So you’re ready to become ISO certified and have found yourself facing the first hurdle: Deciding which ISO Registrar to pick. Don’t worry; you are not alone. For years we’ve helped organizations pick an ISO registrar to match their company’s culture and needs, and for years we’ve seen the process being complex and cumbersome, to say the least.
Even with our prior experience, having to go through the process of selecting an ISO Registrar ourselves gave us a first-hand look at how frustrating this process can be. We used the exercise below not only to offer better insight to our clients regarding this process, but also as a tool to train our staff in the very process we consult for. You will read here an in-depth, mano a mano review of some of our region’s most famous ISO Registrars. Read on to learn our expert tips, to ensure you get the Registrar you deserve!
Step 1: Determine the Requirements
As an ISO Technology and Consulting firm, our primary goal was to demonstrate that our foundation is solid (ISO 9001) and our house secure (ISO 27001). Therefore our main requirement was to select an ISO Registrar that could audit to both the ISO 9001 and the ISO 27001 standards. Of course, we know not all Registrars are created equal, and that going cheap is not always the best. At minimum, they had to be accredited by some of the best-known accreditation bodies out there (see our ISO Vanguard Blog: This Certificate Smells Fishy: How to Find Out if a Certificate is Forged or Valid).
Additionally, as experts in ISO management systems integration, we’ve developed a truly integrated system to meet our needs. Therefore, we also had to ensure this ISO Registrar could provide an auditor who could perform an integrated audit.
So, as we set out to find our perfect Registrar, we developed a list of our requirements in order to guide us through this process:
- Accredited ISO Registrar by known accreditation bodies (such as ANAB, UKAS and RAV)
- Able to audit ISO 9001 and ISO 27001
- Able to conduct an integrated audit
- Able to provide local auditors
Step 2: Choose the Contenders
When we do turnkey consulting assistance in the ISO standards, we typically help our clients select their ISO Registrars by providing contacts from alternative large, medium and small ISO Registrars. As per ISO 17021 guidelines, we are unable to select the Registrar for them based on our affiliations. However, we are able to provide options. So, true to our own advice, we decided to make a list of all the potential ISO Registrars that could meet the requirements we had set forth. We came up with the following names, and lucky for us, many of them were headquartered in Houston:
|Registrar Name||US Headquarters||Contact Info||Default Accreditation Mark||Size|
|ABS QE||Houston, TX||16855 Northchase Dr.Houston, TX 77060
|BSI||Reston, VA||12110 Sunset Hills Road, Suite 200Reston, VA 20190-5902
|Bureau Veritas||Houston, TX||390 Benmar Dr.Suite 100
Houston, TX 77060
|Det Norske Veritas (DNV)||Houston, TX||1400 Ravello Drive, Katy TX 77449281-396-1000||RAV||Large|
|DAS||Houston, TX||6161 Savoy Dr. Suite 455, Houston, TX 77036713-789-0885||UKAS||Small|
Step 3: Request for Proposal
Once we knew which ISO Registrars we wanted to investigate, I decided to prepare a one-page Request for Proposal template with all the information I knew would be required in order for the ISO Registrar to provide a bid. This included:
- Our company name and background
- Our full contact information (name, address, phone numbers, emails)
- Our company size (number of employees)
- The ISO standards sought for registration
- Our Scope of Certification
- The exclusions to our scope (None! Check out Mireaux’s ISO Vanguard blog: Why We Have No ISO Exclusions to learn why we wanted to avoid exclusions and how we achieved this.)
- Our vision for how this relationship was to benefit the Registrar just as much as it would benefit us.
Rather than sending the Request for Proposal to all these contacts—all of whom I’ve dealt in the past in one way or another—I decided to turn the hunt for our registrar into an exercise for our own employees. Most of our employees, such as our technical writers, document control people, technical support people, , are young and full of energy when it comes to helping our clients. However, most have never been through the actual process of ISO certification themselves. I decided, What better way to train them, than to have them practice first-hand what they help me preach?
