The following application article is part of a larger set of articles
published under the title ISO 9000 in Scientific
Computing as a special supplement to Scientific Computing & Automation
magazine.
The relationship between a company and its registrar is an ambiguous one.
On the one hand, the company is paying the registrar to perform a service.
On the other hand, that service may not result in an answer the company
wants to hear. Because registrars are not allowed to offer consulting services
(although they may provide training), they can't offer suggestions or direction
on how to create or revise your processes to comply with the standard. In
addition, some registrars are recognized by an accreditation board, some
are not. As a result, choosing a registrar can be a lengthy and time-consuming
task.
Because the ISO 9000 standard is gaining popularity so rapidly, the number
of companies offering registration services is also growing exponentially.
In the U.S., choices include contracting with the U.S. arm of an established
European registrar, contracting with a U.S. registrar which is not accredited
but has agreements with foreign registrars, or contracting with registrars
accredited by the RAB. Regardless of which registrar you choose, you should
weigh a number of criteria before making your final selection.
Registrar Accreditation
It is extremely important that you ask the registrar about their accreditation,
recognition, and auditor certification. It's almost too painful to contemplate,
but some companies have discovered too late that their registrar was not
accredited nor recognized. As a result, their registration wasn't recognized
either.
There are several accreditation bodies in Europe who accredit European registrars.
The two largest and oldest that certify organizations to perform third-party
quality system audits are the Dutch Council for Certification (RvC) in The
Netherlands and the National Accreditation Council for Certification Bodies
(NACCB) in the U.K. Thanks to the failure of the EC nations to create a
single pan-European accreditation program, there is no single registrar
that can ensure ISO 9000 compliance there, let alone around the world.
The Registration Accreditation Board (RAB) was developed in the U.S. to
establish credibility for U.S.-based registrars. The RAB performs initial
audits of registrars, issues certificates of accreditation, and performs
regular follow-up surveillance of registrars. The RAB is not, however, formally
recognized in Europe beyond a Memorandum of Understanding (MOU), which is
an agreement between two third-party organizations for reciprocal recognition
of their quality system certificates.
"While we were selecting the registrar, we were unsure of the status
of the RAB," states Ron Haynes, Thermo Separation Products. "There
seems to be a reluctance by the Europeans to recognize the U.S., despite
the fact that the ASQC was on the ISO board."
Even so, BSI's James Davies predicts that the harmonization of the RAB,
RVC, NACCB, etc, will be combined under one board in two to three years
by ISO.
Despite not currently being recognized by the EC or any European government,
the RAB is positioning itself for acceptance once a pan-European program
comes into being. This should eventually lead to mutual acceptance of registrar
accreditations, but there is no pre-determined date for this event. As a
result, U.S. companies who sell their products into Europe tend to use EC
registrars to ensure market penetration.
Background
With this in mind, one of your first questions should be to discover the
source of the registrar's accreditation and where that accreditation is
recognized. If the registrar is not recognized, determine if there are MOUs
with European accreditation bodies.
Next, ask the registrar if they have experience in your industry or market.
The last thing you want is to be audited by a registrar with no knowledge
of your industry processes. Get a list of companies to whom the registrar
has issued certificates, including contact names and telephone numbers.
Then, take the time to discover what others say about the registrar.
Availability
It is recommended that you contact registrars quite early in the process
is to ensure that the one you want is available when you need them. It's
important to ask how soon a quality system assessment could be performed.
Don't be surprised to hear lead times of six to nine months.
In addition, ask how long the registration period lasts. Typically this
is from one to three years. A full assessment occurs at the end of the registration
period, so the length of the registration has a direct impact on the frequency
and severity of the periodic surveillance audits.
Auditor Qualifications
To ensure that you get top-flight professionals, ask about the qualifications,
training, experience, and education of the audit team. Find out what standard
or criteria the registrar uses to qualify and certify auditors, and whether
that standard or criteria is recognized in Europe. Probe to determine whether
the registrar subcontracts any of its registration activities, particularly
whether their auditors are full-time employees. An organization that uses
independent auditors may send a different audit team each time, which could
cause needlessly long audits.
Costs
While the focus of costs centers on registrar fees, there are actually three
areas where companies spend money on ISO registration: internal, external,
and assessments. Internal costs include training, awareness, and time spent
writing the manual. External costs include consultants. Assessment costs
include the applications fee (typically $1000), the desk audit fee (typically
$1000), a pre-assessment fee and the initial assessment fee (varies), as
well as the cost for the certificate (typically $700).
Assessment costs depend on your industry, the number of staff at your site,
the number of sites involved, and the activities within the scope of the
audit. The minimum cost for a small site ranges from $12,000 to $20,000
if the audit is successful on the first attempt. If you use outside consultants,
add $20,000 to $40,000 for the first year. The biggest costs are hidden
in overhead and indirect costs which can soar to as much as $200,000 depending
on how much change to an existing system is required.
Ask how much the registrar charges. The average cost for a registration
audit is $1,000 to $1,600 per auditor per day. The size of the audit depends
on the size and complexity of the organization being audited. Find out if
travel and expense fees are included or extra. Ask whether the costs for
surveillance audits are included in the registration fee or an additional
charge.
Find out how many surveillance audits will be performed over the life of
the registration, and how long will each surveillance will last. When asking
about costs, ask about the billing rate and whether you will be charged
by the work day or by the hour. Ask whether overtime is applicable and if
there is a billing rate for travel time. In addition, find out if travel
expenses are additional or included in the rate, whether they are billed
at a reasonable rate (no first class hotels please!), and whether the registrar's
auditors will be travelling from a location within the U.S. or from Europe.
Perhaps most important of all, find out what registrar other industry players
used and whether your customers or suppliers have suggestions. Recommendations
are often the best passport.
Top Choices
The British Standards Institute (BSI) is a popular choice with analytical
instrument companies, and was selected by PEN, Varian, and Fisons, among
others. Varian's David Lowe remarks that they "chose BSI because we
knew it would be a long-term involvement with the registrar and BSI is extremely
well-known in the U.K. In addition, they were the originator of the standard
as well as numerous other safety and kite marks with very high recognition
in Europe."
Sometimes the registrar choice is a corporate-wide dictum, sometimes the
registrars are chosen by the individual units because the company is decentralized.
Often registrar selection depends on the location of the site being registered.
In addition to BSI, other popular choices include the National Standards
Authority of Ireland (NSAI) and National Quality Assurance, Ltd. (NQA).
Beckman chose NSAI "because we wanted the simplest and most straightforward
way to put together a quality system that could be certified all the way
through by a single registrar," explains Rob Ireland. "First,
we'll implement a quality management system for our processes, then we'll
meet EC directives for product quality. NSAI could be specific and do both
forms of auditing, enabling Beckman to harmonize their approach."
When the variables are equal, registrar selection may boil down to the way
in which the registrar conducts business. Many ISO project leaders and quality
managers come from aerospace backgrounds and have previous experience dealing
with government and military specifications. In their quest to avoid bureaucracy,
they selected registrars who respected that approach.