Authors Posts by

ISO Update aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

by -
Developing an ISO 9001 Implementation Plan - ISO Update

Once companies have made the decision to implement a Quality Management System (QMS) like ISO 9001:2015, they are usually faced with a multitude of new considerations and issues to sort through. If you are currently running a successful business, chances are you are complying with a large percentage of the standard, it’s only a matter of being able to prove this to an auditor and document your processes effectively. By developing an implementation plan, you will give yourself goals and action points that will help you and your team efficiently tackle the objective of achieving certification. Working on a thorough implementation plan will not only help break the process down but will also give you a rough idea of the resources and time needed to start implementing the standard.

A bit of preplanning is also required. You will need to determine what your timeline and end goals are and whether they can reasonably be attained. Aim for realistic and practical goals and estimates and consider using generic checklists and “Gap Assessments” that will help you move in the right direction.

Want to learn more? Read the full article here.

by -
ISO Internal Audits Explained -

An ISO Audit is the systematic process of collecting and evaluating information about an organization’s processes to determine their level of compliance with the standard they are being audited against. Audits are completed to check the effectiveness of measures in place and to determine if the organization is operating at full capacity within the requirements to achieve certification and continue to grow. Within an audit cycle, which is typically 3 years, an organization will have both ‘internal’ and ‘external’ audits completed at least once per the calendar year, with the scope of the audit and the scale of the audit dependent on who is conducting it and its purpose. 

Internal auditing is carried out independently by an organization, utilizing internal personnel or an ISO Consultant with experience and knowledge of your organization and industry. It is an appraisal of the efficiency and effectiveness within certain departments or the organization. External Audits are done to evaluate your organization and recommend certification to the standard you are compliant with. External audits are performed by third-party auditors affiliated with a Certification Body. Internal audits are a requirement of ISO Standards, but cannot grant you an ISO Certificate.

Goals of Internal Audits:

The purpose of an ISO internal audit is to assess an organization’s efficiency as measured by the level of its quality and risk management systems and its overall business practices against one or more ISO Standards. Companies and organizations conduct internal audits to evaluate and improve the efficiency of their business practices capabilities by highlighting any existing flaws or shortcomings and ensuring plans are in place to properly address them.

While conducting regular and effective internal audits of your management system is a requirement of the standard, it’s also a requirement for a reason. Internal audits are a chance for your organization to truly see the progress you are making, and a chance for your employees to show off their skills and voice any concerns. Some of the major ways an organization can benefit from an internal audit:

  • To review and evaluate the reliability and soundness of its internal control system;
  • To ascertain the degree of compliance with established standards, policies and procedures;
  • To minimize losses and maximize profits;
  • To ascertain whether the information generated in an organization is accurate and reliable;
  • To ascertain the level of integrity of the data provided to management;
  • To provide informed advice and feedback to management on next steps and growth opportunities;
  • To seek opportunities for improvement in the existing systems.

Internal auditing is based on several guidelines that are dependent on the organization’s specific vision and strategy. To be beneficial, it should provide appropriate and unbiased information that the organization can utilize in the enhancement of its performance. This means that auditing should be undertaken while keeping in mind the specific requirements and criteria of the organization and the environment within which it operates. While you might be tempted to download and follow a checklist, don’t use these as a one-stop-shop for the perfect internal audit, utilize them as guidance and tailor them for your specific needs.

Principles of Internal Auditing:

Following are some of the basic principles of auditing that should be universally applicable regardless of the size, scope or industry.

Objectivity: An internal audit should be an objective activity. All internal auditors must maintain objectivity in their judgment. Consider if you are auditing your peers, to not hold previous judgement or past experiences against an individual or team, audit within your scope, do not audit with an objective of proving a point. Audit with the objective goals of bettering the organization and providing a value-added practice to the organization.

Ethics: Like all other business practices, internal audits should also be done within the confines of morals and an ethical code. (link)

Confidentiality: Auditors have access to sensitive information about the organization and its employees. It is very important to ensure the highest level of confidentiality to avoid possible misuse of such information.

Competence: Auditing is a complex procedure. It must be done by skilled, experienced and competent auditors. When selecting an auditing team, consider their questioning skills, and their listening skills. An auditor must be prepared to ask questions that will give them the information they need, without causing stress for the auditee. Consider offering employees ISO Training to help reduce stress and increase engagement.

Planning: The audit process should be thoroughly planned to avoid confusion at later stages. Once an audit plan is in place and dictated to the auditees, do not stray from the scope of the audit. This will avoid issues with timing and employee engagement.

Documentation: It is important to maintain proper documentation of the audit process. Internal audits conclude with a closing meeting where findings are shown to management and you must provide a detailed report promptly after the audit is completed. By ensuring you are documenting your findings effectively, you will have much more success in your closing meetings and when you create your report.

Integrity: The audit reports must accurately depict the facts discovered during the audit process. The integrity of the audit findings is essential.

Selection of Auditors:

Internal auditors should be carefully selected. An internal audit team must be adequately staffed in terms of both numbers and experience. They should also be properly trained to ensure that the needs of each audit task are fulfilled. The success of the internal audit largely depends on the quality of the audit team that is determined by the level of their training and expertise. 

