ISO certification explained
23 oktober 2023 
in Other

ISO certification explained

Welcome to the world of ISO! There is a lot to be told about ISO standards and the ISO certification. In this article, we will give you an overview of everything that is related to ISO: the meaning of ISO, about ISO certification, ISO standards and requirements for certification. We will take you through the entire process and cover every step. The following topics will be covered in this article:

About ISO
Certification meaning
What is ISO certification?
Management system
Why would I want to obtain ISO certification?
In what areas can I certify my company?
How can you get ISO certified?
The steps to ISO certification
What are the costs of certification?
Can I get certification by myself or should I outsource it to someone?
How long will it take to get certified?
How long is an ISO certificate valid for?
Any questions?

About ISO

ISO is the International Organisation for Standardisation, an international organisation that sets standards. Founded in 1947, the ISO is a large alliance of national standardisation organisations from 163 countries. The word 'ISO' is derived from the Greek word for 'equal' and the expression can be understood in all languages. In the Netherlands, the ISO standards are managed by the Netherlands Standardisation Institute (NEN). This organisation manages the Dutch editions of ISO standards and takes care of their development. The NEN was founded in 1916 and now even has the designation Royal.

ISO provides documents with required standards, specifications, guidelines and characteristics. A standard is effectively a series of agreements on how to carry out a certain process. Companies can use these agreements consistently and thus ensure that materials, products, processes and services meet the requirements for their purpose. It also ensures that these requirements are the same in all member countries, thus creating standardisation. With an ISO certification, a company demonstrates that its products, services or systems meet agreed specifications. In addition, the ISO standard supports innovation and promotes quality, safety and reliability worldwide.

Want to know more about the background of ISO? For My ISO Genius we published an ebook with general information on ISO. You can download the free ISO 9001 Checklist here.

Certification meaning

A certificate or quality mark shows that something meets certain requirements. These include quality requirements, sustainability requirements, environmental requirements or safety requirements. A certificate states that a process, product, service, quality management system or a person meets set requirements. A certificate is issued by an independent certifying body after an audit (a positively completed investigation).

What exactly is ISO certification?

With certification, you demonstrate that you meet the requirements of the standard or standards of your choice. These standards prescribe the requirements that your organisation must meet to achieve ISO certification. Most certifications focus on requirements related to your organisation, not directly to your products. How does your organisation work? How do the processes work? Does everyone know what their role is and what is expected?

Requirements are set for the processes. There are rules about which they should comply with as a minimum. You show that things are done consistently, you describe how work is done and you continue to work that way. Furthermore, each standard is aimed at continuous improvement: learning from what is not going well, for example, by receiving complaints. Some may recognise this as Deming's Plan, Do, Check, Act cycle. This PDCA cycle returns in every ISO standard. Standards are written in a fairly general way, the trick is to apply them to your own organisation.  In order to comply with these standards, you must set up the necessary things in your organisation. This is called a management system.

The management system explained

A management system is a system of agreements, formal as well as informal, in which processes and risks are secured by good craftsmanship, commitment and allocation of the right resources. It is a system for establishing policy and objectives and subsequently achieving these objectives. Everything possible is done to ensure that customers are satisfied. Satisfied customers ensure the continuity of the company! With a well-implemented management system, you can steer your organisation in areas such as quality, health and safety and the environment and you are continuously improving performance.

A quality management system, one of the requirements for ISO 9001 certification, is a management system specifically aimed at steering and controlling an organisation with regard to quality. In this respect, quality does not only relate to the products and services that the organisation supplies, but it also directly concerns the operational management. An important aspect of a quality management system is that it is not enough to have a handbook with described procedures. People make the quality, not a few printed pages in a book. You can read more about common mistakes in quality management, and of course tips on how to avoid these mistakes, in this article.

Quality management is viewed from two perspectives:

  1. The systems perspective, or in other words: Plan, Do, Check, Act (PDCA) in a systematic process.
  2. The socio-dynamic perspective, or: the relationship and cooperation between people. This is crucial and must be in balance with the systematic process.

The most common standard aimed at quality management is ISO 9001. You can read more about this in the article ISO 9001 and quality management.

Why obtain ISO certification?

