eBook - ePub
Preparing for ISO Certification Audit – A Plain English Guide
A step-by-step handbook for ISO practitioners in small businesses
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Preparing for ISO Certification Audit – A Plain English Guide
A step-by-step handbook for ISO practitioners in small businesses
About this book
"Before you decide if your company should go for the certification, you have to ask yourself one important question: Do you really need it?" This book is a complete guide that will not only help you decide on this crucial concern, but also lead you from the beginning of the certification project to the end. This book is not focused solely on one ISO standard – the certification process is the same for any standard, so the book is adapted in such a way that it is perfectly acceptable for ISO 9001, ISO 14001, ISO 27001, ISO 20000, ISO 22000, OHSAS 18001, ISO 13485, and IATF 16949.
Kosutic wrote Preparing for ISO Certification Audit: A Plain English Guide primarily for beginners in this field, and for people with moderate knowledge about ISO certification. The book is structured in such a way that someone with no prior experience or knowledge about ISO standards can quickly understand how the whole certification process works, and what steps to take for its successful completion.
This book is a straightforward guide for ensuring your company passes the certification audit, leading you through the following steps:
- The final check before going for the certification – this part of the book explains in detail all the necessary steps that need to be done before going for the certification.
- How to choose a certification body – here you will learn about the most important criteria for choosing the certification body. Among others, you should consider the reputation, specialization, and experience of a certification body.
- Steps in the company certification and how to prepare – in this part of the book you will learn more about the Stage 1 audit, Stage 2 audit, and surveillance visits – the three main steps in the certification process.
- Which questions the certification auditor may ask – this section of the book will give you insight into how the certification auditors usually perform the certification audit, explaining what documentation you should prepare, what evidence the auditor will try to find, and what kind of questions you can expect during the certification interview.
- How to talk to the auditors to benefit from the audit – "Don't forget that auditors are only people, and no matter how professional they are, they will always be glad if you treat them fairly, and will be negative if you treat them badly."
- What the auditor can and cannot do – this section is also very important in order to prepare your company for the certification audit. You have to be aware that there are borders that a certification auditor shouldn't cross.
Written in plain English with easy-to-understand language, this is the only book you will ever need on the subject.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Preparing for ISO Certification Audit – A Plain English Guide by Dejan Kosutic in PDF and/or ePUB format, as well as other popular books in Business & Operations. We have over one million books available in our catalogue for you to explore.
Information
Subtopic
OperationsIndex
Business1
INTRODUCTION
Why would your company go for ISO certification? How is company certification different from personal certification? And, is this book the right choice for you?
This book covers the certification process for all ISO management standards – ISO 9001, ISO 14001, ISO 27001, ISO 20000, ISO 13485, but also OHSAS 18001 and IATF 16949 (former ISO/TS 16949), so in the book I’ll refer to “ISO standard” or simply “standard” to cover any of these standards?
1.1 Why should your company go for the ISO certification?
Before you decide if your company should go for the certification, you have to ask yourself one important question: Do you really need it?
I must tell you there are many organizations who have implemented the standard without going for the certification – one obvious example being banks and other financial institutions. Regulations in most countries are such that they have to implement very strict information security procedures and safeguards, and the majority of them did that using ISO 27001. But, very few of them got certified – they concluded that there was no business reason for them to do so.
And, this is exactly what you need to do – consider carefully if you need the certificate. Here are the potential reasons why you might find the certification useful:
1) Marketing. You can use the certificate to get some new clients (because of, e.g., tenders), or to stay in the business (e.g., all your competitors already have the certificate).
2) Compliance. In rare cases some regulations will require you to implement particular ISO standard, but you may have cases where you will sign contracts with clients that oblige you to implement e.g. quality management system compliant with ISO 9001. And, instead of having to stand the auditors from each of your clients who want to check whether you have fulfilled the contract, you can have the certification auditor do the job, and then show everyone else the certificate.
3) Internal pressure. In some companies, these kinds of projects will never finish unless there is powerful pressure – e.g., a clear deadline. So, if you agree with the certification body on a fixed date for the certification audit, both your management and your employees will have a much stronger sense of urgency for finishing the project.
4) Objective inputs. If you want your information security to be implemented in the best possible way, it is good to call in people with high experience and who know how you can benchmark with the best in the industry. Certification auditors will be more than happy to audit someone who is trying really hard and they will provide inputs on what you could improve.
So, if you found at least one of these benefits applicable to your company, then you should probably go for the certification; but, the opposite is also true: if you didn't find yourself in any of these bullets, your company probably doesn’t need the certificate at all.
1.2 Certification vs. registration vs. accreditation
Before moving deeper into the topic of certification, let’s clarify some basic things first.
How the company certification works. First of all, ISO standards are published by the International Organization for Standardization – this is an international body founded by governments around the world. Its purpose is to publish standards as a way to deliver knowledge and best practice – as of now, almost 20,000 standards are published in total, and they are recognized in every country.
ISO management standards are only part of these 20,000 standards, which were created primarily as a help for companies to improve their operations in certain areas (e.g., ISO 9001 for quality management, ISO 27001 for information security management, etc.) – this is why most of the talk about these standards is related to companies and their registration, certification, and accreditation.
Certification vs. registration. When you want to say that a company has implemented a standard (e.g., an Environmental Management System according to ISO 14001), has successfully completed the certification audit, and the certification body has issued the certificate, you would normally call this registration or certification.
In North America, the term “registration” is most commonly used, while in the rest of the world it is usually called “certification.” So, is there a difference? Technically, yes; but essentially, no.
Certification is when a certification body issues the certificate proving that a company is compliant with a standard; registration is when this certificate is registered with the certification body. So, basically, it comes down to the same thing – a company got a certificate that is formally recognized.
By the way, the International Organization for Standardization recommends usage of the term “certification,” so I’ll use this term from this point forward in this book.
Certification body vs. registrar. This is the terminology difference that directly arises from the usage of certification/registration terms – in North America people usually use the term registrars, while in the rest of the world they are called certification bodies.
But, again, this is one and the same thing – those are the institutions that perform the certification audits and issue the certificates. Here, also, the ISO recommends using the term “certification body.”
Accreditation vs. certification. What is the accreditation, then? In order for certification bodies to be able to perform the certification audits and issue the certificates, they need to get a license – and this license is called “accreditation.” So, certification bodies are getting accredited, while companies are getting certified. (The certification body needs to be compliant with the standard ISO 17021 if they want to get accredited for certifying management systems.)
There is usually only one accreditation body for each country (e.g., UKAS for the United Kingdom), while there are several certification bodies operating ...
Table of contents
- COVER
- ABOUT THE AUTHOR
- TABLE OF CONTENTS
- PREFACE
- 1 INTRODUCTION
- 2 ENSURING YOUR COMPANY PASSES THE CERTIFICATION AUDIT
- 3 MINI CASE STUDY: PREPARING A TELECOM COMPANY FOR A CERTIFICATION
- APPENDIX A – LIST OF QUESTIONS TO ASK A CERTIFICATION BODY
- APPENDIX B – INFOGRAPHIC: THE BRAIN OF AN ISO AUDITOR – WHAT TO EXPECT AT A CERTIFICATION AUDIT
- BIBLIOGRAPHY