Internal Audit Process:

The internal audit process should be planned well beforehand so that objectives are clearly defined, and priorities are established. You will need to provide the audit plan in advance to ensure you are able to talk with those you need to and can access the documents or processes needed to complete the audit on schedule. The planning process should include setting a schedule for each activity and setting deadlines. All tasks that need to be performed must be clearly defined. An audit plan should be made with a thorough understanding of the organization and its environment and presented clearly at the opening meeting. 

The internal audit process must be continuously supervised by a designated audit team leader. The Lead Auditor will ensure that the audit process is proceeding according to the plan. The performance of the audit team should also be reviewed just like that of other employees and members of the organization. A comprehensive report should be issued once the internal audit is complete with findings communicated promptly and concisely. These findings must be presented in a way that makes them helpful for management in deciding their course of action. 

The findings of the internal audit must be supported by ‘Audit Evidence’ which provides reasons for the conclusions of the internal audit team. This evidence must be easily understood and articulated in your reports to allow the external auditors to come to a similar conclusion during any third-party audit activities.

If done correctly, internal audits can have a very positive impact on the overall organizational performance of any company and be a value-added experience your company will benefit from.

by -
Climate Change & ISO Solutions -

The International Organization for Standardization (ISO) has a number of standards that work towards monitoring climate change, quantifying greenhouse gas emissions and promoting good practices in environmental management.

One such guide is ISO/DGuide 84, which sets guidelines for addressing climate change in standards. You can learn more about the guide here. ISO has also set goals for their contribution to the UN’s initiatives for sustainable development “By supporting our members to maximize the benefits of international standardization and ensure the uptake of ISO standards, we’re helping to meet the United Nations Sustainable Development Goals (SDGs).” – Source

In this article, we will focus on ISO’s goal of “Climate Action – Take urgent action to combat climate change and its impacts”, and on the ISO 14000 family of standards, which focus on environmental management systems (EMS).

First, to understand the need for standards, we should investigate the effects we have on the environment, and what we can do to change. Every one of us has an impact on the environment, but arguably, organizations have a larger, more reaching effect on the environment. Consider the footprint of each item you manufacture; where it came before you, where it will go after it leaves you, and the ripple effect that follows. Therefore, companies have a duty to consider each stage of their product or services journey, and its effect on the environment. This is also applicable to your suppliers and the processes they use to provide you with a product or service.

One major impact to consider from your organization, and the world-leading cause of climate change is greenhouse gases.

Greenhouse Gases

The United States Environmental Protection Agency defines Greenhouse Gases as “gases that trap heat in the atmosphere”. The name ‘greenhouse gases’ references the greenhouse effect. Greenhouse gases allow the sun’s light to shine onto Earth’s surface, and then the gases, such as ozone, trap the heat that reflects back from the surface inside the Earth’s atmosphere. The gases act like the glass walls of a greenhouse—thus the name, greenhouse gas. The more GHG’s present, the less heat that can leave the atmosphere, thereby increasing the overall temperature of the Earth and shifting the balance of the weather cycle, and global environmental patterns. –Source

Types of Greenhouse Gases

Carbon dioxide: Created by the burning of fossil fuels like coal, natural gas, oil, and biological materials like trees; the reaction of certain chemicals like the manufacture of cement.

Methane: Emitted during the production and transport of coal, natural gas and oil; the result of livestock and agricultural practices; decay of organic materials in landfills.

Nitrous oxide: Emitted during agricultural and industrial activities; combustion of fossil fuels and solid waste; during treatment of wastewater.

Fluorinated gases: Hydrofluorocarbons, perfluorocarbons, sulfur hexafluoride, and nitrogen trifluoride are synthetic, powerful greenhouse gases that are emitted from a variety of industrial processes. Fluorinated gases are sometimes used as substitutes for stratospheric ozone-depleting substances (e.g., chlorofluorocarbons, hydrochlorofluorocarbons, and halons). These gases are typically emitted in smaller quantities, but because they are potent greenhouse gases, they are sometimes referred to as High Global Warming Potential gases (“High GWP gases”).

Learn more from the United States Environmental Protection Agency about GHG Greenhouse Gases

Depending on your industry, you may not have a direct reaction to these gases, nor how they relate to how you change. However, relating back to your environmental footprint, consider how you receive the raw goods you utilize to create your end product, how are they manufactured? Do you ship products across the globe – how are you ensuring the organization you hire to ship these goods is not dumping their garbage in the ocean or polluting the air with toxic chemicals?

ISO Solutions

This is where utilizing industry best practices and international standards is essential. By putting in the work to comply with an international standard, you can be sure your management system will not allow you to hire a supplier who harms the environment. While this is just a small example, it illustrates just how ISO Standards and proper utilization can help.

ISO 14001 is the standard for environmental management systems (EMS) which you as an organization can become certified to. This standard was developed as a guideline for organizations to follow to ensure their business processes are conducted in a way that is sustainable and environmentally conscious.

ISO 14001 was developed as guidance for organizations to better their processes from the inside out with their environmental impact at the core of each decision made. Compliance with ISO 14001 provides a systematic and strategic approach to dealing with your company’s effect on the environment and its solutions to decrease your impact.

