ISO COMPLIANCE Guide to ISO Certification

ISO COMPLIANCE Guide to ISO Certification


ISO certification if implemented correctly can produce numerous benefits for a business. An ISO certified company can meet the requirements of its customers in a more professional way; it can attract new customers which can result in increased revenue streams, improved promotion of its brand which can lead to improved market share.

With the help of ISO certification, you can improve your business through increased customer satisfaction. Nowadays, it has become a highly significant aspect for any business, and the reason why many organisations will only do business with companies that have ISO certification. To survive the tough competition, you need to establish long term relations with your customers and, in this regard,

ISO certification can play a highly significant role.


Selecting the Right Consultant

Key Considerations when Selecting your Consultant

The ISO COMPLIANCE Approach Continual Improvement and Transparency The Road to Implementation

Learn about the Standard

Perform a GAP Analysis

Prepare a Project Plan

Train your Employees

Document your Management System

Implement your Management System

Audit your Management System

Prepare for Certification

Preparing for your Certification Audit

Utilising Your Certification

Press Release Service Website News Website Badges ISO COMPLIANCE Website and Twitter Flags and Banners


Certification, Registration and Accreditation A Brief History of ISO

To obtain ISO certification, many businesses choose to use the services of consultancy organisations, such as ISO COMPLIANCE Ltd. Consultants play an important role in getting a business ISO certified. It takes a lot of informed decision-making to select the most suitable Consultant. While selecting and finalising your expert, the very first thing to take into account is their experience and their capability to meet your requirements. After experience and capability, look at the variety of products and services the company offers.

Should an organisation choose to implement an ISO management system alone, it may prove to be time consuming, difficult and ineffective. The right ISO Consultant can ensure that your ISO is delivered in budget and on time.

The implementation of an ISO management system can be broken down into a number of manageable steps; these steps are described in this document and ISO COMPLIANCE will assist you through each phase of the implementation process, to ensure that your organisation reaps the rewards to be gained from having an ISO management system embedded into your organisation and culture.


1. Ask for references.

Can the Consultant provide you with evidence of previous customer successes? Choose a Consultant with a proven track record.

2. Do they have the capabilities to meet your requirements?

Satisfy yourself that a consulting firm has the background, expertise and resources to meet your unique needs.

3. Are you a good match?

Make sure the Consultant’s approach and style are a good fit for your company’s culture. The relationship with your ISO Consultant should form the foundation for a business partnership.

4. Additional services.

Does the Consultant have resources available and experience in order to supply you with internal training with measurable results that fall to the bottom line?

5. How flexible can they be?

Select a consulting firm that provides onsite implementation assistance and training in order to minimise operational disruptions. In order to gain a thorough understanding, your Consultant needs to spend time in your business.

6. Thorough planning.

Choose a Consultant who presents a realistic timeline and fully explains the responsibilities of your organisation during the implementation process.

7. Established and reliable.

Confirm that the Consultant offers a choice of well-established certifying bodies. Ensure the Consultant has a close working relationship and will work closely with the certifying organisation to ensure a successful certification audit.

8. Marketing.

Do the Consultants have the resources to help you promote your ISO status after successful certification? Your ISO certification should not be your best kept secret.


The ISO COMPLIANCE approach is based on a key set of principles in order to create balanced and sustained results for our clients:

Fixed Fee ISO COMPLIANCE ISO implementation is priced at a fixed rate from day one. No hidden charges, no unexpected invoices. The price you see is the price you will pay.

Flexible Implementation ISO implementation with ISO COMPLIANCE will be bespoke to your organisation, designed to fit around your business requirements and schedule.

Expertise Full Service All ISO COMPLIANCE Assessors have been successfully trained to the highest standard by an IRCA, or equivalent, approved training body and have earned a reputation of integrity for contributing value and best practice. ISO COMPLIANCE guarantees that your Assessor will be highly qualified and trained to assist your business to ISO certification.

ISO COMPLIANCE offers full implementation; we will produce the manuals and make the process as simple as possible by improving systems already in place.

Training ISO COMPLIANCE offer training to supplement your ISO; training with ISO COMPLIANCE is flexible and delivered by experienced ISO COMPLIANCE Trainers.


Corporate shenanigans have plagued organisations and shaped businesses and economies throughout the ages and, in the wake of recent failures in corporate governance, the emphasis on the need for businesses to operate a programme of continual improvement and disclose corporate information quickly and effectively continues to increase due to pressure from industry regulators. Irregularities in financial management, ethical dealings, disclosure, natural disasters affecting entire economies and transparency of decisions becoming commonplace has meant that organisations have an obligation to follow certain guidelines in how they conduct their business. The implementation of ISO standards addresses these directly.

