How is ISO certification done?

Written By
Joakim Stenström
Joakim Stenström
Published
February 25, 2022
Topic
Certification

Going through an ISO certification is about proving to an external auditor that your management system meet the requirements of the standard (s) you certify against. Before certification, you must have built a management system that meets the requirements of the current standard, the certification itself is the last step you take in the process.

When you are done with the big part of the job, i.e. building up your management system, it's time to go through the certification process itself.

Regardless of which ISO standard you have chosen to certify your management system against, the certification process consists of the following steps:

  • Step 1 Audit
  • Step 2 Audit
  • Reporting of direct and corrective actions
  • Confirmation from the auditor if the measures are approved
  • Decisions on certification from certification bodies
  • Issuance of certificates

Step 1 Audit

In the first step of the certification process, you will find out if you are really ready for certification.

-Did you think about it when you were working on the management system?
Have you started implementing the management system?
Do you have a clear plan of action before the Phase 2 audit?

At stage 1 of the audit, the focus is on reviewing the documentation and interviewing the management and possibly key personnel.

‍

The auditor asks questions such as:
-Do you have a process map of your business?
-Have you carried out a thorough risk analysis in which you have taken into account all your processes?
-Have you started recording customer feedback, deviations and suggestions for improvement?

The auditor interviews key employees and reviews the documentation

The auditor also looks at what could potentially become an anomaly if it is not addressed before the Step 2 audit. It's a great way to get input and feedback on work done so far from a certification perspective.

To put it in context, for example, a large deviation during step 2 of the audit means that the auditor has to come out again, which means an additional cost for you as a customer. For minor deviations, in most cases it is sufficient that you report what actions you are carrying out and that you remedy them within a deadline that you agree with the auditor. Usually between 30 and 60 days.

The auditor checks that there is an action plan and that you are well on your way with the implementation of the management system so that you have not just made a “paper tiger” to the management system, which the majority of your employees are not familiar with and involved in. In the latter case, the schedule for the step 2 audit and the certification itself are usually postponed so that the company has time to do the things that are actually required.

Please note that if the time between Stage 1 and Stage 2 audits exceeds 6 months, the certification body will need to redo part or all of the Stage 1 audit, which also entails additional costs.

Step 2 audit

Staff are also being interviewed. The interviews with the staff aim to ensure that the management system is well implemented i.e. that the reality is in line with how the management and management system say it should be.

In step 2, the staff is interviewed

The auditor performs sample tests in each area of responsibility and selects people to interview. The number of people interviewed varies depending on the size of company.

Often, the auditor usually interviews 1 — 3 people in each area of responsibility. If any of the answers are not in line with what has been said, someone or a few more people are often interviewed. If the auditor then notices that there are several that give a different picture of reality or that there is other evidence, such as record keeping, you risk getting an observation or a discrepancy depending on the area in question.

In step 2, the auditor also checks that deviations detected in step 1 of the audit have been remedied.

Reporting of direct and corrective actions

Once the stage 2 audit has been completed, you report indirect and corrective actions to the auditor of the certification body for the discrepancies found. You normally have 60 days to report these.

Any observations will be followed up by the auditor at the next audit, which will be carried out within 12 months.

Confirmation from the auditor if the measures are approved

Once the discrepancies are reported, you will receive either a yoke from the auditor or a feedback with points that need to be supplemented further.

Decisions on certification from certification bodies

After you have received the approval from the auditor on the report, the chief auditor of the certification body or equivalent enters and reviews the auditor's work, to make sure that the auditor has done the right thing. If the auditor has missed something, they may need to come back with a request for supplements.

After that, a decision is made that you will be certified.

Issuance of certificates

After everything is approved, a certificate is issued.

The time period from completing the Step 2 audit to receiving your certificate depends on how quick you are to report indirect and corrective actions.

After reporting is completed, the certification body takes 2-4 weeks to do its work.

‍

Gratis e-bok
Allt frÄn vad standarder krÀver till hur du genomför ett projekt för att etablera ett certifierbart ledningssystem.
Tack! Nu fÄr du snart ett e-post frÄn oss!
Oj! 

NĂ„got gick fel.

Hör av dig till support@ampliflow.com.
Free e-book
Everything from what standards require to how you implement a project to establishing a certifiable management system.
Tack! Nu fÄr du snart ett e-post frÄn oss!
Oj! 

NĂ„got gick fel.

Hör av dig till support@ampliflow.com.
Do you need help getting ready for ISO certification?
AmpliFlow can help you with everything you need to achieve certification. From smart IT systems to project management, training, internal auditing and much more. Book an appointment today to find out more!
Thank you! We will hear from you soon!
Oops!

Something went wrong.

Get in touch with support@ampliflow.com.
Articles

More articles

Tools, information and other resources you need.
Digital Management System

The digital management system: A modern solution to meet ISO requirements and streamline your organization

Explore the benefits of using a digital management system like AmpliFlow to manage ISO 9001, 14001 and 45001 requirements. Learn how AmpliFlow can improve your organization's efficiency, productivity and competitiveness by providing an integrated platform for creating, consuming, and actively working with ISO-compliant information.
Joakim Stenström
August 1, 2023
ISO Standards

How often are ISO standards updated and how does it affect my business

Learn how regular updates to ISO standards affect your business and why it's important to stay up to date. Explore the benefits of implementing these standards and how they can improve the efficiency and competitiveness of your business.
Joakim Stenström
September 27, 2023
ISO Certification

Common Traps in ISO Certification: How to Avoid Them

Learn the most common ISO certification mistakes and how to avoid them to save both time and money. Get insights and practical tips.
Patrik Björklund
November 22, 2023

Do like other happy customers - get AmpliFlow

Schedule a meeting today to discuss how we can help you with systems and/or support.
Small or publicly traded. Recruitment or concrete manufacturing. AmpliFlow is for everyone.