An organization wishing to gain certification needs to be committed to the journey and once certification is obtained, they also need to be as committed to the maintenance and committed to regular review, assessment inspiring the identification and implementation of continual improvement throughout the three-year certification cycle. All ISO certification process is based on a three-year certification cycle once the certification is registered (36 months) consisting of but not limited to:
- Certification administrative activities
- Certification readiness audit
- Certification, Initial Audits
Stage 1 audit & Stage 2 audit
- Certification – 3 Year Audit Program- A three-year Audit Program is designed to create a framework to document all the proposed activities (at a high level) during the 3-year certification cycle.
- Annual Surveillance 1 (completed within 12 months of certificate registration),
- Annual Surveillance 2 (completed within 24 months of certificate registration),
- Re-certification Audit (completed within 36 months of certificate registration)
- Certification process as below:
- Certification –Audit calculation & Minimum determined man-days,
- Certification – Determine the Scope,
- Certification – Assign Lead auditor, Auditor & Expert,
- Certification –Quotation
- Certification – Audit Plan(S)
- Certification – Initial Audit
The initial audit (which is the mandatory requirement) is conducted in two stages.
- The first step of the ISO audit process is a ‘Stage 1’ audit. This audit has two main purposes; firstly, it ensures that you have the quality management system is in place and is ready to audit Secondly, it helps the audit body confirm the scope of activity and plan the Stage 2 audit. Typically, the Stage 1 ISO audit is a desktop review (Stage 1 draft audit is supplied to the client for feedback, clarification, tentative scheduling, and once all items are confirmed, for final sign-off). As a result of the Stage 1 audit, if all goes well, you will be recommended to proceed to Stage 2. If not all the requirements are met, your report will detail the issues to be resolved prior to the next audit, or you may need to repeat the Stage 1 process. The Audit plan is the foundation of all the activities conducted within the given audit.
- Initial – Stage 1 draft audit is supplied to the client for feedback, clarification, tentative scheduling and once all items are confirmed, for final sign-off.
- The second step of the ISO audit process is the ‘Stage 2’ audit. This expands on the Stage 1 audit. You will have a short repeat of auditing the documentation, but the main focus of the audit will be on the ‘operational’ aspects of the organization. Initial – Stage 2 draft audit is supplied to the client for feedback, clarification, tentative scheduling and once all items are confirmed, for final sign-off. The Audit plan is the foundation of all the activities conducted within the given audit. At this stage, the auditor will be asking questions of the team and what roles they have, as well as seeing what they do close-up, and whether they understand the policies of your ISO management system. Initial Stage 2 – is an audit focused on a full certification audit, a review of the documentation in relation to the requirements of a given standard. The auditor(s) will audit the ensure that the business practices performed by the organization management, staff, contractors, etc. match what is claimed by the client within the identified documented information. You will need to show evidence that the system has been running for a reasonable period of time. This will be done by showing examples of your day-to-day work. You will need to have completed a full round of audits (that’s at least 1 full audit from planning to review).
- NB: One or more follow-up audits may need to be scheduled, auditors will complete such audits if any NC’s are raised during Stage 1 and or Stage 2 audit.
- Receive Certificate & Certificate Registration
- At Stage 2, if there are no issues, you will be recommended for Certification to ISO. The auditor does not award the Certificate but instead makes a recommendation in the report. The report is sent back to the NTCL and the CB Technical Committee will check that the correct auditor was used, that appropriate evidence was reviewed, and that the audit was of suitable duration. Depending on the NTCL, you may wait between 1 and 2 weeks for your Certificate. NTCL certification determination committee consisting of NTCL Senior Manager(s) and NTCL Technical manager (who have not been involved in the auditing process for the given client) reviews the:
- certification proposal
- any other notes, observation, and supporting evidence available
- stage 1 & stage 2 audit plans
- stage 1 & stage 2 audit reports
- stage 1 & stage 2 auditor recommendations for certification
- NTCL ‘s one of team member facilities the creation and dispatch of the certification certificate, the creation and dispatch of the client certification pack highlighting a number of certification administrative activities for the given client, the use of marks and relevant rules and guidelines on the client marketing the certification certificate.
Certification –Surveillance (12 Months-24 months)
- It is a requirement for our audit team to conduct a number of surveillance audits during the three-year certification cycle. Following on from the third step in the ISO audit process is the ‘Surveillance’ phase. The Surveillance audits look at the updates on the quality management system, such as Internal Audits and any Management Reviews that have been completed. These audits will be carried out after 12 months. As well as the quality management system documentation, the audit will cover a sample of the operational processes. If your scope covers activities such as installation, then site visits will take place. Over the two surveillance periods, they will cover all the operational processes you operate. As a standard two surveillance audits must be conducted during the 3-year cycle.
- Annual Surveillance 1 (completed within 12 months of certificate registration) & Annual Surveillance 2 (completed within 24 months of certificate registration),
- Surveillance 1 needs to be successfully completed within 12 months of the registered certification date to ensure the validity of the registered certificate past the first 12 months & Surveillance 2 needs to be successfully completed within 24 months of the registered certification date to ensure the validity of the registered certificate past the first 24 months,
- Successful outcome of the audit finding (audit report) of Surveillance 1, will ensure that the client will further benefit by Certification registration for the next 12 months & Successful outcome of the audit finding (audit report) of Surveillance 2, will ensure that the client will further benefit by Certification registration for the next 12 months.
NB: Both Surveillance 1 and Surveillance 2 require a confirmed Audit plan, audit reports with relevant summary of finding & One or more follow up audits may need to be scheduled and completed, if and when any NC’s are raised during a surveillance audit.
Certification – Re-Certification (36 Months)
- The final step in the ISO audit process is ‘Recertification’. The audit will take a longer view on the system and review what the Organization has learnt and how it has progressed during the three years of operating the ISO Management System as well as NTCL will also maintain communications over the 3-year certification cycle, and will work with the client to initiate a re-certification Audit within 36 months of the current registered certification date (provided the client wishes to maintain their Certification). The Recertification audit will look forward as well, at the quality objectives and planning that the organization has made for the forthcoming trading period. The recertification audit will set the forthcoming audit plan for the next three years.
- As a result of a successful audit, the Certificate will be re-issued for a further three years and the Surveillance programmed will begin again.