HomeTopics → ISO Certification Process Explained

ISO Certification Process Explained

Step-by-step guide to achieving ISO certification

Implementation 9 min read

Overview of Certification

ISO certification is independent third-party verification that your organization's management system meets the requirements of a specific ISO standard. It's conducted by accredited certification bodies and typically valid for three years.

Pre-Certification Phase

1. Gap Analysis

  • Compare current practices against standard requirements
  • Identify gaps and non-conformities
  • Estimate implementation effort
  • Develop high-level plan

2. Management Commitment

  • Secure leadership buy-in
  • Allocate resources (time, budget, personnel)
  • Establish quality policy/objectives
  • Assign management representative

3. Planning

  • Develop detailed implementation plan
  • Set realistic timeline (typically 6-12 months)
  • Define roles and responsibilities
  • Schedule training

Implementation Phase

4. Documentation

  • Tier 1: Policy and manual (optional but recommended)
  • Tier 2: Procedures and work instructions
  • Tier 3: Forms, records, and templates
  • Keep documentation proportionate to organizational size

5. Process Implementation

  • Establish required processes
  • Train employees on new procedures
  • Implement operational controls
  • Begin generating records

6. Internal Audit

  • Train internal auditors
  • Conduct first internal audit
  • Identify non-conformities
  • Implement corrective actions
  • Verify effectiveness

7. Management Review

  • Top management reviews system
  • Evaluate performance data
  • Assess goal achievement
  • Decide on improvements
  • Demonstrate leadership commitment

Certification Phase

8. Selecting Certification Body

  • Verify accreditation (look for IAF/ANAB logos)
  • Check industry experience
  • Compare costs and terms
  • Request references
  • Review contract terms

9. Stage 1 Audit (Document Review)

  • Auditor reviews documentation
  • Verifies understanding of requirements
  • Identifies any major gaps
  • Plans Stage 2 audit
  • Typically 1-2 days

10. Stage 2 Audit (Implementation Review)

  • Comprehensive on-site assessment
  • Verify implementation and effectiveness
  • Interview personnel
  • Review records and evidence
  • Identify non-conformities
  • Typically 2-5 days depending on size

11. Corrective Actions

  • Address any non-conformities found
  • Implement corrective actions
  • Provide evidence to auditor
  • May require follow-up audit for major issues

12. Certification Decision

  • Certification body reviews audit reports
  • Makes certification decision
  • Issues certificate (valid 3 years)
  • Certificate lists scope and standard

Post-Certification Phase

13. Surveillance Audits

  • Annual audits to maintain certification
  • Verify continued compliance
  • Check effectiveness of improvements
  • Typically 1-2 days

14. Recertification

  • Full re-audit every 3 years
  • Similar to Stage 2 audit
  • Renews certificate for another 3 years

Costs to Consider

  • Consultant fees (optional but recommended)
  • Training costs
  • Documentation and tools
  • Internal audit time
  • Certification body fees
  • Annual surveillance audits
  • Recertification every 3 years

Timeline Expectations

  • Small organization (< 50 employees): 3-6 months
  • Medium organization (50-250 employees): 6-12 months
  • Large organization (> 250 employees): 12-18 months

Tips for Success

  • Start with gap analysis to understand scope
  • Don't overcomplicate - keep it practical
  • Engage employees early and often
  • Document what you do, do what you document
  • Use certification process to improve, not just certify
  • Choose experienced consultant if needed
  • Schedule internal audits well before certification audit