The process of obtaining ISO Management System Certification
When RKBC meets its customers, the first questions a customer asks is: What is the process for obtaining certification and how long will it take? This article aims to explain the process, explains why the timeframe is difficult to quote and why any consultant who provides a definitive timeline must not be trusted.
This is our process for contacting the customer and holding their hand all the way to and sometimes through certification. We are happy to work with any Certification Body, but should the customer not have a preference we suggest contacting three Certification Bodies to obtain quotes from (see Are Certification Bodies all the same).
Steps to Certification:
1. Initial meeting
During this meeting we find out about the organisation, the products and services they provide, the intended scope of certification, their systems and processes they might already have in place, their system and documentation preferences, the risks we will be dealing with, the number and complexity of existing processes, etc. We request access to any documentation already serving management purposes so that we can determine its suitability. We also like to witness operations in the workplace. This all helps us understand what we need to do for the organisation. This consultation is free.
2. Fixed Price Proposal
We develop a fixed price proposal which sets out the stages of supporting our customers through the process and the relative costs of each stage. The proposal is tailored to your organisation’s aims and needs, the risks, the size of the organisation, the existing processes and systems in place, etc and is based on the anticipated number of days required to address all the requirements. The proposal also provides an estimated timeline and again, this is at our cost.
3. Customer acceptance
Once the customer has accepted the proposal and provided any required information the work begins.
For customers who have a management system in place we review that system and determine any gaps or improvement opportunities. If our work only consists of checking an existing system for final compliance before certification, we produce a detailed clause by clause gap analysis. However if significant gaps have been identified during the Initial Meeting, we use a shortened version of the gap analysis and then conduct a detailed system audit against the full requirements once the system is complete (see Step 12. Internal Audit).
5. Integrated content
If we are authoring a system we start by ensuring the common requirements of the standards are addressed in the Management System. There are lots of common requirements between the management system standards such as document management, audit, management review, risk and opportunity assessment, etc. Our service is unique in that we provide the functional software tools required to support a management system and we do so free of charge. For larger businesses who may have hundreds of interactions with their management system every day we provide customised cloud software.
6. Quality, Safety and Environmental Content
Where the business does not already have it, we develop the content to meet the requirements of the quality, safety and environmental standards (where it isn’t already addressed by the Integrated Content).
9. Other Content
We can also integrate other agreed content such as documentation from Human Resources, Information Technology, Finance, etc.
10. Management Plans
We develop template Management Plans if you are dealing with project work. These plans are proper document templates which include guidance and instructions on how to complete them.
The effort RKBC puts into Implementation is dependent on the customer. All companies will be introduced to their management system, receive management system training and written instructions for the tools we provide. This training is typically delivered in a single day via webinar or at the agreed location (unless otherwise documented in the proposal). For most customers this is enough, but some customers request multiple training sessions tailored to suit different users in multiple locations.
12. Internal Audit
When we build a management system we do two audits:
- The first confirms that all the requirements of the management system standards are addressed.
- The second confirms that operationally the system is being complied with.
13. Submission of System
Once the management system meets the standards it can be submitted to the chosen Certification Body for desktop review. If it passes (and it has never failed to), then the Certification Audit can be scheduled. We do no charge a fee for submitting systems for the desktop review.
14. Management Review
Typically a Management Review is conducted under our guidance, but we are happy for you to conduct your own. The management review considers the system, its adequacy, its implementation, its evolution and its expected adequacy going forward. It sets a datum for the ongoing cycle of Management Reviews.
15. Certification Audit
This is the last step in the process and consists of an audit conducted by the Certification Body to determine whether the Management System is working and there is evidence to prove it. Typically this is managed by the customer, but sometimes we assist or supervise this audit on behalf of the customer.
As you can see, this is a multi-stage body of work where RKBC’s level of support is dependent on many factors. With this complexity, being specific about the duration of the work is difficult, but we are able to estimate timings and deliver a fixed price proposal. To progress the work we will require information from you, we also require you to review what we produce and start using the provided tools. Most delays are due to the customer balancing their priorities and not being able to respond to our queries or submissions, but we understand this process doesn’t take precedence over work and we wait patiently for responses. Where the lack of a response halts our work, we advise accordingly and then await a response. If none comes, we will chase periodically after a short wait.
Below is an example of a proposal’s summary table which specifies the work required for a company who has one main operational process, nothing unusual by way of risks, already has documented safe work methods, requires a template management plan to cover quality, safety and environmental requirements and has less than 50 workers:
|Stage||Task||Estimated Schedule||Days Labour|
|5||High Level Integrated Management System||Week 2||3.5|
|6||Develop Quality Management content||Week 3||3|
|7||Develop Safety Management content||Week 4||3.5|
|8||Develop Environmental Management content||Week 5||2|
|10||Integrated Management Plan||Week 6||1.5|
|12||Internal Audit||Week 12||2|
|14||Management Review||Week 13||2|
Typically the systems we supply include the following:
- Management Plan Templates
- Registers with advanced functionality to manage:
- Complaints of an internal or external source
- Training records including competence evaluations and expiring competences
- Assets including safety equipment and equipment requiring servicing and calibration
- Risks and Opportunities
- Environmental impact monitoring
- Suppliers and their performance
- Injury records
- Contractual clarifications or adjustments
- Hazardous substances
- Management System Contents
- And more!
We can also provide:
- A range of other system documents including Employee Handbooks, Root Cause Analysis Methodology, Safety Data Sheets, Safety Inspection Guides, Delegated Authorisation Matrices, etc.
- Cloud hosting of your management system including (Sharepoint, Intranets, HTML, Dropbox, OneDrive, Google Docs, etc.).
- Internal Auditor Training
- Guidance regarding off-the-shelf software systems (where we have experience of them).
- Bespoke solutions to overcome process issues including phone apps, webforms, software applications and tools.
- Software solution definition of requirements and capability assessments
Contact the Central Coasts Management System Consultants for a quote today.