Digital Quality Certs: The Basics & Why They’re the Future

By Paul Decker with contributions from Carmen Vertullo, Steven Severt and Mario Bildat


There’s no denying the importance of quality certifications, or “certs” in industries where the consequences of product failure are high. But why are they so important?

We know the term certs describes a broad set of product related documentation provided by suppliers to customers to give them confidence that purchased components can be safe and functional when assembled into a final product.

And yet, certs are so much more than that. Because underneath lies a myriad of related topics — each of which is fundamentally important to the relationships between manufacturers, distributors, and customers.

The purpose of this post is to provide a deep dive into certs, covering what they are, why they are important, and how they are created, exchanged, and used by companies all over the world. We will also describe the current practices, their limitations, and what the future of certs looks like.

What is Digital Cert Management?

Digital Cert Management is an emerging category of B2B software. This type of software provides a cloud-based network that enables companies to exchange quality certs and other critical documentation in global supply chains.

Subscribing companies can automatically request and receive certs from vendors while also sending them to their customers, providing 24/7 access and eliminating time-consuming requests to resend lost certs. They can also place QR codes on product labels, allowing customers and operations employees to access and associate certs with specific lots of materials or parts while on the shop or warehouse floor.

Unlike Quality Management Systems (QMS) and ERP systems that offer collaboration through portals, Digital Cert Management is a cloud-based network that enables subscribing companies to effortlessly exchange, update and manage their quality certs. Managing certs in a central, secure platform where all authorized employees of the vendor and customer organizations can access them eliminates problems with paper, email, and portals.

SmartCert is the category leader, and its users believe it will become the industry standard for quality cert and critical document exchange. Companies are achieving labor savings up to 80% while improving quality of work, enabling remote access, providing greater security, and increasing customer satisfaction.

Table of Contents

What Are Quality Certifications or Certs?

Quality certifications – or “certs”, as they’re commonly referred to – are documents generated throughout the supply chain to demonstrate that products, processes, or systems have been evaluated and found to meet required criteria. This could include product specifications, engineering, quality, safety standards, or regulatory requirements.

The most common certs relate to specific lots or individual products. They include:

  • Certificates of Compliance,
  • Mill Test Reports (MTRs),
  • Certified Mill Test Reports (CMTRS), and
  • Certificates of Analysis (CoA)

Some certs apply to the organization and confirm the presence of a quality management system like ISO9001 or AS9100. Other certs apply to the design of the products, such as a CE Mark, UL Listing, or export licenses.

And, there are also certs that confirm that individuals meet certain requirements, such as for welding or non-destructive testing.

Regardless of the type of cert — the end goal is the same: to give buyers confidence that the products and services they are purchasing meet their requirements and specifications.

Customers designate which certs are required based on internal risk analysis, industry standards, and regulatory requirements. Certs will always be documented within the customer’s QMS and are a legal requirement of the supply agreement or purchase order (PO).

Table of Contents

Why Are Certs Important?

Certs are important because they demonstrate that products and services meet customer requirements. When products don’t meet these requirements, the consequences can be severe.

Improves Operating Efficiency

For example, an undersized ID on a pinion gear might mean it cannot be properly installed at a Tier-1 assembly plant, causing interruptions, downtime, and potentially risking on-time delivery to an OEM customer with significant financial consequence.

Think about it like this. A cert for the purchased gear gives the Tier-1 assembly plant confidence it can consistently assemble cars, allowing for acceptable Overall Equipment Effectiveness (OEE) and scrap rates, further enabling it to reliably deliver products to its OEM customer.

Ensures Safety & Reliability

Certs also play an important role in ensuring safety for manufactured goods. For example, what if a manufacturer used wrong material in an aircraft landing gear? This mistake could result in hundreds of deaths.

This is exactly why the material test report (MTR) accompanying an aerospace casting is necessary, as it gives the manufacturer confidence that the landing gear will be safe.

Fulfills Contractual Requirements

Certs are also important because they are typically a contractual requirement of supply contracts and purchase orders. They must be delivered to the customer to get paid.

Managing incoming certs is a challenge for many companies, and withholding payment for missing certs is one way to ensure they are sent.

Table of Contents

How Many Different Types of Certs Are There?

Although there are many types of certs, most fall into one of the most common categories below.

