Published on: February 24, 2023
If this is just the beginning of your ISO journey, you may be doing some research to understand the ISO Certification process. Or, you may already be familiar with the Certification process, and still find yourself confused with the many technical terminologies and acronyms that most articles use.
To help you navigate this sometimes intricate glossary, this blog covers some common questions we hear from our clients, students and colleagues, to work as a quick guide for you.
Before we dive into the FAQ’s, let’s cover a few common acronyms in the ISO world, which will also be used throughout this blog:
Okay, now you’re up to speed with those acronyms, let’s cover some frequently asked questions.
It is a common misconception that ‘ISO’ is a product, when in actual fact, it is an organisation. The International Organization for Standardisation (ISO) is an international non-governmental organisation. ISO develops and publishes a wide range of proprietary, industrial, and commercial standards, to ensure that businesses of all size, type and nature can benefit from International Standards.
ISO plays an important role in facilitating world trade by providing common standards among different countries. These standards are intended to ensure that products and services are safe, reliable, and of good quality. For the end-user and consumer, these standards ensure that certified businesses and products conform to the minimum standards set internationally.
It’s important to note that ISO does not actually certify businesses to ISO Management System Standards. Businesses are certified by an Accredited Conformity Assessment Body (CAB), which will be explained later in this blog.
A Management System, also commonly referred to as a Business Management System (BMS), is a systematic framework of a business’ policies, processes and procedures, which details how the business operates towards achieving its set objectives and targets. A Management System can also conform to the requirements of one or more ISO Management System Standards, such as the ISO 9001:2015 Quality Management System Standard.
If you want to know more about Management Systems, you can read more here.
ISO Management System Standards (MSS) are documents which are established to define global best practices for specific areas. These documents contain requirements, specifications and guidelines that an organisation can implement to improve its management framework and operations.
ISO has developed over 80 MSS, all containing a set of requirements, which businesses can implement into their Business Management System to achieve their goals and achieve Certification. The four most frequently adopted management system standards are:
CAB is the acronym for Conformity Assessment Body, which is the technically-correct name for, what we commonly call, a Certification Body. Often, you will also hear them being referred to as a Certifier. So yes – they all mean the same thing!
The role of a Certification Body is to conduct audits of a business’s Management Systems to issue Certifications against the chosen Standard(s). It is a requirement for Certification Bodies to be accredited, otherwise the Certification they provide to a business will not be recognised internationally.
For the Asia-Pacific region, this accreditation is provided by the Joint Accreditation System of Australia and New Zealand (JAS-ANZ). If you want to see the full list of Accredited Certification Bodies, you can search via the JAS-ANZ register.
If you’re from a different region, you can find out which Accreditation Body applies to your region by visiting the International Accreditation Forum’s website.
Every business will start their Certification journey at a different stage. Some businesses may already have some sort of Business Management System in place, while others may be starting from scratch. Some businesses may also have internal resources to develop and implement their Management System, and some may choose to engage with a professional consultant to help with their Certification Readiness.
In its simplest form, the process to achieving Certification to one or more ISO Management System Standards is as follows:
Once a business has achieved Certification(s), the 3-year certification cycle begins. During this period, the Certification Body will return to conduct yearly Surveillance Audits to verify that the Business Management System is still meeting the ISO Standard(s) requirements, as well as their own operational requirements.
If you want to know more about the Certification Process in detail, you can read more here.
This answer will vary from business to business, as it depends on the size and complexity of the organisation, as well as the ISO Management System Standards the business is aiming to achieve certification to. Generally, it may take between 3-6 months, but it could extend up to one year for larger organisations.
It’s important to note that once a business has implemented their chosen ISO Standards requirements into their Management System, it is recommended that a business runs with their system for at least a few weeks and ideally longer (depending on pre-existing implementation levels) before conducting their Internal Audits, and then moving forward with the Certification Audits. This allows an adequate amount of time for the business to identify any issues, and collect enough evidence to show that their Management System has been effectively implemented, and works for the business.
Certification for ISO Management System Standard(s) is provided by an independent Certification Body. When a business achieves Certification, it means that their ISO Management System meets all of the requirements of their chosen standards.
