The process for management systems certification is straightforward and follows a generic process consistent for ISO management systems standards - ISO 9001, ISO 14001, OHSAS 18001, ISO 50001, ISO 27001, ISO 22301. There are some minor differences for specific standards such as AS 9100 and TS 16949, which we will be happy to explain during your application.
THREE STEPS TO CERTIFICATION
Application for registration is made by completing the Quote Request Form for the desired standard - these can be found on each Standards page. This form provides information about your organization so we can accurately define the scope of certification and the assessment duration.
Assessment is undertaken by NQA against the specific requirements of your chosen Standard. This consists of two mandatory visits that form the Initial Certification Audit (explained below). Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits.
Certification is issued by NQA on successful completion of the Stage 2 assessment. Certification is maintained through a programme of annual surveillance audits and a three yearly recertification audit.
INITIAL CERTIFICATION AUDIT
The purpose of this audit is to confirm that your organization is ready for full assessment.
The assessor will:
- confirm that the management system conforms to the requirements of the standard
- confirm its implementation status
- confirm the scope of certification
- check legislative compliance
- produce a report that identifies any non-compliance or opportunities for improvement and agree a corrective action plan if required
- produce an assessment plan and confirm a date for the Stage 2 assessment visit
The purpose of this audit is to confirm that the management system fully conforms to the requirements of the chosen Standard in practice.
The assessor will:
- undertake sample audits of the processes and activities defined in the scope of certification
- document how the system complies with the standard by using objective evidence
- report any non-compliances or opportunities for improvement
- produce a surveillance plan and agree a date for the first annual surveillance visit
If the assessor identifies any major non-conformances, certification cannot be issued until correction and corrective action is taken and verified. Accreditation requirements stipulate that if this is not completed within 6 months, then certification cannot be recommended without a further stage 2 assessment.
Specifically for ISMS this requirement extends to any nonconformity regarding the internal audit or management review processes. Certification may not be issued for ISO 27001:2013 until there is sufficient evidence to demonstrate that arrangements for management reviews and internal ISMS audits have been implemented, are effective and will be maintained.
Surveillance audits are undertaken periodically to ensure that compliance to the chosen Standard is maintained throughout the three year certification cycle.
The frequency and duration of surveillance is dependant on factors including:
- size and structure of organization
- complexity and risk of activities
- number of management systems standards included in the scope of certification
Do you have any questions?
If you have any questions about the certification process, we'll be happy to explain.
Please contact us or call 0800 052 2424.