ISO Certification Process
ISO Certification Steps
The process of management systems certification is straightforward. It follows a generic approach that is consistent for all the ISO management systems’ standards – ISO 9001, ISO 14001, ISO 45001, ISO 50001, ISO 27001, ISO 22301.. etc.
You will need to fill the inquiry form on our website to understand your requirement. We will use this information to accurately define the scope of audit and provide you with a proposal for certification.
Also you can reach us via phone, WhatsApp, or by sending an email with your requirements, and out team will contact you within 12 hours only.
Afterwhich they will send you a detailed proposal outlining the cost and duration for the ISO certificate to be issued.
Once you’ve agreed on your proposal, our team will contact you to book an audit schedule. Your audits will be booked with a UCS Auditor. This audit consists of two mandatory audits that form the initial certification audit (stage 1 and stage 2 audits). Please note that you must be able to demonstrate that your company is fully operational and your management system is in compliance with the required ISO standard requirements, and the management system has been subject to a management review and a full cycle of internal audits.
*Note: there may be additional requirements for some of the more technical standards – we will advise you of the same.
The ISO Certification process is as follows:
• Step 1
• Step 2
• Audit plan
• Step 3
• Certification audit (stage 1 and stage 2 audits)
• Audit report
• Step 4
• Certification decision
• Invoicing and draft certificate
- Step 5
• Final certificate
Following a successful two stage audit, a certification decision is made, and if positive, a certificate will be issued by UCS showing conformity with the related ISO standard.
The certificate will be valid for 3 years upon passing the annual surveillance audits. A re-certification audit is done every 3 years.
The ISO certificates are accredited by ASIB- ISO Global Register.
All UCS certificates can be validated through the validation page.
ISO Certification Audit
The purpose of this audit is to confirm that your organization is ready for the certification audit. This audit will take place at your organization where the management system is applied (normally head office), and it will be a documentation review audit.
During stage 1 audit, the auditor will review the internal audit reports and management review process. Certification may not be issued until there is sufficient evidence to demonstrate that arrangements for management reviews and internal audits have been implemented, are effective and are well maintained.
The purpose of this audit is to confirm that the management system fully conforms to the requirements of the chosen standard in practice. If you undertake site work or have more than one location that you would like to include in the scope of certification, the auditor will also need to audit these activities / locations.
During stage 2 audit, the auditor will:
- document how the system complies with the standard by using objective evidences
- undertake sample audits of the processes and activities defined in the certification scope
- visit any remote locations, additional sites or remote activities to evaluate the effectiveness of the management system off site
- report any non-conformities or opportunities for improvement
- produce a surveillance audit plan and agree on a date for the first annual surveillance visit
If the auditor identifies any major non-conformity, certification cannot be issued until corrective action is taken and verified. Accreditation requirements stipulate that if this is not completed within 6 months, then certification cannot be recommended without a further stage 2 audit.
Once the certification is obtained, a certificate will be issued and will be valid for 3 years only upon the successful completion of annual surveillance audits (partial audits) and a 3 yearly re-certification audits (full system audits).
Surveillance audits are undertaken annually to ensure that compliance to chosen standard(s) is maintained throughout the three-year certification cycle.
The frequency and duration of surveillance audits is dependent on the following factors:
- size and structure of organization
- complexity and degree of risk related to the activities
- number of management system standards included in the certificationscope
- number of sites listed within the certificationscope
During the surveillance audit you must demonstrate continual improvement. This is a fundamental requirement of all the ISO standards.
What Happens If Your Business Changes During This Time?
Don’t worry – we are used to organizations of all shapes and sizes changing on a regular basis including additional locations / activities and increase or decrease in head count. We can provide you with all the options to change and adapt your scope / standards / management system to suit your business requirements – we just need you to be honest with us and let us know if anything changes as soon as possible.
