Our Process
With the help and expertise of our team at NQA, you needn’t be confused by the processes that go into getting certification for your management systems. As a leading provider of certification, training and support services, we’ve issued well over 50,000 certificates to businesses in more than 90 countries across the globe.
From the quality of your management system to the standards governing the health and safety of your workers, ISO certifications are some of the most obvious benchmarks of a business that’s serious about maintaining a high-quality product as well as a safe and productive working environment. Plus, for specialized industries — like automotive, telecoms, aerospace and food sectors — there are further certifications specifically tailored to each industry's requirements.
The process for management systems certification is straightforward and typically follows a generic process consistent for ISO management systems standards. A list of the standards that adhere to the same generic process, using Annex SL as a guideline; are:
-
ISO 9001 – Quality Management Systems
-
ISO 14001 - Environmental Management
-
ISO 45001 – Occupational Health & Safety
-
ISO 50001 – Energy Management
-
ISO 27001- Information Security
-
ISO 22301- Business Continuity Management
There are minor differences for specific standards such as AS9100 (aerospace quality management standard) and IATF 16949 (automotive quality management standard), which we will be happy to explain during your application journey.
ISO Certification Process
ISO certification from NQA adheres to the following steps:
-
Application
-
Assessment
-
Initial certification audit
-
Stage 1
-
Stage 2
-
Certification
To help you better understand the ISO certification process, each step is described in detail below.
Application
You will need to fill in an application form (also known at NQA as a Quote Request Form) in order for NQA to understand your company, the complexity and requirements. You can do this by completing our online quote request form. We will use this information to accurately define the scope of assessment and provide you with a proposal for certification.
Assessment
Once you’ve agreed with your proposal, your assessments will be booked with an NQA Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits. *Note: there may be additional requirements for some of the more technical standards – we will advise you of these.
Initial Certification Audit — Stage 1
The purpose of this assessment is to confirm that your organization is ready for full assessment. This assessment will take place at your management system centre (normally head office) and will be a documentation review assessment.
During the stage 1 assessment, your assessor will:
-
Confirm the accuracy of the information that you submitted during the application process
-
Confirm that the management system conforms to the requirements of the standard
-
Confirm the implementation status of your management system(s)
-
Confirm the scope of certification
- Verify the evaluation of legal compliance
Specifically for ISMS the following information will also need to be provided to your auditor at this stage:
A. General information concerning the ISMS and the activities it covers;
B. A copy of the required ISMS documentation specified in ISO/27001 and, where required, other associated documentation.
The output of the stage 1 assessment will be:
-
A report that identifies any Areas of Concern (AOC’s) which, if not addressed, could be raised as non-conformances at the stage 2 assessment
-
The scheduling of the stage 2 assessment visit
-
An assessment plan for the stage 2 assessment
Initial Certification Audit — Stage 2
The purpose of this assessment is to confirm that the management system fully conforms to the requirements of the chosen standard in practice. If you undertake site work, or have more than one location that you want within the scope of your certification then your assessor will also need to audit these activities / locations.
During the stage 2 assessment, your assessor will:
-
Document how the system complies with the standard by using objective evidence
-
Undertake sample audits of the processes and activities defined in the scope of certification
-
Visit any remote locations, additional sites or remote activities to evaluate the effectiveness of the management system off site
-
Report any non-conformities or opportunities for improvement
-
Produce a surveillance plan and agree a date for the first annual surveillance visit
If the assessor identifies any major non-conformances, certification cannot be issued until corrective action is taken and verified. Accreditation requirements stipulate that if this is not completed within 6 months, then certification cannot be recommended without a further stage 2 assessment.
Specifically for ISMS this requirement extends to any nonconformity regarding the internal audit or management review processes. Certification may not be issued for ISO 27001 until there is sufficient evidence to demonstrate that arrangements for management reviews and internal ISMS audits have been implemented, are effective and will be maintained.
Certification
Following a successful two stage audit, it’s determined whether your operations and processes meet the required scope of certification within the applicable standard or standards. Consequently, a certification decision is made and if positive, certification to the required standard is issued by NQA. You will receive a hard and soft copy of the certification. That copy will enable you to share your certification with third parties to demonstrate the high standards your organization adheres to.
Learn about non-conformances here.
Certification is valid for three years and is maintained through a program of annual surveillance audits and a three yearly recertification audit.
How Long Is Certification Valid?
Once certification is obtained a certificate will be issued that will be valid for 3 years. This is maintained through annual surveillance audits (partial audits) and a 3 yearly recertification audit (full system audit).
Surveillance audits are undertaken annually to ensure that compliance to the chosen Standard(s) is maintained throughout the three year certification cycle.
The frequency and duration of surveillance is dependent on factors including:
-
Size and structure of organization
-
Complexity and risk of activities
-
Number of management systems standards included in the scope of certification
-
Number of sites listed within the scope of certification
During the surveillance audit you must demonstrate continual improvement. This is a fundamental requirement of all ISO standards and something NQA is a keen ambassador of.
What Happens If Your Business Changes During This Time?
Don’t worry – we are used to organizations of all shapes and sizes changing on a regular basis including additional locations and activities, increase or decrease in head count. We can provide you with all of the options to change and adapt your scope / standards / management system to suit your business requirements – we just need you to be honest with us and let us know If anything changes as soon as possible.
Our collaborative partnership approach to certification is designed to enable your certification program to suit your business requirements – not the other way around!
What Is NQA's Involvement? Why Hire A Consultant?
While it’s true that many companies obtain ISO certifications independently, there are many situations in which having an experienced ISO certification consultant can reduce confusion and lengthy delays that you might not want to deal with.
Distinct from qualified certification bodies — like NQA — professional certification consultants can help you assess your current processes and guide you in areas where there may be problems that need to be addressed before a certification can be awarded. While hiring a consultant is clearly not a requirement for ISO certification, it serves as an added resource and reassurance that your certification process will meet with success.
For further information and help finding the right consultant for your purposes, simply fill out our Looking For A Consultant form now.
Take The Next Step To Get Certified
At NQA, we have decades of experience helping companies like yours obtain the certification they need to prove their dedication to superior quality, service and overall performance. With the standards constantly being published and reviewed , as well as the thousands of requirements that go along with them, you'll want a certification partner that’s up-to-date on every last detail.
If you’re ready to take the next the step in your certification journey, all you have to do is reach out to us, and one of our expert certification managers will be in touch shortly.
Do You Have Any Questions?
If you have any questions about the certification process, call us at 0800 0522424 or fill out our brief contact form, and we'll be happy to explain the process further.