ISO certification cycle
Our certification service
is most suitable for experienced
companies that have already prepared
most of their ISO documentation (or
have the internal capabilities to do so).
Certification for an ISO management
system standard is a three-year process
that covers:
- Year 1: Initial consultation, gap analysis, pre-audit and certification audit
- Year 2: Surveillance audit
- Year 3: Surveillance audit and preparation for re-certification
Your company will be responsible for preparing the mandatory and non-mandatory documentation (policies, procedures and forms) that is specified by the ISO
standard. We recommend that you train one of your employees as a certified Internal Auditor to drive the documentation and
certification process internally.
To pass the Surveillance Audit (in years 2 and 3), your organization will also need to demonstrate that you have implemented the necessary controls and engaged in year-on-year continuous improvements.
A description of the ISO certification journey can be found here.
Bronze package (single standard)
3-year audit cycle (with 2 surveillance visits)
Process for ISO certification
The CCS Client Manager will contact you to discuss your objectives, requirements and level of preparation.
Is this your first certification? Were you previously certified, and are you looking for re-certification only? Do you need help in developing applicable policies and procedures?
For most of our clients, we follow a structured multi-step approach (although this approach can be tailored depending on your organization’s level of preparation.
Process for ISO certification
The CCS Client Manager will contact you to discuss your objectives, requirements and level of preparation.
Is this your first certification? Were you previously certified, and are you looking for re-certification only? Do you need help in developing applicable policies and procedures?
For most of our clients, we follow a structured multi-step approach (although this approach can be tailored depending on your organization’s level of preparation.
Your responsibility:
In preparation for your gap
analysis, you should:
- Purchase and review the management system standard from the ISO bookstore
- Designate a member of your staff to receive training as an Internal Auditor for the desired standard (see here to request training class)
- Prepare your internal documentation in accordance with the requirements of the management system standard
Step 1: Gap analysis
During the pre-assessment phase, we review your internal documentation and compare it with the requirements of the desired standard. We prepare a Gap Analysis Report that identifies areas that need more work.
Your responsibility:
In preparation for your pre-audit, you should:
- Review the Gap Analysis Report provided by CCS
- Take action to remedy areas of non-compliance with the ISO requirements
- Start applying the controls throughout your organization
Step 2: Pre-audit
The CCS Auditor will review your organization’s readiness for certification by checking whether the necessary policies and procedures have been developed and implemented by your organization.
- If we find areas of non-compliance, we will notify you to give you an opportunity to remedy any deficiencies in your documentation.
- If your documentation is compliant, the CCS Auditor will confirm that the procedures and controls have been implemented in your organization in accordance with the applicable certification.
Your responsibility:
In preparation for your certification
audit, you should:
- Review the Pre Audit Report provided by CCS
- Take action to remedy any areas of non-compliance with the documentation and control requirements of the ISO standard
Step 3: Certification audit
We will schedule a visit by an accredited Certification Body to review your internal documentation and assess the practical implementation of procedures and controls. We work with Certification Bodies accredited by the United Kingdom Accreditation Service (UKAS). If you pass, your company will be issued an ISO certification that is valid for 3 years.
Your responsibility:
In preparation for your annual surveillance
audit (in years 2 & 3), you should:
- Update your ISO documentation as needed to reflect changes in your organization
- Collect evidence of areas of continual improvement in applying the controls that are defined in your policies and procedures
Step 4: Annual surveillance audit (years 2 and 3)
Your CCS Client Manager will contact you periodically to review your progress. Once a year, we will schedule a Certification Body to conduct an annual surveillance audit to ensure that your internal systems remain compliant. The Certification Body will also check on your efforts to improve your internal practices in preparation for your re-certification in year 4. CCS can guide you through this process as continuous improvements are required during this phase.
3-year audit cycle (with 2 surveillance visits)
What steps do you follow to review our internal documentation to ensure conformity with ISO document management standards?
Taking ISO 9001 (Quality Management Systems) as an example, we apply the following process to review your documentation:
- Initial document review: We review your QMS policy to understand its scope, objectives and the processes that are covered.
- Confirmity with ISO 9001 requirements: We review how your QMS policy addresses such issues as customer satisfaction, leadership engagement, business process integration, resource allocation, monitoring & evaluation, and continual improvement.
- Documentation management: We ensure that your documents are properly structured, controlled and maintained as per ISO 9001 standards.
- Recommendations: We provide you with our recommendations for improving your documentation to meet ISO 9001 requirements (as needed).
What steps do you follow to review our internal documentation to ensure conformity with ISO document management standards?
Taking ISO 9001 (Quality Management Systems) as an example, we apply the following process to review your documentation:
- Initial document review: We review your QMS policy to understand its scope, objectives and the processes that are covered.
- Confirmity with ISO 9001 requirements: We review how your QMS policy addresses such issues as customer satisfaction, leadership engagement, business process integration, resource allocation, monitoring & evaluation, and continual improvement.
- Documentation management: We ensure that your documents are properly structured, controlled and maintained as per ISO 9001 standards.
- Recommendations: We provide you with our recommendations for improving your documentation to meet ISO 9001 requirements (as needed).
What if you do not have the resources or time to prepare your own ISO documentation?
Preparing the mandatory and non-mandatory documentation required for ISO certification is often seen by our clients as the most challenging and time-consuming step. If you prefer, you can delegate to us the responsibility for preparing the required polices and procedures.
Instead of training your own Internal Auditor, we can provide an experienced auditor to:
- Interpret ISO documentation requirements in light of your business and operational requirements
- Review/edit your existing documents and prepare new ones that are customized to your risk profile
- Train your staff in applying the necessary controls, achieving efficiency gains, and demonstrating continuous improvement throughout the surveillance phase
Please go to our menu of turnkey solutions for additional information.
