Selecting the Right ISO 9001 Registrar
Registrars are independent for-profit organizations which are qualified, certified, and authorized (accredited) to complete assessments and issue certifications for ISO 9001 and other similar standards. Registrars are also known as Certified Bodies (CB) in other countries around the world.
Auditors are Contractors
While you contract with your registrar to execute your assessment and issue your ISO certificate, odds are that the auditor that visits your organization to complete the assessment is an independent contractor who sub-contracts with the registrar to complete the work. In fact, your auditor will most likely be a contractor for several different registrars. Rather than finding the right auditor for your certification audit, you need to focus on selecting the right ISO 9001 registrar.
When selecting a registrar for your ISO 9001 certification, there are several major criteria that you should consider and verify to identify the best provider for your needs. You can obtain a list of registrars that serve organizations in the United States from the EBS free members library. Verify the following to quickly reduce your list from a dozen or more to 2 or 3 finalists.
- Industry Sector: Registrars define the different industries they serve and for which their auditors have experience. Industries are usually defined using general NAICS or SIC code categories.
- Company Size Served: Find a registrar that has significant experience serving companies your same size. You don’t want a large global registrar whose main business is fortune 500 organizations when your company is one location with 50 employees. Your registrar should value your business and auditors should have experience and an appreciation for the limitations and challenges faced by companies of your size.
- Available Auditors: Determine how many auditors the registrar has available which fit your specific criteria (ISO standard, industry, location, etc.). Look for a registrar that has several auditors to pick from which will open up scheduling options and facilitate your certification process. This also provides options if you run into interpersonal or conflict issues with an auditor.
- Registrar Location: While this may not be a major concern, it might be good to know that your registrar has at least a regional office in the same time zone. We would certainly recommend that they have a major office within your country.
- Auditor Location: While not a showstopper, it is beneficial when auditors are regional and don’t need to fly across the country to complete your audit. This only adds complexity and cost to your certification process. For ISO 9001 and most general industries, a registrar should have several available auditors based within a few hundred miles.
- Accreditation: Ensure that the registrar is properly accredited. In the United States this accreditation is often obtained through ANAB (ANSI-ASQ National Accreditation Board) and demonstrates that certification and registration services provided are in compliance to ISO/IEC 17021. There are other accreditation bodies, often based in other counties, but which are also recognized and acceptable.
- Customer Recognition: If you are achieving ISO 9001 certification for a specific customer, consider the need to verify your selection or get input from your customer. Some customers may have issues or concerns with certain registrars or their accreditations.
These are some core criteria to help narrow your search down to two or three key finalists. At this point, it might be good to reach out to each final registrar on your list and schedule some one-on-one time with a sales person or customer service rep to gain more information and establish a better relationship. This can be completed remotely via online meeting technology or phone conference, but it says a lot about how much a company values your business when a representative is willing to visit fact-to-face.
Note that it is almost impossible to meet with and interview potential auditors. These auditors are almost always on the road executing audits at other organizations. It is also difficult to know which auditor will actually be assigned to you until the audit is scheduled. Most of the time, the first available qualified auditor is assigned unless there are extenuating criteria. The more you limit the pool of available auditors, the longer you may have to wait to get on the audit schedule. Selecting the right ISO 9001 registrar will help ensure that you get the right auditor for your certification assessment.
Also, consider requesting three to five references from each registrar and calling references to discuss their experiences with the registrar and auditors provided.
ISO 9001 Registrars
IAAR (Independent Association of Accredited Registrars) website is a great resource for finding the best registrars for your organization. The website provides a Directory of IAAR Members which you can search to find an initial list of possible registrars.
Another resource for finding registrars is ANAB (ANSI-ASQ National Accreditation Board). Use their CB Directory to search for registrars that fit specific criteria (location, standard, industry scope, accreditation status, etc.). A general search for ANAB accredited ISO 9001 registrars located in the United States returns 50+ different organizations as of this writing. You can further refine this list by filtering for your specific industry.
You can also complete basic search engine searches for possible additional registrars, but again, we warn against using non-accredited providers. You may also be able to search for reviews and feedback from customers of various registrars to help with your evaluation process.
ISO Registrar Evaluation
Many of the top registrars provide significant information about their services via their website. Following are some additional questions to consider and ask during your registrar evaluation and selection process:
- General / Industries Served
- What accreditations do they have?
- What is the scope of activities the registrar has been accredited to audit?
- Does the registrar participate in the Independent Association of Accredited Registrars? (The IAAR is a self-governing group of accredited registrars)
- Where is their world headquarters located? If outside United States, where are their local country office locations?
- What percentage of their clients are similar in size and scope to our company?
- Once we enter into a long-term relationship, who will be our point of contact?
- If not satisfied with the level of service provided, what steps will they take to address our concerns?
- What relevant industry experience do they have?
- How many companies similar to ours have they registered?
- How do they handle assessments for new management systems with limited operational experience and supporting records (if applicable)?
- Can they provide references from clients similar to us?
- What frequency of surveillance audits can we expect?
- Do they do a full system audit every three years?
- What additional fees beyond standard audit costs can we expect to pay?
- Can they provide a detailed description of their audit and certification processes?
- Can they describe their certificate conversion requirements? Are fees or penalties incurred for separation during the contractual term?
- Can we expect to have the same auditor for all audits?
- How many different local or regional auditors are available to support our certification needs?
- How many auditors could we expect for each audit?
- Can they provide bios for auditors (i.e. education, experience, companies audited, references)?
- What method do they follow when there is a need or desire to change auditors?
- How do they determine the duration for full system and surveillance audits?
- How and when will findings be reported to company representatives during the audit?
- How do they determine major and minor nonconformances?
- How do they handle a major nonconformance?
- How long do we have to respond to reported nonconformances?
- What is their process for receiving and managing conflicts and disagreements?
- What are their confidentiality policies?
Final Selection and Contracting
Consider any other questions or information that might be beneficial to your evaluation process. Be sure to review and understand the registrars conflict resolution process and your available recourse when disagreements and/or service issues arise. Verify that you can exit your contractual obligations in the event that issues can’t be resolved in a satisfactory manner. Evaluate each of the final candidates and select the best provider for your organization. Note that auditors are not permitted to consult or provide guidance during the audit. Most will provide some general ideas for meeting ISO requirements or address a nonconformance, but in general do not ask your auditor to provide detailed information on how to structure your ISO 9001 management system.
Once your selection has been made, your new registrar will require execution of a services agreement which defines the terms and conditions for both parties. Once you execute the agreement, you should be assigned a point of contact with the registrar who can answer questions and guide you through their certification process activities including scheduling your stage 1 and stage 2 audits.
Finally, be sure to add the registrar to your Approved Provider List (APL) per your external provider process.