ISO 9001 and Conformity Assessment Bodies (CAB) - Interested parties

4.2 Understanding the needs and expectations of interested parties

The following general list of interested parties and their requirements should form the basis of an initial assessment by each CAB. Against each interested party, I have suggested some of the key needs and expectations of this group. It is not an exhaustive list. Some key interested parties are further discussed below the summary table (Afternote: LinkedIn is so clunky. You now can't have a table in an article - sigh!).

Customers - Effective and efficient certification processes; Fair decision-making processes; Effective communication with customers; Effective management of complaints and appeals; Consistent delivery of audits and certification;

Consumers and end-users

Accreditation body - Conformance with accreditation standards. In the case of QMS certification, these are ISO/IEC 17021 -1 and ISO/IEC 17021-3; Maintain the CAB's reputation and that of the AB; Competent process operation throughout the initial assessment, certification and certificate maintenance cycles, including recertification.

Regulators - All CAB assessments should include any relevant legislation for products and services provided; Auditors should be competent in applicable legal requirements; Improved legal compliance for certified organisations.

Customer's customers- Ability to rely on a supplier’s quality management systems; Reduced nonconforming products and services from suppliers; Effective handling of customer complaints.

Industry bodies - The IAF represents the accreditation and certification industry. All IAF mandatory documents and informative documents place requirements and expectations on CABs;

Sector oversight bodies - organisations such as the IATF and IAQG provide oversight for specific technical areas, in this example automotive and aerospace respectively (as defined in ISO/IEC 17021-1).

Major procurement bodies - such as local and national governments expect confidence in their supplier base.

Related bodies - Franchises, joint ventures, regional operations, spans of control, training providers (impartiality), consultancy, and other services (cf accountancy firms). They need fair treatment and they bring with them issues in terms of variability of operation against process risks (see 4.4.1). Any parent organisation(s) or sister organisation that is part of a parent organisation (e.g. training organisations, consultancies, software providers) could create impartiality concerns. Similarly, if the CAB offers second-party audit services to certified clients this might create impartiality risks in evaluating control of suppliers (clause 8.4) for example.

The public - As end users of the products and services of certified organisations they expect to have reliable products and services that satisfy product performance and safety standards.

Media - They report on company quality standards and whether it has satisfied customers or not. They highlight areas where?organisations have failed in their duty of care for customers and end-users.

Standard writers?- Including ISO TC 176, CASCO and sector bodies (e.g IATF, IAQG) - Expect CABs to understand the requirements of their standards and to use them for the benefit of all interested parties.

The CAB should identify requirements for each group and segment of a larger group relating to its certification activity. The CAB should take these sometimes conflicting needs into account at the start of its strategic planning activities.?The CAB should monitor and review information about these interested parties and their requirements periodically and after a significant nonconformity (see 8.7).

One key group of internal interested parties is the CAB’s Auditor base. These are individual service providers. They spend a lot of time working independently and act as the 'face' of the CAB. As individuals, they each have their way of working, history and personality. Each of these factors brings opportunity and risk (Clause 6.1). How much does the CAB know of this potential process variability and how much do they take this variability into account when they design their processes for delivering certification? More of this is covered in the section on processes (Clause 4.4) below.

Also as part of its context, the CAB needs to look at its interested parties external to the organisation. The first, its certification customers, are obvious, but how much does the CAB know of this group and its needs and expectations from QMS certification? One thing the group obviously wants is a certificate. Is there anything else? They may also be interested in reliable communications, consistent auditing and an accurate report on the effectiveness of the QMS for the organisation, in turn, to be able to satisfy its customers.

What about other interested parties? One key group is the CAB's customers' customers. This group expects its supplier(s) of products and services (the CAB’s customers) to satisfy a set of needs and expectations. They look to ISO 9001 certification as a means of providing confidence that their needs and expectations will be met. How much does the CAB know of this group and how well are their needs and expectations built into the CAB’s processes?

Other relevant external interested parties should include the CAB’s accreditation bodies and the expectations expressed through conformity assessment standards such as the ISO/IEC 17021 Series. Now this seems obvious and could and should, lead to CABs designing their QMS so that they consistently deliver credible ISO 9001 certification. But they don't. The proliferation of sector schemes based around ISO 9001 with customer groups placing additional requirements on their suppliers and getting involved in the oversight of CABS.

Where the CAB identifies requirements from each of these interested parties either individually or as a group then they should design their QMS to ensure these requirements are consistently met. There are further requirements in later clauses of 9001 that specify how this should be done.

Notes from ISO 9001 apply.

For a quality approach, CABs should initially and periodically identify interested parties for QMS certification and the requirements of these interested parties (Clauses 4.1 and 4.2).