Organizations with certification to ISO 14001 benefit from industry best practices for sustainability, internal and external audits and validation, constant feedback and improvement measures, and confidence in your measurements of effectiveness. Because of the lifecycle of ISO Certification, your processes will be evaluated internally and externally over a three-year cycle, with certain major and critical processes being evaluated yearly. With this cycle, you can be assured that your organization is operating at its best potential with regards to environmental management systems, and processes that are not effective will be evaluated, altered, and monitored on a consistent basis to ensure their improvement and success.

With the new revision to the standard, ISO 14001:2015, like ISO 9001:2015, an emphasis has been placed on Leadership commitment. In previous versions of the standards, management commitment was not a requirement. With the new revision, there is no such thing as a management representative, now everyone is required to commit to the promotion of the EMS. Also, in previous versions of the standard, ISO 14001 required a commitment to reducing negative environmental impacts. Now, organizations much also commit to having a positive impact and improving environmental conditions.

If all organizations and corporations utilized these ISO requirements and best practices, imagine the positive effect on the environment!

Part of the ISO 14000 family of standards includes guides and requirement documents that help organizations with proper protocol and standard best practices for audits, communications, labelling and life cycle analysis, as well as environmental challenges such as climate change. ISO 14064 is one guide with a specific focus on quantification and reporting of greenhouses emissions and their removal. ISO has a full list of standards created to help with the climate crisis, you can learn more about the ISO 14000 Family here.

by -
Align Your Audits -

Written by: My Audit Spot

Over the past year, My Audit Spot has been uploading a variety of templates covering all aspects of the audit process. The templates are a way to share audit knowledge, skills, and templates; whilst also providing an opportunity to help other auditors become more diligent and efficient while meeting the requirements of the IIA’s International Standards for the Professional Practice of Internal Auditing (Standards).

It is important to note, that without an independent assessment, My Audit Spot cannot say that these templates conform to the Standards. Similarly, anyone using these templates in a review cannot state in their final report that the audit has been conducted in accordance with the Standards without an independent assessment. However, the templates have been built off best practice from across the industry, with particular attention paid to requirements of both the Internal Audit standards and Auditing Standard – ASA 230 – Audit Documentation.

The My Audit Spot audit overview shows how each template can be linked to the audit standards. Snippets of our audit process and how it links to the audit standards are included below.

The Standards

The Global Institute of Internal Auditors (IIA) has put together standards aimed at guiding adherence with the mandatory components of the International Professional Practices Framework (IPPF) for performing audits, establishing a basis for evaluation and, encouraging improved business processes and operations.

As the IIA states, “The Standards are a set of principles-based mandatory requirements…”. These should form the minimum of all your workpapers.


Your audit will only be as good as your planning. Failure to appropriately plan and scope the review could result in risks not appropriately reviewed, or business improvement opportunities not identified.

The Standards reflect how important the planning phase is, with the Standards considering everything from current risks and governance processes, through to current control frameworks within the business, and even the objectives of the review. The templates My Audit Spot has developed will help guide you throughout the planning process and help your organization consider parts of the Standards.

Be sure to consult the Standards yourself to ensure you’ve considered all the minimum components.

My Audit Spot planning templates can be accessed here.


This is the guts of it. By now, you have done all the planning, worked out what your risk areas are, and now built a Work Program around how you are going to test and address each of the identified risks.

Throughout the fieldwork phase, it’s important to ensure your work is appropriately documented. If it’s not documented, it’s not done. At a minimum, each workpaper should include:

  • Scope area being addressed
  • Purpose/objective of the workpaper
  • Methodology – how we have performed the work
  • Tests
  • Outcome / conclusion

My Audit Spot fieldwork templates can be accessed here.


Not only is the audit report phase one major output of your work, but it is also a direct reflection of the effort and attention to detail which has been undertaken during the audit.

An audit report also has the potential to value add by identifying opportunities or future considerations which may not have otherwise been surfaced.

It is important that reports are communicated to the relevant stakeholders and appropriate management. Additionally, reports should be clear and concise as they will be constantly referred to for the action tracking/audit follow up process.

My Audit Spot reporting templates can be accessed here.

About My Audit Spot

My Audit Spot Logo ISO Update

My Audit Spot is a space to share audit tools, knowledge and resources. Our mission is to encourage collaboration across internal auditors through the sharing of tools, knowledge and resources; ensuring audit remains a trusted and respected profession.

Follow My Audit Spot on Facebook, Twitter, and LinkedIn.

by -
Ethics in Auditing -

Ethics and Integrity is the choice between what’s convenient and what’s right. Reinforcing good execution and behavior of any organization relies on an auditor to confront poor execution and behavior and endorse proper and conforming behavior, and not simply “look the other way” when pressured from above or by budget. If you wish to perform a value-added service with your audits and report, you have a duty to utilize ethical practices in your audits, for the good of your own reputation, and the good of the company paying you to audit their work.

Ethics is a personal choice, it’s a personal compass that dictates right from wrong but unfortunately, it’s not always common sense. Being an auditor, you may face scenarios where you can’t always tell which choice is right, which choice is easy, and which choice will let you keep your clients happy. The issue stems from a bias in the industry that is hard to avoid. The people you audit are paying you, and therefore hold power over you as an auditor or a Certification Body to produce favorable results or they will jump ship to another provider. While this is an industry norm, it still produces scenarios where the potential for “letting something slide” is easily allowed. This, however, is not ethical and tarnishes the whole perceived image of certified entities.

