ISO Certification is a seal of approval from a 3rd party body that a company runs to one of the internationally recognised ISO management systems. The certification can be used to tender for business as a proof of a company’s credibility but also to install confidence in the potential client that you will keep your promises.
Frequently Asked Questions
Frequently Asked Questions
Here at ISO Quality Services Ltd. we like to ensure that ISO Certification is easy to understand and in line with that philosophy, here are the most frequently asked questions that we are asked by prospective clients. If your question does not appear here, please contact us and we will endeavour to answer it.
- 2: Why would I want ISO Certification?
ISO certification is a statement to your stakeholders, employees and senior management that the business wishes to operate to a set framework in order to achieve its company objectives. Be this customer satisfaction objectives, production objectives or environmental objectives etc. By setting yourselves the task of maintaining an external certification you are proving the company’s commitment to these objectives as well as increasing the credibility and customer confidence in the brand / service or product.
For example by running a quality management system, a company can stay in control of its processes and procedures, ensure if anything does go wrong it is rectified quickly, efficiently and to the satisfaction of the customer. It can also ensure a smooth line of communication between employees, suppliers and customers at all times.
Many public and private sector tenders request ISO certification as either a pre-requisite to moving to the next stage or as a filter to remove companies from the tender process. By achieving the ISO certification that your customers give weight to, ensures that you are on a ‘level playing field’ with your potential competitors and improves your chances of successfully tendering. Many companies we work with report a major internal efficiency improvement which allows them to achieve greater results both in a sales and operational capacity.
- 3: What does ISO certification cost?
ISO Certification costs vary dependent on the size of an organisation and the level to which the company is already run with regards to processes and procedures. If you decide to implement more than one standard at the same time, there are some preferential fees available. We are a fixed fee organisation, which means once we have met you to discuss your requirements and sent you a formal quotation, this fee is then set. We will not charge you any extra then what is specified, so that you know from the outset your costs and the payment method.
Due to our proposals being bespoke and the number of variables that can affect the cost of implementation, we do like to meet our potential clients so as to get to know them a little better before providing them with costings.
- 4: How long does it take to achieve ISO certification?
We aim for a 6-8 week delivery period, but again this can vary from organisation to organisation. We will never delay the process, however we understand that things can happen that may mean you require a small delay. We will accommodate this where possible; however for those who are looking to achieve the certifications as soon as possible, we will endeavour to ensure you obtain your certification within our standard timescales.
After the quotation has been accepted and the deposit payment has been received we offer all of our clients a letter that you can send to your potential clients or include with tenders, to confirm that you have entered the process and that you will be fully certified within 6-8 weeks. This is normally sufficient to move forward with a tender process. This can then be followed up by an announcement letter stating that you have achieved the ISO certification.
- 5: How do I obtain ISO certification?
Our main ethos is to keep the process for you, the customer, as simple as possible. We undertake an initial assessment of the company, to see where the company currently stands with regards to the chosen ISO system. From this we make a series of recommendations on what needs to be done to become compliant (we will not make any major procedure changes unless absolutely necessary).
We will then draw up a plan for implementing the recommendations (to be completed over the next 6-12 months), complete as many of them for you as possible, write your manual and mandatory standard operating procedures (as required by the standard) and then 6-8 weeks after the first initial assessment visit come back to present the manual with your ISO certification.
You will be certified from this point forward. The systems are focused on continual improvement, therefore we will visit you on a regular basis to ensure that you are on track with the recommendations and ready for re-certification year on year.
- 6: What is ISO accreditation and is it different to certification?
It is important to understand that ISO certification and ISO accredited certification are two different things. ISO accreditation or ISO accredited certification is when a company has achieved an ISO and / or a BS standard by a certification body that is accredited by UKAS or equivalent.Every country has its own version of UKAS (i.e. for Ireland its INAB) and although they are not akin to government, they act as the governing body for certification companies.
