ISO certification

Certification is an essential lever for boosting credibility by attesting that your product or service is in line with your customers’ expectations. ISO certification is a process by which an independent entity provides a written guarantee that a service, procedure or product meets the required specifications.

ISO definition

The International Organization for Standardization (ISO) is an autonomous, non-governmental body which develops globally recognized standards. Since 1947, ISO has aimed to establish standards that serve as benchmarks for quality, safety and procedures in various sectors and regions. Originally founded in London by 65 delegates from 25 countries, ISO is now headquartered in Geneva, Switzerland, and has published 22,782 International Standards to date. These are recognized by the 164 member countries.

The term “ISO” comes from the Greek “isos”, meaning “equal”, used uniformly, whatever the language or country of recognition.

What do ISO standards mean?

Developed by ISO members, ISO standards provide frameworks, guidelines or requirements for achieving specific objectives. These standards enable companies worldwide to adopt internationally recognized benchmarks for quality, safety and reliability, among other things.

Contrary to popular belief, ISO does not itself issue certifications to standards it has published. Third-party organizations will carry out audits and issue certifications for ISO standards. To be ISO “certified” means that an entity has demonstrated to third-party auditors that its products or activities meet the requirements of the relevant standard.

What are the advantages of following ISO standards?

Today, ISO is perceived as a benchmark by most companies and organizations worldwide. Beyond certification, compliance with ISO standards contributes to the achievement of a number of objectives:

  • Facilitate consensus-building between organizations through common requirements.
  • Company information on best practices in the sector.
  • Promoting global business collaborations by complying with regulatory and industry criteria.

What are the requirements for ISO certification?

There are various ways of preparing for ISO certification, such as using consultants for specific advice, or preparing internally for the involvement of a third-party organization. Here are five steps to third-party ISO certification:

Certification ISO

Identify the ISO standard that best suits your business or sector. While adopting an ISO standard is often a voluntary process, some industries require specific ISO certifications. So start by finding out which ISO standards are most relevant. Once you’ve chosen the right standard, it’s crucial to involve the whole company in the certification process.

Complying with ISO standards, especially when it comes to an organization’s core procedures, requires the participation of all its members. Proper communication and staff training help instill the importance of ISO certification. Everyone’s commitment is also essential to reduce resistance to internal audits, which are frequently required for certification.

Internal audits enable us to detect gaps in existing procedures, identify areas for improvement and analyze our readiness for external certification. Set up a team dedicated to these internal assessments, using audit lists that take into account the ISO standard in question. This team will be responsible for properly documenting audits, an essential requirement for ISO certification.

Once you’ve identified areas for improvement through internal audits, implement the changes needed to close the gaps identified. Systematic documentation of any modifications is required. In addition, regular internal audits are necessary to ensure that the process of achieving ISO conformity is being followed up.

Contact a reputable third-party auditor who will carry out the certification audit, enabling your organization to obtain certification to the chosen ISO standard.

ISO certification is not permanent, and is only valid for three years from the date of certification. After this period, re-certification is required to maintain ISO-compliant processes. Continue to apply ISO-compliant processes and keep abreast of updates, even after you’ve been certified. ISO standards are revised every five years to incorporate industry best practices.

What are the most common ISO standards?

Of the 22,782 existing International Standards, here are 9 of the most frequently used ISO standards and their typical applications.

ISO 9001 - Quality Management System

This is ISO’s most widely used international standard, designed to provide a framework for the implementation of a quality management system (QMS) within any organization or industry. This standard is the basis for other international standards such as ISO 13485 and IATF 16949. This is often a prerequisite for other standards such as ISO 17025. Although optional in absolute terms, ISO 9001 has become indispensable in certain sectors for the conduct of business.

This ISO standard provides a framework for environmental management systems (EMS). This standard helps organizations reduce their negative environmental impact and optimize the use of resources. ISO 14001 also enables organizations to meet regulatory requirements in terms of environmental efficiency.

This international standard governs the implementation of an information security management system (ISMS). ISO 27001 helps organizations of all sizes to ensure that information for their stakeholders is accessible, complete and confidential.

The ISO standard for food safety management systems (FSMS) specifies the criteria by which organizations can demonstrate that they are maintaining food safety in the face of various hazards. This standard is the basis for FSSC 22000, another international food safety standard. The previous version, ISO 22000, remains valid until June 2021, when organizations must adopt the most recent version to retain their ISO certification.

This international ISO standard establishes a model for energy management systems. Inspired by the principles of ISO 9001 and ISO 14001, ISO 50001 encourages management involvement to ensure efficient energy management within the company.

This is the latest ISO standard for the quality management system (QMS) of organizations involved in the industrial manufacture, distribution, maintenance and disposal of medical devices. It is a revision of the previous ISO 13485 version, based on ISO 9001, and aims to guarantee the safety and quality of medical devices, while keeping pace with technological developments and regulatory changes. In addition, compliance with ISO 13485 is a requirement for manufacturers seeking certification under the Medical Device Single Audit Program (MDSAP) of the International Medical Device Regulators Forum (IMDRF).

