Most ISO management system standards offer third party certification from accredited certification bodies
A third party certification means the management system is audited by an independent organization. Most ISO management system standards such as ISO 9001, ISO 27001, etc. allow the implemented management system to be certified by a third party. The certification body audits the implemented system against the standard chosen, and certifies that the system complies to the said standard.
Route to certification:
- The organization decides to develop a system based on an ISO standard such as ISO 9001, ISO 27001, etc.
- The organization develops and implements the required documents - manuals, procedures, policies, etc.
- Employees are trained (awareness)
- Team of Internal Auditors is trained
- The trained internal auditors audits the implemented management system
- The respective auditees implement corrective actions on the nonconformities identified during internal audits
- The top management conducts a review of the implemented management system
- Key decisions from the management review are implemented
- The organization applies to a certification body
- The certification body conducts a desktop review / stage I audit of the documented management system
- The certification body conducts a onsite audit / stage II audit of the implemented management system
- Upon satisfactory compliance the certification body issues a Certificate valid for 3 years.
- During the 3 years tenure, the certification body conducts continual assessments / surveillance audits of the certified management system
- After 3 years, the organization applies for certification continuation / re-certification.