A Guide to ISO Certification - How to get ISO Certification?

ISO Logo

What is ISO Certification?

The International Standards Organisation - ISO, is based in Geneva Switzerland and was founded in 1947 to standardise products to assist in manufacturing integrity e.g. photographic film was standardised with ISO100 so camera manufacturers could focus on making cameras that would fit this standard of film.

These standards were adapted and was rolled out for Businesses in the 1970s and is now the most respected Marque globally for Quality Management Systems (QMS) in Business.

There are many ISO Standards for which can be certified. These standards are globally recognised as validating or confirming that your business is fit for purpose within a specific system scope and that your business has been independently audited and has achieved certification to prove this true. The most broadly used Standards are:

  • ISO9001:2015 - Quality Management System
  • ISO 14001:2015 - Environmental Management Systems
  • ISO 45001:2018 - Occupational Health and Safety System
  • ISO 27001:2022 - Information Security (Cyber Security) System
  • ISO 13485:2016 - Medical Devices Quality Management System
  • ISO/IEC 17025:2017 - Laboratory Competence System

  • There are many more Standards available but these tend to be more industry specific. The year following the ISO category is to show when it was last updated and amended. Call us to find out more

    ISO Standards – are NOT a one size fits all

    – the standard simply confirms that what you do operationally fulfils the quality expectations in that particular standard. It does not require you to operate in a specific way but to operate as any business would within your industry to the highest standards. If it is a well maintained, ongoing concern, you will want to be able to demonstrate to your: prospects, clients, competitors, suppliers and stakeholders that your business is admirably fit for purpose and has been independently certified to prove it.

    In Summary - This is what ISO Certification does for you, it tells others that an independent certificating body has audited your business and can confirm that what you say you do is what you do and you can prove it.

    The ISO Motto is – Say what you do – Do what you say – Prove it!

    ISO Certification Planning

    How to prepare for Certification?

    Whilst that might seem straightforward – there is one more critical element to consider...

    Is your business ready to achieve certification? The certification audits can be costly so you want to make sure you achieve certification at the first audit.

    The best way to achieve this is to employ an experienced ISO Implementation Consultant (IC), to assist implementing the system prior to certification.

    The Ideal Scenario – is that your IC is qualified as an IRCA Lead Auditor. This will ensure you have a good chance of achieving ISO certification at your fist attempt...

    Your Advantage - By using an IRCA Qualified Lead Auditor as your Consultant you are immediately at an advantage as in short you are employing the “examiner” to take the “exam”.

    Your consultant will initially carry out a Scoping or Gap Analysis to implement the relevant ISO Standard into your business which will involve writing up your ISO Manual which form the basis on which you are certificated. This Manual will contain your business’ operational processes and procedures, work flows and other necessary operational information as required by the specific ISO Standard you hope to be certified for. This in effect is your business’ ‘recipe book’ and will form the basis upon which you achieve certification.

    Once the implementation has been completed you may apply for the Certification Audit. In some instances, the IC who helped you implement the system will help prepare you or in some cases attend the Certificating Audit.

    Timing - The whole implementation phase can take two to three months or longer for the more complicated standards such as ISO27001 and ISO13485 which can take 6-9 months.

    For a successful implementation it is imperative that a dedicated resource ideally a senior employee who knows your business well, be allocated to work with the IC to ensure effective communication and transfer of information between the business and the IC, as this is usually where delays occur!

    Ladies conferring about ISO Certification

    Choosing the best ISO Implementation Partner for Certification

    Sadly, this is no longer a straightforward decision. The increasing number of businesses seeking your attention has been infiltrated by those who operate differently. The rule of thumb is to follow the UKAS guidelines.