Auditors can understand different business needs, the requirements of the standard, and the best possible person to rely on to ensure a company is running an effective business according to the standard. To fill these criteria, an auditor must be honest and have integrity. They must be fair and trustworthy, and willing to be “the bad guy”. They must have the ability to push through difficult situations and then work with people in a constructive manner.

Qualities of an Ethical Auditor


Being honest should be any professional’s main building block. Being honest is the foundation of any working professional that will help foster trust between you and a client, supplier, or in any relationship, professional, or not. Consider the consumer pipeline, and you as an auditor are the “product” to be sold to a customer. A customer must first learn of you and an option to “purchase”, they have a need of an auditor. Perhaps they learn about you from an online directory like ISOUpdate, or from a Google search and find your website or referral. They must first trust that what you say is true, i.e., your experience level, your industry codes, etc. This is where your honesty as a business professional will shine. What is said about you in customer referrals, testimonials, and word of mouth statements is often out of your control. But honesty is in your control. By providing a service that is honest – from what you charge, to what you provide, and if you follow through on the claims you make – you will cause customers to be delighted by your services and offer your praises to others.

To elaborate on a point above, to ensure you are honest is to follow through on the claims you make. Following through on promises is an essential way to prove your honesty. The cliché to consider here is “under-promise, over-deliver”. While we do not encourage using this approach every time, as it can set unreasonable expectations in the long run, we do encourage you to be mindful of your capabilities. Be honest with your clients, and they will have more respect and trust in you.


A good auditor will always look thoroughly into the matter before forming any opinion, clearing any biases and not allowing experience to cloud judgment. While all bias cannot be removed due to the transactional relationship between auditor and auditee, it can be neutralized. If you are an internal auditor, that is an auditor who works within the organization and with your peers on a daily basis, consider how you can make the audit process easier and less stressful. Leading up to the audit, inform your peers of the dates that they will be audited, and inform them of what to expect. You are preparing them for the certification audit, which will be conducted by a third-party auditor who won’t be you, so tell them what to expect, and most importantly, not to worry or hide information. By alleviating some of the stress of being audited, and having everyone prepared, you will be able to audit more successfully and without resistance, allowing for an accurate picture of the organization, its shortcomings, and its successes.

This is where companies will truly see the value-add to the audit and certification process. If the organization isn’t showcasing the true nature of their shortcomings, you are not going to be able to get to the root of their system, and they will continue to falter. Here is where it is also helpful to have a relationship built on trust and honesty, allowing you to do your job to the best of your abilities.


As an auditor, you have been commissioned to evaluate a company’s systems against a specific standard. You only have a limited time to sample the largest picture possible and evaluate if the organization is successfully following the requirements of the standard, is aware of and working towards improving aspects of their system that aren’t compliant, and is striving towards improvement. You might be a single auditor or part of a team of auditors, but regardless, it is not possible to see the whole system in one day. This is where pre-planning your audit objectives and sticking to those objectives is essential. Each audit will start with the scope of the audit being set and reviewed in the opening meeting. Do not stray from these objectives unless unforeseen circumstances arise. Sticking to your plan will help foster trust and create a much-needed sense of security between you and the organization.


Timeliness also falls within the qualities of honesty and objectivity. Promptness, punctuality, and professionalism are the 3 major ”Ps” that perfectly encapsulate the qualities of a good auditor.  Set your objectives, be mindful of the time you have available, be prompt and punctual with the time you promised, and be professional with every interaction you have. You are being paid to conduct an audit and provide an accurate report; follow through with your objectives and return your report within a reasonable time so the organization can begin to make changes based on it.


If you bring clarity to a situation, you help people see what really happened by clearing up misunderstandings and providing explanations. You may hear this a lot, but use plain language whenever possible. You may be speaking to veterans in the standards industry or you may be speaking with someone who’s never heard of ISO before, regardless, you should be treating every room with the same expectations. Speak to be understood, not to seem superior or knowledgeable. There is no harm in asking the people you audit their knowledge level if you do it with respect.

Expanding on the above qualities, be clear about your objectives and provide an Audit Plan that is clear and transparent about your audit goals and your expectations. You may also want to start off each new relationship within an organization with a meeting that states your auditing style, reviews the audit process, outlines when they can expect reports and final documents, and how you will present findings. By clearing up any initial questions or concerns a client or auditee may have from the beginning of the process, you can foster a relationship of trust and respect.


Keep your word…. it takes a strong character to keep your word, even more so when someone treats you poorly.  Do not let biases or circumstances outside of the client’s control affect what you promised. If the need occurs, be honest and ask for their understanding, but deliver what you promised within a reasonable timeframe. Delivering on what you promised shows integrity and trustworthiness. Not delivering on promises showcases a lack of organization, time management skills, and a personal lack of ethics. Keeping your word is one of the smallest yet most impactful things you can do to build trust in your audit. If you want to establish a solid reputation you must deliver on your promises.

Keep Commitments

When you make a commitment you create hope, and when you keep it you create trust. An ethical auditor stays loyal to what they promise to deliver. Nothing in the world says more about your work ethic than your commitment to your work. Stay true to your objectives, your schedule, and your timelines and you will reap the benefits of happy customers.

