Whether improving internal ISO processes or meeting the demands of customers and regulatory bodies,
ISO standards are a beacon of excellence and reliability in the global marketplace. This comprehensive guide is designed to clearly explain achieving ISO certification, outlining a straightforward, step-by-step process tailored to prepare your organisation for success.
Let’s start with clarifying the differences between ISO accreditation and ISO certification. Generally speaking, accreditation and certification are recognised terminology and are often used interchangeably. The differences between accreditation and certification include:
- In the UK, UKAS is the only accreditation body, while there are several certification bodies, including BSI, SGS, BV etc.
- ISO accreditation is an assessment of an organisation’s competence and impartiality and the compliance of its work with nationally and internationally recognised standards or schemes, such as the ISO 15189 medical laboratory testing standard, often granted for certain activities.
- ISO certification is a written assurance by a third party (certification body) via audit that an organisation has met specific ISO standards which cover the company as a whole, such as ISO 9001 Quality Management Systems.
1. Identify the organisation’s and/or customer’s needs
To begin the journey toward ISO certification, an organisation must first identify its own needs as well as those of its customers. This involves a thorough analysis of current processes, identifying areas for improvement, and understanding the specific requirements that the ISO standard will address. This foundational step ensures that the quality management system (QMS) aligns with strategic objectives and customer satisfaction.
2. Seek support, e.g., experts or consultancy group
Once the needs are identified, the next step is to seek external expertise. This can involve hiring a consultant with experience in implementing ISO standards or engaging with professionals who specialise in the particular ISO certification the organisation is pursuing. External experts can provide valuable insights, help avoid common pitfalls, and offer guidance on best practices for successful certification.
3. Obtain a copy of the ISO standard
Once the organisation has decided on the ISO standards it will pursue, acquiring the relevant ISO standard document is essential. The standard provides the specific criteria and requirements that the organisation must meet. It acts as a blueprint for building the QMS and lays out the principles and expectations for compliance. It’s important for the organisation to thoroughly review and understand the standard to ensure all aspects are covered in the preparation process. ISO standards are available on the BSI shop.
4. Define scope and responsibilities
Defining the scope involves deciding which parts of the organisation will be included in the QMS, what the boundaries will be, and which activities need to be accredited. This includes delineating the processes, departments, and functions the ISO standard will encompass. Responsibilities must be assigned to ensure that everyone involved knows their role in maintaining and implementing the QMS. A clear definition of scope and responsibilities is crucial for a focused and effective implementation. The responsibilities to develop and maintain a QMS should be organisational-wide, involving all departments, and should not fall under one person or department. It is essential to recognise these management commitments and involve as many people as possible at this stage.
5. Identify and engage with certification or accreditation body
Identifying and contacting certification or accreditation bodies should happen when the organisation is committed to pursuing the accreditation or certification, which may occur earlier or later than this stage on the flowchart. In the process of selecting certification or accreditation bodies, you should bear in mind whether the ISO standard needs to be accredited or certified, as explained above. Identifying the correct accreditation or certification body involves researching which ones are recognised and respected in the industry and region. Engagement with the certification or accreditation body early in the process can provide additional guidance and ensure the organisation understands all the certification requirements.
UKAS is the sole accreditation body in the UK. To apply for UKAS accreditation, you must submit a “UKAS application form” along with the corresponding “AC form” based on the accreditation; these can be found on the UKAS website.
6. Risk assessments and measures to address risks
Risk management is a core element of most ISO standards. The organisation must conduct thorough risk assessments to identify potential issues that could affect the quality and delivery of its products or services. Once risks are identified, measures must be implemented to mitigate or eliminate these risks. This proactive approach is key to ensuring the QMS can handle potential challenges effectively. All risks identified and mitigation steps should be documented in detail.
7. Define and document procedures and processes
All processes within the scope of the QMS must be clearly defined and documented. You will first need to identify the document procedures required by the selected ISO standard; here is a link to an article about documents required by ISO 17025:2017 and ISO 15189:2022, which we have summarised. This documentation should include the procedures, responsibilities, interactions, and standards to which they must adhere. The purpose of this documentation is to ensure consistency and repeatability of processes, which is essential for quality control and continuous improvement.
8. Training, implementation of procedure
Training is critical to ensure that all personnel understand the QMS, their specific responsibilities, and how to execute the procedures correctly. Effective training programs will communicate the importance of the ISO standard, as well as the practical steps employees need to take in their daily work to comply with the standard. Once training is complete, the procedures can be implemented throughout the organisation.
9. Perform inspection readiness audits
Before the formal assessment by the certification or accreditation body, the organisation should conduct systemic audits on the implementation of the QMS and readiness for inspection. These readiness audits are a dress rehearsal, identifying any gaps or areas that need improvement and ensuring that the organisation is fully compliant with the requirements and is prepared for the accreditation process.
10. Address findings and be ready for the initial assessment
The findings from the inspection readiness audits must be addressed promptly. This involves correcting any non-conformities and improving the QMS. Once the organisation has taken all necessary actions, it should be ready for the initial assessment by the certification or accreditation body. Success in this assessment will lead to ISO certification or accreditation, signifying that the organisation meets international standards for quality.
For advice to help your organisation benefit from ISO accreditation, contact the experts at The knowlogy.