    Choosing your Implementation Consultant Partner:

    1. The implementation Consultant and Certificating Body should be separate entities – to avoid a conflict of interest.
    2. Implementation consultants should ideally be IRCA Qualified.
    3. Pricing for the implementation should be based on the work required to achieve certification NOT on your Turnover! This is a warning sign that the consultant is more interested on how much you make and less on the work required to achieve the certification.
    4. Most reputable and experienced consultants work on a day rate or fixed fee rate with no long-term contracts. They use simple client agreements rather than complex many paged Terms and Conditions which tie you into a Commercial Contract for 3, 5 or 10 years. It is advisable to avoid these contracts.
    5. Most implementations will take between 2 - 3 months or 6 - 9 months for more complex ISOs. DIY or FAQ based implementations are tempting and appear convenient and quick which from experience is definitely not the case and bear in mind they also charge you for doing their work. There are no short cuts and the Certificating Body will want to know how long your compliant system has been running before awarding the certificate.

    How do we get ISO Certification?

    To clarify – Your ISO standard is awarded as a Certification not an Accreditation. It is the awarding Certification Body CB which should be accredited by a country specific Accreditation Service. .

    In the UK, UKAS is the UK Accreditation Service which monitors and regulates the ISO awarding CBs registered. All country specific Accreditation Bodies should be members belonging to the IAF – International Accreditation Forum – beware of impersonators or Accreditation Bodies not affiliated to the IAF! .

    The importance of being certified by an UKAS Accredited CB is that it offers greater assurance that the certificate has been awarded following a bone fide audit carried out by a trained IRCA Qualified Lead Auditor. IRCA - is the International Register of Certificating Auditors. NB. UKAS only uses IRCA Lead Auditors to carry out their Certification Audits. .

    In theory anyone can audit your ISO Standard and award a Certificate, thus a credible Government backed Accreditation Service ensures that the Certifications are standardised and valid, having been audited by a qualified IRCA lead auditor which further lends a higher level of validity, credence and traceability to UKAS Certification. This is why most Procurement Offices for: Government, Local Government, MOD, NHS and Larger Corporations prefer their suppliers to have UKAS Accredited Certification. .

    Maintaining your ISO UKAS Accredited Certification will require allowing the Certificating Body to perform annual Surveillance Audits for two years following Certification and the Re-Certification Audit which occurs in year three. Thus, UKAS Accredited Certification requires a significant investment to ensure it is operationally valid.

    Choosing your Certification Body

    The certification process by a UKAS Accredited Certification Body can be stringent and expensive, often requiring annual surveillance and in some circumstances unnecessary for smaller less manufacturing focussed and more service orientated businesses such as printers and recruiters. In these cases, Independent Certification can be obtained for a fraction of the price of the UKAS Accredited version – see below.

    1. As above following the UKAS guidelines the CB should play no part in the implementation and vice versa – this is to maintain impartiality. NB Beware of Companies offering to Implement and Certificate!
    2. Ideally choose an UKAS Accredited CB. Most commercial procurement offices especially government, MOD, NHS and local authority prefer UKAS Accredited Certification. So, if you’re applying for contracts and tenders with these organisations, it is better to side with caution.
    3. However, there are some exceptions where there are Independent Certification Businesses that only utilise IRCA Lead Auditors as the Implementation Consultant. This will ensure that you have a credible ISO Management System Independently Certificated and validated by a qualified auditor.
    4. Beware of imposters claiming spurious accreditation. The Accredited Certification Body should be a member of UKAS, which in turn is a member of the IAF. If the entity certificating you is not any of the above and claims to be accredited by a different organisation be very cautious especially if they offer a DIY or FAQ based Service or offer 3, 5, 7 or even 10-year contracts. In most instances these ‘Certifications’ will fail a UKAS Audit trap you in an onerous – useless commercial contracts.

    We hope the above helps you in your quest for ISO Certification.

    With many years’ working within the ISO industry we will be delighted to assist with your ISO Implementation, ISO Internal Auditing, Certification Support and general Quality Management requirements.

    Please feel free to Call us at iQMO 0330 320 0859 or email contact@iqmo.co.uk

    Leave a comment