Implementing ISO standards is one of the most effective ways to support your organisation. It can bolster your business prospects, help you gain new clients and save money. However, the certification process can appear daunting, with many questions to answer before you begin.
As ISO standards experts, we understand your concerns when setting out on a certification project. We’ve compiled some of the most common questions we get asked in this definitive ISO standards FAQ guide.
Whether you’re just starting your implementation journey or are looking to deepen your understanding, our guide will help you understand the complexities of ISO standards and help you on your path to certification.
What are ISO standards?
ISO standards are a set of specifications that establish best practices for completing specific tasks.
Most standards provide guidelines for how products, parts or services are made and delivered. You can follow these frameworks to generate consistent output and guarantee uniformity throughout the industry.
Other standards outline internal practices. These are known as MSSs (management system standards), and they contain sets of policies, processes and procedures that help organisations meet specific business goals, such as supporting workplace health and safety or protecting customer data, from names and contact addresses to financial records.
Why are ISO standards necessary?
Each ISO standard represents a globally recognised blueprint for excellence. They set out precise specifications to complete duties, drawing on the expertise of industry professionals to highlight the most effective way to proceed.
These standards also ensure that all organisations use the same specifications. This promotes interoperability – you want to ensure that parts produced by one organisation are compatible with those produced by another, for example – but it also fosters better collaboration between suppliers and business partners.
With increasingly complex supply chains and dependence on data interoperability, organisations need to be confident that other entities in the supply chain meet an agreed and clear set of standards – whether they are manufacturing goods or processing cloud-based data, for example.
Who sets ISO standards?
The International Organization for Standardization develops ISO standards. It’s an independent, non-governmental organisation composed of representatives from national standardisation bodies.
These representatives work together to develop and publish international standards. They also consult with industry professionals, government bodies, consumer groups and academic institutions to ensure the specifications are relevant, applicable and aligned with best practices.
What is ISO certification?
Organisations that implement an ISO management system standard can get formal recognition through certification. A third-party Certification Body (CB) awards these certificates, which act as proof that the organisation adheres to the standard’s specifications.
Certification Bodies, such as Certification Europe, assess an organisation’s management system(s) to ISO standards and award certification based on the outcome of this independent assessment.
Find out how you can get certified with our certification services.
Is ISO certification mandatory?
There is no legal requirement to gain ISO certification. They are voluntary frameworks that organisations can follow to help their operations run more smoothly.
That said, many suppliers will only work with partners that are certified to a relevant ISO standard. This is particularly true when seeking government contracts, where evidence – usually in the form of third-party certification – is typically required.
How many ISO standards are there?
If something is made or developed, there is almost certainly an ISO standard for it.
There are 24,000 ISO standards, covering everything from establishing shoe sizes (ISO 9407) to making a cup of tea (ISO 3103). But when organisations talk about ISO, they’re usually referring to MSSs (management system standards). These set out the specifications for internal frameworks to meet a particular business objective.
There are more than 80 MSSs in total. Many relate to specific workplace practices, such as IT service management or manufacturing medical devices, but others are industry-neutral and cover topics such as occupational health and safety and energy management.
Visit the ISO website to see the complete list of management system standards.
What are the main ISO standards?
The ISO standards that you’re most likely to encounter are:
ISO 9001 – Quality Management
ISO 14001 – Environmental Management
ISO 45001 – Occupational Health and Safety
ISO 50001 – Energy Management
ISO 27001 – Information Security
ISO 22301 – Business Continuity Management
Does ISO certification apply to my industry?
The ISO develops a range of standards that cover various industries and sectors. There may well be an ISO standard for your line of work, but many frameworks apply broadly to general workplace best practices. Take ISO 45001, for example, which addresses occupational health and safety. This is something that almost every organisation should manage proactively, and the standard can help you do this effectively.
Why should my organisation seek ISO certification?
There are many benefits to ISO certification, but the main reasons are:
Generating new business – Many organisations, and government agencies in particular, only work with partners that have a relevant ISO certification. By certifying, you create new opportunities to win business.
Gaining a competitive advantage – Even if potential clients don’t explicitly require partners to achieve ISO certification, they’ll be impressed by anyone who has done so. It demonstrates a commitment to excellence and proves that your organisation operates safely and reliably.
Streamlining processes – ISO standards provide a proven strategy for optimising operations, ensuring they are as efficient as possible. Whether you’re tackling waste reduction, data protection, or environmental concerns, the specifications can improve productivity and create time-saving documentation.
Saving money – One thing that management system standards have in common is their emphasis on efficiency. From improving product quality to preventing information security breaches, the specifications help organisations improve workflow and reduce costs.
Regulatory compliance – Many ISO standards align with legal requirements in specific industries or countries. By following these specifications, you are better equipped to comply with regulations and avoid fines or other enforcement actions.
Avoiding risks – Most management system standards deal with business risk, whether it’s the risk of workplace accidents in ISO 45001 or the environment in ISO 14001. By achieving certification, you can manage these risks effectively.
Can small businesses benefit from ISO certification?
Organisations of all sizes can adopt ISO standards. The specifications are flexible and scalable, meaning that small and large organisations can use the same framework and receive the same advantages.
Small businesses in particular should be interested in this because the specifications contain expert guidance from industry professionals that might not otherwise be available to them. The management system can be seamlessly slotted into their operations, ensuring that they operate as efficiently as possible.
Certification can also help them stand out against the competition. It demonstrates to customers and suppliers that they’re committed to efficiency and reliability.