Imagine this: you are facing a tender process, or trying to win a contract with a new customer or government, and you are not selected because you are not ISO certified.  This is a situation you want to avoid at all costs, so you don't miss out on a contract! Time to go get that ISO certification.  More and more companies are only doing business with ISO certified companies, or they ask for an ISO certificate for further cooperation. Not so strange when you consider that more than 1.8 million companies now have an ISO certificate. Non-certified companies increasingly notice that they are excluded from tenders, for example. For contracts with health insurers and municipalities, for example, the requirement to be able to present an ISO certificate is also increasing.

An ISO certification will provide many advantages for you and your organisation. It helps you to list all the business processes in your organisation and to continuously improve them. You learn from things that are not going well or that could be better, so you continue to improve and your performance will also increase. ISO certification gives you the excellent opportunity to make all processes, tasks and responsibilities within your organisation clear and visible to everyone. This will increase the involvement of all employees within the organisation and this in turn will contribute enormously to the working atmosphere and (reduction of) the work pressure.

An ISO certification also contributes to a positive image for your company. With an ISO 14001 certificate, for example, you show that your organisation considers environmental management of paramount importance and with an ISO 27001 certificate you show that your organisation complies with the highest requirements for information security.

With an ISO certification you show that your organisation does what it says and stands for its products and services. You show that you comply with laws and regulations and understand how they affect your organisation and your customers. And what about improved stakeholder relations? The perception of your organisation among employees, customers and suppliers will be significantly improved.

Are you getting ISO 9001 certified? With ISO 9001 you demonstrate that you strive for the highest level of quality. You increase customer satisfaction because the products or services you deliver constantly meet customer requirements. Your costs will ultimately be lower due to the continuous improvement of processes and the operational efficiency that this entails. Problems are easier to prevent and easier to remedy because your risk management improves.

Because ISO is an international standard, your certificate will not only be understood on a national level. Also internationally people know what you are talking about and what you stand for. So if you have international aspirations, ISO certification can make a big contribution!

In what areas can I certify my company?

ISO certifications are available in various fields. The most well-known and most used standards will be listed here.

The 4 most common standards

ISO 9001 - quality

The best known and most widely used standard for quality management, both nationally and internationally, is without a doubt ISO 9001. An organisation that has passed ISO 9001 certification shows that there is a solid quality organisation present. The processes are continuously improved by applying the PDCA cycle. This way, they continuously meet the quality requirements of the ISO 9001 standard.

ISO 14001 - environment

ISO 14001 is the globally recognised standard for environmental management. With the ISO 14001 certificate, you demonstrate that your organisation complies with environmental legislation and regulations. You prioritise environmental performance and are continuously working to minimise your impact on the environment.

ISO 45001 - Occupational Health and Safety

ISO 45001 certification demonstrates that you are continuously working to ensure the best and safest possible working environment for your staff. ISO 45001 is the internationally recognised standard in the field of health and safety management. The standard goes beyond just making an inventory and guaranteeing safety on the shop floor, which makes it a valuable addition to the VCA certificate.

ISO 27001 - Information security

ISO 27001 is the standard in the field of information security. With this certificate you show that you meet the highest requirements in the field of information security. You have set up your management system in such a way as to minimise the risk of data leaks. You give your clients the guarantee that your information security is up to date and that the risks are minimised.

How do you get ISO certified?

Not only are there many roads leading to Rome, but also to certification. Start by determining your approach. Do you have much or little knowledge about standards and ISO certifications? Do you have the budget for a certification programme? Do you have the time to study the standard yourself? The most common ways to approach an ISO certification process are:

  • Purchase the standard and implementing it by yourself;
  • Follow training courses;
  • Get support from an external consultant;
  • Outsource the entire process to an external consultant;
  • Use the software tool of My ISO Genius.

Purchase the standard and implement it by yourself

If you want to get started yourself, first purchase the standard of your choice. You can do this at www.nen.nl. NEN (NEderlandse Norm) is the Foundation of the Royal Dutch Standards Institute, the Dutch ISO branch. Buy the standard and read it to determine which requirements you have to meet.  It helps if you already have (some) knowledge about ISO standards and ISO certification. You can of course acquire this knowledge by following training courses.

Follow training courses

Do you not have (sufficient) knowledge about standards, or do you want to brush up your knowledge? Then you can always follow training courses to gain more knowledge. At KAM Consultants, for example, all training courses are offered in the field of ISO standards: from knowledge of standards to audits, both internal and external.