Laboratories dedicated to testing and calibration can be accredited to an ISO standard designed to identify establishments whose technical skills are in line with global standards. This ISO standard also recognizes the relevance of ISO 9001 to the quality management system (QMS) as an optional condition for certification.

The updated version of ISO’s occupational safety and health (OSH) standard provides a framework for encouraging safer working environments in a variety of sectors, by taking a proactive approach to risk management and involving all parties concerned. This global standard, replacing BS OHSAS 18001, will require the transition of current BS OHSAS 18001 certifications to ISO 14001 by March 2021.

This international standard provides a framework for the design, implementation and maintenance of risk management within a company. This ISO guide does not aim at certification.

ISO standard sections

ISO standards are developed to meet specific objectives or the needs of a given industry. Despite their varied intentions, the most commonly used ISO standards share several common sections. The following ten sections are typical of the majority of ISO standards:

This mandatory section contains the definition of the scope and boundaries of the international standard, its purpose, the entities concerned, and any specific features requiring particular attention.

This section, required for each ISO standard, lists the titles of the normative reference documents. Depending on the ISO, these documents are mentioned in the text in such a way that all or part of their content is required by the document.

This essential section defines the terms used in the standard or refers to the document containing the terms and definitions in question.

This section confirms that the internal and external factors that can affect the objective of the standard have been defined. It also aims to identify the interested parties and their expectations relevant to implementing the standard.

The section on leadership highlights management’s commitment to ISO implementation. It attests to management’s ongoing commitment to improving procedures and dedicating the necessary resources to enable implementation. The standard also takes into account the contribution of workers and the organizational culture.

The purpose of this section is to verify the presence of plans, procedures, objectives and actions aligned with a clear commitment to applying the standard. It also seeks to assess the measurability of objectives and the inclusion of risks and opportunities, in line with the standard.

The section on support covers arrangements for raising employee awareness of the procedures surrounding the standard, documenting staff skills, communicating internally and externally, and providing adequate resources and support to enable employees to meet the requirements of the standard.

This operational section verifies that the organization has planned, implemented, controlled and maintained rigorous procedures to meet the requirements of the standard. It also underlines the importance of documenting processes to demonstrate their compliance with the plan. Outsourced processes are also a factor.

The section on performance evaluation highlights the importance of establishing monitoring and evaluation protocols to ensure the validity of results. This includes specifying assessment frequency, measurement criteria, analysis technique and assigned responsibilities. The documentation of these assessments is also emphasized.

This essential section of ISO standards, particularly those dedicated to management systems, is dedicated to improvement, and aims to structure the promotion of continuous process improvement. Even in standards without this specific section, commitment to the integration of continuous improvement processes remains paramount.

ISO today

Worldwide, over a million organizations hold certification to at least one international standard promulgated by ISO. Some of the standards developed by ISO have even been adopted or adapted by other recognized standardization bodies which also publish international standards. Since ISO came into being more than seven decades ago, organizations have been able to take advantage of it in optimizing their processes, manufacturing products, implementing industry best practices, strengthening international collaborations and improving ISO-compliant industry references. This will continue in the future.

FAQ

What is ISO Certification?

ISO certification is a process whereby a third party provides a written attestation confirming that a service, procedure or product complies with predefined requirements.

All in all, ISO certification is a mark of credibility and esteem. This opens the door to specific market or tender opportunities, gives you a distinct competitive edge, and confirms the excellence of your products, services, expertise and corporate structure, while maintaining optimized budget management. Your customers, employees and financial backers will all feel at ease.

ISO certification applies to all companies, irrespective of size, from small and medium-sized businesses to large-scale entities, whatever their field of activity. It is a formal confirmation that the good or service acquired or offered meets the criteria established by the standard or a normative framework, and that it is subject to regular assessment. The acquisition, use or consumption of an approved service or product is a guarantee of excellence in the broadest sense.

ISO certification is awarded after a final internal audit by an independent certification body. During this examination, the auditor analyzes the systems, offers, goods or professional skills in line with the selected standard and its scope.

If everything is in line with the standard’s reference framework, ISO certification is awarded.

Between 6 and 12 months are required, depending on the size of your organization.

ISO certification is valid for 3 years, and includes annual control audits.

During a final internal audit for ISO certification, two categories of non-conformities may be found by the certification body’s auditor:

  • Minor non-conformity: The impact on the established system is not significant.
  • Major non-conformity: the reliability of the management system is compromised, involving either a repetition of notable malfunctions, or a defect linked to the regulatory elements of ISO certification.

For each of these situations, a corrective action procedure is requested. In the case of a major non-conformity, 3 months are allowed for rectification, while a minor non-conformity has 6 months.

After this period, the auditor will check that the corrective measures have been implemented during a dedicated audit.