ISO standards enable organisations to work to a methodology, a systematic approach, aligned with organisational objectives and strategies. Adopting the standards demonstrates a proactive approach addressing the increasing demand by regulators to provide corporate information in good order and in good time, additional tangible proof that an organisation is operating under the most effective and ethical circumstances.


Train your Employees

Document your Management System

Audit your Management System

8 Preparing for your

8 Certification Audit

9 Prepare for Certification

Selection of the most appropriate standard for your business requirements: there is a vast array of ISO standards available but the most commonly adopted is ISO 9001: 2015 Quality Management Systems.

Other ISO standards cover more specific areas of your business such as the Environment (ISO 14001), Information Security (ISO 27001) and Business Continuity (ISO 22301).

Click on the tab below to read more about the particular standards offered by ISO COMPLIANCE:

For more information on which one would best suit your organisation please contact ISO COMPLIANCE.

Perform a GAP Analysis

One of the first steps that would be performed by your ISO COMPLIANCE Consultant is to compare your current ‘management system’ to that of the requirements of the applicable management system standard, this process is most commonly called ‘performing a GAP Analysis’.

The GAP Analysis investigatory series of questions and examples covers all the requirements of the particular standard; the ISO COMPLIANCE Consultant will note your current position as it relates to each of these requirements, making recommendations on where improvements need to be made or additional information provided, to meet the standard.

This GAP Analysis can then be used by both Consultant and Organisation to plan the work schedule involved in proceeding with implementation; it can provide a basis on which potential costs can be calculated and give the Consultant and Organisation an idea of suitable timescales for implementation.

Prepare a Project Plan

In order to start planning you will need to determine your goals in relation to the project outcomes; you’ll need to be able to answer such questions as when to start the project, when do you need/want to complete it, how are you to communicate this to your organisation and/or the wider community.

One way to determine the starting point of your project is when you complete a GAP Analysis of your current business operation. This will give you a greater understanding of where your company is in relation to the requirements of the management system standard you’re wishing to implement.

Your ISO COMPLIANCE Consultant will help to guide you through this process to make the impact on your business as minimal as possible. Your ISO COMPLIANCE Consultant can also assist you in communicating your intensions to your employees so they feel as comfortable as possible with answering their questions.

How long you take to complete the implementation is entirely down to your own business needs, ISO COMPLIANCE will assist you in that process. How long you could expect ISO implementation to take would firstly depend on the resources you make available to aid in the implementation process, secondly the size and complexity of your operation, and finally the management system standard selected for implementation. Your ISO COMPLIANCE Consultant will be able to give you more of an understanding once they have the relevant information.

An important part of project planning is to identify the responsibilities of members of your organisation.

Who will be Project Leader? Who will be on the ‘Project Team’? Identifying the Management Representative at this point would enable them to start to work with your ISO COMPLIANCE Consultant in putting together the project plan and to identify those areas where they have to focus available resources.

Train your Employees

All management systems have a requirement that all employees understand their role within the organisation and how that role relates to the effective performance of the management system. To achieve this level of understanding, the provision of awareness training is necessary for each employee.

Some employees will have a more direct effect than others on your organisation’s management system. Your ISO COMPLIANCE Consultant can assist you in categorising these employees and then in providing the relevant training and instruction required. They can assist in training your Management

Representatives, Internal Auditors, Project Team members and if necessary, all other employees to the level required by the management system standard.

Records of such training will be required to confirm compliance to the particular clause of the selected management system standard; your ISO COMPLIANCE Consultant can assist you in this task.

ISO COMPLIANCE can also assist you in your future training requirements, for more information on the training packages available please contact ISO COMPLIANCE Training.

Document your Management System

Begin by outlining broad categories or departments such as purchasing, production control, marketing, transport, storage etc. Then describe the processes that operate in these departments and how they inter-relate to one another; your ISO COMPLIANCE Consultant would be able to assist you in this task. A simple way of demonstrating this would be through the use of diagrams or process flow charts.

All management systems require a certain level of documentation to enable an organisation to conform to the requirements of the particular standard. Certain management systems require a set of documented procedures, others require a manual detailing how compliance to the clause requirements are met and most, if not all, require a number of other documents, records and forms to enable an organisation to demonstrate compliance to the standard.

During the implementation process, your ISO COMPLIANCE Consultant will work with you to produce the manuals, procedures, documents, records and forms necessary to enable you to operate and maintain the management system as required by the particular standard and so providing most benefit to your organisation.

Part of the clause requirements of most management system standards is to control your organisation’s records; your ISO COMPLIANCE Consultant can assist you in understanding these requirements in more detail and how to put the requirements into day-to-day practise.

Implement your Management System

Now you have created the documentation and trained your employees, you are in a position to start to implement your management system in full. Everyone in your organisation should be working to your documented procedures and work instructions. Many of these procedures and instructions will be new and may require improvement over time to ensure they meet with your business requirements. Involve your Management Representatives, Internal Auditors and other members of your organisation in reviewing these procedures and instructions; where necessary document any such improvements or changes.