Get support from an external consultant

You know all the ins and outs of your organisation, and if not, you know exactly where and from whom you can ask. Now you want to implement an ISO standard, but the interpretation of the standard turns out to be quite a task. This is the moment to call in an external consultant, for example one of the specialists of ISO Specialist. An external consultant becomes a kind of temporary colleague and supports you with the implementation of the management system.

Outsource the entire process to an external consultant

A consultant will be part of your organisation for a short period of time, and you will be coached intensively. The consultant comes on site more often than during support and takes a lot of work off your hands. This ensures that you go through the implementation phase without stress, that you remain focused on your daily activities and that you spend less time setting up and describing the management system.

Use the software tool of My ISO Genius

You can achieve your ISO certification on your own. You can do this by using the convenient software tool My ISO Genius, which will guide you step by step through the certification process. The tool will guide you through all the steps necessary to obtain your ISO certificate, without an expensive consultant and without the frustration of hours of research. And also: without knowledge of standards. You read it correctly: no prior knowledge of standards is required. The software tool of My ISO Genius tells you everything you need to know. The standard requirements are translated into practical applications with clear explanations in understandable language. And what if you can't work it out? No problem: the support desk of My ISO Genius is ready to answer your questions or give you advice. Just send an email with your question to our support desk and one of our experts will give you an answer on short notice. You do it independently but you are certainly not alone.

The steps to ISO certification

The zero measurement

First of all, you look at what is already present in your organisation. To what extent do you already fulfil the requirements of your chosen standard? What is already there and what still needs to be done to meet the standard?

Documentation

Next, you draw up the documentation. In this phase, you want to meet the standard 'on paper', so put your procedures in writing and create the manual if it is not already there.

Keep records

Supplier assessment, risk analysis, complaints, customer satisfaction: these are all forms of registration files. Such registration files are required by almost every standard and now you are going to work with them too. Use and analyse the data, this is the way to adjust your management system.

Internal audit

In many management systems it is compulsory: the internal audit. But the internal audit is undervalued: see it as the ideal moment to check whether you are ready for the external audit or whether adjustments and corrections are still needed. A great dress rehearsal, do not miss the opportunity! The internal audit is also an important form of input for the management review.

Management review

Perhaps one of the most important documents in the quality system is the management review. With this, the management determines whether the management system actually supports the achievement of the intended objectives. It is about assessing the performance of the organisation and the effectiveness of the quality management system. An (additional) advantage of the management review is that it indirectly increases the involvement of management.

The audit

You have gone through all the steps. Your management system is implemented. The documentation is ready. The organisation has been informed. It is now time for the audit. An auditor visits your organisation to determine whether the management system is effective and whether it is being used properly. Afterwards, the auditor will send you a report with the result, the conclusion and any recommendations.

What are the costs of certification?

The costs of certification vary. It depends on how you plan to obtain your ISO certification: will you do it independently? Will you follow training courses? Will you hire an external consultant or will you outsource the entire process? The cost of certification depends on these factors. In this article we take a closer look at the costs per component, based on ISO 9001 certification.

Global

The costs for ISO certification also vary considerably depending on the size of your organisation. This can start from EUR 2750,- for the certification period of 3 years for ZZP'ers. Per 5 employees, this amount will increase in graduated form. An investment, but an investment that pays off! Here you can read how to save on the costs of ISO certification.

Can I get certification by myself or should I outsource this to someone?

Both are possible, this depends on a number of factors.
Do you already have (some) knowledge about ISO standards and certification? Do you have the time? Do you have a budget? But also: will you go for ISO certification to win a contract or tender? Or will you go for ISO certification because you want it yourself, because you want to take your organisation to the next level?

Do you already know about ISO standards and certification and do you have the time? Then you might want to consider getting certified yourself. You buy the standard and start working with it. You might also consider using the software tool My ISO Genius. This tool will guide you step by step through the certification process with only one possible outcome: you get that ISO certificate! The My ISO Genius software tool can be used even if you don't have any knowledge of standards: the tool will explain to you in clear and understandable language every step of the way, what the intention is and what actions you need to take. This could also be the way to go if you want to get ISO certification to take your organisation to the next level. By tackling the certification process yourself, either by purchasing the standard or by using the My ISO Genius software tool, you will know what the standard is about. Then of course it is always easier to see why certain actions are taken and what the effect is. Your quality management system will become much more alive in your organisation.