- confirm the accuracy of information that you submitted during the application process
- confirm that the management system conforms to the requirements of the applicable standard
- confirm the implementation status of your management system(s)
- confirm the certificationscope
- check the legislative compliance
Our approach to certification is designed to enable the certification programme to suit your business requirements – not the other way around!
A special visit may require to be made to the certificate company’s premises in the following circumstances
- UCS has reason to believe that the documented systems are inadequately maintained with major deficiencies in operation.
- In case of any change in the management system standard due to which the certification requirements are going to be changed, clients will be intimated in advance for the transition audit and the audit will be scheduled after the consent of the organization. But the audit has to be done before the defined time frame.
Upon intimation by the certified company, of any significant change in the certified documented system. Including extension of scope visit will decide, whether the extension of scope sector can be granted or not. This may be clubbed with the surveillance audit this surveillance audit program shall include at least
(A) Internal audit and management review
(B) A review of actions taken on NC identified during the previous audit.
(C) Treatment of complaint
(D) Effectiveness of the management system w.r.t. achieving the certified client objectives.
(E) Progress of planned activities aimed at continual improvement
(F) Continuing operational control
(G) Review of any changes
Short Notice Audit
As a result of a complaint, by any party, any adverse publicity or contravention of the conditions of certification or other information received and suspended client. The special visits will be undertaken after due notice has been given and details agreed between UCS and visits will be undertaken after due notice has been given and details agreed between the certified company. Due care is taken of the following.
- Information is given to the client in advance regarding the resource of the visit with details.
- Due care is taken to select the auditor to Safeguard Lack of Reason to client for objection to the auditor.
Suspension, Withdrawal, Extension and reduction of Certification
Suspension : The grounds for suspending the certificate are as follows
- If the certified organization is not getting the Surveillance audit conducted as per the certification agreement.
- If the client is found to misuse the logo of the Certification Body or is using any kind of misleading statement which might affect the reputation of the certification body and the accreditation board.
Procedure For Suspending, Withdrawing or Reducing The Scope of Certification
To decide the method of Suspending, withdrawing or reducing the scope of certification
The UCS suspends certification in cases when,
- The client’s certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system,
- The certified clients does not allow surveillance or recertification audits to be conducted at the required frequencies, or
- The certified client has voluntarily requested a suspension.
- If clients does not follow the agreed terms and conditions for certification services.
The key responsibility lies with Director Certifications
When information is received from either by customer or auditor regarding the suspension, UCS sends the suspension of certification letter to the client for the period of one month.
- Issue a suspension letter to the client. Stating reason, suspension period etc.
- Under suspension the client’s management system certification is temporarily invalid, the UCS have made enforceable arrangements with its client to ensure that in case of suspension the client refrains from further promotions of its certification. The UCS has established a method for putting the information of suspension of certificate on website to make publicly accessible the suspended status of the certification and takes any other measures it deems appropriate.
- If within the given period of time the customer resolves the issue and asking for reassessment of the management system for continuation of the certificate, the operations manger arranges the assessment arrangement.
- Failure to resolve the issues that have resulted in the suspension in time established by the UCS maximum period can be given four weeks only, result in withdrawal or reduction of the scope of certification.
- Communication of the same to stop the use of same Certification Logo to all concerns.
- Inform the client for not using the certification status during the period of suspension
- If the client does not respond within the suspension period. The same information is put up in front of certification committee. Upon approval of certification committee, the request is send to Director Certifications for authorization to withdrawal of certificate. Upon the withdrawal of the client the status of client on UCS website is changed to withdrawn.
- Withdrawn certificate is collected and destroyed as per the procedure established in for control of records i.e. by shredding/tearing to avoid the misuse of the certificate.
- The UCS reduces the client’s scope of certification to exclude that part not meeting the requirements, when the client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. Any such reduction is in line with requirements of the standard used for the certification.
- The UCS has enforceable arrangements with the certified client concerning conditions of withdrawal, ensuring upon notice of withdrawal of certification that the client discontinues its use of all advertising matter that contains any reference to a certified status.