Certificate of Conformance/Compliance

A Certificate of Conformance, also known as a Certificate of Conformity, Certificate of Compliance, or CofC, is a legal document signed by an authorized representative of a supplier. It confirms that specific products meet minimum technical, regulatory, or safety standards. CofCs can also be provided by third parties that conduct product testing.

In domestic manufacturing industries, a CofC is typically supplied by a manufacturer to a customer confirming that the products meet the technical specifications. In some cases, a CofC covers a batch, or lot, of parts and in other cases, like for turbine blades, a CofC is required for each serialized product.

In international trade, a Certificate of Compliance (Certificate of Conformity) is given to exporters or importers to show that the goods or services purchased meet the required standards of a given country.
Below is an example of a CofC required for US government contractors.

Material Test Report

A material test report, or MTR, is a quality assurance document certifying the physical and chemical properties of a particular material. It typically includes a description of the material, the heat or batch number, the material specification, and version to which the products were made.

It also includes a breakdown of the elements so readers can make their own comparison to standards. The heat or batch number is used for traceability. For metal products, this is also known as a Mill Test Report or Mill Certification. Other variants include Certified Mill Test Report (CMTR) and Metallurgical Test Report.

Inspection Reports

This report certifies that each sample was produced and inspected under the customer’s specifications.

For example, aerospace and defense companies in the US conduct first article inspections according to AS9102, and the results of these inspections would typically be communicated in an inspection report sent with the products.

In the automotive industry, these reports might accompany certified material following a quality spill to ensure that product was sorted and found to meet specifications.

Third-Party Test Reports

Where risk is higher and customers need more certainty, they will often require suppliers to obtain third party confirmation that the product meets specifications.

In third-party testing, a company sends its product to an outside laboratory for evaluation. The third party conducts the tests using a standard testing procedure and provides a certified report indicating their findings.

Third-party laboratory reports contain a description of the parts, including the lot number or serial numbers, a list of each standard or specification tested, the methodology used to conduct the test, the test results, and a determination of whether the products conform with the specifications.

Certificate of Analysis

Like certificates of conformance, certificates of analysis, also known as COAs, are used when the quality of the product is important and the buyer needs a high level of confidence.

Certificates of Analysis describe the results of scientific tests performed primarily on food, drugs, chemicals, and medical devices using specific test methods.

COAs are critical to proving compliance in regulated industries ranging from cannabis to food. At a high level, COAs typically describe the product being tested, how it can be identified, its quantity, the methods used in the tests, the results, and the individuals who conducted the test.

Product Approval Packages

Some industries like automotive and aerospace use processes for product approval known as Production Part Approval Process or “PPAP” pronounced pee-pap.

This process generates a huge number of records, including things like:

  • Layout inspection reports to ensure products meet specifications
  • Capability studies to ensure production processes are in statistical control
  • Records of measurement system analysis to ensure measurement systems are adequate to detect nonconforming product
  • Appearance records show that products meet cosmetic requirements
  • Part Submission Warrants (PSW) to indicate that a product has been approved for shipment.

Table of Contents

What is a Quality Management System?

A Quality Management System is a defined and systematic approach to conducting business that results in consistent production of high-quality products.

Quality Management Systems are typically based on international standards that dictate organizational requirements for:

  • Leadership and management
  • Planning and risk management
  • Support and training
  • Product design and development,
  • Production (both internally and via the supply chain)
  • Monitoring and measuring of key business performance indicators
  • The organization’s commitment to continual improvement

When a firm is implementing a quality management system that meets the requirements of a recognized international standard, it will often hire an accredited third-party organization to audit and certify that its QMS meets the requirements of the international standard — another type of quality cert that is often required throughout the supply chain.

The most common international standards used to build and certify a QMS include:

All of these QMS standards were built on the foundation of ISO 9001, and share a similar structure and requirements. They differ in ways that make them more applicable to their specific industry.

In some cases, a QMS is required to comply with legal regulations. For example, medical device manufacturers supplying products in the US must also comply with the requirements of the Food, Drug, and Cosmetic Act outlined in 21 CFR 820. However, there are currently efforts in the US to harmonize these requirements with ISO 13485, as Health Canada has done through the MDSAP program, and the EU with the European Medical Device Regulation, or “MDR.”

Table of Contents

What Industries Use Certs?

A wide range of industries use certs to ensure compliance and manage risk. The list includes industries like aerospace and medical, but also extends to food, chemicals, electronics, automotive, energy, retail products, military, materials, and many others.