Pay Attention the Environment

To be at the top of your game you must be vigilant and observant and must have a tight grip on your environment. Sometimes the answer is right there in front of your eyes, all you must do is pay attention and heed what you perceive. As an auditor, this may be second nature within an audit, but this also applies to auditing yourself, your shortcomings, and your ethical practices within your own work. Hold yourself to the same standard you audit against, evaluate your processes, your review processes, and your improvement needs and objectives. You may have been doing this for years, and you may have found the perfect way to do things, but change is the only constant, and there is always room to grow, even within yourself.

by -
7 Steps to Quality Excellence -

ISO Certifications are always in demand due to its relevance in the competitive business world. The ISO Standards gets their periodic revisions once in every 5 years. Each revision is in line with the latest market trends, and have changes in policies and processes that are apt to the modern business scenario.

The ISO certification process might seem like a tiresome and lengthy process in the first go. Choosing the right consultant is the key to success.

To know more, you can read our blog on How to Choose the right ISO Consultant here.

The ISO Certification journey follows 6 basic steps that are:

1. Choosing the right Standard

The ISO 9001 Quality Management System is the most popular one to start with. It helps in building a consistent level of quality and customer satisfaction. Based on the industry and business requirements, there are various ISO Standards to choose from.

Aurion ISO Consultants will help you choose the right Standard based on your business activity and guide you through the implementation and certification works.

Other popular Standards include ISO 27001 (Information Security), ISO 14001 (Environmental) and the ISO 45001 (Occupational Health and Safety).

2. Choose the right Consultant for your business

Ensure the Consultant works in alignment with your organizational goals. The success of the ISO Certification depends on your Consultant.

Ensure the ISO Consultants are knowledgeable about the recent revisions of ISO Standards, policies & compliance requirements, documentation support, etc. Also, building a good rapport with the consultant from the beginning is essential.

For checking the authenticity of the Certification Body and the Consultant’s accreditation, you can visit the concerned ISO Authorization body’s website and request for sample Certifications from the Consultants.

3. Onboarding and Conduct Gap Analysis

Once you finalize a Consultant, the next step is onboarding the Consultant to your team. Fix up a meeting to discuss the Certification journey. The Consultant will conduct a Gap Analysis to identify the current business operations, processes followed and suggest process improvements.

Onboarding and conducting a Gap Analysis is a critical step in the ISO Certification process. As it is the starting phase, and the action plan is drawn out from the initial meeting and business process assessments. The required process improvements are to be initiated to develop a Quality Management System that is compliant with ISO 9001:2015 requirements.

4. Document Preparation

The new ISO 9001 Standard is focused on process optimization and less on documentation. Still, the documentation of the process improvements and related policies must be maintained for streamlined implementation of the ISO 9001:2015 Standard.

The ISO Standard indicates that the documentation needs to be created at instances where it adds value to the work process. The main aim of ISO 9001:2015 Standard is to maintain quality first process/services and enhance customer satisfaction.

5. Developing the Quality Management System

Develop a Quality Management System based on the recommendations from the Gap analysis. A Management System is a set of documents that outlines your business processes. The Quality Management System Implementation is a vital step in the ISO Certification process.

The Quality Management System consists of industry best practices, quality principles, methodologies to implement effective business processes to enhance product quality, deliver positive customer experience, etc. The Quality Management System must be in place before the inspection by the third party (Accredited Certification Body) is conducted.

Once the implementation of the Quality Management System is complete, organizations can undergo an internal audit to ensure all the process implementations are in compliant with the ISO Standard.

The Internal Audit is conducted by the ISO Consultants and they interview the employees, look at sample work reports, observe the business operations and suggest corrective actions as required.

6.  Conduct the ISO Certification Audit

Along with your ISO consultants, select the certification body for the external certification and submit your Quality Management System documentation for review to the external body. The external body will be an accredited Certification body that will issue the ISO Certification based on the compliance requirements after conducting an audit.

The external audit will be conducted by the accredited certification body on your premises by reviewing the business operations. Any non- conformance to the ISO requirements will result in an extension of the certification issuance. On mutual agreements, a revised timeline will be given to incorporate the changes so that the processes comply with the ISO Standard requirements, and results in successful issuance of ISO Certificate.

7. Certification

Once all the requirements are in place; the certification will be issued by the certification body. The ISO Certifications are valid for 3 years. Re-audit will be conducted for the new certificate issuance to ensure that the policies are in place and the business processes are ISO compliant.

Aurion ISO Consultants are one of the pioneers in ISO Consultation, Training, Implementation, and Audit services in the UAE and globally. For all your queries on ISO Standards related Services, feel free to reach out to us!

About the Author

John Wick is an ISO Consultant working with Aurion ISO Consultants in Dubai. John likes to write on ISO Training, ISO Consulting, latest changes in ISO Standards, industry-wise benefits from getting ISO Certified. Reach out for expert consultation on any ISO related queries.

About Aurion

Aurion ISO Consultants, Dubai offers world-class ISO Services such as Training, Consulting, Certification, Implementation, and Audits in Dubai, UAE and Worldwide.

Aurion ISO Consultants is an Award-Winning Consultant firm in Dubai, UAE and one of the fastest-growing ISO Service provider in the UAE and GCC region. We have assisted 1800 clients across several countries globally.

