What is ISO Certification
"Certification can be a useful tool to add credibility, by demonstrating that your product or service meets the expectations of your customers. For some industries, certification is a legal or contractual requirement." - (From iso.org)
ISO certification ensures requirements for standardisation and quality assurance are put in place for a business management system, manufacturing process, service, or organisation documents. Today there are over 24,000 International Standards covering almost all aspects of technology and manufacturing.
ISO (the International Organization for Standardisation) is an independent, non-governmental, international organization with a large number of national standard bodies, that develop standards to ensure the quality, safety, and efficiency of products, services and systems.
Different ISO management system certifications exist to ensure consistency and respond to the needs of different industries' demands and the requirements of their specific supply chains. From Quality, Safety, Environmental, Information Security, Asset Management to Food Safety, each certification has separate standards and criteria and is classified with a code number and date, for example, ISO 9001:2015 for Quality or ISO 45001:2018 for Occupational Health and Safety.
Any organization can adopt a business management system based on the desired ISO Standard, however to ensure credibility, third-party certification of your management system against the respective Standards, is essential. Third-party certification provides proof to your stakeholders that your business management system is operating in an efficient and effective manner and that you are following the continual improvement cycle.
There are many types of certification available, including:
- ISO 9001 for Quality Management Systems
- ISO 14001 for Environmental Management Systems
- ISO 45001 for Occupational Health and Safety (OH&S) Management Systems
- ISO 22000 for Food Safety Management Systems
- FSSC 22000 for Food Safety Management Systems
- HACCP for Food Safety
- ISO 27001 for Information Security Management Systems
- ISO 50001 for Energy Management Systems
- ISO 3834 for Welding Quality Management Systems
- ISO 55001 for Asset Management Systems
- NSQHS Standards for Health Management Systems
- NSMHS for Mental Health Management Systems
- ISO 17799 for Security Management Systems
The ISO Certification Process
The first step in obtaining third-party certification of your business management system(s) is to put in an application with a Certification Body. This will usually involve gathering some information in order to determine your scope, audit duration and the desired standards which you wish to be certified to. Once you have agreed upon the terms and an acceptable timeframe, the Certification Body will schedule your Stage 1 Audit.
The Stage 1 audit is predominantly concerned with a Documentation Review, assessing your documentation against the requirements of the respective Standard, following this review you may receive some feedback on areas that require action before your Stage 2 Audit.
Your Stage 2 or 'Certification' Audit will assess if your operations are in conformance with the requirements of the respective standard and that you are following the processes outlined in your own documentation. If the Auditor is satisfied that your business management system complies to the requirements of the respective Standard, and that any nonconformances raised have been addressed, they will recommend your company for Certification. The Certification Body will then process your certification and issue a certificate. If you are certified to a JAS-ANZ accredited program, you will also appear in the JAS-ANZ Register of Certified Organisations.
To ensure the certification is maintained, your organisation will need to undergo further management system audits in accordance with the three year certification cycle. Shorted surveillance audits are scheduled annually, with a Triennial Audit of the whole ISO business management system planned for every three years. Following the Triennial audit a new certificate of registration will be issued.