I assigned each one of our staff a specific ISO Registrar. Each sent their assigned ISO Registrar the same Request for Proposal so as to reduce the variation we already knew would be coming with their responses. I also asked that each report back to me on their interactions, but that they not involve me in the process until absolutely necessary. I knew it would be easy for them to just say “Oh, I’ll transfer you to Miriam,” or worse yet, have me come up with the questions they needed to ask the ISO Registrars. I was hoping our staff would learn more by asking and researching the questions themselves (and I had an ulterior motive: to determine what their own negotiating skills were. Yes, there is some degree of negotiation required!). So on August 22 we started what would be a long, drawn-out process.
Step 4: The Nitty Gritty
You would think that an ISO Registrar would be able to provide a quote within a day or two. After all, there are no unknowns here (accreditation bodies dictate how much they audit). But, as we said at the beginning, this is easier said than done! Below are the Mireaux staff’s experiences and opinions on their interactions with the chosen ISO Registrars in our pursuit of ISO 9001 and ISO 27001 certifications.
Initial Score: 80%
Second Time Around Score: 60%
Salesperson rapport: The ABS QE representative was polite, straightforward and businesslike. He was very good about answering my (many) questions in detail. When I asked if he would be willing to modify his proposal to have slightly more favorable terms, he said that he would look into it, but that he was unwilling to make us promises he might not be able to keep. His manner was occasionally a little abrupt, and he didn’t ask if I had any further questions. Overall, I had a very positive opinion of his approach, but clients who prefer more coddling might disagree.
Second Time Around: After we found out the first quote was flawed, the salesperson was not as prompt as before. It took five days and several calls and emails to find out that the original quote did not pass muster with their own accreditation group. From then on, communication was not optimal and things were no longer as clear as they originally were.
Quoting process easiness: ABS QE required us to fill out an internal Request for Proposal form, rather than accepting our Request for Proposal as it stood, but the form was relatively short and simple. More seriously, the first proposal we received from ABS QE left out ISO 27001 and truncated our scope, leaving out several core processes. However, the representative responded quickly once we pointed out these mistakes, and the second proposal was error-free.
Second Time Around: We were perplexed at the fact that quotes can be submitted without the appropriate group blessing. We were also puzzled by the fact that design was not considered originally. Even though we submitted a Scope within the Request for Proposal that mentioned design about five times, we found it strange that later we were told that they wrongly consider design to be of minimal importance. I think it was more their oversight than ours, given the fact that it was on paper that we do design about five different ways.
Quote turnaround time: ABS QE had the fastest turnaround time of all the registrars. Within an hour of sending our Request for Proposal, I had a response from their representative—even though our contact information was for a person who had moved on to a new position! Four hours after a promptly scheduled phone meeting, their first proposal was sitting in my in-box. Their representative consistently responded to all inquiries within two business days, and usually within a few hours.
PROS: Turnaround time; willing to make accommodations; overall customer service.
CONS: Severe errors in original proposal, their process for submissions of proposal seems a bit odd, with formal review happening after contract signing.
Comments: In the end, ABS QE has great customer service. But even though they are also local, we could not get past the fact that time was wasted on a flawed proposal.
Initial Score: 40%
Second Time Around Score: 86%
Salesperson rapport: As it transpires, we had rather unlucky timing here. The first representative we contacted actually left the company part way through the process. The second representative, however, was very courteous and professional.
Second Time Around: Despite many conference calls, involving auditors and other personnel, the Salesperson remained patient with us as we looked for the best fit. He remained so professional and courteous, never sending us to the competition, but rather working with us to figure out our needs. He helped us redo our Scope to better represent what we were trying to do and to make it leaner.
Quoting process easiness: When you submit an RFP, BSI first sends you a form to fill out. This form was very confusing, so I asked for clarification. I was just given a PDF with some information, but nothing in the brochure seemed to address my questions. So, I cheated and asked Miriam what some of it meant. Once the form was filled out, I was sent a link to an online portal where I could certify that the information they had gathered about us was correct. From this, they would generate a quote. But when I went to the portal, I found that our scope had been truncated, leaving out roughly three-quarters of what we do! I also found out that their quoting process does not allow for integrated audits, and therefore integration was not factored into the quote. It took some doing to get everything as it should be.
