Guide to achieve
ISO System Certification

Before committing to implement an ISO system standard, every personnel of the organization should be made known and aware of this initiative. The management's involvement is crucial in this stage, as they need to make sure everyone understands the concept of the standard and how it will affect them in their daily tasks, procedures, formalities as well as the organization.

This is where you will need to dedicate a committee or team (usually head of departments) that will be assisting for the implementation process. Every person should be alert of their roles and responsibility. This also includes whether you will require any third-party assistance. The implementation strategy is different for every organization, as well as the time frame of it.

In this stage is where the related training takes place, the team need to be informed and knowledgeable of the standard. You'll need to review the requirements of the standard with your management team.

A gap analysis will be highly recommended, to identify which clause of the standard are you meeting, come close to meeting and where do you fall short. Prioritize which category needs to be addressed and work on those categories.

Setting up the management system depends on the complexity of your business processes. In this stage, you will need to fit in your existing processes and procedures to match the requirement of the standard.

The standard is a framework, to guide you on identifying the procedures or processes to be looked into under a monitored, functional and structured system.

This is where you will need to ensure everyone is following your management system practice.

| Write as what you do ; do as what you've written

The organization's commitment and cooperation is highly required to make a smooth transition and change for a new system taking place.

Prove your implementation, with evidence. You are required to produce evidence for your compliancy in form of records and documentation. Appropriate time (usually minimum of 3 months) is required to collect, obtain and organize data and information. These evidences are known as documented information by ISO. It will be reviewed by auditors to determine conformity towards standard your organization is to-be-certified.

In this stage, you should have also started to make contact with a certification body.

Here, you will perform an internal audit. Prior to a third-party audit, an internal audit is conducted to assess the implementation of the new management system, its effectiveness and any difficulties during the transition.

By conducting internal audit, you can highlight pertaining issues or improvements that can be made, which will then be raised to upper management for decision-making. This will also need to address and take corrective action toward procedures or activities not conforming to implemented ISO management system requirements.

A management review meeting is mandatory to be held. It is meant to be a method for leaders to partake, discuss and make decisions on any areas to be improved, and to evaluate every action taken to address risk and opportunity.

In this stage, you will need to confirm the audit schedule. The amount of time required to attain certification is dependent on the size of your organization and the complexity of your business processes. The certification issued will be valid for 3 years (1 cycle), there will be surveillance audits conducted annually to maintain your certification, ensuring conformity is maintained every year when certification is valid.

Your system will be audited by a certification body for its compliance towards management system requirements. The certificate will be issued and registered as certified once you have demonstrated that ISO standard requirements has been met and well implemented in the organization.

The portal has been designed specifically to ease every organization applying for certification. You can easily access your portal to view the overall status at all times, without going through endless emails and individual person-in-charge every time.