An ISO certification is not something that can be obtained by joining a group or subscribing to some platform, but it is something that can only be pursued within the scope of a specific auditing process.
Certified organizations have successfully implemented a management system in accordance with all the requirements detailed in the reference standard. To obtain certification, basically, it is necessary to implement a management system according to the latest version of the chosen standard and have the work carried out verified by an accredited body.
The process to obtain certification according to the major standards (e.g. ISO 9001, ISO 14001, ISO 27001 and ISO 45001) consists of two main parts:
1. Preparation
In this first phase, the company that wishes to be certified must fulfill all the requirements of the chosen ISO standard and prepare all the necessary documentation for the support of the company management system and its processes. Once this has been done, it is necessary to find an accredited body that assesses whether the management system can be certified and recognized through the issuance of an internationally valid certificate or not.
To complete this first part of the journey, you have two alternatives. Prepare yourself, assigning specific tasks to the people who work with you, or seek a consultant who supports you in the work and is able to train internal resources to manage the system in the future. The most critical part of this first phase is the overload of information which, if you are not in the trade, could create some problems, especially in trying to understand the standard chosen for certification well. Furthermore, the lack of experience could make you waste time on things that do not contribute significantly to the overall preparation.
However, if you have the possibility to use this time to grow your internal resources and to follow, albeit slowly, the path that leads to certification, you will recover the time invested once certified because you will already find yourself with the staff perfectly trained and able to maintain your management system effective over time without having to resort to external resources (with an advantage also in containing costs).
2. Audit
The second part of the certification process is entrusted to an accredited conformity assessment body. This phase consists of two audits. The first is the one in which the auditor will verify your documentation and its compliance with the requirements of the chosen standard. The second, on the other hand, is the moment in which the auditor will verify the application of the company system to daily activities.
If, at this point, everything is compliant with the requirements, you will obtain certification. The ISO certificate issued will be valid for 3 years and will require a surveillance audit once a year to verify if the processes and systems still work according to what was previously verified. After this period, the organization must be certified again by repeating the entire process.