The risk of noncompliance is obvious in industries such as food and beverage, medical devices, pharmaceuticals, and aerospace where human safety is the primary concern, but may also be needed in other industries for many reasons — even if just to ensure that a tight tolerance is maintained on a supplied component to guarantee proper fit during an assembly process downstream.

Cert requirements typically result from a risk or hazard analysis conducted as part of a company’s risk management plan.

In the automotive and aerospace industries, practitioners will thoroughly identify risks in design and in manufacturing processes using a technique called Failure Modes & Effects Analysis, or FMEA.

A FMEA highlights potential failure modes, including those coming from components supplied from external vendors, their effects, causes, probability of occurrence, and ability to detect the failure mode prior to it reaching the end user. By analyzing these failure modes, companies mitigate risk by creating controls to prevent occurrence and increasing detectability, which usually leads to documentary evidence of compliance using certs.

The medical device industry uses an international standard, ISO 14971, also recognized by regulatory authorities as the definitive standard for risk management for the industry, to similarly conduct risk and hazard analysis and take actions to mitigate risks to end users.

Table of Contents

What Are the Most Common Ways to Transfer Certs?


The traditional way to transfer certs has been to include paper copies with the shipment of the products. While having them physically attached to the shipment is convenient, this also creates problems.

For example, they can easily become detached from the material and lost. It’s also time consuming and costly for sellers to print them out and for buyers to scan them into a digital format upon receipt — not to mention trying to organize all the scanned PDFs. When incoming material is quarantined until quality personnel can verify certs, it creates production delays.

Finally, maintaining paper certs requires physical record retention procedures; certs will fill up file cabinets and occupy valuable space. Once certs have been filed, it can take a long time to find them later if required.


Email offers a one-to-one method of transferring certs, but with inboxes quickly filling with urgent requests and unsolicited emails, certs can easily be lost and never end up being downloaded to the proper directory or into a document management system.

And, what if the employee responsible for processing certs goes on vacation or gets sick?

While many firms send certs via email, this method leads to inconsistent results regarding record retention and constant requests for suppliers to resend misplaced certs. In most cases, the requests are urgent because the customer is about to ship the product, so they interrupt the sales and quality team and distract them from doing their core jobs.


For decades, large companies have created portals where they require vendors and customers to upload or download certs. While this improves the process for the portal owner, it entirely shifts the burden to the vendors and customers who are forced to use a special portal.

Large companies have the power to require vendors to use them, but smaller companies have been unsuccessful getting customers and vendors to use their portals.

A supplier who must manage different methods of transferring certs or maintain different logins for each customer’s unique portal will expend more labor, risk more errors and be more frustrated by the laborious work.

Digital Cert Management

Digital Cert Management is an emerging category of B2B software. Digital Cert Management provides a cloud-based network that enables member companies to exchange quality certs and other critical documentation in global supply chains.

Subscribing companies can automatically request and receive certs from vendors while also sending them to their customers, providing 24/7 access and eliminating time-consuming requests to resend lost certs.

They can also place QR codes on product labels, which allows customers and operations employees to access and associate certs with specific lots of materials or parts while on the shop or warehouse floor.

Table of Contents

How Do Companies Process Inbound Certs Currently?

Companies use a variety of methods to receive and manage incoming certs for purchased material. The vast majority of customers today receive paper certs that are shipped with their product. When received at the facility, they are typically checked during an incoming inspection and filed in cabinets.

The risk of incomplete records with this type of process is high, and the ability to locate records is laborious and difficult. Many firms have moved to receiving certs by email, or scanning inbound certs and storing the PDFs in network directories, while others use ERPs, QMSs, or other document management systems to store certs.

For companies that have started moving away from paper, certs are often transferred via email or through online portals. In either case, the burden lies more on one party than the other, but the results are typically only slightly more consistent and organized than the paper-based systems.

When using email, the certs are often lost and overlooked in overstuffed inboxes or sent to the wrong person who doesn’t know what to do with it or who no longer works for the company.

When portals are used, companies have to understand the portal — potentially one among many — maintain their login and remember to actively go to the portal and upload or retrieve the certs. It’s often easier to just ask again and get them via email or paper, stopping progress, particularly in large organizations.

In cases where one party is substantially larger than the other, it’s often difficult to get the larger party to comply with the portal requests. Both methods are an improvement over traditional paper-based systems but are still far from perfect and result in inconsistent data and ongoing requests to resend certs.

