The certification process is site specific and scope specific. So, who determines what is in scope and what isn’t? Well, the majority of the decision lies with you, the client. You are in charge of determining risk and risk management and in doing so, you get to document the scope of the quality management system in relation to the activities within that site.
Normally, this means ALL activities within a site. If the organisation is particularly complex, highly divisionalised (if there is such a word), or corporately sensitive, then there might be a case to narrow the scope to specific operations or tasks. This is not ideal but it is accepted by the certification bodies within Australia.
However, there is one caveat. Certification providers do have the right to ‘veto’ a scope or more accurately, the definition of a scope. If the complexity or the intrinsic nature of the business makes it difficult to compartmentalise processes, divisions or shared services, then the certification body will instruct the client to reword a scope until all parties are happy. Once this occurs, and you have passed your certification audit, the scope is then quoted on the quality management certification certificate.
With all that said when looking at other organisation’s certificates be careful when you are reviewing a possible customer, partner, contractor, supplier, vendor, etc and of their claims to certification. Check the ‘fine print’. What site or sites are they claiming and what is the scope. You might be surprised to see who is trying to fudge what out there in the market place.