We provide you with a Single-Window Solution with ISO Consulting, ISO Training, and ISO Implementation and ISO Audit Services. With our ISO Certification, you can transform your business into quality first one.

Contact Us: Aurion ISO Consultants | 0097142504150 | |#213&214,6E-A Dubai Airport Freezone, Dubai |

While you are planning to implement ISO Certification Standards for your organizations, to know more about the ISO Certification standards and all ISO related services from Aurion ISO Consultants, you call us right away!

by -
What is ISO Certification -

What does it mean to be ISO Certified?

Even if you’re relatively new to the quality business, you might have heard of “ISO” being frequently namedropped especially in the context of quality management. Far from a simple buzzword, it’s quite a big deal in the marketplace and as an aspiring new business, a business person looking to grow your business, or even an entrepreneur looking to set your business up for long-term success, you need to be informed about ISO Standards and standardization.

ISO Certification

ISO is the International Organization for Standardization – It’s an independent, international organization that produces various standards spanning throughout the business sector that help improve and ensure quality, efficiency, consistency, and safety of operations and their consequent products and services.

Relevant business sectors include health and safety, information security, energy management, environmental management, aerospace and defense, medical devices, and many more. The standards are deliberately made to be both comprehensive yet generic enough to be incorporated into any business regardless of size, sector or context.

It is important to note here that ISO cannot certify you themselves. ISO develops the standards, but the certification process is performed by external certification bodies and ISO cannot certify a company or organization directly.  Despite this, their committee on conformity assessment (CASCO) has produced a set of guidelines and standards that these external certification bodies are expected to use as a reference to help adequately measure conformance and quality during the certification process.

ISO 9001 is an internationally recognized and trusted quality management system that has been adopted by companies all over the world to help achieve standardization and quality assurance. The first step to ISO 9001 Certification is to understand the standard. You will want to download the standard document first to get familiar with the requirements of certification. The ISO 9001 standard is basically a rule book stating what you need to have or do. The standard is generic in nature, allowing any organization in any industry to benefit from it. ISO 9001:2015 is currently the most recent version of the standard and is the version you should be using to develop your quality management system.

By following these requirements you are “compliant with the ISO 9001 Standard and therefore can be recommended for certification by your Certification Body.

Purchase the ISO 9001:2015 Standard Here

When choosing a Certification Body (CB) to provide certification and auditing services to your company, verify that they are accredited. This simply means the CB is compliant with their own set of standards for being a CB, specifically ISO 17021. Check out our video on “requirements for certification bodies” to learn more.

Complying to ISO 17021 means the demands of the standard are assessed by an external agency called an Accreditation Body that is a member of the IAF-MLA in the CB’s region. Consider this a license to issue certificates or a degree to do a certain job, without which you are not qualified. To issue a certification of compliance to ISO 9001:2015, your CB should be accredited to ISO 17021.

What does it mean to be ISO Certified?

Being ISO 9001 Certified means your organization has a quality management system in place that utilizes international best practices to standardize your processes and system using the ISO 9001:2015 standard to ensure you consistently produce products and services that meet and exceed your customer’s expectations.

Since the guidelines of ISO 9001 are quite comprehensive and the process of implementing a system, having multiple audits, and maintaining compliance is quite stringent, achieving certification is recognized as an impressive feat and speaks volumes about your company’s commitment to providing your customers with high-quality service.

What Next?

If you are considering ISO 9001 certification, but do not have relevant experience, check out these resources to help you get started:

What is ISO 9001?

Tips for Implementing the Standard

Choosing a Certification Body – Choosing the best Certification Body for your Business

Tips for Audits:

by -

More organizations are looking to upscale their business and benefit from the implementation of international standards. To determine the factors that play an important role in the growth of an organization we must determine the disruptive forces that affect the organization’s growth directly or indirectly. There are four major trends which ISO deemed crucial disruptive factors for organizations and their interested parties, which were highlighted by the ISO General Assembly:

  • Economic and trade uncertainty
  • Changing societal expectations
  • The impact of climate change
  • The digital transformation

In this article, we will shed light on each of the above points which were discussed during ISO Week 2019 held in Cape Town, South Africa on 16-20 September 2019.

Jodi Sholtz, Group Chief Operation Officer, from the South African Department of Trade and Industry, said, “Without appropriate standards, it will be impossible to address multiple challenges at a global and national level. Standardization provides the tools to achieve sustainable development, to counter the immediate threat posed by climate change and, amongst other things, secure gender equality and optimal health.”


Today, organizations develop international influence and operate on a global scale which helps bring economic growth but also brings about trade uncertainty. To combat uncertainty, inclusive economic growth is essential through standardization and the use of internationally recognized standards to minimize the growing inequality, economic concentration and marginalization of many developing countries. 

As ISO President John Walter explained, “The economy is obviously one of the most important drivers of change and there is an unquestionable role for us to play in restoring faith in the values of free trade and multilateralism.”


New models like the “sharing economy” bring new challenges for regulators and policymakers who must adapt and problem solve through standardization.

Standards are crucial in a sharing economy because of the disruptive nature of these evolutions. As with any other changing factor, adaptation is key to many problems.

