I work for a small telecoms reseller and a new customer is ISO9001 registered, we are not and have no plans to become ISO9001 accredited.

They have asked for two references and as far as I know we are not legally obliged to supply them. They are suggesting that without these references it may prevent them from using us?

Is this just BS or do we have to comply? I’d rather not turn away business if I can help it for the sake of a couple of references, but my MD isn’t bothered either way.

They are suggesting that without these references it may prevent them from using us?

If their ISO procedures state that non-ISO companies must supply references then they will need them to complete their process.

but my MD isn’t bothered either way.

Why?

You don’t have to comply and they don’t have to do business with you.

Maybe their QA requires them to vet new suppliers? If you had 9001 accreditation they could use that, without it they require a couple of references?

There’s nothing in the ISO standard that requires you to give these references. Their processes that they’ve adopted to meet ISO accreditation may mandate it but that’s their issue not yours. However, if you don’t provide them, their processes may mean they can’t work with you.

Section 7.4 of the ISO 9001:2008 spec is related to Purchasing and reads (paraphrased):

7.4.1 Purchasing process – The org shall ensure purchased product conforms to specified purchase requirements. The type and extent of the control applied to the supplier is dependent upon the effect of the purchased product on the product realisation or the final product.

Essentially they need to define the criteria that they will evaluate/select their suppliers with based on the suppliers ability to supply the product in accordance with their requirements.

As you’re not ISO accredited they’re asking for references to prove you can deliver.

I’m a quality manager for a telecommunications company.

They are suggesting that without these references it may prevent them from using us?

that is their procedure rather than ISO one – however it’s a common misconception.

Many people really miss the point of ISO accreditation.

It’s fairly common for companies to require their suppliers to be ISO9001. Sometimes good, sometimes daft. I’ve had a few occasions where we’ve not been allowed to use some good existing suppliers and having to use poor workmanship(i.e. bad quality places) because they were the ones that had ISO9001.

ISO9001 doesn’t guarantee anything other than they’ve paid for the privilege of being accredited / audited. Plenty of terrible companies are ISO9001.

It’s fairly common for companies to require their suppliers to be ISO9001

Only if they’re lazy and can’t be bothered to implement a Vendor management/Supplier evaluation procedure.

Being ISO accredited does not mandate that you only deal with other ISO companies.

ISO is actually pretty straight forward. At a high level all it requires is that you define a process and follow it. Keeping records as you go. It doesn’t care if your process is correct or a good one, just that you have one…and can show continual improvement.

Its a hilarious standard. You can write any shoddy procedure you like into it. So long as you always abide by that standard then you remain compliant. “…always use the length of a forearm to determine the location of the bolts in the reactor pressure vessel…”

I’ve had this a lot:
– Some places won’t work with you if you’re not certified (often public sector bodies).
– Some will work with you but you need references or to offer them the opportunity to validate your processes.
– Others don’t notice/ don’t care if you leave it blank.

If you want to do business with big companies it may be less hassle to get yourself certified (~£800 a year when I did it for a little business)

Thanks all, esp dooosuk. (which comms company are you with?)

Im not against it, but I just wanted to clarify what the requirements were etc.

Glad to be of help…and I’d rather not say but we’re a supplier to telco networks but also IVRs to enterprises.

Having been audited a few times, I’m amazed how lax the whole thing is, you only seem to have to show a vague intention to think about following a process and they’re happy.

Having been audited a few times, I’m amazed how lax the whole thing is, you only seem to have to show a vague intention to think about following a process and they’re happy.

In my experience it depends on who is doing the auditing. I worked for a company who used Lloyds and they were very thorough and came at things from all angles to make sure the process was as robust as possible. Bureau Veritas on the other hand…

Cheers,
Jamie

In my experience it depends on who is doing the auditing. I worked for a company who used Lloyds and they were very thorough and came at things from all angles to make sure the process was as robust as possible. Bureau Veritas on the other hand..

Good to know – been working towards my companies ISO9001 certification for about a year now and trying to work out who ‘best’ to come in and do the certification.

I’d agree it’s totally dependant on whose auditing you.

We were previously audited by a German auditor and he was so thorough and not easily led. Current chap is quite lax about it all and didn’t even check our procedures. He just asked people what they did and accepted it.

Bristolbiker – keep everything simple and not prescribed whilst still be useful. The less there is to trip you up the better. Never volunteer any information that isn’t asked and only answer the questions asked (don’t wander off the question). They can only find out what you tell them.

In my experience it depends on who is doing the auditing. I worked for a company who used Lloyds and they were very thorough and came at things from all angles to make sure the process was as robust as possible. Bureau Veritas on the other hand..

Good to know – been working towards my companies ISO9001 certification for about a year now and trying to work out who ‘best’ to come in and do the certification.

It very much depends on the auditing company. I found Lloyds to be fairly lax along with BSI, BV & NQA. DNV & especially API were very thorough and certainly went through the management system with a fine comb.

To answer the OP it looks like it is a requirement of their system to have these references before you will be considered. Is it really that difficult to obtain references if you are supplying a quality product or service to other organizations?

Dooosuk: Yeah – this is the advise we had from the guy who initially came in to advise us. We have internal QA procedures for all areas of quite a varied business (including usual purchasing, training etc). The irony is is that we’ve reduced our whole-company QA system from a set of ring binders (but still clear, totally usable, robust and appropriate) down to a bare bones of ~50 sheets of paper just to make the auditing process easier…..