- Upon request by any party, the certification body correctly state the status of certification of a client’s management system as being suspended, withdrawal or reduced.
- On suspension of client, the status on ucsiso.com website is changed to suspended for the client
Procedure For Audit of Multi Site
To document, establish, implement and maintain the system for conducting the audit of a multi -site organization, in accordance with requirements ISO/IEC 17021-1:2015 and IAF Mandatory Document for the Certification of Multi-Sites Based on Sampling, IAF MD 1:2007.
This procedure is applicable to the audit of a multi-site and does not apply to organizations that have multi-sites where fundamentally different processes or activities are used at different sites or a combination of sites, even though they may be under the same management system. This procedure is applied to all types of audits; initial, surveillance and re-certification, of a multi site organization.
4.0 Policy & Procedure
4.1 General Requirements
4.1.1. Multi-site organization is defined as an organization having an identified central function (central office) at which certain activities are planned, controlled or managed and a network of local offices and branches (sites) at which such activities are fully or partially carried out. Examples of possible multi-site organizations are,:
- Organizations operating with franchises
- Manufacturing companies with a network of sales offices (applying to sales network)
- Service organizations with multiple sites offering a similar service
- Companies with multiple branches
4.1.2. A multi site organization need not be a unique legal entity, but all sites shall have a legal or contractual link with the central office and be subject to a common management system. The management system is laid down, established and subject to continuous surveillance and internal audits by the central office. This means that the central office has rights to ensure that the sites implement corrective actions when needed at any site.
4.1.3. The processes at all the sites have to be substantially of the same kind and have to be operated to similar methods and procedures. Where some of the sites under consideration conduct similar, but fewer processes than others, they may be eligible for inclusion provided that the site or sites, which conduct most processes or critical processes, are subject to full audit. All the sites shall be in the same country.
4.1.4. Organizations, which conduct their business through linked processes in different locations, are also eligible for sampling under multi-site. Where processes in each location are not similar but are clearly linked, the sampling plan shall include at least one example of each processes conducted by the organization (e.g. fabrication of electronic component in one location, assembly of the same components – by the same company in several other locations)
4.1.5. The organization’s management system shall be under a centrally controlled and administered plan and be subject to central management review. All the relevant sites including the central office shall be subject to the organization’s internal audit program and all sites have been audited prior to certification audit. Following certification an internal audit shall be done at each site within the certification period.
4.1.6 The central office has established management system in accordance with the relevant ISO and/ or other international management system standards and the whole organization meets the requirements of the standard including relevant legal regulations
4.1.7 The organization should demonstrate its ability to collect and analyze data (system documentation and changes, management review, complaints, corrective actions, internal audit, legal requirements etc) from all sites including the central office and its authority and also demonstrate its authority and ability to initiate organization changes if required.
4.1.8 If all the sites of an organization where the activity subject to certification is performed are not ready to be submitted for certification at the same time, the organization shall be required to inform UCS in advance of the sites that it wants to be included in the certification and those which are to be excluded
4.2 Audit process
4.2.1. Multisite Organization:
In case of a multi-site organization the application review & agreement are conducted as per procedure. At this stage the review shall identify the following,
a]. The complexity and the scale of the activities covered by the management system and any differences between sites as a basis for determining the level of sampling.
b]. Identify the central function of the organization with which UCS has a legally enforceable agreement for the provision of certification.
c]. To what extent sites of an organization operate substantially the same kind of processes according to the same procedures and methods.
d]. Are all the sites included in the certification are ready to be submitted for certification at the same time. Sites not ready shall be excluded from the scope of certification
4.2.2. The planning & preparation for audit including selection of audit team are done as per documented procedure in procedure manual.
4.2.3The audit of the multi-site including stage-1 and stage-2 audit is performed as per the procedure for initial audit. If more than one audit team is involved in the audit, UCS shall designate a unique audit leader whose responsibility is to consolidate the findings from all audit teams and to produce a combined report
4.2.4The central office and the sites selected are audited as per this procedure.
