Any organisation wishing to become ISO certified needs to implement and maintain an ISO Management System. Here are the recommended steps:
Step 1 – Gap Assessment
A Gap Assessment is crucial for organisations to:
- Understand their current conformance to the chosen ISO Standard.
- Identify existing documentation and records aligned with the standard and map these to the ISO Standard's requirements.
- Estimate the work required to conform to the ISO standard and to comply with legal requirements.
The outputs of a Gap Assessment include:
- A Gap Assessment report indicating current conformance to the standard and the performance of its Management System.
- An obligation-free proposal to assist the organisation in closing the identified gaps, including a project plan for implementation and preparation for certification.
Step 2 - Closing Gaps
During this stage, gaps are closed from a documentation and governance perspective according to the standard. Key activities include:
- Awareness Training for all staff on the importance of ISO, the benefits of ISO certification, and the specific requirements per role.
- Gathering information to understand roles, responsibilities, processes, and procedures.
- Standardising templates for all documentation and aligning them with the corporate identity.
- Documenting the Management system to align with the standard’s requirements.
- Focusing on risk management and specific plans aligned to the standard, with forms created to collect data and generate statistics.
Step 3 – Implementation of the ISO Management System
During this stage:
- ISO management system documentation is implemented, and records for at least 3 – 6 months are generated.
- On-the-job training and workshops are conducted to educate staff on how to use the management system.
- Internal audit training and maintenance training are conducted to ensure skills transfer.
- Internal audits (dress rehearsals) are conducted with workshops on non-conformances, corrective actions, the updating of risk assessments and the management system if required.
- A management review is conducted where an action plan is created to manage and document all items, either capital or operational expenditure.
Step 4 – Certification
When choosing a certification body, consider:
- Their accreditation. Look for logos such as South African National Accreditation System (SANAS), United Kingdom Assurance Services (UKAS), International Accreditation Forum (IAF), Deutsche Akkreditierungsstelle (DAkkS) etc.
- Their credibility. Certification bodies should be audited by an accreditation body to the ISO 17021 standard to ensure their validity.
Some notable certification bodies include:
- British Standards Institute (BSI)
- South African Bureau of Standards (SABS)
- TUV Nord
- Standard Global Service (SGS)
- TUV Rhineland
- Bureau Veritas
- TUV Sud
Finally, understand the difference between Single Site and Multi-Site Certification:
- Single Site Certification – One site/location and its departments (HR, Finance etc.) and Processes (Recruitment, Induction, Creditors and Debtors) are audited.
- Multi-Site Certification – Organisations with various sites or offices across the country or world require multi-site certification. The sites are sampled over a 3-year period. The Initial Stage 2 audit will be conducted for all sites.