Please note that there is only one true accreditation body in each country and any other forms of ‘accreditation bodies’ maybe be misleading. In most countries accreditation is a choice and not an obligation. BSI and the International Organisation for Standardisation themselves actually state that ‘the fact that a certification body is not accredited does not mean that it is not a reputable organisation, for example a certification body operating nationally in a highly specific sector might enjoy such a good reputation that it does not feel there is an advantage for it to go to the expense of being accredited’.
Whilst neither may be viewed by the majority of clients as better than the other, there are a few major differences that are worth being aware of. The main difference being an accredited certification body is unable to implement the systems into the business during the certification process the way we or any other certification body is able to. They can only perform the functions of an assessment / audit body and must not have any involvement in the set-up process. This can therefore mean having to employ a company such as ourselves as the consultant to implement the system and have the accredited body in the certify it.
This not only adds additional expense to the client but also can delay the time it takes to achieve the certification. On the other hand, not only can a certification body act as the consultant to implement the systems into the company, they can certify the company once compliance has been met and then offer support and guidance throughout the year to ensure the company maintains its certification and most importantly uses the systems to the benefit of the company on an on-going basis.
- 7: What is an audit?
An audit is the process by which a company shows evidence of working to the required system and this is a compulsory element of the ISO / BS systems. A qualified auditor will attend your premises in order to assess your management system against the ISO/BS Standard that you are certified to, and will request to see evidence resulting from the companies processes and procedures to ensure the system is being used and maintained on a regular basis.
The auditor will typically compose a report, analysing your management system and the use of, against the clauses of the standard. ISO Quality Services Ltd will also provide you with recommendations for improvement that will have been agreed with you to assist you to drive the system forward to enable continuous improvement, thus getting the most out of the standard/s.
- 8: Why do I need to have an audit?
Auditing is a required element of the ISO/BS Standards. It is the proof that the system you have implemented is fit for purpose and continually improving. It is the regular check that you are managing the system/s consistently.
The guidance that you will receive at the internal review stage will help you to effectively manage your management systems and remain compliant to the relevant standard/s. The auditor will help you to identify which aspects of the management system require improvement; this will provide you with the ability to develop and enhance the management system through a set of focused action points in a step by step approach.
- 9: Why does ISO Quality Services offer internal reviews and validation audits each year?
From experience we know that by leaving a client from point of presentation until the first validation meeting at month twelve, 9 out of 10 clients will delay completing the majority of the work until month eleven. They then find the validation process time consuming, stressful and therefore sometimes don’t see the real value the system can add to the business. By visiting you on a more regular basis than some of our competitors, our clients have indicated that they feel more supported and more confident about being on track to be re-certificated at the end of the year. It ensures the process is less stressful as they have the time to iron out any concerns in a health check style review session.
We feel the 6 month internal review allows clients to improve their understanding of what is expected whilst allowing the company to enjoy significant improvements to their business. As the system matures over time these sessions then allow the company to delve deeper into the management system and ensure it is always put to good use. The client therefore does not view certification as a ‘tick box’ exercise require to meet the demands of current and potential customers, but as a valuable business tool, that through the on-going support from our expert consultants, assists the company to realise the real benefit of having an effective business management system.
- 10: Why does ISO Quality Services send a different assessor for the healthcheck?
We adhere to the best practice of having a different assessor for the mid-year healthcheck review, where possible, as this ensures assessors are not auditing their own work.
It also gives each client the reassurance that we always have two trained assessors who understand their business and can provide advice.
- 11: What ISO standards do I need?
There are over 16,500 different management standards, therefore finding the ones that are right for your business can sometimes be confusing. The best place to start is ISO 9001 quality management, as this is the core standard that most of the other well-known standards are based on. It’s focused on customer service and ensuring your customer receives the service they want, at a time that’s relevant for a cost that’s fair.
