How is ISO certification done?

Written By
Joakim Stenström
Joakim Stenström
Published
February 25, 2022
Topic
Certification

Going through an ISO certification is about proving to an external auditor that your management system meet the requirements of the standard (s) you certify against. Before certification, you must have built a management system that meets the requirements of the current standard, the certification itself is the last step you take in the process.

When you are done with the big part of the job, i.e. building up your management system, it's time to go through the certification process itself.

Regardless of which ISO standard you have chosen to certify your management system against, the certification process consists of the following steps:

  • Step 1 Audit
  • Step 2 Audit
  • Reporting of direct and corrective actions
  • Confirmation from the auditor if the measures are approved
  • Decisions on certification from certification bodies
  • Issuance of certificates

Step 1 Audit

In the first step of the certification process, you will find out if you are really ready for certification.

-Did you think about it when you were working on the management system?
Have you started implementing the management system?
Do you have a clear plan of action before the Phase 2 audit?

At stage 1 of the audit, the focus is on reviewing the documentation and interviewing the management and possibly key personnel.

‍

The auditor asks questions such as:
-Do you have a process map of your business?
-Have you carried out a thorough risk analysis in which you have taken into account all your processes?
-Have you started recording customer feedback, deviations and suggestions for improvement?

The auditor interviews key employees and reviews the documentation

The auditor also looks at what could potentially become an anomaly if it is not addressed before the Step 2 audit. It's a great way to get input and feedback on work done so far from a certification perspective.

To put it in context, for example, a large deviation during step 2 of the audit means that the auditor has to come out again, which means an additional cost for you as a customer. For minor deviations, in most cases it is sufficient that you report what actions you are carrying out and that you remedy them within a deadline that you agree with the auditor. Usually between 30 and 60 days.

The auditor checks that there is an action plan and that you are well on your way with the implementation of the management system so that you have not just made a “paper tiger” to the management system, which the majority of your employees are not familiar with and involved in. In the latter case, the schedule for the step 2 audit and the certification itself are usually postponed so that the company has time to do the things that are actually required.

Please note that if the time between Stage 1 and Stage 2 audits exceeds 6 months, the certification body will need to redo part or all of the Stage 1 audit, which also entails additional costs.

Step 2 audit

Staff are also being interviewed. The interviews with the staff aim to ensure that the management system is well implemented i.e. that the reality is in line with how the management and management system say it should be.

In step 2, the staff is interviewed

The auditor performs sample tests in each area of responsibility and selects people to interview. The number of people interviewed varies depending on the size of company.

Often, the auditor usually interviews 1 — 3 people in each area of responsibility. If any of the answers are not in line with what has been said, someone or a few more people are often interviewed. If the auditor then notices that there are several that give a different picture of reality or that there is other evidence, such as record keeping, you risk getting an observation or a discrepancy depending on the area in question.

In step 2, the auditor also checks that deviations detected in step 1 of the audit have been remedied.

Reporting of direct and corrective actions

Once the stage 2 audit has been completed, you report indirect and corrective actions to the auditor of the certification body for the discrepancies found. You normally have 60 days to report these.

Any observations will be followed up by the auditor at the next audit, which will be carried out within 12 months.

Confirmation from the auditor if the measures are approved

Once the discrepancies are reported, you will receive either a yoke from the auditor or a feedback with points that need to be supplemented further.

Decisions on certification from certification bodies

After you have received the approval from the auditor on the report, the chief auditor of the certification body or equivalent enters and reviews the auditor's work, to make sure that the auditor has done the right thing. If the auditor has missed something, they may need to come back with a request for supplements.

After that, a decision is made that you will be certified.

Issuance of certificates

After everything is approved, a certificate is issued.

The time period from completing the Step 2 audit to receiving your certificate depends on how quick you are to report indirect and corrective actions.

After reporting is completed, the certification body takes 2-4 weeks to do its work.

‍

Free eBook
Everything from what standards require to how you implement a project to establishing a certifiable management system.
Thank you! You will soon receive an email from us!
Oops!

Something went wrong.

Get in touch with support@ampliflow.com.
Free e-book
Sve od što standardne zahteve za kako možete implementati projeći na upravljiva upravljački sistema.
Thank you! You will soon receive an email from us!
Oops!

Something went wrong.

Get in touch with support@ampliflow.com.
Do you need help getting ready for ISO certification?
AmpliFlow can help you with everything you need to achieve certification. From smart IT systems to project management, training, internal auditing and much more. Book an appointment today to find out more!
Thank you! We will hear from you soon!
Oops!

Something went wrong.

Get in touch with support@ampliflow.com.
Articles

More articles

Tools, information and other resources you need.
Document management

What is document management?

Document management briefly describes how documents and information assets should be created, modified and, in connection with it, managed, archived and, above all, communicated to the persons concerned when they are updated.
Patrik Björklund
December 30, 2022
ISO certification

AmpliFlow — Your Best Partner for ISO Certification

Discover AmpliFlow, the cutting-edge IT tool that transforms your company's ISO certification process. Learn how this integrated system can streamline your management, improve productivity and strengthen risk management — all on a centralized platform.
Patrik Björklund
July 31, 2023
ISO Certification

Certification as a tool for growth — easier than you think

Getting certified doesn't have to be difficult or bureaucratic. With the right tools, you can streamline your business and make the certification journey easy and rewarding.
Patrik Björklund
September 17, 2024

Do like other happy customers - get AmpliFlow

Schedule a meeting today to discuss how we can help you with systems and/or support.