Second Time Around: After the Scope was redone, we decided to scale everything back to just one standard as an immediate solution to the integration process. They recommended that once they knew our system, then they could add the other standard very easily. This in the end was good for our budget as well, because we were able to fit in the “Small Business Program” that BSI has, creating nice savings for our small business. The Salesperson took care of recreating the scope. Though their system was a little complex and confusing, it is advanced, and we have to embrace technology one way or another.
Quote turnaround time: Once allowances had been made for the vicissitudes of personnel turnover, BSI was fairly quick to respond. The second representative contacted me to explain the situation and then delivered a quote within two days. However, this occurred more than 30 days after our original submission.
Second Time Around: After redoing our Scope and scaling down to one standard, the quote was returned within hours.
PROS: The portal used for quote approval provides a great way for you to pin down the details before anything is set in stone. They seem more like partners, willing to work with us. They have an excellent small business program for businesses with less than 100 people. BSI is also the leading registrar for ISO 27001.
CONS: Confusing form. Originally the highest number of days and application fees of all, but of course it turns out that was fully compliant with accreditation rules. They do not really do integrated audits. Their auditors that can do integrated audits are usually out of town.
Comments: Because of the personnel issues, BSI wasn’t initially at their best. I can say, though, that once that matter was out of the way, things did proceed very nicely with the second representative. And after all their help, we were able to find the perfect solution for our small company.
Overall Score: 73%
Salesperson rapport: Both of the representatives from Bureau Veritas with whom I spoke were very professional, understanding and organized. There was a bizarre IT problem, in that I could receive their emails, but they could not receive mine. In a laudable display of flexibility and dedication to their jobs, both reps gave me their personal email addresses so that I could get them the information they needed. I really appreciated that. Bad tech support, but good customer service.
Quoting process easiness: The second representative, who ended up handling our quote, was great. He called me on the phone to get additional information. He explained what information they needed and why they needed it, before I could even ask. As it turns out, I didn’t receive a form from them, because he had filled it out based on our RFP and the phone conversation with me. So, Bureau Veritas was the only registrar who didn’t make us fill out their internal paperwork for them.
Quote turnaround time: The BV personnel with whom I interacted were pretty good about getting back to me within a day or two. Counting the time that it took to hammer out a few details, we had a quote from BV a week after our phone conversation. Not too shabby.
PROS: Very personable salespeople.
CONS: No available local auditors who were capable of doing integrated audit; may need one auditor for each standard. Travel expenses required even for local auditors. Consequent higher costs.
Comments: We were definitely impressed with Bureau Veritas andwould have probably gone with their certification, but during our negotiation, we were dismissed as being better off with their competition. I guess we may have been trying to split hairs, but we thought there were too many days required by the audit for our company size, so we were trying to cut other auditor expenses, which seemed unavoidable.
Overall Score: N/A
Salesperson rapport: N/A
Quoting process easiness: N/A
Quote turnaround time: N/A
Comments: Due to affiliations, DNV declined to submit a bid.
Overall Score: N/A
Salesperson rapport: N/A
Quoting process easiness: N/A
Quote turnaround time: N/A
Comments: We received no response to our RFQ.
And the survey says…
Finally, after months of going back and forth with the ISO Registrars, we had a winner. I had to get involved at some points and polish up my negotiations skills to ensure we were getting what was right for us. In the end, we felt that BSI was the best of the group. We believe that they will be the right partner to meet our ISO certification needs for years to come. They understand the value of what we are doing and are willing to help us obtain certification to the two standards, in a reasonable manner. We are committed to showing our clients that we walk the walk as well as talk the talk, and we believe having a certificate to show for it will be the icing on the cake.
Continue following this blog to read about our experiences as we become one of the few ISO Technology and Consulting firms to be certified to the ISO 9001 and ISO 27001 standards—and officially practice what we preach.