In the last article we discussed in detail the pros and cons of first party certification via self-declaration of conformity. We explained how to utilize the first party certification option as a viable and in many cases the only necessary certification process to fulfill internal as well as customer requirements.

Where do we find this mystical first party certification option, (which no one seems to know about or dares to talk about)? To put it simply, the first party certification option is a European invention (along with the ISO 9000 standards that were first published in 1987). This first party certification option is stated in every EC/EU directive that accompanies a contract or purchase order which requires a CE mark on the product. The original manufacturer is required to pass on these requirements to its subcontractor. These EC/EU directives spell out in detail what to comply with in regard to quality and/or product conformance. The main concern is how the product would affect the safety of the end user and/or how it would impact the environment, while producing and/or using the final product. As in the case of toys, the main concern in essence is the safety and protections of the end user.

EC/EU directives provide first party certification as the first option out of eight certification options. Directives can require conformity assessment for both the product and the quality system the product has been manufactured under, or the assessment can be required only for compliance of the product against the product specification and/or standard the contract originally called out for. Various assessment modules will indicate which conformity assessment is required and may be used. If you are interested in more detailed information on EC/EU conformity assessments you can find this information in my book " How to Win With ISO 9000", published in 1994 by QCSS. Or if you like, you may order any EC/EU directive which your product falls under, which will explain in detail the assessment modules and its requirements. At the end of the article we will provide you with sources where you can purchase such EC/EU directives.

The second party certification option is a sensible next step after first party certification has been accomplished. How do you go about it? You contact your customer and let them know that you have a documented and implemented quality system in place. There will be a good chance that your customer may want to verify your claim of system compliance by asking permission to evaluate a copy of your quality system manual or by conducting an onsite quality system audit, verifying that you have actually implemented your documented procedures. After your customer finds the quality system in compliance you carry official second party certification status, which you should proudly advertise. If your customer dictates no other requirements then this may very well be all that you will have to do for system certification. An important fact to remember is that this second party certification is usually performed at no cost to you by your customer. The only drawback to this option is that other customers may want to conduct their own additional audits of your system. However, if you have been approved by a large customer such as the Department of Defense, the FAA, the FDA, one of the automotive, aerospace or other industry giants, then it is most likely that your other smaller customers will accept this second party certification status without having to repeat the audit process.

To summarize, here is a brief outline of the steps necessary to gain second party assessment:

1. You contact your customer and ask for second party certification assessment or audit.
2. You provide the customer with requested material such as your level one and two quality manual.
3. Your customer's quality representative will review your quality manual.
4. After acceptance of the manual they will conduct an on site audit at your company.
5. After you pass the audit and the customer accepts your quality system they will issue second party certification.

1. You contact the Registration Accreditation Board (RAB) which accredits auditing bodies (companies) and ask them for a listing of accredited auditing companies.
   You contact several of the listed auditing companies which provide services and have the expertise in your product line (see applicable SIC Codes in that listing) and ask for details and a price quote.
2. After you come to an agreement on price and terms you will have to submit a level one and two quality manual for evaluation.
   After acceptance of your manual the auditing team will come out and conduct an audit on your quality system.
3. After compliance, they will issue a certificate of compliance along with an assigned registration number, identifying your company as a certified and registered ISO 9000 company.
4. After you have been certified and registered you normally will be required to pay semiannual maintenance fees that are above and beyond the initial fees you paid to get audited and certified. Then, every three or four years (depending on your product and system compliance) the process repeats itself and you will have to get re-audited and recertified once again, and of course you have to pay for it all over. When getting a quote, be sure you negotiate not only the initial fees, but the semiannual maintenance fees. Know what fees you are committing to. There are registrar companies now which offer small business rates, which are very affordable. For more information you may call us and we will provide you with a current listing.

What are the benefits of a third party audit? Theoretically it should eliminate multiple audits, but in reality it has not always worked out that way. More importantly, if the product or services are critical enough to affect the health and safety of the personnel manufacturing the product , and it protects the consumer using the end product, or it protects critical environmental issues, and the system proves to be effective, then the third party independent audit has fulfilled its objective. A good example where a third party independent audit is a viable option and is beneficial, is the manufacture of medical products, or critical aerospace components, or highly toxic chemical product processes.

In conclusion, I think it is now clear that all the three audit options have their place. It is high time that the quality associations, and in particular the task groups which are involved and responsible for developing these ISO 9000 standards, address the certification options more clearly and directly. One solution is to qualify and assign "risk levels" for products, as has been done in the medical device industry, where four levels of risk are assigned to respective medical devices (level one posing the least risk, etc.). What will this do for the industry in general? It will restore a much needed trust and confidence for companies in the use of the ISO 9000 quality and auditing schemes. In particular, it will help smaller companies to utilize the applicable ISO 9000 quality models without incurring unreasonable and in many cases unnecessary cost. Once this has been established then truly all industry branches large and small can be winners, including the consumer that uses the end product.

At this time we like to thank our readers for the support you have shown this past year.

Quality Control Systems and Services is dedicated to assisting companies achieve quality system certification by providing implementation and training services, including a large spectrum of quality related books, standards, EC/EU directives, Quality Manuals and Guidelines. For more information please visit our web page: www.qcss.com and log on to our e-commerce catalog. For comments or for more information on the article contact Gunther B. Gumpp at (949) 388-7686. Copyright (c) 1999, Gunther B. Gumpp, QCSS.NMW