Methodology

ISO Certification Procedure

ISO (International Organization for Standardization) as the name implies is an independent international organization that develops International Standards. In practical terms, they are not involved in the actual certification process and therefore do not issue ISO certificates. Accredited certification bodies, approved by an internationally recognised accreditation authority perform the ISO certification process. Here, we will look at ISO Certification process being followed internationally.

If you need any assistance for obtaining ISO certification, get in touch with an ACS Advisor at project@iso-accreditation.com.

Objective of ISO certification

The aim of getting ISO certification is the implementation of standardisation in the workings of an organisation.

Benefits of obtaining an ISO Certification

  • Enhanced credibility: ISO Certification plays a vital role in helping the organisation to build credibility in global business, gain reputation in domestic and overseas market.
  • Customer Satisfaction: ISO standards are intended to make organisations to serve their customers in a better way that would simultaneously increase client’s satisfaction levels.
  • Government Tenders: ISO Certification is quite essential to bid for Government Tenders in many industry sectors.
  • Business Efficiency: Functional efficiency of organisation is improved by obtaining ISO Certification. SOP (Standard Operating Procedures) and work instructions can be developed with the help of ISO experts. Implementation of ISO standards in an organisation enables more efficient resource management.
  • Product Quality: By obtaining ISO Certification, the product quality matches up the international standards, it will reduce the risk of an order being rejected due to defective production. These are mainly due to inappropriate processes, which can be rectified by following the recommendations of external consultants who will perform a process analysis.
  • Business credibility: ISO Certification improves the marketability, and it has a positive impact on business marketing directly. This is the easiest way to gain global recognition for startups and new entrants to win the trust of external stakeholders.

Applicable Costs for ISO Certification

Fee for ISO certification is dependent on several factors. The ISO certification body will compute the fee for ISO certification by considering the below mentioned different parameters:

  • Size of an organization and the number of employees
  • Process implementation within an Organization
  • Level of risk associated with the scope of services of the organisation
  • The complexity involved in the management system
  • The number of branches, factories, production facilities and working shifts.
  • Costs based on number of man hours, auditor fees and administrative costs

ISO Certification Processing Time

ISO certification processing time also varies depending on the organisation. The ISO certification body will notify the details of processing time for completion of ISO certification after assessing various parameters.

Prerequisites for ISO Registration

The precondition for providing ISO certification is explained in detail below:

Selecting the Type of ISO Certification

Firstly, the management of an organization needs to choose the type of ISO certification applicable for the business organization. There are various types of ISO certification standards which are more popular than other, based on business requirements:

  • ISO 9001:2008- Quality Management System
  • ISO 45001:2018 - Occupational Health and Safety(OH&S) Management
  • ISO 14001:2015 – Environment Management System
  • SO/IEC 27001 – Information security management
  • ISO 37001 – Anti-bribery management systems
  • ISO 31000 – Risk Management
  • ISO 27001 – Information Security Management System
  • ISO 26000 – Social Responsibility
  • ISO 28000 – Security Management
  • ISO 22008 – Food Safety Management
  • SA 8000 – Social accountability
  • ISO 10002 – Compliant Management System
  • ISO 3166 – Country codes
  • ISO 8601 – Date and time format
  • ISO 20121 – Sustainable events
  • EnMS EN 16001 ISO 50001 – Energy Management
  • SO/IEC 17025 – Testing and calibration laboratories
  • SO 13485 – Medical devices
  • ISO 639 – Language codes
  • ISO 4217 – Currency codes
  • OHSAS 18001 – Occupational Health & Safety Management System

Selecting an ISO Certification Registrar (ISO Certification Body)

As stated above ISO does not provide any certification on it's own. This activity needs to be performed by the external certification bodies. Therefore, it is mandatory to recognise a credible certification registrar. When selecting a certification body, the entrepreneur has to follow the things listed below.

  • Compare several certification bodies, their reputation and reliability.
  • Check if the certification body fulfills the ISO's CASCO requirements
  • Confirm whether the certification body is accredited by a competent authority.

Note: Accreditation is not compulsory; however, the companies should meet the ISO accreditation bodies’ requirements.

To find an accredited certification body in your region, contact us. We operate as a global network of registrars, working with ISO auditors in each country who can serve your requirements with utmost confidence. When we are involved, ISO certification process becomes easy, quick and hassle free!

ISO Certification Process

The process for obtaining ISO certification is explained in detail below:

Make an Application for ISO implementation

Once the management, business owner or his authorised representative has selected the ISO standard and ISO certification body, he need to make an application in a prescribed form (depends on the ISO registrar). The application should contain rights and obligations of the entrepreneur and the certification registrar (parties) and also includes liability clauses, limitations, confidentiality, usage of logo and access rights.

Document Review by Registrar

The ISO certification body will review all the quality manuals and documents related to various policies and procedures being followed within the organisation. Review of existing works will help the ISO registrar to identify the possible gaps against the requirements stipulated in the ISO standards.

Determination of Pre-assessment Needs

The Pre-assessment is an initial review of the Quality Management System in an organisation to identify any significant weakness or omissions in the system and registrar will provide the organisation with an opportunity to correct the deficiencies before the regular registration assessment is conducted.

Prepare an Action Plan

After the ISO registrar notified the existing gaps in the organisation, the applicant or entrepreneur has to prepare an action plan to eliminate these gaps. The action plan should contain the list of the required tasks to be performed to meet the Quality Management System

Note: The entrepreneur may need to provide training to employees to work efficiently to achieve quality management system. Make all the employees in the organisation to aware of the ISO standards concerning work efficiency and quality standards.

Onsite and Offsite Inspection or Audit

The ISO registrar will conduct a physical onsite, off-site or virtual inspection to audit the changes that have been implemented in the organisation.

During the audit, if the registrar finds anything that does not meet with the requirements of the ISO standards, registrar determines the severity and report the findings. Audit findings are usually called as non-conformities and fall into one of below two categories depending on the criticality.

  • A Minor Non-conformance – It deals with minor infractions of procedures or minor failures of the system in meeting the ISO standards.
  • A Major Non-conformance – It deals with severe issues where the nonconforming products are likely to reach the customers or where there is a breakdown in the quality system that results in an inefficient system in meeting the requirements of the standards.

Final audit

The registration cannot proceed until all significant non-conformities are checked, closed and verified by the Registrar.  This usually involves a re-audit of the affected areas and, of course, the associated costs.

Note: Minor non-conformities require a corrective action plan and that will be closed at the first surveillance(does not require a re-audit).

Get ISO Certificate

After all the non-conformities are addressed, and the auditor's findings are updated in the final ISO audit report, the registrar will grant the ISO certification.

Surveillance Audits

Surveillance audit will be conducted primarily to ensure that the organisation continues to maintain conformance to ISO quality standards. It will be performed in periodic intervals.