Part IV. ISO Certification of Management Systems
Despite being a voluntary endeavour, there are compelling reasons for organisations to adopt an ISO management system standard and purse certification. Increasingly, discerning customers – especially blue-chip organisations and government authorities – require their suppliers and/or providers to be certified to an ISO management system standard(s) as a pre-requisite to engagement. In these instances, confirmation of conformance to ISO management system standard(s) forms an important part of contractual, regulatory and/or market requirements.
The ISO certification process is essentially a third-party audit – completed in two audit stages – where conformance against an ISO standard is verified. In order to provide ISO certification, the third-party organisation (i.e. ISO certification body) must be accredited – to confirm integrity and competence – by a specialized authority (i.e. ISO accreditation body). Therefore, organisations that are found to meet the requirements of an ISO standard are considered ISO certified and not ISO accredited. It is important to appreciate that ISO standards used for certification are not product standards. These standards are more concerned about management and processes and not requirements for specific products. While adopting an ISO standard may establish controlled processes and interfaces that may lead to a superior product, subsequent ISO certification cannot be considered a product guarantee.
A Stage-1 Audit is simply a determination of an organisation’s readiness for a Stage-2 Audit. A Stage-1 Audit identifies areas of concern that could potentially be classified as non-conformities – failure to meet ISO requirements – during the Stage-2 Audit. A Stage-2 Audit is the actual certification audit where the implementation and effectiveness of an organisation’s management system(s) is evaluated against the respectively ISO standard(s). It is important to appreciate that each organisation must achieve compliance that best meets their needs and that achieving ISO certification is merely the beginning of a much longer-term project. During the ISO certification cycle – period from initial certification to re-certification – Surveillance Audits provide ongoing checks to ensure the ISO requirements are being fulfilled. This ensures that organisations continue to realise the benefits of implementing a certified ISO management system.
Because maintaining an ISO management system certification requires ongoing and independent auditing to ensure compliance, the achievement of certification conveys ongoing assurances to current and prospective customers, shareholders, trade-partners and regulators. Furthermore, it conveys trust that certified organisations can deliver promised products and/or services with an uncompromised supply chain thereby increasing their reputation. These aspects form the basis of fostering successful long-term commercial relationships, both domestically and internationally.
Some of the most commonly adopted ISO management system standards (i.e. generic ISO standards) are:
- ISO 9001 (Quality). Supports organisations meet customer quality assurance requirement and ensures product and/or service consistency.
- ISO 14001 (Environmental). Provides organisations with a framework to manage environmental impacts, and to achieve sustainability.
- ISO 27001 (Information Security). Supports organisations to manage the security of organisational information assets (e.g. financial information, intellectual property and/or information entrusted by third-parties).
- ISO 45001 (Occupational Health & Safety). Provides organisations with a framework for safer working environments. Accounts for both international (e.g. OHSAS 18001) and national (e.g. AS/NZS 4801) occupational health & safety standards.