In this blog, we're going to look at the steps your organisation needs to go through to obtain ISO certification.
We recommend watching the video for a clear explanation of this, but you can also find the transcript below.
The steps outlined below will help if you are seeking certification to the following standards:
ISO 14001 - Environmental Management
ISO 45001 - Occupational Health & Safety Management
ISO 9001 - Quality Management
ISO 27001 - Information Security Management
ISO 22000 - Food Management
1. Understand the Standard
The first thing you need to do is to get a thorough understanding of the management system standard that you want to be certified to. This will involve being aware of every requirement in the relevant standard.
In doing this, you will learn what's required by the standard and start to envision how you could demonstrate that.
Once you have a thorough understanding of the standard you are seeking certification to, you need to document and develop your processes and your management system, identifying how you make those different requirements.
3. Introduce the System
Once you've identified the core processes of the system and documented this, it is now time to actually introduce it.
Refer to the top
4. Implement the system over time
The system needs to be progressively implemented over time. You can't just design and develop the documents, type them up and then get certified the next day.
Time must be allocated for training and communication, but also for your organisation to build up objective evidence to show to the auditors. This evidence will give the auditors an insight into how you've implemented the system and how you've met the requirements of the standard.
5. Select a certification body
Next it is time to actually select a certification body. We recommend watching this video to get an understanding of what a certification body actually is, and how you can go about selecting one.
6. Audit Process
Once you have selected that certification body, you're going to have to go through at least, a two-stage audit process.
Stage one of this process is sometimes called the pre-audit, where the certification body will send out some auditors to audit your management system against the requirements of the standard. You can almost think of that as a gap analysis. You can't be certified at that point, but they will clearly identify any areas where your system needs further work to meet the standard.
We tend to recommend to our customers to allow quite a bit of time between stage one and the next stage, which is stage two.
Stage one can often bring up findings that more work is required, which is why it's important and recommended to leave a little bit of time between these audits (stage one and stage two).
7. External Auditor will come to site
During the stage two audit, the certification body will send out an external auditor, and they're going to be looking for objective evidence.
We have discussed the sources of objective evidence in a previous video, which include:
8. Demonstrate Conformance
By the end of the staged audit, if you can demonstrate conformance with each and every requirement through objective evidence, you will be deemed to be certified by that certification body and they will issue a certificate.
At this point, you can demonstrate to your customers and the wider marketplace that you have been independently certified as meeting that particular standard!
9. Maintain the System
From the stage two audit onward, you're going to need to maintain your system. Every certification body comes back once a year to do what's called a surveillance audit to make sure that you are maintaining that system.
When you're implementing a management system and seeking to have it certified, it's really critical to have top management involvement and commitment. That is emphasized in the standard, so it is crucial you get them on board early.
This may involve educating top management so they understand what it's about. It will be critical to the success of your management system.