ISO Registration or Certification Process

ISO 9001 requires each organization to complete internal audits for its ISO 9001-based quality system to confirm the processes are being managed correctly, in other words, to confirm the organization is fully in control of its activities.

An organization may hire an independent certification body, known as a registrar, to obtain an ISO 9001 certificate of conformity. This option is extremely popular because of the credibility of certain independent registrars.

Click each part for more details on the Registration process!

Enquiry

We’ve simplified this for you: The 9000 Store provides a complete list of Registrars.

We recommend that you interview at least three.

Complete Questionnaire

Each CB will have their own application.

Proposal

Read: Selecting a Registrar, then come back to this page.

We’ve provided a free checklist to help you interview your registrars.

Confirm Application and Schedule

You will enter into a three (3) year contract with the registrar which outlines the obligations, liability, confidentiality and access rights. They will perform a registration audit in Year 1 and 2 surveillance audits.

1st Stage Assessment

After your quality system has been implemented, the registrar conducts a stage 1 audit to assess your documentation and verify key practices are in place, This includes: internal audits, management reviews, and tracking performance. If you successfully pass this audit without any major issues, the registrar will confirm your readiness for the full audit.

The Initial Certification Audit The assessment process for achieving certification consists of a two stage Initial Certification Audit:

Stage 1 – the purpose of this visit is to confirm the readiness of the organization for full assessment. The auditor will:

  • Check that the quality manual conforms to the requirements of ISO 9001:2008
  • Confirm its implementation status
  • Confirm the scope of certification
  • Review legislative compliance
  • Generate a report that identifies any non-compliance or possibilities for non-compliance and agree a corrective action plan if required.
  • Generate an assessment plan and confirm a date for stage 2 audit in your company

During the Stage 1 audit, only a few employees will be interviewed.

If there are no significant problems, the stage two audit will normally proceed in one or two months

Document Review

After your quality system has been implemented, the registrar conducts a stage 1 audit to assess your documentation and verify key practices are in place, This includes: internal audits, management reviews, and tracking performance. If you successfully pass this audit without any major issues, the registrar will confirm your readiness for the full audit.

The Initial Certification Audit The assessment process for achieving certification consists of a two stage Initial Certification Audit:

Stage 1 – the purpose of this visit is to confirm the readiness of the organization for full assessment. The auditor will:

  • Check that the quality manual conforms to the requirements of ISO 9001:2008
  • Confirm its implementation status
  • Confirm the scope of certification
  • Review legislative compliance
  • Generate a report that identifies any non-compliance or possibilities for non-compliance and agree a corrective action plan if required.
  • Generate an assessment plan and confirm a date for stage 2 audit in your company

During the Stage 1 audit, only a few employees will be interviewed.

If there are no significant problems, the stage two audit will normally proceed in one or two months

Certification Assessment

One or two months after a effective stage 1 audit, the certification body (CB) will return to audit the entire system. They will look for conformity to customer, legal, and executive requirements, as well as, to the requirements of the standard. The audit duration will depend on the size of the organization, the number of sites, and the complexity of the processes included in the system.

For example, a small company with 10 or fewer employees might get an audit of only two days. For an company of 20 employees, the duration would rise to three days. For 30 employees, the audit would be four days; for 50+ employees, the audit might be five days.

If the organization receives no major nonconformities during the stage two audit, the audit team will recommend certification based on your compliance of an acceptable corrective action plan for any stated minor nonconformities.

If one or more major nonconformities are found, the certification body (CB) either conducts a special visit in a month or two to confirm the major issues have been resolved by use of the PDCA method, or they conducts another full certification audit when the organization says the major nonconformities have been corrected.

Stage 2 – the purpose of this visit is to confirm that the quality management system fully conforms to the requirements of ISO 9001:2008 in practice. The auditor will:

  • Complete sample audits of the processes and activities defined in the scope of assessment
  • Record how the system complies with the standard
  • Record how the system complies with the organization’s manual and procedures
  • Report any non-conformances or potential for non-conformance
  • Produce a surveillance plan and confirm a date for the first surveillance visit

During the Stage 2 audit, several employees will be interviewed. If the auditor identifies any major non-conformance, the organization cannot be certified until corrective action is taken and verified. This means the auditor has to come back out for an onsite verification visit.

If there are no major non-conformances, then the certificate is typically sent out within 30-45 days after the Stage 2 audit.

The number of days for the audit is based upon ISO 17021

Major Non-Conformances

After the Certification assessment is complete, it will reveal whether or not there are any non-conformances with the standard.

Corrective Action

Corrective Actions if Necessary

Continually analyze, document, and correct non-conformances for as long as you have a QMS

Follow Up

Depending on the size of the organization, the certification body will establish an annual or semi-annual surveillance program. The total surveillance days each year will be about one third the duration of the stage 2 certification audit. Each visit will always assess certain key elements of the system, for example, internal audit, management review, customer satisfaction, and corrective action. A sample of the other areas of the system will be examined during the visits, with all the areas being assessed over the three year life of the certificate.

Recertification Audit

Every three years, the entire system will be assessed again. The recertification audit duration will be about two-thirds as long as the stage 2 audit. Assuming the assessment doesn’t find any major non-conformances, the audit team can recommend the organization for continued certification. And, after receipt of an acceptable corrective plan for any minor non-conformances, the certification body will re-issue the ISO 9001 certificate.

Recommendation for Registrars

Find Registrars with this free helpful tool: Registration Quote Questionnaire


The Steps to Certification

More information about the steps to Certification

Need help finding a registrar?

ISO 9001 All in One Package

advertisement