QUESTION:
From: ASQ Ask the Experts
Sent: Jan. 18, 2013
To: ATCS – ASQ Ask the Experts
Subject: Can ISO 9001 Certification Be A Supplier Requirement?
Our company has bought another company in Canada and we are outsourcing to them. They are not ISO 9001:2008 certified.  Do we have the legal right to require them to get certification since we are?

RESPONSE:
From: Bill Aston, ATCS –Q-Blog, Ask the Expert
Sent: Jan. 18, 2013
To: ASQ Ask the Experts
Thank you for contacting us.  With regard to your question, there is no requirement in ISO 9001 that requires any organization or their suppliers to be certified by a third-party. Certification is only needed if it’s required by a customer contract/purchase order, or if an organization has opted to be ISO 9001 certified.

However, as an ISO 9001 certified organization, your quality management system must include controls to maintain control over outsourced processes. This requirement is stated in clause 4.1. The control over outsourced processes may include all or any of the following:

1.    Use of an approved suppliers list (see clause 7.4.1)

2.    An onsite supplier quality audit (see clause 7.4.3)

3.    Review and approval of equipment, processes, procedures, methods, and personnel qualifications for processes that require validation such as welding, nondestructive testing, heat treatment or others (see clause 7.5.2).

In summary, ISO 9001 certification is a management decision and not a requirement.  Organizations that follow the ISO 9001 requirements and have outsourced processes should have controls in place to manage those processes.

I hope this helps.

Best regards,
Bill Aston, Managing Director
Aston Technical Consulting Services, LLC