Third party audit certificate redacted
I've been working with a potential new supplier for film. They had provided all the documents when we first reached out to them over four months ago. Our questionnaire they completed and returned had like 3 answers that I just felt something was off. They had not yet provided a 3rd party certificate so I asked. Asked every month for the past four months until we hit our unannounced audit period and basically told them time was up and I could not approve them as a supplier. I want to note I have full support at my company on this. This week they randomly sent me a letter with a third party audit certificate attached from an audit conducted in 2021. (Certificate expires in July 2024). The catch was the company name and address along with the certificate number were blacked out. In my mind a red flag as I don't understand how any of that is confidential or proprietary. I question this supplier on it and they stated the information was redacted as it is proprietary and protecting their joint ventures. At this point, I am not approving them, but I was wondering if anyone else has experienced this? Also, thought it would be a good topic of discussion on the forum.
I understand some documents remaining confidential, but company name, certificate number, and address blacked out? That's a new one. I have had a company in the past send a cropped photo of the certificate and it made me question it because why would you take a screenshot of your certificate. So I went to go and verify their certificate online, and it wasn't even their most current audit even through the dates were still current. This company had some quality issues/concerns noted on the "current audit" they provided me and were trying really hard to hide them, so I can only imagine what was on the actual current audit. I did not approve them, but I faced backlash from Upper Management for following our procedures.
Is it possible to verify the certificate with the certifying body based on the information that is visible on their cert? Usually this involves the cert number, which would make this situation pretty suspect considering that info is blacked out. If you cannot get some kind of verification from the CB that this company is indeed certified, I think you made the right call.
Is the type of certificate (SQF, GGAP, BRC, etc.) visible? If so, you could try searching their database of certified sites. If there isn't a publicly-available directory, you could also try emailing the CB or scheme owner and asking if they could verify if the company is certified.
I think you made the right call by not approving the supplier.
My thoughts are that they may be purchasing the material from another company and having it shipped to you directly ("drop-shipping"?), but are not certified themselves.
I'd reject them as well. For all you know they found a PDF copy of someone else's certificate, blacked out the other company's information and is attempting to pass it off as their own. A GFSI cert isn't supposed to be confidential, defeats the whole purpose of this system. At best, something screwy is going on, and at worst it could amount to some level of fraud.
Thank you all!
I'd reject them as well. For all you know they found a PDF copy of someone else's certificate, blacked out the other company's information and is attempting to pass it off as their own. A GFSI cert isn't supposed to be confidential, defeats the whole purpose of this system. At best, something screwy is going on, and at worst it could amount to some level of fraud.
My other thought is, if it's confidential because of joint ventures, it's one of their partners' certificate. Or a cert for a location of the same company, but not the location supplying the product. Our company has a lot of locations and not all locations are GFSI certified. One of my first questions when I get customer requests via sales is which sites are supplying them so I can respond accordingly.