“Those who stand to lose in the sharing economy are traditional industries that refuse to adapt and those using conventional business models that refuse to evolve,” said Tarryn Daniels from the Consumer Goods Council of South Africa.


Climate change is affecting every aspect of human life globally, and its impact on trade may affect your business. Unpredictable weather will greatly impact industries throughout the world.

“International trade depends critically on well-functioning transport links. Environmental challenges such as extreme storms, floods, changes in temperature, humidity or precipitation and rising sea levels will have significant impacts on transportation infrastructure such as ports,” according to Regina Asariotis of the United Nations Conference on Trade and Development (UNCTAD). Better risk assessment and preparation will help ensure successful adaptation to climate change.


Speakers looked at what the rapid evolution and adoption of digital technologies could mean for businesses and society. For example, what does digital transformation mean for businesses? How are digital technologies changing what and how we trade? And how are digital technologies driving entrepreneurial growth and innovation? Technology brings about many positive changes from providing efficiency and accuracy to facilitating speed and ease. Life without digital interference seems to be unfeasible now. The rapid evolution and adoption of digital technologies is more vital now than ever before for organizations who wish to stay relevant and efficient in their industry.


The objective of the ISO General Assembly is to develop International Standards in response to market needs. Innovation is not just about change or a few bright ideas; it’s about filling the void between old and new, it’s about finding solutions to the problems that have already arisen and that have yet to come through mindful analysis, and it’s about addressing crises internationally and providing improved solutions through standardization. Together, these four trends – economic and trade uncertainty, changing societal expectations, the urgency for sustainability, and digital transformation – make up the disruptive forces that will shape the direction of ISO’s future strategy on the path to 2030. As a first step, ISO is developing a new series of International Standards on innovation management. Stay tuned to ISO Update to learn more about new and updated standards as they are released.

by -
Importance of Audits - ISOUpdate

Audits, specifically those done to prove compliance with an ISO standard, are on-site verifications which include inspections and thorough examinations of your organization’s systems that verify their compliance with a certain ISO standard. This is done to ensure sufficient compliance with the requirements of the management system(s) and to track and improve the efficiency of your operational processes. There are various types of audits depending on what they are meant to audit or who your auditors are, each with their own range of unique benefits. We will talk about the different types of audits you will experience in each cycle of your certification, some of the requirements of each type of audit, their purpose and goals, how they will help you as an organization, and the overall importance of auditing to the growth of your company.

Types of Audits

The classification of audit types is based primarily on the relationships between the participants and the examiners. ISO audits have 2 main types, Internal and External Audits.

Internal Audits

These are performed by internal auditors who are employed by the organization being audited and are also known as first-party audits. They’re performed within a company to verify the efficiency of their own adopted procedures and check for conformance to international standards and possible shortcomings. An internal auditor typically has a working knowledge of your organization and knows “what makes your company tick”. Internal audits are meant to dive deeply into your processes and uncover anything and everything that could or might be a non-conformance to the External Auditor. It is during Internal Audits that you want to find, report, and later act on these findings to help improve your organization.

When conducted by an audit team comprising of employees from a different department, you can maintain impartiality and ensure less conflict of personal interest. If provided with the appropriate training, these teams of internal auditors can offer objective insight with the added advantage of knowing the context of the organization inside out by virtue of working there and offering more specific feedback in view of it.

Internal audits allow you to inspect your company and ensure compliance with laws and regulations in a more casual environment with lower stakes. Because the internal auditor is typical a colleague, you should feel much more at ease when the auditor is around. The Internal Auditor is your friend! As with any audit, you do not want to hide information or mislead the auditor to make the audit go by quicker; you should view these audits as an opportunity to learn and grow from shortcomings and prove to your external auditor that you are working towards constant improvement. They operate as an essential tool in preparing you for your next external audit.

Most international standards include internal audits as an important part of the ongoing process towards continual improvement for an organization because they allow you the opportunity to constantly monitor and review the efficiency of your processes. Internal Audits give your organization an opportunity to identify potential risks and gaps in your system and design corrective actions before they start costing the company. They also help you track and document changes that are important to present to external auditors when seeking certification.

Internal Audits are typically held at least once per year and before external auditors are brought in. Internal audit findings will not put your certification in jeopardy and help to prove to the external or third-party auditor of your compliance with the standard.

External Audits

Also called “third-party” audits, external audits are performed by impartial auditors and can be called objective assessments of company procedures and provide transparency and confidence to interested parties that your organization is truly running an effective and compliant management system. Objective assessments and their feedback allow these interested parties to be better informed about your organization. With most ISO standards, you are not required to disclose audit results, but if you receive favorable feedback from your audits, you may be inclined to promote that with permission.

External Auditors are typically contracted by your accredited Certification Body and assigned to audit your processes during your 3-year certification cycle. The auditor will come to your site for a set period to prove compliance with an ISO Standard resulting in the certification approval or approval pending corrective action. It is important to note that external, or third-party, audit length is determined based on requirements published by the International Accreditation Forum (IAF) that apply to all accredited Certification Bodies.

Corrective actions must be taken if the external auditor finds a non-conformance in your system that will be detailed in their closing meeting with you and in their report. External Audits are necessary if you wish to hold an accredited ISO Certification, and are a great way to help your organization with impartial evaluation and reports, international certification and recognition.


