If your organization is ready to become ISO 9001 certified, there are a number of steps you can expect to go through on your path to certification. Once an organization has decided to obtain certification and has made a choice of the certification body (CB), the organization must:
Make a formal certification application to the CB.
- Fill out the application forms, which require a large amount of information about the organization and its operations. This will enable the CB to determine the scope of the certification activities and to appoint the team leader for the audit process.
The initial certification audit consists of a two-stage audit as described below:
The Stage 1 Audit determines if an organization is ready or not for a compliance audit.
- Organizations need to supply all relevant management and quality documentation to the CB.
- The CB determines if the organization is ready or not to undergo Stage 2 or compliance audit.
- If the organization is not ready, the CB will inform accordingly and stop the process.
- If the organization is ready, but a few nonconformities have to be rectified before the compliance audit can take place, the CB will provide the organization with a report.
- After nonconformities have been corrected, the organization must inform the CB, and if they concur with the actions taken, a compliance audit is arranged.
The Stage 2 Audit evaluates the implementation and effectiveness of the organization’s QMS.
- The team leader assembles a team of auditors and experts concomitant with the organization’s scope of activities, complexities and size of operations.
- A time for the audit is agreed and scheduled.
- Auditors will assess whether the contents of the documentation provided is consistent with the activities of the organization as well as the requirements of the standard.
- Overall findings and the list of non-conformities (if any) are presented.
- If the QMS complies with the requirements, the team will recommend to the certification committee of the CB that the organization should be certified.
- If there are non-conformities found, the team will agree with the organization a time schedule (typically 3 months) and the modalities for rectifying the non-conformities.
- The team may wish to witness the new procedures, or if the non-conformities are of a minor nature, the organization can send them evidence that these non-conformities have been fixed.
- The team will recommend to the certification committee of the CB that the organization should be certified.
- Authorized persons or a committee which was not involved in the audit will review the audit report and the clearance report of the nonconformities and make a decision regarding certification.
- The decision will be followed by the issue of certification documents.
- The CB will conduct a surveillance audit usually once a year.
- There are a few areas that will always be included in the surveillance audit, such as internal audits and management reviews as well as the non-conformity system.
- If any non-conformity is raised during the surveillance audits, the organization must correct them efficiently within an agreed time frame, otherwise certification may be lost.
- In the third year of certification, a re-certification audit will be conducted, similar to the original compliance audit.
- If this is negotiated successfully, the organization will be recertified for another three-year period, and the whole cycle repeats itself.
To the novice quality manager, ISO jargon can be extremely overwhelming. What is an NCR? What do you mean by OFI? Are we certified or accredited? But before you go and pull out your hair, let’s take a moment to go over some of the most frequently used terms and their definitions with regards to ISO and Management System Certification.