Single or Multiple ISO 9001 Certificates

Due to timing differences or process variations, some organizations have accumulated separate registration certificates across their sites. While that might have been the best solution at the time, these organizations should consider merging the registrations into a single scope of registration and certificate.

If an organization qualifies, the benefits of a single, multi-site certificate are:

  • Single audit of shared services
  • Sampling plan for remote sites
  • Reduced audit visits and costs
  • More uniform system over time

Of course, the remote sites might fear the loss of their autonomy. The central site may be concerned about the weakest link placing the single registration at risk.

Multi-site Registration
The criteria for multi-site registration are explained in the International Accreditation Forum (IAF) guidance document for ISO Guide 62:

  • Site products must substantially be of the same kind
  • Products must be produced with same fundamental methods
  • Quality system must be centrally planned and administered
  • Quality system must be subject to central management review
  • Central and remote sites must be subject to internal audit program

Sampling Method
Not all multi-site organizations are eligible for sampling. The registrar makes that determination based on site sizes and process variations.

At least 25% of the sample must be selected at random. The remainder of the sample is selected based on factors such as:

  • Internal audit results
  • Customer complaints
  • Variation of procedures
  • Changes since prior audit
  • Geographic dispersion

The sample selection can be postponed until after the central audit. Sampling is for the remote sites. The central site must be audited at least annually.

Sample Size
The initial audit sample of remote sites is the square root of the number of remote sites, rounded up. For example,

  • For 3 remote sites, it would be 2 of 3, with 1 random
  • For 4 remote sites, it would be 2 of 4, with 1 random
  • For 5 remote sites, it would be 3 of 5, with 1 random
  • For 10 remote sites, it would be 4 of 10, with 1 random
  • For 25 remote sites, it would be 5 of 25, with 2 random

For surveillance audits at remote sites, it is 0.6 times the square root, rounded up.

  • For 3 remote sites, it would be 2 of 3 each year, with 1 random
  • For 4 remote sites, it would be 2 of 4 each year, with 1 random
  • For 5 remote sites, it would be 2 of 5 each year, with 1 random
  • For 10 remote sites, it would be 3 of 10 each year, with 1 random
  • For 25 remote sites, it would be 3 of 25 each year; with 1 random

The IAF guidance document includes a table of auditor days for the initial registration of different size organizations (see our May 2002 e-Newsletter). Annual surveillance audits are estimated to be about 1/3 of the days spent on the initial audit.

The guidance also identifies the factors that would cause a registrar to increase or decrease the number of audit days (see our May 2002 e-Newsletter). The guidance states the cumulative days for a multi-site certificate must at least equal the number of days if the functions were all part of a single organization at the same site.

Single Certificate
The single certificate is issued with central office name and address. The remote sites will be listed on that certificate or an attachment. If desired, sub-certificates can be issued for the remote sites (with a sub-scope and reference to the main certificate.