Based on your company’s activities there may be additional ‘bolt on’ standards that might complement the business i.e. as waste and recycling company may benefit from the ISO 14001 environmental management as this is a fundamental element for their industry, or a manufacturing business might benefit from the ISO 45001 health and safety as they use lots of heavy machinery which could have risks associated. The best way to find out which standards are most relevant is to contact us today and let us know about your business. We can then send you the details of the standard/s most relevant to your company.
- 12: What is a non-conformance?
A non-conformance is when something within the business doesn’t go according to plan, which may result in a customer complaint or a delay in the normal process. These are to be viewed as ‘opportunities for improvement’ and are recorded so that trends can be identified and action can be taken.
- 13: We've already got CHAS and Safe Contractor - why would we need ISO 45001 Certification?
ISO 45001 underpins a company’s entire health and safety management system. It gives the company the framework to manage the health and safety system as a whole, including on and off site working. Companies who run a 45001 system in conjunction with either CHAS or Safe Contractor find it much easier to manage the overall health and safety of its employees, visitors and customers. It allows the company to tie together every aspect of the its activities that may have a health and safety risk attached.
- 14: We have a security policy in place. Why do we need an ISO 27001 information security management system?
Possession of a security policy by itself does not prevent breaches; staff need to understand it and put it into practice. Only 26% of respondents with a security policy believe their staff have a very good understanding of it; 21% think the level of understanding is poor. The Economist 2002, explained that: “The human side of computer security is easily exploited and constantly overlooked. Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain; the weakest link is people”.
According to one survey conducted by Infosec (2012) 70% of large organisations detected significant attempts to break into their networks in the past year. The average cost of the worst security breach for large organisations was between £110,000 and £250,000 whereas for small business the cost ranged from £15,000 to £30,000. The root cause, the survey report said, was often the failure to invest in educating staff about security risks, with 75% of organisations where the security policy was poorly understood experiencing staff-related breaches.
- 15: As a company we have back ups, virus protection and passwords - why do we need ISO 27001?
Threats to information security do not come through IT alone. Unhappy staff, resentful ex-employees, deceitful managers and competitors can all have access to your confidential information and can use this to the detriment of the business and its reputation. This can be purposeful or accidental. Information is not confined to electronic format but encompasses all forms of communication including verbal and hard copy.
The ISO 27001 promotes that adequate training and records are in place for all staff so that they know what is expected of them. This can prevent any accidental breaches of security.
- 16: What is ISO 9001?
ISO 9001 is a quality management system that can be integrated into any business. It is focused on ensuring the business delivers a consistent level of quality to its customers by having well defined and regularly reviewed processes and procedures. The system fully integrates within the existing business procedures and becomes part of the culture within the organisation. Eventually a business will not perform a task to conform to the ISO 9001, it will perform the task for the good of the business. The system covers eight main business principles which are:
Involvement of people
System approach to management
Factual approach to decision making
Mutually beneficial supplier relationships
- 17: What is ISO 14001?
ISO 14001 is an environmental management system that can be integrated into any business. The main focus of an environmental management system is to reduce costs, reuse resources and if unable to reuse, recycle as much as possible. It forces a company to be aware of and control the aspects of the business which have an environmental impact. It can highlight areas within the business that have high consumption and / or wastage therefore leading to cost savings, and in certain industries ensure the company is maintaining its legal and regulatory requirements.
As it’s nearly impossible to expect a company to be 100% environmental friendly, the system is focused on encouraging a business to either reduce the use of raw materials or if this is not possible to maintain the usage of these materials on an on-going basis. The system allows the company to set their own targets therefore allowing you to create achievable objectives without compromising the general day to day activities of the business.
- 18. Do I still need a manual in the new ISO 9001:2015 or ISO 14001:2015?
The newer versions of these standards do not have a requirement for a manual. Whilst this is the case the standard does still require that some information is documented such as internal/external issues/stakeholder needs and expectations. On this basis there is an argument for a manual to help you effectively evidence this.