This is the time when you can hold your first Management Review meeting and review information collected from your Internal Audit Program (see step 7), from any current corrective and preventive action reports and from results of any monitoring and measuring activities. Initiate corrective and preventive actions to fix problems and make improvements to your management system.

Again, most management systems require records to be kept of such meetings and these should be controlled using the relevant clause procedure; your ISO COMPLIANCE Consultant will guide you through these requirements.


Audit your Management System

Part of the requirements of any management system standard is to assess conformity, evaluate effectiveness and identify opportunities for improvement; this is achieved by conducting Internal Audits. Internal Audits involve the organisation carrying out a series of audits on its own operations over a given period of time and is often called an Audit Program. It should be conducted by trained individuals employed by the organisation but who are independent of the process or system being audited.

When selecting your Internal Auditors or your Audit Team, ensure that you have enough to cover all areas of your operation; you require enough to be able to cover all areas without asking an Auditor to audit their own area. Look for employees that have an enquiring mind and that are good communicators; the better the people skills, the better the audits will be performed.

Before you are able to apply for an external audit, you will need to have demonstrated that you have conducted a number of Internal Audits in line with the requirements of the management system standard.

Using trained Internal Auditors ensures that your organisation can fully comply with the requirements of the standard, as well as gain the benefit of reviewing the effectiveness of the management system and in highlighting those areas of the system that could be improved.

ISO COMPLIANCE offer Internal Auditor awareness training to your selected Internal Audits as part of your implementation package or if you require a more prescribed course through ISO COMPLIANCE Training.

More details can be obtained by contacting ISO COMPLIANCE Training. Alternatively, utilise ISO COMPLIANCE to undertake your internal audits for you. For more information on how ISO COMPLIANCE can ensure your company Internal Audits are completed, please contact ISO COMPLIANCE.

Prepare for Certification

If your organisation has taken the decision to formalise its management system and obtain third party certification it is at this point, if you haven’t already done so, that you’ll need to select a Certification Body to carry out an external assessment on your management system.

Your ISO COMPLIANCE Consultant can provide you with further information on the types of Certification Body available to enable you to select the most appropriate to your business needs.

Preparing for your Certification Audit

Before the audit, ensure that all your employees are aware that the audit is to take place and the purpose of the audit. You need to ensure that your employees respond honestly and openly to the Auditors questions.

You need to ensure that all of your system documentation, records, reports and forms are readily available and up-to-date; those that need to be signed and dated are and those that need to be displayed have been.

Your premises should be neat and tidy, check bulletin boards, counters, cupboards etc. for un-controlled documents, un-calibrated measuring equipment or un-identified parts or supplies.

Your ISO COMPLIANCE Consultant can provide you with further helpful hints and solutions to prepare you for your certification audit.

Achieving ISO certification demonstrates an organisation’s commitment to do business to the highest of international standards.

If your organisation takes the decision to become ISO certified, make sure your customers and supply chain know about it. ISO COMPLIANCE makes it easy for you by offering our services to help you publicise your achievement. ISO COMPLIANCE will work with your organisation to produce publicity material, or even simply to assist you when you are stuck for words, whether it is for your website or a paragraph or two for your latest brochure.

There are several ways in which ISO COMPLIANCE works with clients to help them market their ISO, including:

Press Release Service:

ISO COMPLIANCE’s team of copywriters are on hand to write a publicity piece on behalf of your organisation, celebrating your ISO certification. Whether you need a short press release or detailed case study, this will be available to your organisation free of charge.

Website News:

Your website is your shop window to the rest of the world – a very powerful and effective marketing tool. Posting a news item with an accompanying photo is a great way of connecting with visitors to your website, highlighting your recognised efforts thus raising your reputation and appeal. ISO COMPLIANCE can put together a short piece of copy that can sit anywhere on your website.

Website Badges:

ISO COMPLIANCE’s customised ISO certification badge can sit on pages throughout your website, placed discreetly at the bottom, or displayed proudly on the homepage. ISO COMPLIANCE has also designed a badge for our clients that are working towards ISO certification – demonstrating that you are currently putting quality frameworks in place to reach certification to the standard.

ISO COMPLIANCE Website and Twitter:

ISO COMPLIANCE use iso to help publicise our clients ISO certification by posting case studies along with their logo, as well as actively Tweeting about the case studies. Follow ISO COMPLIANCE on Twitter (@ISO COMPLIANCE_Ltd to find out more.

Flags and Banners:

In addition to announcing their certification status, some organisations choose to advertise their ISO credentials with a flag or banner for their premises. ISO COMPLIANCE can provide these for you at a competitive rate. Also, don’t forget: if you are on Facebook, post a short news item on your wall, if you are on Twitter, why not tweet about your ISO experiences? And don’t forget to advertise your ISO status in company collateral, on company correspondence and email signatures.


