What is required to be ISO certified?
An ISO certification ensures that an organizations systems, processes, and procedures
meet quality, safety, and efficiency standards, which align with standards
set out by ISO (The International Organisation for standardization).
The most common ISO certifications:
- ISO 9001 Quality Management Systems
- ISO 14001 Environmental Management Systems
- ISO 45001 Health and Safety Management Systems
- ISO 27001 Information Security Management Systems
Every business will have some level of existing processes in place, but they may not meet the necessary standard required for the certification. Therefore, it is a great opportunity for an organisation to review and improve its current processes and procedures. An organisation must be willing to review its current systems, processes, and procedures to identify where the organization doesn’t meet the standard and where the organisation and make changes and to improve their system.
The Process of Becoming ISO Certified:
An ISO certification will require an organisation to allocate time, effort, and commitment from staff, senior management, and direct stakeholders in the organisation.
You will be required to develop a management system that ensures all key operational activities, processes, and procedures are documented and monitored on an ongoing basis, both during the development of the system and post-certification.
You can expect the development, implementation, and rollout of an ISO management system to take circa 3 – 9 months, however, this is dependent on the size of the organisation, the complexity of your operating activities, the amount of time and resources you can dedicate to developing the management system.
A certified awarding body is an organisation that has been approved by UKAS (https://www.ukas.com/) as competent to audit and certify an organisation against the requirements of national and international standards and regulations such as ISO. UKAS stands for the United Kingdom Accreditation Service. They are appointed by the UK government to be the sole agency authorised to assess the ability and competence of organisations that provide certification, testing, auditing, inspection, and calibration services.
What is the Certification Auditing process?
The Certification Body will conduct a 2-stage audit process, on an organisation before they become ISO certified.
- Stage 1 audit – often seen as a documentation audit to assess you have all the required mandatory and supporting documentation for your management system.
- Stage 2 audit – confirms your management system is fully aligned to the standard and is operational within your organisation. The auditor will be looking to evaluate the implementation and its effectiveness, and that your system is being applied across the business, departments, sites, and projects. The Auditor could ask to see any information or member of staff within the organisation to ensure that the management system is fully implemented and being applied correctly, to successfully pass Stage 2, and be granted certification. It can a few weeks for the formal certificate to be issued. IF at Stage 2, your auditor finds nonconformities these will be advised, and further action will be agreed to get you on the right track. Another audit will be scheduled later for the awarding body to return to undertake the certification audit.
What is required post certification to maintain the ISO certificate?
Achieving an ISO certification does not stop there……. You will be required to have annual audits (also known as surveillance audits) by the certified awarding body where they will be looking for evidence that your organisation is adhering to and following the processes and procedures stated in your management system. Again this will involve the auditor asking to see evidence that across your organisation, the management system, its documentation, reporting, and reviews are being undertaken. Any member of staff, department, or site could be viewed by the auditor; however, you will not necessarily have forewarning.
You will also need to undertake a Management Review Meeting, at a minimum interval of once a year. This meeting must be minuted, and ensure that you have reviewed all areas of the management system, and also review the internal audits and discuss any areas of non-conformities or areas of improvement or changes to the system. This meeting would often be expected to take half a day as it must include a review of the monitoring, reporting, analysis, and internal audit results.
Once an organisation has gained its ISO Certification you will need to continue to manage your system and monitor that all activities are being undertaken correctly in line with your management system, via internal audits to ensure it is being followed.
Once certification is obtained a certificate will be issued that will be valid for 3 years. This is maintained through annual surveillance audits with a 3 yearly recertification audit (full system audit).
Surveillance audits are undertaken annually to ensure that compliance to the chosen Standard(s) is maintained throughout the three-year certification cycle.
The frequency and duration of surveillance are dependent on factors including:
– size and structure of organization
– complexity and risk of activities
– number of management systems standards included in the scope of certification
– number of sites listed within the scope of certification
The annual audit (Surveillance audit), will be conducted by the awarding certification body, often this is the same body that awarded your certification in the first instance.
The audit is to ensure that your organisation is maintaining the high standards of operational control & management necessary to maintain the ISO certification.
What to expect at an annual certification audit process and what does it involve?
- The audit is primarily looking for evidence that procedures are being performed as defined in your management system documentation.
- Any member of staff or senior management can be approached by an Auditor.
- They will be looking for evidence that you undertake regular monitoring of your management system, which is recorded and evaluated.
- They will ask to see evidence that the correct documents are being used across the
- The senior management team are expected to show evidence of regular Management Review Meetings. The purpose of a Management Review meeting is to review and evaluate the effectiveness of your Management System, helping to determine its continued suitability and adequacy and effectiveness while addressing the possible need for changes to policies, objectives, targets using the mechanisms the organisation has in place to continuously monitor and measure the management system, alongside the internal audits.
- That the organisation is conducting and documenting regular internal audits of the ISO management system, and operational activities to ensure conformity.
How Oasis Business Support can support you in developing your management system?
At Oasis Business Support, we understand that developing an ISO management system can seem like quite a big task, especially whilst you still need to keep running your business and serving your clients. This is where we can provide invaluable support, expertise, and guidance.
It can take time to decide the best possible way to implement the ISO standards, not to mention how many questions that might come up throughout the process. By using our service, you never have to worry about uncertain issues – you get an expert who supports you along the way.
We can provide you with support, expertise, and documents to guide you through the development of your management system.
You can review and adapt and feed into your new management system if applicable, to support your existing processes, activities, and procedures your organisation undertakes, alongside providing you the peace of mind they will satisfy all the main ISO Standards.
A formal management system can help you manage your business more effectively and efficiently and provide a platform for growth, you need to have strong foundations internally in your business to support your business growth.
What can you expect when engaging Oasis Business Support?
Firstly, we look to incorporate what you currently have, and what your existing policies, processes and procedures are, through a Gap Analysis. This will include discussions with key personnel, to understand your current business activities and documentation.
Every Clients management system is individual to the client. There are many common forms and procedures that may be available, which we will share with you to support you in developing your system and enabling you to incorporate them with your existing documentation and processes.
You will often find you are already following many principles of a management system. By working with us and referring to the common documentation we will share with you, it will give you the confidence to in being able to review and understand how your existing information can feed into your management system and where you can further improve and develop more robust processes and procedures.
“Our aim is to help you implement a clear and usable management system that delivers an effective and efficient management system across your business.”
How Oasis Business Support can help you post certification?
In addition to supporting you in developing your management system, we can also provide annual support visits to provide you with extra input in areas you are struggling with.
It can take a couple of years before the management system is fully understood across the organisation and fully integrate across all activities and areas of the business.
At Oasis Business Support we can visit you again in six months’ time to undertake an internal review or more formal internal audit of your management system, this is to ensure your organisation as a whole is following your defined processes and procedures. At this point, we will provide support and review of how your system is being managed and adhered to. If we spot anything that may cause a problem with your re-certification audit, we will raise it with you, giving you guidance on what you can do to avoid nonconformities at your annual re-certification audit.
With Oasis Business Support undertaking an internal review or internal audit, will allow you to feel more supported and confident ready for your annual re-certification audit.
We also provide ISO training & guidance; the training is aimed at developing your understanding and ability to run an effective management system. Whether you want to learn about the clauses or develop your understanding and ability to run an effective management system. Whether you’re considering implementation or are already involved with the day-to-day running of your management system, you’ll have the opportunity to develop a greater understanding. we offer both face-to-face and online training to suit our client’s needs.
If you would like us to support, you with developing and / or post certification please let us know and we will get in touch with you to discuss further.
If you would like to find out more, please contact: firstname.lastname@example.org