A great place to start for small businesses is quality management. This helps to increase efficiency, enhance customer satisfaction, and improve overall business performance.
Read the ISO’s guide on how small organisations can achieve certification.
Do I need a minimum number of employees before seeking ISO certification?
There are no limits whatsoever on organisations seeking ISO certification. You can certify whether you’re self-employed or a multinational corporation.
Which ISO standards does my organisation need?
With so many different management system standards, knowing which one you should pursue can be tricky.
The good news is that there’s no legal requirement to certify to a particular standard, so you’re free to choose whichever standard, or set of standards, best aligns with your organisation’s goals.
Find the right ISO certification for your organisation.
Can organisations use multiple ISO standards?
It’s not only possible for organisations to implement multiple ISO standards, but it is actually recommended! The ISO has updated many of its standards in recent years to be more compatible.
Updated standards tend to use the same structure, so each set of specifications will be familiar to anyone who has previously adopted an ISO standard – even if they cover vastly different topics. Many of the requirements are similar, which makes it easier to integrate an additional ISO standard into your portfolio.
As well as this, some standards, such as ISO 27001 and ISO 23301, are closely related, and it can be useful to implement them both.
Organisations that intend to implement multiple ISO standards can adopt an Integrated Management System (IMS) to support the process.
Learn more about integrated management systems.
Does ISO certification apply to the whole organisation?
ISO certification applies to the entire organisation, meaning it has met the standard’s requirements.
However, the processes, policies and technologies that form the management system focus on specific areas or activities, which you will identify by scoping your organisation.
The scope includes service provision, target customers, and geographical boundaries. During these assessments, the scope is reviewed to ensure it accurately reflects the requirements of the management system. It should be clear and concise, including sector-specific details, service descriptions, and the jurisdiction where services are offered.
How does the ISO certification process work?
ISO certification is a two-step process that begins with a documentation review. Here, the Certification Body’s assessor looks at your policies and procedures to ensure that they align with the standard’s specifications.
If the assessor spots any non-conformities, they will provide details of the discrepancies. Once that’s rectified and the assessor is satisfied, they will conduct an on-site assessment to look at the management system in practice.
They will be looking to see whether all business activities within scope have been accounted for, that staff understand their responsibilities and that everyone is completing their tasks appropriately.
The assessor’s observations are then shared with an independent panel, which decides whether to award a certification.
Once certification is awarded, you must complete periodic Surveillance Assessments and Recertification Audits to ensure that the management system continues to meet the ISO’s standards.
How long does ISO certification take?
This will depend on how well-prepared your organisation is at the start of the process. It can take anywhere from a few weeks to a few months to implement the framework. After this, you should book a certification assessment.
This process is divided into two stages – a documentation review and an onsite assessment. How long each of these takes depends on the size of the organisation and the complexity of its management system, and you also need to factor in a two- or three-month gap between each stage to take any corrective actions.
The certification body must also consult with an independent panel after the assessment is complete to make a final decision.
How much does ISO certification cost?
The cost of certification depends on the size of your organisation, how many staff you have, and the standard you’re certifying to.
Contact Certification Europe to receive a quote for an ISO assessment.
Who performs an ISO certification assessment?
Although the ISO develops standards, it doesn’t perform assessments or award certificates. The process is instead managed by accredited certification bodies, such as Certification Europe.
These bodies employ qualified assessors (often specialising in particular standards) who evaluate organisations to ensure their documentation and practices meet the ISO’s specifications.
What’s the difference between ISO certification and accreditation?
The terms ‘certification’ and ‘accreditation’ might sound interchangeable, but in the context of ISO management system standards, there is a clear distinction:
Organisations receive certification if a Certification Body verifies that they have followed the specifications of a management system standard.
Certification Bodies gain accreditation if they are formally authorised by an Accreditation Body to perform certification assessments.
So, if you’re implementing an ISO standard, you can complete the process by gaining certification. You do this by consulting an accredited certification body.
Is ISO certification difficult?
Achieving ISO certification can take time, but organisations that begin the process usually succeed. According to the ISO, there are currently more than 2.4 million ISO active certifications.
The biggest challenges you’ll face are allocating time, personnel and resources. You might also be required to adopt new workflows and training programmes, which could be met with resistance from employees.
However, these initial worries are soon overcome by realisation that the changes are for the better in the long run, with streamlined processes and procedures.
Does ISO certification last forever?
An ISO certificate is valid for three years. As the expiry date approaches, you should book a Recertification Assessment to renew your certification.
Do the ISO standards ever change?
ISO standards are periodically to account for evolving business practices. During this review, a panel of experts can:
Confirm that the specifications still reflect best practices.
Update certain sections to align with new advice.
Withdraw the standard altogether if it’s deemed no longer relevant.
How do I choose an ISO Certification Body?
The most important thing when choosing a certification body is to look for accreditation. This proves that the organisation has been officially recognised and has the necessary competence and impartiality to perform assessments.
You should also consider what sort of service you’re likely to get and whether the CB is qualified to certify to the management system standard you’re implementing.
If you’re ready to select a Certification Body, we are here to help.
Certification Europe is accredited by INAB (Irish National Accreditation Board) and APMG International, and offers UKAS Accreditation through it’s parent company Amtivo, across multiple ISO standards, and we’ve supported thousands of organisations in their certification journeys.
Our team of experts understands that every client is unique, with distinct goals, challenges and operational requirements, and we offer a service to support you through your certification journey.
Contact us today to get started.