In order for a Certification Body to issue internationally-recognised Certifications, they must be Accredited. Accreditation only applies to Certification Bodies, not businesses who want to achieve Certification. In Australia and New Zealand, Certification Bodies are accredited by JAS-ANZ.
In essence, an Accredited Certification Body will conduct an audit and issue Certification to a business if the requirements of their chosen ISO Management System Standard(s) have been met.
If you aren’t familiar with the Certification process, it can be confusing to differentiate the types of audits involved during the process. In its simplest form:
If you want to know more details about Internal and External Audits, and how you can become qualified to conduct these Audits, you can read more here.
Many people think that they have to outsource to a professional to conduct their Internal Audits, but this is not the case. Businesses are able to use their own internal resources, such as their employees, to conduct their Internal Audits, as long as they are trained and competent to do so.
In order for someone in the business to be deemed competent to conduct Internal Audits of ISO Management Systems, the first step is training. With our Management Systems Internal Auditor Training, you can achieve three levels of internationally recognised certificates, including the one for Competency after successful assessment of your first internal audit by one of our experts. Our Internal Auditor training also provides the tools to develop all the skills and resources needed to become a competent internal auditor, in line with the guidelines of ISO 19011:2018.
The competency of Internal Auditors may be questioned during External Audits, so it’s important that they have this training to demonstrate it.
These two terms often get used interchangeably, but they’re not the same thing.
An audit is an assessment of a process or a system to determine whether it meets a defined set of criteria. Audits can be performed internally or externally, to verify conformance to one or more ISO Standards and the organisation’s own requirements, through a systematic review of factual evidence. Other common types of audits are Operational audits and Financial audits.
On the contrary, an inspection is an evaluation of a place, product or service to ensure relevant requirements have been met. You may be familiar with site safety inspections, which generally check for hazards and potential risks in an environment, and usually verify that safety measures are in place and effective.
In short, a Non-Conformance is the failure to meet a specific requirement. There are two types of Non-Conformances that could be raised during an audit:
Both major and minor Non-Conformances will be recorded in the audit report, and must be resolved and closed within the time frame designated by the auditor.
An Opportunity for Improvement (OFI) is an observation or suggestion that can be raised during audits regarding a potential improvement opportunity. While OFIs are recorded in the audit report, they won’t impact your Certification. Although, when addressed, it may prove beneficial toward making the system and business operations more effective.
No action is necessarily required. However, actions on OFIs may be reviewed at the next audit, and the business may be asked to show evidence of decisions and actions taken to address them.
Being an Exemplar Global Recognised Training Provider (RTP) means that the course follows a higher standing that has been recognised by a third party. It demonstrates that the course has been reviewed by experts and is relevant to the industry globally.
All certificates issued will contain the Exemplar Global stamp, validating it as a certified training course which is recognised worldwide.
Completing the course will also allow you to gain many other benefits from being an Exemplar Global certified professional, to joining a network of professionals, and gaining access to exclusive resources and webinars.
If you want to learn more about Exemplar Global, you can visit their website here.
We hope that you were able to learn something new, and that these ISO related terms and acronyms are now clearer for you to understand. Need help demystifying other terms and processes to help with your ISO studies? Or, do you want to become qualified to conduct Internal Audits of ISO Management Systems?
Brooke has a strong passion for marketing and is responsible for all our communication with our audience. She creates the content you see on our social media channels, and also works on the content on our website and blogs.
All information on this blog site is for informational purposes only. As this information is based on our professional experience, opinion, and knowledge, we make no representations as to the suitability of this information for your individual business circumstances. Especiality Pty Ltd trading as ICExperts Academy and all related businesses and brands will not be liable for any errors, omissions, legal disputes or any damage arising from its display or use. All information is provided as is, with no warranties and confers no rights.
We will not be responsible for any material that is found at the end of links that we may post on this blog site. The advice, ideas, and strategies should never be used without first assessing your own personal business situation or seeking professional and/or legal advice. Information may also change from time to time to suit industry and business needs, requirements and trends.
Once subscribed, you’ll receive regular updates about ICExperts Academy and monthly blog posts straight to your inbox.
We respect your privacy. Easily unsubscribe at anytime.