How to know whether ISO 9001 certificate is valid?

If you are asking your suppliers to have a Quality Management System (QMS) that is based on ISO 9001:2015, you have reasons for doing so. Maybe you want to reduce the risk of products, processes and services resulting in poor results, or maybe your customers require you to use certified suppliers. Whatever the reason for requesting a QMS certificate, you want to ensure that a supplier sends you a copy of an authentic certification. But what do you do when you suspect that the certificate is false?

Here are a few things to consider if this happens:

Why might a company have a false certificate?

It may surprise you, but the concern about false certifications is not included in the ISO 9001 standard. The standard is simply a set of requirements that can be implemented to provide a company with a QMS that will help them deliver products and services that meet customer needs and improve customer satisfaction. How this is done by the organization, and how they gain certification, is not included because certification of the QMS is not a mandatory requirement.

So, why would a company falsify a certificate? It is hard to say, and every organization that does this probably has different reasons. It could be because they are concerned about the expense of hiring a certification body to audit them. It could be because they are worried about what will be found during the certification audit. It may even be that they just want to claim certification without having done any of the preparation and implementation required. Whatever the reason, without a valid certification you do not know that any QMS they might have in place has been verified against the ISO 9001:2015 requirements.

For more on what the certification auditors will ask during the audit see this article What questions to expect on the ISO 9001 certification audit.


What can you do to check if a certificate is false?

The first thing to remember is that an organization cannot certify their own QMS; this needs to be done by an accredited certification body. To better understand what to look for it is helpful to know how certification works.

The process for how certification works goes like this: the International Organization for Standardization (ISO) issues a standard, and an organization will implement the standard. The organization will hire a certification body to audit their system and issue an accredited certificate that the system meets the standard requirements. In order to be allowed to do this, the certification body needs to be accredited by the national accreditation body who monitors their work. In turn, the national accreditation body must be authorized by the International Accreditation Forum (IAF).

So, each certificate should include the registration/certification number, the name of the certification body and the name of the accreditation body. If there is no certification or accreditation body, then the certificate is definitely false. If there are a certification and accreditation body identified, then you can start the process of looking to find out if the certification body is properly accredited. The way to do this is as follows:

ISO 9001 certificate – How to know if it’s valid?

  1. Look at the list of accreditations bodies from the IAF. To do this go to https://www.iaf.nu/articles/IAF_Members__Signatories/4 and choose the country or area the supplier is from. This will list the approved national accreditation bodies for that country. For instance, for the United States of America, the list includes the ANSI-ASQ National Accreditation Board (ANAB). You can link to the accreditation board from this website.
  2. Under the accreditation board search for the name of the certification body identified on the certificate. From the ANAB website above you can find the web page to search for a certification body.
  3. If the accreditation body is not on the approved list of accreditation bodies there is a problem. Likewise, if the certification body is not on the approved list of certification bodies this is an issue. Either way, you should be concerned that any audit was not done by competent personnel who were adequately approved.

This may seem simplified, but if you follow the above process and find that those who claim to have issued a certificate are not on the maintained approval listing, then the certification is not valid.

For more on what you should do to evaluate suppliers see this article, How to evaluate supplier performance according to ISO 9001:2015.

What can you do about it?

If you have good reasons to ask your suppliers for certification to ISO 9001:2015, then it is obvious that a supplier with a false certificate should not be used by your organization. Use your internal process to find another supplier who can satisfy your needs. You may also notify ISO about your suspicions of a company who has a false certificate; this can easily be done at https://www.iso.org/complaints.html. This can help the ISO group to better investigate this problem.

Those of us who know the benefits of having a certified QMS may be mystified by an organization that would falsify their certification. Unfortunately, this practice is occurring with some organizations and needs to be monitored. As with any other requirement if you have any providers of external processes, products or services, you want to ensure that the requirement for a certified QMS is met. After all, if a supplier would misrepresent their ability to meet this simple requirement, what else are they hiding?

For more information on how to suggest your supplier the right certification body see this free whitepaper: List of questions to ask an ISO 9001 certification body.

Advisera Mark Hammar
Author
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.