How should multi-site companies handle different certifications across sites?

Multi-site companies rarely have identical certifications, scopes, and maturity at every plant. The goal is not to force uniformity at all costs, but to manage differences deliberately so customer, regulatory, and internal requirements are always met and demonstrably controlled.

Start with a clear map of certifications and scope

First, create and maintain a single, controlled view of certification status across all sites:

• List each site with its current certifications (for example: ISO 9001, AS9100, ISO 13485, IATF 16949), including scope statements and exclusions.
• Capture certifying body, issue/expiry dates, and any findings or conditions that impact operations.
• Identify which products, programs, and customers are covered by which site scopes.
• Clarify any shared or corporate-level certifications versus site-specific ones.

This mapping should be kept under document control and made easily visible to operations, planning, commercial, and IT teams. In regulated environments, auditors will often ask how you ensure work is performed only at appropriately certified sites; this mapping is the starting point for that explanation.

Tie routing, capacity, and sourcing decisions to certification status

Production routing and sourcing must respect where a given order is allowed to run:

• In ERP/MES, configure rules so that certain customers or part families can only be scheduled at specific certified sites.
• Lock down routing changes under formal change control, with impact analysis on certification coverage.
• For multi-site capacity moves or load-sharing, require an explicit check that destination sites have appropriate certifications and qualified processes.
• Ensure planners, master schedulers, and customer service see certification constraints when promising lead times or shifting work.

In brownfield environments, enforcing these rules may mean integrating existing ERP, MES, and PLM systems or using simple controls (for example, approval workflows, manually maintained allowed-site lists) until tighter automation is feasible.

Standardize where it matters, localize where it must

Different certifications often drive slightly different control needs. You do not need every procedure identical across sites, but you do need a logical structure:

• Define a corporate-level quality management framework (policies, core processes, and minimum requirements).
• Allow site-level procedures and work instructions to vary where necessary for local certification scope, equipment, or regulations.
• Maintain clear traceability from corporate standards to site-level procedures, so you can show how requirements are met differently at each site.
• Align terminology and structure enough that multi-site audits and internal assessments are practical.

Full process unification across all sites is appealing, but often fails in high-regulation, long-lifecycle operations because equipment, validation status, and local regulations differ. Focus on consistent intent and controls, not identical documents.

Manage documentation, evidence, and system configuration by site

Different certifications impose different documentation and evidence expectations that must be reflected in your systems:

• In document control systems, tag or classify procedures by site and applicable standards.
• In MES/ERP/PLM, separate site-specific master data and workflows where requirements diverge (for example, inspection steps, lot traceability, special process controls).
• Implement site-aware access, so operators and engineers only see instructions, forms, and templates that are valid for their location.
• Keep audit trails of configuration changes: who changed what, for which site, and under which change request.

In brownfield stacks, some of this may rely on conventions (site-specific naming, separate plants or company codes, or distinct MES instances) instead of ideal multi-tenant architectures. The key is that you can prove which rules applied at which site at a given time.

Governance and change control for certification differences

Governance should explicitly address the fact that certifications differ by site, rather than assuming a single global status:

• Maintain a multi-site quality governance forum or council that reviews certification status, risks, and upcoming audits across all plants.
• Require risk assessment when adding, losing, or changing certification scope at any site (for example, impact on customer contracts, routing, and qualified equipment).
• Integrate certification considerations into management of change processes for major process or system changes.
• Set minimum internal standards that may exceed the baseline of some certifications, to reduce complexity and risk where possible.

When a site loses or changes a certification, there should be a predefined playbook: how orders are reassigned, which customers are notified, and how system rules are updated.

Audit readiness: show coherence, not uniformity

External auditors and customers will typically test whether you have a controlled approach to multi-site differences, not whether every site looks identical:

• Be able to show how corporate and site-level processes fit together and where responsibilities split.
• Demonstrate how you prevent misrouting work to non-certified sites (evidence from ERP/MES, not just policy).
• Provide site-specific records, calibration, training, and qualification evidence aligned to each site’s certification scope.
• Document how lessons from one site’s audit findings are evaluated and, where relevant, propagated to others.

This requires coordinated data and document management, but does not require consolidating all plants into a single QMS or MES instance, which is often impractical in regulated, long-lifecycle environments due to validation and downtime burdens.

Handling long equipment lifecycles and legacy systems

Long-lived assets and legacy systems make uniform certification practices difficult:

• Some sites may rely on validated legacy test equipment or special processes qualified decades ago that cannot be easily replicated elsewhere.
• Replacing or revalidating systems simply to harmonize across sites can introduce significant qualification burden, downtime risk, and integration complexity.
• Instead of full replacement, use layered controls such as digital travelers, add-on data capture, or integration middleware to standardize evidence and traceability while preserving local validated tools.

This coexistence model is often more realistic and defensible than trying to re-platform everything to achieve identical certifications across sites.

Practical considerations and limitations

How you implement these practices will depend heavily on:

• The maturity of your QMS, MES, ERP, and PLM systems and how well they are integrated.
• Contractual commitments that may restrict which sites can support specific customers or programs.
• Regulatory constraints (for example, export controls, local regulations) that limit where certain work can physically be done.
• The organization’s appetite for standardization versus local autonomy.

No approach can guarantee certification outcomes. The realistic aim is to make certification differences transparent, controlled, and consistently reflected in how you plan, execute, and document work across sites.