BECOMING CERTIFIED
Certification takes place as two audits. There is a ‘gap audit” also known as a stage 1 audit. The purpose of this audit is to make sure you have all the elements of the standard(s) in place. Certification bodies often undertake this part of the audit as a remote document review and may request procedures and records to check that each clause has been covered within the management system standard(s). The certification auditor will be looking build a picture of your business in order to understand your organisation and how the standard fits with your operations. There is more than one way to comply with the standards, so whatever you choose to implement should compliment what you do, not hinder it.
It is also worth noting that not every clause of ISO 9001 is applicable to every business. An example of this is clause 8.3 Design for example does not apply to every organisation, simply because they do not conduct design activities. If this is the case, it is important to document that the clause does not apply, and a record justification. Your consultant can work through this with you to ensure you have a management system that is fit for your purpose for the activities you undertake.
The second part of the certification journey involves a stage 2 audit. This audit is designed to evaluate implementation. The certification auditor will ask for proof that you are following your processes and systems. This audit will involve a more detailed look at how the business undertakes its activities. This will require the certification auditor to engage with individuals across the business operations. This audit is always longer, and usually takes place at your premises. Businesses will often undertake this part of the audit with their consultant present, and your consultant can help you navigate the requirements and how these are being met. The auditor will ask to visit your work sites and operational areas so that they can observe your processes, talk to your staff and verify that you are implementing your management system standards.
During the audit, your auditor may raise findings where you have not demonstrated adequate conformance to the standard. These are raised as nonconformances, and your auditor will negotiate with you a time frame and manner for closure. This is often the case with initial certification audits and is not a cause for alarm. Make sure you understand exactly what is missing and what the auditor requires from you to close out the nonconformance for certification. This may include providing actual evidence of completion, or in some cases, an action plan is sufficient. Talk to the auditor about how they would like to close out any nonconformances, and plan for when these are to be resolved.
After addressing any nonconformances, the next stage in the process is that the report is reviewed by a certification manager. This process is consistent with all certification bodies. This is like quality check or review to ensure the certification body has met all of its obligations in terms of audit process and evidence. Your auditor may come back to you during this review to request additional information. The reason for this is that certification bodies are also audited, and they do need to show audits are robust and fair, and that sufficient evidence has been gathered to support that you are compliant.
After the certification review is completed, you will be issued with your certificate. This is valid for 3 years. Please note though, there is a requirement to be audited at least annually. Your auditor will determine your audit interval and will be in touch to arrange your next audit.
The ongoing audits are called surveillance audits. In terms of duration, they are 1/3 of the time taken to complete your stage 1 and 2. These audits are aimed at sampling the implementation of your management system(s). The actual duration of your surveillance audits may change depending on any organisational changes. If your organisation grows much larger in the 12-month period for example, your audit could be longer. Your certification body will communicate time frames and audit durations to you as part of the ongoing management of your certification. systems.