Certification, Registration and Accreditation

After your organisation’s management system has been independently audited and confirmed as being in conformity with the requirements of a particular ISO standard, which term is correct to use – certification, registration or accreditation?

All three terms are sometimes used interchangeably; however, they are not synonymous.

Certification is the auditing of your management system by an independent external body and verification that it conforms to the requirements specified in the standard.

Registration means that the auditing body records your certification. There are many Certification Bodies in existence, some operate independently and some are members of what are known as Accreditation Bodies. Both types are obliged to operate in line with the requirements of ISO/IEC 17021: 2015 Conformity Assessment – requirements for bodies providing audit and certification of management systems.

Accreditation refers to the formal recognition by a specialised (accreditation) body that a certification body is competent to carry out ISO certification in specific business sectors i.e Medical and Aerospace.


A Brief History of ISO

The International Organisation for Standardisation or ISO is a global, non-governmental standard- setting body composed of representatives from various national Standards Organisations.

Founded in 1947 and based in Geneva, Switzerland the organisation promulgates proprietary, industrial and commercial standards. The bulk of the work is undertaken by technical committees, subcommittees and working groups whose aim is to standardise management system practises throughout the world.

ISO has a worldwide membership from countries large and small, industrialised and developing; their purpose, from its portfolio of standards, is to provide governments and businesses with the practical tools for sustainable development.

The standards make a positive contribution to world trade, the spread of knowledge and aid in the dissemination of advances in technology as well as sharing good management and conformity assessment practices. Each standard will go through a rigorous implementation process involving six separate stages prior to publication; each separate stage involves a lengthy review process by national bodies, this is to ensure that once the decision has been made to publish, all affiliated national bodies are in approval of the standard in question.

ISO9001 is the organisation’s most well-known management system standard, however, ISO is involved in much more than management systems; there are standards that cover everything from technological connections to ink colour.

Standards produced by ISO are not regulations; rather they are a method of getting a standard set of criteria for specific management systems into an organisation. An outside agency, a certification body, can then audit the business to see that all the required elements of the particular standard are in place.

Head Office


The Road to Compliance

Business Challenge

Today, organisations are increasingly vulnerable to security threats as our dependence on information systems grows ever greater. It is vital that your organisation applies the appropriate controls to manage the risks associated with information and data and demonstrate that you are preserving the confidentiality, integrity and availability of those assets for clients, shareholders and society as a whole. Information is an important and valuable asset to an organisation, it requires stringent protection.

Business Solution

ISO 27001 Information and Data Security offers a comprehensive set of controls, based on best practice in information security, comprising of components such as confidentiality, integrity and availability.

What is ISO 27001?

ISO 27001 is the international standard for Information Security Management Systems (ISMS). It is applicable to any organisation where the misuse, corruption or loss of its business or client information could result in a major commercial disaster.

The fundamental aim of ISO 27001 is to protect the information of your organisation from security threats such as: viral attack, misuse, theft, vandalism/ terrorism and fire.

ISO 27001 quickly produces a return on investment, giving you thorough guidance on complying to regulatory and contractual requirements regarding data security, privacy and IT governance. The ISMS encourages the identification and classification of the organisations information assets and a systematic risk assessment of threats and vulnerabilities. ISO 27001 provides a framework to assure an organisation that its information security measures are effective.

What are the key benefits to your business?

• Improves and maintains competitive edge.

• Win more business particularly where procurement specifications require higher IT security credentials.

• Compliance with legal, statutory, regulatory and contractual requirements.

• Provide assurance to stakeholders, such as clients and shareholders.

• Business continuity is assured through management of risk, security issues and concerns.


The ISO COMPLIANCE approach is based on a key set of

principles in order to create balanced and

sustained results for our clients:

• Fixed fee: ISO COMPLIANCE ISO implementation is priced at a fixed rate from day one. No hidden charges, no unexpected invoices.

• Flexible implementation: Designed to fit around your business requirement and schedule.

• Expertise: All ISO COMPLIANCE Consultants &

Assessors are successfully trained to the highest standard by an IRCA or equivalent approved training body & have earned a reputation of integrity for contributing value & best practice. ISO COMPLIANCE guarantees that your Consultant & Assessor will be highly qualified & trained to assist & audit your business to ISO certification.

• Full service: ISO COMPLIANCE offers full implementation; we will produce the manuals and make the process as simple as possible by improving the systems already in place.

• Training: ISO COMPLIANCE offer training to supplement your ISO; training with ISO COMPLIANCE is flexible and delivered by experienced ISO COMPLIANCE Trainers.

ISO 27001 – Earn high respect with low risk information security