Obtaining ISO Management System Certification

Published by admin on

When RKBC meets its customers, the first questions a customer asks is: What is the process for obtaining ISO Management System certification and how long will it take? This article aims to explain the process, explains why the timeframe is difficult to quote and why any consultant who provides a definitive timeline must not be trusted.

This is our process for contacting the customer and supporting them up to and sometimes through the ISO Management System certification audit. We are happy to work with any Certification Body, but should the customer not have a preference we suggest obtaining quotes from three Certification Bodies (see Are Certification Bodies all the same).

Steps to Certification:

1. Initial meeting

During the initial meeting we find out about the organisation, the products and services they provide. We also determine the intended scope of certification, the systems and processes they might already have in place, their system and documentation preferences, the risks we will be dealing with, the number and complexity of processes the company manages, etc. Access to any existing management documentation will need to be provided so that we can determine its suitability. We also like to witness operations in the workplace. This all helps us understand what we need to do for the organisation. This consultation is free.

2. Fixed Price Proposal

We develop a fixed price proposal which sets out the stages of supporting our customers through the process and the costs of each stage. The proposal is tailored to your organisation’s aims and needs based on the findings from our initial meeting. The cost is based on the anticipated number of days required to address the customer’s requirements. The proposal also provides an estimated timeline and again, no fee is charged for this.

3. Customer acceptance

Once the customer has accepted the proposal and provided any required information the work begins.

4. Planning

For customers who have a management system in place we review that system and determine any gaps or improvement opportunities. If our work only consists of checking an existing system for final compliance before ISO Management System certification, we produce a detailed clause by clause gap analysis. However if significant gaps have been identified during the Initial Meeting, we use a shortened gap analysis and then conduct a detailed system audit against the full requirements once the system is complete (see Step 12. Internal Audit).

Where a company has existing forms, procedures, policies or software we review them for suitability for inclusion in the final management system.

5. Integrated content

If we are authoring a system we start by ensuring the common requirements of the standards are addressed in the Management System. There are lots of common requirements between the management system standards such as document management, audit, management review, risk and opportunity assessment, etc. Our service is unique in that we provide the functional software tools required to support a management system and we do so free of charge. For larger businesses who may have hundreds of interactions with their management system every day we provide customised cloud software.

6. Quality, Safety and Environmental Content

Where the business does not already have it, we develop the content to meet the requirements of the quality, safety and environmental standards (where it isn’t already addressed by the Integrated Content).

9. Other Content

We can also integrate other agreed content such as documentation from Human Resources, Information Technology, Finance, etc.

10. Management Plans

We develop template Management Plans if you are dealing with project work. These plans are proper document templates which include guidance and instructions on how to complete them.

11. Implementation

The effort RKBC puts into Implementation is dependent on the customer. All companies will be introduced to their management system, receive management system training and written instructions for the tools we provide. This training is typically delivered in a single day via webinar or at the agreed location (unless otherwise documented in the proposal). For most customers this is enough, but some customers request multiple training sessions tailored to suit different users in multiple locations.

12. Internal Audit

When we build a management system we do two audits:

  • The first confirms that all the requirements of the management system standards are addressed.
  • The second confirms that operationally the system is being complied with.

13. Submission of System

Once the management system meets the standards it can be submitted to the chosen Certification Body for desktop review. If it passes (and it has never failed to), then the ISO Management System Certification Audit can be scheduled. We do no charge a fee for submitting systems for the desktop review.

14. Management Review

Typically a Management Review is conducted under our guidance, but we are happy for you to conduct your own. The management review considers the system, its adequacy, its implementation, its evolution and its expected adequacy going forward. It sets a datum for the ongoing cycle of Management Reviews.

15. ISO Management System Certification Audit

This is the last step in the process and consists of an audit conducted by the Certification Body to determine whether the Management System is working and there is evidence to prove it. Typically this is managed by the customer, but sometimes we assist or supervise this audit on behalf of the customer.


As you can see, this is a multi-stage body of work where RKBC’s level of support is dependent on many factors. With this complexity, being specific about the duration of the work is difficult, but we are able to estimate timings and deliver a fixed price proposal. To progress the work we will require information from you, we also require you to review what we produce and start using the provided tools. Most delays are due to the customer balancing their priorities and not being able to respond to our queries or submissions, but we understand this process doesn’t take precedence over work and we wait patiently for responses. Where the lack of a response halts our work, we advise accordingly and then await a response. If none comes, we will chase periodically after a short wait.

Example Timings

Below is an example of a proposal’s summary table which specifies the work required for a company who has one main operational process, nothing unusual by way of risks, already has documented safe work methods, requires a template management plan to cover quality, safety and environmental requirements and has less than 50 workers:

StageTaskEstimated ScheduleDays Labour
4PlanningWeek 12
5High Level Integrated Management SystemWeek 23.5
6Develop Quality Management contentWeek 33
7Develop Safety Management contentWeek 43.5
8Develop Environmental Management contentWeek 52
10Integrated Management PlanWeek 61.5
11ImplementationWeek 7-11Variable
12Internal AuditWeek 122
14Management ReviewWeek 132

Our Systems

Typically the systems we supply include the following:

  • Policies
  • Procedures
  • Forms
  • Management Plan Templates
  • Registers with advanced functionality to manage:
    • Non-conformances
    • Improvements
    • Complaints of an internal or external source
    • Training records including competence evaluations and expiring competences
    • Assets including safety equipment and equipment requiring servicing and calibration
    • Risks and Opportunities
    • Environmental impact monitoring
    • Suppliers and their performance
    • Injury records
    • Contractual clarifications or adjustments
    • Hazardous substances
    • Management System Contents
    • And more!

Other Services

We can also provide:

  • A range of other system documents including Employee Handbooks, Root Cause Analysis Methodology, Safety Data Sheets, Safety Inspection Guides, Delegated Authorisation Matrices, etc.
  • Cloud hosting of your management system including (Sharepoint, Intranets, HTML, Dropbox, OneDrive, Google Docs, etc.).
  • Internal Auditor Training
  • Guidance regarding off-the-shelf software systems (where we have experience of them).
  • Bespoke solutions to overcome process issues including phone apps, webforms, software applications and tools.
  • Software solution definition of requirements and capability assessments

Contact the Central Coasts Management System Consultants for a quote today.


A word from the Managing Director: “We aim to establish long term, mutually beneficial working relationships, helping organisations grow and avoid the pitfalls that many fall into. Too many organisations feel their certification is a burden. We want to help organisations realise the benefits of effective management systems and certification”