To the novice quality manager, ISO jargon can be extremely overwhelming. What is an NCR? What do you mean by OFI? Are we certified or accredited? But before you go and pull out your hair, let’s take a moment to go over some of the most frequently used terms and their definitions with regards to ISO and Management System Certification.
Are you Accredited, Certified or Registered to an ISO Standard?
First things first. You are not certified to an ISO Standard, your company’s management system is certified. Individuals cannot be certified to an ISO Standard. However, individuals can receive training to become auditors to audit companies against an ISO Standard. For example, you may seek training and personnel certification to become an ISO 27001 Lead Auditor. You cannot be certified to ISO 27001.
The terms ‘’accreditation’’ “registration” and ‘’certification’’ are sometimes used interchangeably, but they don’t share the same meanings, technically.
An organization is considered certified to an ISO Standard if they have developed and maintained a compliant management system that has been audited by a third-party auditor from an accredited Certification Body (CB). To maintain certification, the organization will undergo annual audits from the CB to verify continuing compliance to the specific standard. A certification document or a certificate will be issued as an attestation of conformity of an organization’s management system to a specific management system standard or other normative requirements. Certification can be revoked if regular audits are not conducted, or if your management system persistently or seriously fails to meet certification requirements.
Accreditation is how an authoritative body provides formal recognition that an organization is competent to carry out specific tasks. Accreditation Bodies (AB) accredit Certification Bodies (CB) that demonstrate competence to audit and certify organizations conforming with management system standards. The accreditation process ensures impartiality and competence and fosters confidence and acceptance of the CB’s certifications by public and private sector end users. Accreditation provides assurance to customers that CB’s operate according to internationally accepted criteria.
Registration is another term for Certification. The terms Registration and Registrar are not used much anymore in this industry and Certification is now the preferred term.
Audits, Auditing & Auditors
Auditing is the systematic process of collecting and evaluating information about an organization’s management system to determine their level of compliance with the standard they are being audited against.
Types of Auditors
Management system consultants provide organizations with specific advice, instructions or solutions towards the development, implementation, and maintenance of a management system. They may also prepare or produce manuals or procedures for the management system.
An internal auditor is a company employee who independently and objectively evaluates the operations of an organization’s management system. Internal auditors perform internal assessments of the organization and prepare reports for management.
Note: Internal audits are required by ISO management system standards but cannot be used to grant certification to an organization.
Individual(s) who conducts the audit(s) on behalf of the certification body. Unlike a consultant or internal auditor, third-party auditors are impartial. Their job is to collect and evaluate objective evidence to determine if the management system complies with the ISO Standard. Based on these findings, the CB will make a recommendation for certification.
A Certification Body (CB) is an accredited third-party organization that audits and issues certificates to companies seeking certification to various ISO Standards. CB’s obtain accreditation to be able to certify to a specific ISO Standard(s). CB’s are audited by Accreditation Bodies (AB) to ensure impartiality and conformity of their work and processes.
An Accreditation Body (AB) is an organization that provides accreditation services. AB’s provide formal, third party recognition that a Certification Body is competent to issue certification to specific ISO Standards.
The ISO Lingo – Commonly Used Term & Definitions:
The following Terms & Definitions are from ISO/IEC 17021-1
organization whose management system has been certified
presence of objectivity ; freedom from conflict of interest / bias
Note 1 to entry: Objectivity means that conflicts of interest do not exist, or are resolved so as not to adversely influence subsequent activities of the certification body.
organization whose management system is being audited for certification purposes
person who conducts an audit
ability to apply knowledge and skills to achieve intended results
person appointed by the client to assist the audit team
person who accompanies the audit team but does not audit
area characterized by commonalities of processes relevant to a specific type of management system and
its intended results.
Note: The term “technical area” is applied differently depending on the management system standard being considered. For any management system, the term is related to products, processes and services in the context of the scope of the management system standard. The technical area can be defined by a specific certification scheme or can be determined by the certification body. It is used to cover a number of other terms such as “scopes”, “categories”, “sectors”, etc., which are traditionally used in different management system disciplines.
non-fulfilment of a requirement
Major Nonconformity (Major NCR)
a nonconformity that affects the capability of the management system to achieve the intended results.
Note: Nonconformities could be classified as major in the following circumstances:
- if there is a significant doubt that effective process control is in place, or that products or services will meet specified requirements;
- a number of minor nonconformities associated with the same requirement or issue could demonstrate a systemic failure and thus constitute a major nonconformity.
Minor Nonconformity (Minor NCR)
a nonconformity that does not affect the capability of the management system to achieve the intended results.
person who provides specific knowledge or expertise to the audit team. Specific knowledge or expertise is that which relates to the organization, the process or activity to be audited.
conformity assessment system related to management systems to which the same specified requirements, specific rules and procedures apply
time needed to plan and accomplish a complete and effective audit of the client organization’s management system
Duration of management system certification audits (Audit Duration)
part of audit time spent conducting audit activities from the opening meeting to the closing meeting, inclusive.
Audit activities normally include:
- conducting the opening meeting;
- performing document review while conducting the audit;
- communicating during the audit;
- assigning roles and responsibilities of guides and observers;
- collecting and verifying information;
- generating audit findings;
- preparing audit conclusions;
- conducting the closing meeting.
Opportunity for Improvement (OFI)
Situations where the evidence presented indicates a requirement has been effectively implemented, but based on auditor experience and knowledge, additional effectiveness or robustness might be possible with a modified approach.