4.2.5 Whenever any non-conformity is found at an individual site, either through the organization’s internal auditing or auditing by UCS, the auditor shall investigate whether it leads to a system deficiency affecting all other sites or limited to the particular site only. If it is found a system deficiency correction and corrective action should be performed both at central office and at the individual sites. If the corrective action is found limited, to only the site where the nonconformity has been reported, the auditor should seek the justification for limiting its follow up corrective action.
4.2.6. The auditor shall verify the evidence of these actions and accordingly increase its sampling frequency and / or the size of the sample until it is satisfied that the control is re-established.
4.2.7 At the time of the decision making process, if any site has nonconformity pending the certification shall be denied to the whole network pending satisfactory corrective action.
4.2.8 If any site has nonconformity; the exclusion of that problematic site from the scope is not permitted at this stage. Such exclusion should have been agreed before the certification as stated in 4.2.1 (d).
4.3 Certification Document
4.3.1.The sites included in the certificate are either individually audited or audited as per sampling scheme outlined in section 4.4
4.3.2 These documents shall identify the central office and a list of all sites to which the certification document relate. This document shall indicate clearly the certified activities performed by the network of sites on the list. If the certification scope of the sites is only issued as part of the general scope of the organization, its applicability to all sites shall be clearly stated.
4.3.3.The certificates may be issued to the organization for each site under condition that they contain the same scope or sub-scope of that scope and make a clear reference to the main certification document.
4.3.4. UCS shall withdraw the entire certificate if the central office or any of the sites does not fulfill the necessary provisions for the maintenance of the certification.
4.3.5. UCS shall inform the organization, about additional requirements for granting multi- site certification and this document shall be sent along with the quotation. This document shall also be made publicly available on the UCS web site.
4.3.6. UCS shall grant additional sites to the existing certification either through the routine surveillance , special audit or re-certification audit . Sampling for the additional sites shall be done as specified in section 4.4 & 4.7
18.104.22.168 Part of the sample shall be selected based on factors stated in section 22.214.171.124. & partly non selective and should result in a representative of different sites selected, including the random element of sampling.
126.96.36.199 At least 25% of the sample should be selected at random
188.8.131.52 The site selection may include among others the following aspects,
- The sizes of the sites and the number of employees (e.g. more than 50 employees on a site);
- The complexity or risk level of the activity and of the management system
- Variations in working practices (e.g. shift working);
- Variations in activities undertaken;
- Records of complaints and other relevant aspects of corrective and preventive action;
- Any multinational aspects;
- Results of internal audit and management review.
The minimum number of sites to be visited per audit is:
I• nitial audit: the size of the sample shall be the square root of the number of sites: (y=√x), rounded up to the next whole number, where y = number of sites to be sampled and x = total number of sites.
- Surveillance audit: the size of the annual sample shall be the square root of the number of sites with 0.6 as a coefficient (y=0.6 √x), rounded up to the next whole number.
- Re-certification audit: the size of the sample shall be the same as for an initial audit. Nevertheless, where the management system has proved to be effective over the certification cycle, the size of the sample could be reduced to, y=0.8 √x, rounded up to the next whole number.
184.108.40.206. When the organization has a hierarchical system of branches (e.g. Head or central office, National Offices, regional offices, local branches), the sampling model for the initial audit as defined above applies at each level. For example, (for other management systems)
- 1 Head office: visited at each audit cycle (initial or surveillance or re-certification)
- 4 national offices: sample =2: minimum 1 at random
- 27 regional offices: sample=6: minimum 2 at random
- 1700 local branches: sample=42: minimum 11 at random
4.5. Audit times
4.5.1. UCS shall justify the time spent on multi-site audits in Audit time estimation sheet and the number of man days per site, including central office shall be calculated as per procedure
4.5.2. UCS may apply reduction in auditor time taking into account clauses that are not relevant to the central office and /or the local sites and shall record the reasons for the justification of such reductions in Multisite registerf. The sites, which carry out most or critical processes, shall not be subject to reductions.
