The ISO Certification process involves various steps such as hiring a registrar, stage 1 audit, stage 2 certification audit, addressing non conformities, issuance of certificate and surveillance audits.
1) Hiring a Registrar:
ISO Certification Audit and the issuance of the certificate is done by an ISO 9001 registrar, also called a certification body. The contract that you enter with your registrar is for a period of three years. This contract covers everything from initial certification to subsequent surveillance audits. Audits can be done remotely or on-site, depending on your preference and the availability of the auditor.
2) Stage 1 Certification Audit
There are two phases in the ISO Certification Audit process. The first stage is typically an offsite audit called the Stage 1 Certification Audit. First stage of this audit is also referred to as a “Documentation Audit” Purpose of this stage 1 audit is to verify your readiness for a full scale audit, review your Quality Management System documentation, and understand the scope of your quality management system.
3) Stage 2 Certification Audit
Once you are done with the correction of any identified issues from the stage one audit, you can move to the Stage 2 Certification Audit. It comprises an extensive evaluation of your quality management system to verify that it is effective and in compliance with ISO 9001:2015 requirements, The duration of the Stage 2 Certification Audit can vary based on the number of your employees and the size of your company. For example, a small company with less than 10 employees require 1-2 days of audit.
The following are the audit activities:
- Opening meeting with your management team.
- Facility tours
- Interview with your staff and management.
- Closing meeting.
- Findings of the audit will be presented at the closing meeting, which gives you an opportunity to clarify any major or minor non-conformities the auditor might have observed. Stage 2 Certification audit can also be done on-site or remotely.
4) Nonconformities
Audit findings may include non-conformities and observations. Nonconformities are issued when issues are identified that fail to comply with an ISO 9001:2015 requirement and when your quality management system is not effective. They are categorized as minor and major. A major nonconformity is an issue that affects the whole system and a minor nonconformity is something that affects part of the system. A nonconformity could also indicate an issue where your quality management system isn’t effective. Observations, on the other hand, don’t refer to current problems but may warrant attention in the future.
You need to come up with acceptable corrective action plans addressing nonconformities. However, your registrar is required to conduct a follow up audit before recommending you for certification when multiple major nonconformities are identified.
5) Issuance of Certificate
Once you have successfully completed a two stage certification audit and your registrar recommends you for the certification, it will take approximately 10-15 days to issue the certification. All nonconformities have to be addressed with corrective action plans. ISO 9001 Certificate will state the scope of your quality management system, the mark of your registrar, Surveillance audit dates and the time frame your certificate is valid for.
6) Surveillance Audits
ISO 9001 Certification is valid for three years from the issuance of the certificate. However, to retain your certificate, the certification bodies are required to conduct annual surveillance audits during this time.