB and UKAS — taking a “flexible” approach to interpreting the set of rules they are tasked with enforcing. And by “flexible,” I mean helping CBs to circumvent them.

Worse, there’s the contract to consider. The scope of the audit — including the standard to be used — is made part of the client’s PO or contract with the CB, thus becoming a legally binding document. UKAS and ANAB take the view the contract be damned, you can just alter contractual obligations on the fly, without even updating the documents and submitting them for a new review and execution. Imagine if your registrar found evidence of you doing that to your customers as part of your ISO or AS audit! “I know the customer’s PO says to deliver on Friday, but they gave me a verbal OK to deliver six months from now, and no, I don’t have any records.”

Unidirectional Actions

The other problem with this position is that while the ABs appear willing to allow AS9100 clients to downgrade, they won’t allow the opposite unless additional money changes hands: you can’t upgrade from ISO 9001 to AS9100 without undergoing an entirely new, “full” QMS audit with your registrar. Anyone upgrading to AS9100 must have the clauses that are identical between the two standards, such as management review and corrective action, audited a second time no matter what. This is because the IAQG had recognized that AS9100 operates under an entirely different accreditation scheme, subject to AS9101 and the accreditation rules created by the Registration Management Committee (RMC) and Other Party Management Team (OPMT), none of which apply to ISO 9001. ISO 9001 only operates under the accreditation rules of IAF, and nothing more. The two schemes, therefore, are incompatible.

But UKAS and ANAB don’t address this, and both ABs have said instead that it’s entirely feasible, but must be taken on a case-by-case basis. It’s head-scratchingly bizarre.

So if ANAB and UKAS are okay with downgrading, why aren’t they okay with upgrading? Why can’t an ISO 9001 client merely upgrade to AS9100 and only undergo a “gap audit” of the different clauses? Why must clients undergo a full audit, including the redundant ISO 9001 clauses? Wait for it…

You Know Where This Is Going

As usual, the answer is probably commerce. Both UKAS and ANAB exist, ultimately, to serve their customers: the certification bodies. Users of ISO 9001 are not a priority for the ABs, nor is ensuring the rules are adhered to, since doing that jeopardizes the revenue they receive from their CB patrons. By allowing mid-audit downgrading, but disallowing mid-audit upgrading, they ensure ongoing revenue to the CBs. A client struggling with aerospace requirements during an AS9100 could thus fail that audit, and that is often a reason that clients abandon certification; in such cases, the CB can lose the client entirely. If the CB can offer a “downgrade to ISO 9001” option during the audit, the CB can retain that client, along with their annual contract fees. Since the CBs pay a fee to the ABs for each certificate issued, UKAS and ANAB make money when a CB holds onto a client, and lose money with a CB loses a client. It’s a direct connection.

The same logic applies to upgrading. CBs would lose money if they simply offered in situ upgrades from ISO 9001 to AS9100, so the ABs enforce the rules that require ISO 9001 clients to “start over” with a new, full QMS audit — at higher rates and forced re-auditing of identical clauses — when they want to move up to AS9100. As usual, it’s win-win for the ABs and CBs, but the client is left paying the bill.

If the ABs and IAQG were actually concerned with the validity of ISO 9001 and AS9100 certifications, they would rule against such “toggling” entirely. Alternatively, if they really view ISO 9001 and AS9100 as so compatible the two accreditation schemes can be switched on and off at will, they could rule that if clients can downgrade mid-stream, then the same should be allowed, granting clients to upgrade to AS9100 without the need for a special re-boot audit. You would just undergo an audit of the gaps, and get your AS9100 cert; heck, you can do it halfway through an ISO 9001 audit if you like! No need to change the contract, and no need to update the audit scope or plan. Simple.

OASIS MIA

Most frustrating, however, is that the IAQG isn’t answering queries on this subject. I entered an official feedback request in OASIS on this matter, and it’s sat idle — not even assigned to anyone — for over a month:

IAQG’s official presentation on the OASIS feedback system — essentially a sales pitch that they don’t follow — indicates that “timely response (within 30 days) to feedback requests is monitored and metrics have been established by the IAQG Other Party Management Team (OPMT).” Of course, no one can view those metrics, and I’m not sure if anyone can view Feedback tickets other than the OPMT and the submitter.

I’ve since written to IAQG RMC chair Darrell Taylor (of Raytheon) and he said he’d look into it, but nothing has happened in over a week. Expectations are low. I quoted the ANAB response in my feedback ticket (the UKAS response hadn’t been received when I entered the ticket), so I suspect IAQG may feel they’d be stepping on ANAB’s toes if they respond.

I alerted Jackie Burton at UKAS and Lori Gillespie of ANAB that Oxebridge opposed their view, and that we would push forward with getting an official reading from IAQG. Personally, however, I doubt the IAQG will do much to alienate either Burton or Gillespie, who the IAQG currently relies on for selling AS9100 accreditations as well as the AS9100 standards themselves.

So for now, if you feel you want to change your AS9100 audit into an ISO 9001 audit while the audit is underway, you may have some leeway. I think it’s a dangerous business, but if the gods are willing to let you cheat, who am I to stop you?

[If one of my readers wants to submit an OASIS feedback ticket that might get more attention because, you know, it won’t have my name on it, feel free to do so. Signup for OASIS is free, and once you’re signed in, the ticket system is here. Perhaps a large aerospace firm will get an answer where I cannot.]

 

    About Christopher Paris

    Christopher Paris is the founder and VP Operations of Oxebridge. He has over 25 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015, which can be purchased here.