Obtaining your first ISO certification may seem like an insurmountable task, but with the right plan in place, it can be a very manageable and fulfilling process. Be it a small organization or a developing firm, ISO certification is a message to your clients and partners that your organization is operating in internationally accepted standards of quality, safety and efficiency. Here’s a step-by-step guide to each important phase of getting certified.
1. Learn the meaning of ISO Certification
It is essential to have a clue of what ISO certification entails before getting into the process. The International Organization of Standardization (ISO) is the creator of the internationally recognized standards in industries – quality management (ISO 9001) through information security (ISO 27001) and environmental management (ISO 14001). Certification refers to the process of having an accredited third party organization certify you as to having met the standards of a particular standard. It’s a dynamic process; you need to continually commit to iso compliance in all areas.
2. Select an Appropriate ISO Standard to Your Business
All ISO standards are not applicable to all businesses. The first step that you need to take is to determine the standard that fits your industry, objectives and customer expectations. The most sought after standard is ISO 9001 which concentrates on the quality management systems. ISO 45001 is on occupational health and safety and ISO 14001 is on environmental responsibility. Understand what is expected of your sector, and seek advice of an ISO consultant (where applicable) to make sure you choose the standard that is going to bring the best returns.
3. Perform a Gap Analysis
Once you have selected your standard, it’s time for a gap analysis. This involves looking at your existing processes, procedures and practices and comparing them to the requirements of the IS0 standard. The gap analysis assists you to determine the areas where your organization is already at par with the requirements and where you require improvements. It will inform your implementation strategy, and save you from nasty surprises down the track.
4. Assemble the Team
ISO certification is a team effort. A project requires a special team, usually headed by a management representative or internal ISO coordinator, to spearhead the project. The work on formulating policies, staff training, updating processes, and tracking development falls upon this team. The key to getting the buy-in from Leadership because without it there is no way you can ever become iso compliant or even sustain in your organization as systems change. Implement a clear structure of roles and responsibilities.
5. Design and write your management system
This step can be the most time consuming. You will need to document or update your quality manual, standard operating procedures (SOPS), work instructions and record systems, based on the results of your gap analysis. All the documents must be indicative of what your organization is doing and not what it wishes to do. These are the documents auditors want to see, and are the foundation of your long-term iso compliance.
6. Train Your Staff
The effectiveness of your policies and procedures is only as good as your followers. Carry out extensive training of every department so that all the employees are aware of the new standards, their respective roles and how their daily work fits in the entire management process. Training is supposed to be recorded and this should be done frequently. A workforce that can see the rationale of the standard is much more inclined to continue to be iso compliant over time.
7. Put the System into Practice and Gather Evidence
The final step is implementation; once the procedures and record forms have been prepared and staff trained, you can start using the system. Implement your new procedures in running your processes and start recording and evidencing performance. This should be for a period of at least three months prior to an external audit, as the certifying body must be confident that you have been running the system (not just having a system in place). Track key performance indicators (KPIs) and correct any issues.
8. Carry out an Internal Audit
Before subjecting your management system to an external audit, conduct an internal audit. Internal audits can detect non-conformities, non-compliance and opportunities for improvement before they are identified by an external audit. Training of internal auditors should be done and where possible independent of the areas being audited. Proper corrective measures should be based on the result of your internal audit to show the certifying body that your system is a self-improving system and able to maintain the iso compliance over an extended period.
9. Conduct a Review of Management
After the internal audit, management needs to hold a management review. This session reviews the performance of the management system in general audit findings, customer feedback, goals and resource requirements. The management review shows that
10. Go through External Certification Audit
There are two phases of the external audit. Stage 1 (the document review) entails the auditor reviewing your management system documentation to ensure that you are ready. Stage 2 (the main audit) involves an on-site audit of your practices and evidence. The auditor will interview, observe and review evidence. Should there be any significant non-conformities which are discovered, you will have to discuss them before you can be certified. You can receive a certificate with minor non-conformities, if you have a corrective action plan.
11. Be Certified and Have Surveillance Audits Planned
After successfully passing the Stage 2 audit with no further major non-conformities, you will be awarded your ISO certificate – normally lasting three years. But this isn’t the end of the line. Surveillance audits are carried out by certifying bodies to ensure that your organization is keeping the standard. A complete re-certification audit is needed after three years.
Conclusion
Acquiring your first ISO certification is a significant milestone that will enable you to open new markets, gain the trust of your customers and optimise how you operate. These step-by-step plan, selecting the right standard and doing a gap analysis, training your team and successfully completing the external audit sets your organization on track of long term success. It is important to remember that the actual worth of ISO certification should not be the certificate but the discipline, structure and dedication to iso compliance that is in place in your whole organization. Begin to-day, be regular, and leave the standard to do your work.
About the Author
