Understanding ISO: Getting Certified

So you’ve implemented your system and now you want to let everybody know how great your organisation is! What next? How can you tell people you are operating in compliance with ISO standard? What do you need to do if you want to get UKAS certified? Read on to find out more…

Under ISO there are three ways you can claim compliance with the standards, these are:

UKAS Certification

Accepted by: All

UKAS is the UK’s National Accreditation Body responsible for determining the competency and integrity of organisations offering certification services (certifying bodies). UKAS certification can only be provided by a certifying body who have been accredited by UKAS. These certification bodies are audited and monitored by UKAS on a regular basis to ensure their systems and auditors meet the expected standards, so you know all are operating to the same minimum standards. They must maintain independence so are not allowed to provide consulting or implementation services for clients which they certify.

  • Examples of organisations which usually require UKAS certification include:
  • Major development contractors (construction)
  • Government
  • Healthcare
  • Automotive
  • Aerospace
  • Supermarkets
  • Major high street retailers

This is not always the case, so you should check what your client’s expectations are. See Appendix IV for an overview of the UKAS certification process.

Third-Party Certification

Accepted by: Some

Also known as third party confirmation or ISO registered – Independent certification bodies can provide third party ‘certification’ but are not checked by any other organisation, so the standard of auditing varies. They will often offer implementation and ‘certification’ packages, and recognition by one of these third parties is usually significantly cheaper than a UKAS certification body. You may also be locked into a long-term contract (i.e. 10 years). Many organisations will not accept third party confirmation as evidence of certification to ISO standards due to the inconsistency between independent certification bodies. See page 7 for more information on selecting a reputable Management System Consultancy.

Self Declaration

Accepted by: Few

This is the simplest form of compliance but the least recognised because of the lack of any third-party verification. If you do want to make a self-declaration you, or an associated interested party, simply issue a statement that you are complying with the requirements of the chosen ISO standard. This may be OK if you are a B2C company, or if you are in an industry which places more value on other standards and certifications.

The Certification Process

First you need to select which certification body you want to use. You can find a list of accredited certification bodies on the UKAS website. We suggest getting 3 quotes for comparison and you may be able to negotiate your day rate. We have day rates agreed with some certification bodies and we would be happy to get quotes on your behalf and manage the relationship with your chosen certification body. If you have been through our initial consultation we will have all the information you require to complete a quote request.

Once you have chosen your preferred certification body and implemented your system, you can then start the certification process:

  1. Stage 1 audit is usually arranged 1-3 months from accepting a quote). This assesses the documentation element of your management system. If no findings are raised your auditor will recommend you for stage 2 audit. If findings are raised these are called ‘Points of Action’ and must be closed out within agreed dates before proceeding to the Stage 2 audit. Failure to close out Points of Action in time may result in a stage 1 re-assessment. Depending on the nature of the Points of Action, a stage 1 re-assessment may be required even if all Points of Action are closed out in time.
  2. Stage 2 audit is usually 1-2 months after the stage 1 audit. This assesses whether the management system has been effectively implemented by your organisation. Findings are raised as Opportunities for Improvement (OFIs), Observations (OBS) and Nonconformities (NCR Major/Minor):
  • OFI – These are areas where improvements may be possible, it is up to the organisation to decide whether or not they wish to take action
  • OBS – These are findings which could become a nonconformity if action is not taken.
  • NCR – Consistent nonconformance with either organisational procedures, standard requirements or legal obligations which has impacted, or has a high risk of impacting, environmental aspects.
  1. NCRs must be closed out within agreed dates before certification can be awarded, typically 3 months for majors and 12 months for minors. Failure to close out NCRs in time may result in a stage 2 re-assessment. Depending on the nature of the NCRs, a stage 2 re-assessment may be required even if all NCRs are closed out in time.
  2. You auditor will submit your report and your Certification Body will review the report and make a certification decision.
  3. If they are happy with the report and you have closed all NCRs they will issue your certificate for 3 years.

NOTE: All auditors completing audit reports, whether they are stage 1, stage 2, surveillance or recertification, are subject to certification body approval. Your auditor is making a recommendation which will be reviewed by your certification body, they will then approve the findings or request further information for review.

The three year certification cycle

UKAS ISO certification is arranged over a three year cycle. Years 1 and 2 are known as surveillance audits during which all elements in scope of your management system will be audited, across the two years. Year 3 is a recertification audit year where all elements of your management system will be audited during a single year. OFI’s, OBS and NCR’s apply in the same way as Stage 2.  Once you have your certificate, if you fail to close any NCRs on time, your certificate may be suspended. If your certificate is suspended a re-assessment will be required. If you fail to close your NCRs by your re-assessment you could have your certificate revoked.

Get in touch if you’d like to discuss our services or leave a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.