This traditional process also wastes time and creates unnecessary production delays. Before a flight departs Europe for the US, the TSA knows who is on that flight and has time to review the manifest and reject people it deems unqualified for entrance. When certs are delivered on paper, or retrieved from a portal, there is no opportunity to review the shipment before it departs, where corrections can be made inexpensively and quickly.

This puts high pressure on receiving and incoming inspection to process the parts before releasing them for subsequent production steps. When given adequate time prior to receipt, quality can resolve discrepancies and minimize delays.

Table of Contents

What if There is a Discrepancy or Disagreement About a Cert Between the Issuer and Recipient?

When a company experiences quality problems with incoming products, the buyer’s quality team will analyze the problem and compare its results with those contained on the inbound cert.

Perhaps a process capability problem can be identified, or a measurement method is found to be inadequate at the supplier. Sometimes the information on the cert is correct and the problem is in the buyer’s process.

Either way, discrepancy and disagreement does occur. After all, humans, processes, and measurement systems are not perfect.

When a certified product appears to be nonconforming, despite the records suggesting otherwise, the buying and selling firms must work together to understand the causes and to collectively resolve the issue. Often this is accomplished through a Supplier Corrective Action Request, or SCAR.

Table of Contents

Why Would Certs Need to Be Amended?

There are several reasons why certs may need to be amended. Perhaps the criteria or standard provided to the supplier was incorrect, or possibly errors were made during preparation at the supplier.

Whatever the reason, amending certs should not be done lightly, because a cert is a record attesting to the compliance or conformity of the product, conferred only by parties authorized to do so.

In regulated industries, these changes need to include a concise audit trail to show who made and authorized the changes to ensure that only authorized personnel are doing so.

When certs are amended, often the conversation about the amendment, which typically occurs via email or telephone, is not saved with the new cert. If, in the future the cert needs to be reviewed, two versions without explanation of the change can create confusion and doubt, typically at a very critical time.

Table of Contents

Where Do Companies Store Certs?

Organizing and storing certs can be a daunting task for companies, especially those with a large global supply chain. There are three main ways to store quality certification: paper file cabinets, computer directories and computer software.

How Long Are Companies Required to Store Certs?

Most ASTM or quality management system standards do not specify a retention period. Some industry specific regulations, like the Fastener Quality Act, which has limited applicability, specifies that records be retained for five years.
Medical device records in the US need to be retained for a time equivalent to the design and expected life of the device and not less than two years, according to 21 CFR 820.
Most organizations will define their own record retention policies, so long as they adhere also to industry standard and regulatory requirements. With the ever-decreasing cost of electronic storage, it is now feasible to retain electronic records indefinitely.

Table of Contents

Are certs important when a regulatory body begins an investigation?

During voluntary reporting, incidents, or recalls, firms and relevant regulatory bodies will work together to determine failure causes and employ corrective and preventive measures to ensure that the incidents do not recur.

Whether an incident or recall is being reported to the NTSB, FDA, or other regulatory body, records and product certs will be necessary to understand causes. For an incident investigation to be successful, firms and regulators will need easy access to accurate records.

Sifting through inconsistent network repositories of PDF records or poorly organized filing cabinets will certainly cause delays or hamper the effectiveness of the investigation as quick, easy access to correct, consistent, and complete electronic data will be needed.

When companies can quickly deliver accurate records, it reflects well on them. If a company struggles to fulfill the investigators requests, it also casts doubt on the company and its management.

Table of Contents

What is a Quality Spill?

A Quality Spill is an event where customers or a distribution channel takes possession of nonconforming products. When this occurs, certs play a critical role in identifying which materials can be used and which must be quarantined.

Table of Contents

What is the Future of Cert Management?

We’re on the edge of the 4th industrial revolution; the future of certs will be digital. The days of inconsistent and incomplete data archived in multiple formats and sent using different methods are soon over.

Learn more about what’s next step for cert management



How much is lost paperwork costing your company

Read more →


SmartTalk with quality and fastener industry expert Carmen Vertullo

Read more →

Case Study

PENCOM gained 80 percent efficiency on internal cert processes with SmartCert

Read more →

No more missing paperwork and fewer customer requests. Click here to schedule a 15-minute non-sales call to explore whether SmartCert can save your business tens of thousands of dollars in wasted labor every year.

You might also like