Audits are a stressful time for most organizations. They can be seen by employees as head office spying on them and they may feel their jobs are at risk. It’s important to explain the role of audits for the greater good of the organization and to reassure your people that this is meant to show how the company can improve, and not an opportunity to point fingers and blame.

Internal audits should be a chance for employees to speak up, have their voices heard and shed light on aspects of their processes that could be improved. The internal auditor should be someone who understands your organization but can remain objective. It is during the internal audit that your organization wants to find areas for improvement, so don’t hide things or avoid things to make your job easier.

External audits are typically stressful because there is a lot more at “stake”. Don’t worry, the auditor does not want to take away your certification, they want to prove why you should achieve it. An external audit cycle is 3-years with Year 1 granting certification and Years 2 and 3 providing surveillance to ensure your certification can be maintained. External audits are typically more formal but should still be viewed as a learning and growth opportunity. Do not hide or avoid topics with your auditor and be sure you are prepared to report on the findings from your internal audit and how you are making the changes and improvements from those audits. Third-party audits should add value to your organization, and provide a chance to demonstrate you are running an effective and successful business.

What to Do If you Feel Your Audits or Certification Isn’t Effective

If you feel your audits are not adding value to your organization, before you drop your certification, consider if your audits are effective. You may want to bring in a consultant or expert to help your organization truly understand just how helpful ISO Certification is and how important audits are to the continual improvement of your organization.

If you are unhappy with your current audits or auditor, do not feel trapped. Talk to your Certification Body, they should be more than willing to accommodate an auditor change depending on your location, auditor availability and certification cycle. Consider the cost-benefit here. If you are not seeing the value of audits with your current auditor, a slight change in cost for a new one who might have a higher travel cost may be more cost-effective for your organization than simply accepting a lower quality audit. If your CB will not accommodate your change request, know that you are never obligated to remain with a CB. You may want to consider transferring your certificate and understand the cost-benefit from transfer fees to better service or higher satisfaction. When searching for a new CB, express your current troubles and expect an answer for how this new CB will rectify the issues.

by -
SMART Goals for Internal Audits - ISOUpdate

Despite how important and often necessary internal audits are for the growth of a company, very rarely does most management take the time out to concisely list their expectations and objectives for them.
To make the most of your internal audit and reap maximum benefits from them, having precise and smart goals is essential. Not only do they save precious time for your company, but they also ensure that your audit goes smoothly and prepares you for the future.

What is a SMART Goal?

Setting strategic and attainable goals is a vital part of growing your business as they provide you with a target to work towards. Goals function as a means of motivation and help you focus on a specific task rather than a vague concept of betterment. Since they’re so important, it’s also prudent to spend time to ensure the goals you set are SMART.

Here SMART is an acronym that stands for:

Specific: The goal needs to be clear and precise. Specific goals have a higher likelihood of being accomplished than generic ones. To check if your goal is specific enough, see if it answers a few questions like “What needs to be done?” “Who will work on the documentation process?” and “What apparatus will the work involve?” These will provide you with a sense of direction regarding your goal and take the guesswork out of the process for better efficiency in your operations.

Measurable: You need to create a scale that helps measure your progress towards your goal. Having measurable goals provides an opportunity for positive feedback on the progress you have made and a source of motivation to achieve your objectives. Additionally, having well-defined goals and a means to measure them accordingly helps you identify possible setbacks and trends so you can work on these problems proactively for the future. Ask yourself questions like: “How will I know if my goal has been achieved?” “In the meantime, what are some progress indicators to look out for?”

Achievable: Needs to be within the realm of possibility to achieve. If a goal is too difficult it will quickly demotivate anyone set out to accomplish it; similarly, if a goal is too easy it’s prone to fall into a procrastination pile for the same reasons. Because of this, a smart goal must be both challenging yet achievable.

Realistic: Goals should be realistic within the set time frame. You need to give yourself enough resources to ensure the goal is achievable. Ask yourself if you’re able to commit to the goal and if it’s one that has previously been accomplished within similar parameters.

Timely: Specify a timeline that includes a set starting and ending date to complete your project. You need to remember to allow yourself ample room for error or delay while also setting reasonable time frames to create a sense of urgency so you’re more likely to start on it.

Smart Goals and Objectives for Internal Audits

When setting out to create objectives for internal audits, it’s a good idea to include a list of benefits for successfully completing the audit to help remind you of why you’re doing this. Personal goals and ambitions can be tied in with the company’s objectives here to help lend it a more personalized touch.

Prior to setting out your plan of action, brainstorm on topics such as availability of possible mentors during the process, connections and previously encountered obstacles. These may come in handy during the auditing process and help you to better understand your options.

A good general action plan may look like this:

  1. Interview management, decide audit scope while setting parameters, decide on suitable audit procedures.
  2. Test out and experiment in reference to scope decisions to ensure these are fair parameters.
  3. Study and document various systems or operations in perspective of the audit.
  4.  Identification of potential risks in operations as well as suggested changes.
  5. Communicate with management regarding the previous phase and finalize changes.
  6. Finish documentation and include findings of the audit.
  7. Include a safety buffer of timing in case of unexpected delays in the previous procedures.
  8. Successful completion of the Audit.