To become ISO certified, an ISO registrar (or certification body) must evaluate an organization’s compliance with the specific ISO standard requirements. Here’s an outline of what the registrar will require and assess during the certification process:
-
Documented Quality Management System (QMS): The organization must have a documented QMS that meets the requirements of the ISO standard they are pursuing. This includes a quality manual, documented procedures, work instructions, and records demonstrating compliance with the standard.
-
Implementation of QMS: The organization must demonstrate that the QMS is fully implemented, not just documented. This means that all processes and procedures are actively in use and that employees are trained in their roles and responsibilities under the QMS.
-
Internal Audits: Regular internal audits are required to ensure the QMS is effective and meets ISO standards. Internal audits should be well-documented, show corrective actions where issues are identified, and demonstrate continuous improvement.
-
Management Review: Senior management must conduct periodic reviews of the QMS to ensure its effectiveness and alignment with the organization's goals. These reviews must be documented and address areas for improvement.
-
Corrective and Preventive Actions (CAPA): The organization must show a process for identifying, analyzing, and addressing non-conformities and potential issues. Evidence of corrective and preventive actions is required to demonstrate a commitment to improvement.
-
Preparation for Certification Audit: Before applying for certification, the organization should have a few cycles of internal audits and management reviews completed, as the ISO registrar will look for evidence of ongoing QMS use and effectiveness.
Certification Process with the Registrar
- Stage 1 Audit (Documentation Review): The registrar reviews documentation to verify the QMS meets ISO requirements.
- Stage 2 Audit (On-Site Audit): The registrar conducts an on-site audit to assess implementation and compliance. Evidence includes employee interviews, document reviews, and observations of processes.
- Corrective Actions: If the registrar identifies non-conformities, the organization must resolve these before certification is granted.
- Certification Decision: After successfully passing the audit, the registrar issues the certification. The organization will then have annual or bi-annual surveillance audits to maintain certification.