4.5.3. The total time spent on initial assessment and surveillance is the total sum of the time spent at each site plus the central office and should never be less than that which would have been calculated for the size and complexity of the operation if all the work had been undertaken at a single site (i.e. with all the employees of the company in the same site)
4.6. Temporary site
4.6.1. A temporary site is one set up by an organization in order to perform specific work or a service for a finite period of time and which will not become a permanent site (e.g. construction site)
4.6.2. Temporary sites that are covered by the organization’s management system may be subject to audit on a sample basis to provide evidence of the operation and effectiveness of the management system
4.6.3. If the organization desires to include the temporary sites within the scope of certification UCS shall do so under an agreement with the client organization. Where included in the scope such sites shall be identified as temporary.
4.7. Additional sites
4.7.1. It is a new site or group of sites that will be added to an existing certified multi-site network
4.7.2. On application of a new group of sites to join an already certified multi site net work, each new group of sites should be considered as an independent set for the determination of the sample size as per the steps detailed in sections 4.4.1 & 4.4.2.
4.7.3 After inclusion of the new group in the certificate, the new sites should be cumulated to the previous ones for determining the sample size for the future surveillance or re-certification audits.
Following the certification of your ISO management system, you are permitted to use the certificate and certification logos (hereinafter referred to as ‘the certification marks’) provided by UCS ISO Certification in accordance with the following instructions:
- The certification marks must not be used on a product or product packaging seen by the consumer, or in any other way which might be interpreted as denoting product, process or service conformity.
- The use of any statement on product packaging or in accompanying information that the organization has a certified management system, shall in no way imply that the product, process or service is certified by this means and shall include reference to:
a. identification of the organization
b. the type of management system and the applicable standard
c. the certifying body (UCS ISO Certification)
NB: Product packaging is considered as that which can be removed without damage or disintegration being caused to the product. Accompanying information is considered as separately available or easily detachable.
- The certification marks must not be applied to laboratory test, calibration or inspection reports.
- You must conform to UCS ISO Certification’s requirements and brand guidelines when making reference to your certification status or when using the certification marks within any kind of communication media, including the internet, brochures or advertising, or other documents.
- You must not make or permit any kind of misleading statement regarding your certification, nor permit the use of a certification document, or part thereof, in a misleading manner including, for the avoidance of doubt, any statement which misrepresents the scope or scale of your certification.
- The organization must not imply that certification applies to any sites or activities beyond those which UCS ISO Certification has specifically agreed to be included.
- If your certification is withdrawn, suspended or reduced, you must immediately discontinue the use of all advertising matter that refers to the certification, as directed by UCS ISO Certification.
- If the scope of your certification is reduced, any advertising material affected by this should be amended accordingly.
- You must not allow your certification to be referred to in any way which implies that you are certifying a product, service or process.
- You must ensure that your certification is not referred to in a way which implies that it incorporates activities outside the scope of your certification.
- You must not use your certification in a manner which would bring UCS ISO Certification or its certification system into disrepute and/or lose public trust.
- The certification marks should only be used in the colours and sizes provided by UCS ISO Certification.
- UCS ISO Certification will take action, including legal action, to deal with any contravention of the above instructions.
Where you can use certification marks
- Marketing material, including brochures, advertisements, case studies, annual reports and Powerpoint presentations.
- Websites, e-mails and social media sites.
- Corporate stationery, invoices and quotations for work.
- Internal or external buildings.
- Flags and banners.
Where you cannot use certification marks
- Goods or products (including services)
- Packaging and labels
- Test or calibration certificates
- Training certificates
- Use of other certification marks
Other certification marks
Whilst an assortment of certification marks can be found on the internet, these must not be used in connection with your UCS ISO Certification certifications.
Click here to download the procedure.