12 Simple Steps to Certification

Achieving certification to standards such as ISO 9001 or ISO 14001 can seem daunting. To help those new to the implementation process, here are the steps you need to take in plain English.

  1. Choose the right standard. Don’t feel pressured into needing certification to a specific standard if it’s NOT going to add value to your business. Management system standards exist to manage associated risks, and to provide assurance of best practice to interested parties. Choose the standard that is going to help your business grow.
  2. Read the standard! I have met with many organisations over the years who are keen for certification but haven’t actually read the standard. In some cases, they haven’t even purchased a copy of it. If you are serious, get the standard and read it. You need to know what the requirements are to judge the size and complexity of the task ahead.
  3. Communicate your intent. Implementing an ISO management system needs to be an organisation-wide target developed by senior management. Ongoing effort will be needed to ensure good habits are maintained throughout the process, so a ‘champion’ will be needed, or a dedicated team if you work in a larger organisation. This person or team will also need to be responsible for developing the actual management system. Gaining buy-in is one of the biggest challenges whilst on the route to achieving certification.
  4. Educate. Do you have the required experience, knowledge and skills? Identify any training or coaching needs. Many organisations use external expertise. Decide what is right for you and organise it.
  5. Define your objectives. Every management system standard requires objectives. Many companies set off on the wrong foot and begin writing procedures. Start at the top – what are your overall goals for the management system? What are your current challenges which the system will help you manage and improve?
  6. Ignore the standard! Instead of writing a system that looks just like the chosen standard, write a system that defines how your business operates. Then, build the standard in. The Management System is formed of processes for management activities, provision of resources, production realisation, measurement, analysis and improvement.
  7. Contact the certification company of your choice. There are several to choose from, such as BSI, ISOQAR, etc. Do your research and create a relationship with the company which you feel represents your values.
  8. Implement the system and check it. Get some internal audit awareness and training, and check your system is effective. Correct any discrepancies.
  9. Stage 1. Certification starts with what’s known as a ‘Stage 1 Audit’. This is when an auditor reviews your existing systems and provides you with a gap analysis report which will identify the actions required to meet the standard. This can be used as a helpful action plan, so don’t worry if you think you’re under prepared.
  10. Stage 2. Once your organisation is ready and has filled the gaps highlighted in the Stage 1 report, an auditor will visit you again to carry out what’s known as the ‘Stage 2 Audit’. This will reveal the effectiveness of your management system and whether it meets all the requirements of the specific ISO standard you wish to be certified to (e.g. ISO 9001 and/or ISO 14001). If you are fully compliant, you will be recommended for certification. The auditor’s report will then be checked via an approvals process (such as UKAS) and if no anomalies are identified, certification is officially awarded.
  11. Communicate the news! Achieving certification is a milestone for any business, and can create an industry benchmark. Your customers, suppliers, contacts and prospects all need to know about it.
  12. Maintain your certification. The maintenance of your management system is where the hard work really starts. Continued buy-in from everyone is important for implementation to succeed, and for you to gain the true benefit of becoming certified. In-house communication and training should be carried out regularly to ensure ongoing awareness and engagement with staff. More formally, internal audits should also be carried out to ensure the requirements of the standard are continually met.

If you need help or advice with any of these steps, just send me an email and I will be happy to assist.

Back to Blog