How can you your business achieve ISO Certification?
This is a question that often is asked and I guess the reason being that certification is so different in many different industries and situations.
Let’s start by exploring the reason for certification. To start with some industries, require certification to be in place from a legal and contractual stand point and in order to provide products or service into that industry, certification is non-negotiable. For example, in the mining or oil and gas industries just about every company will be required to show certification in Quality Management (ISO 9001), Environment Management (ISO14001) and Health and Safety Management (OHSAS 18001). There are in many cases additional standards directed at specific products and services by industry. In addition to industry requirements, certification is a useful business strategy to add value and credibility to your business. This is achieved by showing that your products and or services have been subject to strict control and verification to ensure they meet customer’s requirements.
ISO defines Certification as: “the provision by an independent body of written assurance (a certificate) that the product, service or system in question meets specific requirements”
So if the reason you want certification is to meet customer requirements or abide by industry legal and contractual requirements, then you need to plan accordingly. The first step is to develop your management system in line with the requirements of the standard required. For the sake of this blog, lets look at ISO 9001 Standard which is the implementation of a Quality Management System (1).
Your Quality Management System (QMS) will be all the policies, processes, operating procedures and records that reflect how your business operates within its desired market. A good ISO Consultant will be able to direct you through the process of developing your Quality Management System in order that it meets the requirements of the ISO 9001:2015 Standard and your Customers requirements.
Once your QMS is in place, being used, and all staff have been trained on the relevant policies and processes, the next step is to complete a few internal audits. Internal audits are one of the requirements for certification. What the internal audit process does is ensure the QMS is a) compliant to the ISO Standard and b) meets the requirements of your customers and finally c) is being followed by the business. Management need to complete an ISO based Management Review Meeting – this meeting is another check to ensure that Management are satisfied the QMS is working as required by the business.
Finally having completed all the above requirements, the Company should engage with an Accredited Certification Body who will come and perform the certification audit. This process is normally broken down into three stages. The first stage is the Document and record Review. Here the Certification body checks to make sure that the QMS has been compiled with all the required documentation defined in the ISO Standard. If there are no problems (non-conformances), then the second stage is undertaken. Stage two comprises a review of mandatory processes and an assessment of implementation and compliance of business processes. Mandatory Processes include Internal audit, Management Review, Control of Documentation etc. Again if there are no problems (non-conformances) then the Certification body will recommend the company for Certification. This is when the final stage kicks in, and here the Certification body has its audit file checked by a review board to ensure the audit was completed correctly. If so, then the ISO certificate is awarded. This certificate is valid for 3 years and is subject to annual surveillance audits by the certification body to ensure the QMS remains compliant to the standard, customer requirements and all other legal and contractual requirements. If during any of the first 2 stages there are problem (non-conformances) then the company is given between 30 and 90 days to resolve these non-conformances and provide evidence to this effect to the Certification Body.
Note: (1) The process defined above is applicable to most ISO Standards, such as ISO 14001 (Environment Management System), ISO 27001 (Information Security Management System), ISO 22000 (Food Safety Management System) or OHSAS 18001 (Occupational Health and Safety Management System)
If you need help in implementing an effective ISO Based Management System such as ISO 9001 (Quality Management), ISO 14001 (Environment Management), OHSAS 18001 (Health and Safety Management), ISO 27001 (Information Security Management) or ISO 22000 (Food Safety Management) why not email firstname.lastname@example.org or subscribe to www.isostandards.co.za