The process for management systems certification is straightforward and follows a generic process consistent for ISO management systems standards - ISO 9001, ISO 14001, ISO 45001, OHSAS 18001, ISO 50001, ISO 27001, ISO 22301 and more. There are some minor differences for specific standards such as AS9100 and IATF 16949, which we will be happy to explain during your application.
THREE STEPS TO CERTIFICATION
Application - You will need to fill in an application form in order for NQA to understand your company and requirements. You can do this by completing either the online quick quote or the online formal quote request form. We will use this information to accurately define the scope of assessment and provide you with a proposal for certification.
Assessment - Once you’ve agreed your proposal your assessments will be booked with an NQA Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits. *Note: there may be additional requirements for some of the more technical standards – we will advise you of these
Certification - Following a successful two stage audit, a certification decision is made and if positive, then certification to the required standard is issued by NQA. You will receive a hard and soft copy of the certification. Certification is valid for three years and is maintained through a programme of annual surveillance audits and a three yearly recertification audit.
INITIAL CERTIFICATION AUDIT
The purpose of this assessment is to confirm that your organization is ready for full assessment. This assessment will take place at your management system centre (normally head office) and will be a documentation review assessment.
During the stage 1 assessment, your assessor will:
confirm the accuracy of the information that you submitted during the application process
confirm that the management system conforms to the requirements of the standard
confirm the implementation status of your management system(s)
confirm the scope of certification
check legislative compliance
The output of the stage 1 assessment will be:
a report that identifies any non-compliance or opportunities for improvement. This will include an agreed corrective action plan if required
the scheduling of the stage 2 assessment visit
an assessment plan for the stage 2 assessment
The purpose of this assessment is to confirm that the management system fully conforms to the requirements of the chosen standard in practice. If you undertake site work, or have more than one location that you want within the scope of your certification then your assessor will also need to audit these activities / locations.
During the stage 2 assessment, your assessor will:
document how the system complies with the standard by using objective evidence
undertake sample audits of the processes and activities defined in the scope of certification
visit any remote locations, additional sites or remote activities to evaluate the effectiveness of the management system off site.
report any non-conformities or opportunities for improvement
produce a surveillance plan and agree a date for the first annual surveillance visit
If the assessor identifies any major non-conformances, certification cannot be issued until correction and corrective action is taken and verified. Accreditation requirements stipulate that if this is not completed within 6 months, then certification cannot be recommended without a further stage 2 assessment.
Specifically for ISMS this requirement extends to any nonconformity regarding the internal audit or management review processes. Certification may not be issued for ISO 27001:2013 until there is sufficient evidence to demonstrate that arrangements for management reviews and internal ISMS audits have been implemented, are effective and will be maintained.
Once certification is obtained a certificate will be issued that will be valid for 3 years. This is maintained through annual surveillance audits (partial audits) and a 3 yearly recertification audit (full system audit).
Surveillance audits are undertaken annually to ensure that compliance to the chosen Standard(s) is maintained throughout the three year certification cycle.
The frequency and duration of surveillance is dependant on factors including:
size and structure of organization
complexity and risk of activities
number of management systems standards included in the scope of certification
number of sites listed within the scope of certification
During the surveillance audit you must demonstrate continual improvement. This is a fundamental requirement of all ISO standards and something NQA is a keen ambassador of.
WHAT HAPPENS IF YOUR BUSINESS CHANGES DURING THIS TIME?
Don’t worry – we are used to organizations of all shapes and sizes changing on a regular basis including additional locations, additional activities, increase or decrease in head count. We can provide you with all of the options to change and adapt your scope / standards / management system to suit your business requirements – we just need you to be honest with us and let us know If anything changes as soon as possible.
Our collaborative partnership approach to certification is designed to enable your certification programme to suit your business requirements – not the other way around!
DO YOU HAVE ANY QUESTIONS?
If you have any questions about the certification process, we'll be happy to explain.