You don't have the time to spend on ISO certification, or does the certification need to be done in a reasonably short period of time because otherwise you might miss out on an order or a tender? Then you might consider hiring an external consultant to set up and complete the entire process for you. Of course, there must be a budget for this. Make sure that you keep an eye on the process so that the management system lives in the organisation and does not become just another administrative act that only one person knows about. You must ensure that everyone in your organisation knows what is going on and what you are doing. A management system that lives in and is supported by the organisation contributes to continuous improvement.

How long does certification take?

Let's make one thing clear: the certification process is not over when you get the certificate. You could say it has only just begun! Or you should let the certificate lapse, but then you have actually put in all that effort for nothing. Every ISO standard uses continuous improvement, and as the name suggests, this is a continuous process.

Which method do you use?

How long it takes to get your ISO certificate depends on the method you use. Are you going to use the My ISO Genius software tool to do it yourself? Then you decide how long it will take, either as fast or as slow as you want. An external consultant who implements your management system is also only concerned with your ISO certification and knows all the ins and outs, so he too will go through the process quickly.

Self

Are you going to work with your purchased standard yourself, either with or without guidance from an external consultant? Then use the handy software tool My ISO Genius. It will save you a lot of time on research: the system will guide you through all the steps needed for ISO certification and will make sure you understand what everything means. Everything is explained in clear and understandable language. Doing it all yourself? If so, you may find that the process takes a little longer because you have to figure everything out yourself. You will have to delve into the standard and interpret everything for your own organisation.

Specific

The question of how long certification takes can actually be divided into three components:

  1. How long is the period between deciding to obtain certification and obtaining it?
  2. How long does it take you to get your first certification
  3. How long does your organisation remain certified?

The first question depends on whether you are already working on quality management in your organisation (before ISO 9001). Is there already a structured system in place? If you have yet to start working on it, you should allow for a turnaround time of 4 months. Have you already been working in accordance with ISO 9001 for some time? Then it can be completed in a few months. The answer to question 2 depends on how you got started: by yourself or with the help of a consultant. But take into account about 1,5 to 7 months, depending on the size of your organisation.

Your certificate is in principle valid for three years, during which time a control audit is carried out every year. After these three years, you must recertify your organisation. The standard contains many components that must be continuously updated or periodically assessed. That is why you continue to work on your management system every year.

How long your organisation remains certified depends on the end date on your certificate and what you do with it afterwards. Will you let it expire or will you continue to work on continuous improvement? In the latter case, you should also include recertification. ISO 9001 has to get recertified every three years.

How long is an ISO certificate valid for?

The ISO 9001 certificate is valid for three years. During those three years, you must continue to maintain the management system in order to meet the requirements of ISO 9001. The certification body (CI) that issued you the certificate will also come and check on you every year through a control audit. This way, it is checked whether you really work according to the ISO 9001 standard requirements and are therefore still allowed to use the certificate.

After three years, instead of the control audit, you will undergo the recertification audit. This audit is of course much more extensive than the annual control audits. But if you have continuously maintained and updated your management system, an external audit should cost you considerably less effort than the first audit.

Do not forget that as an organisation you are obliged to carry out an annual internal audit. The internal auditor determines whether your management system is functioning properly and collects evidence to show that you are in control of the processes. The internal auditor also identifies bottlenecks and areas for improvement.

With all the information you obtain from the internal audit and also from the management review, you will work on adjustments to the policy, your objectives and your management measures, all continuously aimed at continuous improvement. By responding to the results of the internal audits, you guarantee the progress of improvements within your organisation. This keeps your processes and management systems in order.

Any questions?

With this article, we hope to have given you an overview of ISO standards, ISO certifications and what is involved. Do you have any questions about this article? Please do not hesitate to contact us, we are happy to help you.

About the author
KAM Consultants was founded by Joost Vaessen in 2011 After seeing various consultants working on ISO implementations in previous years, he decided that ISO certification was becoming far too complex. Reason enough for him to take up the adventure and start his own consultancy firm. Over the years Joost and his team of consultants have guided more than 1000 companies towards various ISO certifications. As a highly experienced consultant, Joost set himself the goal of simplifying ISO certification for companies by sharing knowledge, providing training and developing software.
Place comment