What is ISO?
WHAT ARE ISO STANDARDS?
Any ISO standard is meant to be a set of best practices for companies to follow. ISO standards are meant to provide ways to get the same outcome every time, whether it’s for quality, environmental performance, employee health and safety, cyber security, etc.
ISO standards are generally not prescriptive. This means that they state what the company needs to achieve, but not how they need to achieve it. This allows a company to establish a management system that is effective for them.
ISO standards were created by committees who identify and approve best practices for various industries, including quality, environmental, health & safety, medical, laboratory, It Security and many more.
The ISO standards set out to identify methods for controlling and improving elements for any company in any industry.
WHAT IS ISO CERTIFICATION?
ISO certification is way to show your customers and the world that you adhere to industry best practices. ISO certification is achieved by an independent company, known as a certification body or registrar, who verifies / audits your management system to ensure you are meeting the standard requirements.
The initial certification happens in two stages:
STAGE 1 AUDIT:
Documentation review of your ISO management system to ensure you meet the ISO standard requirements. Basically, it’s a pre-check to ensure you have the ISO system in place and that you’re ready for the Stage 2 audit.
STAGE 2 AUDIT:
This is the main audit. In the Stage 2 audit, an independent auditor will verify that you are doing what you said you would do in the ISO management system reviewed during the Stage 1 audit. The Stage 2 audit is focused on evidence that you are meeting the ISO standard requirements. This evidence is obtained through employee interviews, observations, and review of records / data generated through operational processes.
AUDIT RESULTS:
The outcome of the Stage 1 and Stage 2 audit is Certification. ISO audits are not a pass or fail type of audit. Findings identified during these audits will need to be corrected before a certificate can be issued. In most cases, you will only need to provide the auditor with the corrective action plan that details how you will fix the issue and how you will prevent the issue from happening again.
Once all corrective actions are approved, you will be approved for ISO certification.
ISO certification follows the same process, regardless of the ISO standard you are seeking:
- Establish, implement and verify your ISO management system
- Stage 1 audit – Documentation Review
- Stage 2 audit – Full system audit
- Closure of any findings
- Certification!
The standards that best suit your company vary by the industry you are in. In order to identify the standards that will provide your company with the greatest benefits, we recommend the following:
- Talk to your customers – many of them may require certain ISO standards.
- Evaluate your companies risks – see where your companies great liabilities are what needs to be controlled (e.g. quality, environmental aspects, health & safety hazards, IT security, etc.).
- Be proactive and identify new business opportunities – evaluate new areas / industries you want to grow your business. Often times, these new industries may require some sort of certification in order to enter. Certification takes time, so being proactive and having the certifications before bidding on projects can put you ahead of your competition.
The time to become ISO certified really depends on a few different factors:
- The resources you have available to support the ISO process
- Your own internal timeframe that you need / want to be certified by
- The standard’s requirement for how much evidence you need to support certification
Certification requires you to show through objective evidence that you have an effective ISO management system in place. In order to do this, you need to show that you have sufficient evidence available to support this claim. At a minimum, most standards will require 3 months of evidence of implementing your management system in order to be certified.
Some standards, such as IATF 16949, may require a minimum of one year of evidence to support certification.
The cost for certification can vary greatly from one company to another. There are typically several factors that go into the costs for certification:
- Certification body fees
- Certification body audit day rates
- Auditor travel costs
- Standard license fees (e.g. R2, RIOS, eStewards license fees)
- Consulting Fees
Audit time and consulting time is typically based on the following factors:
- Number of employees
- Number of processes and the risks associated with those processes
- Number of locations
We have the experience to help you navigate the certification body costs and possible discounts they can offer.
You can Request a Quote here or get an Instant Quote here
ISO certification shows your customers that you follow industry best practices and that your business is well structured and ready for growth.
Each ISO standard has its own benefits, for example:
- ISO 9001 – Ensures you provide your customers with a quality product or service
- ISO 27001 – Protects your information, data and reputation
- ISO 14001 – Reduces your environmental impact
- ISO 45001 – Protects your workers
- Responsible Recycling (R2) – ensures responsible management of used electronics
Common benefits across all ISO standard include:
- Increased efficiency
- Reduced costs
- Improved customer satisfaction
- More engaged employees
- Reduced risks
- Reduced insurance premiums
- Helps with project bidding
By achieving and maintaining an ISO certification, you are showing your company’s commitment to achieving your objectives, improving your business and increasing the credibility and customer confidence in your product or service.
Yes. We have been providing remote auditing and consulting services for years. We have found remote auditing and consulting to be just as effective as on-site. We use a variety of tools to ensure we are thorough in our remote services, while saving you time and money.
The great thing about working with Glacier consulting is that you don’t need anything in place to get started. We will work with you ever step of the way to ensure you have everything you need to get certified.
Most companies have far more in place than they realize. Just because it may not be documented, doesn’t mean you don’t have processes in place. We will work with your team to improve, streamline and formalize these processes.
One of the most common questions we get is how much time and effort does it take to get and maintain certification. The bulk of the effort should be at the beginning to get your management system established and implemented. To do this, we take what you already do and formalize it to meet the standard requirements. There may be some minor tweaking done, but this typically only improves and streamlines your process.
Once your ISO management system is in place, maintaining it should be as easy as breathing because it should become part of your culture and everyday operations. At the end of the day, you shouldn’t think of it as your ISO system, you should think of it as simply your way of operating your company.
We work with countless ISO standards. We’ve only listed the most common ISO standards typically sought after. We have a diverse team with tremendous knowledge in many of the ISO standards. Contact us and let us know what standard you are interested in. If we don’t offer that service, we can find you someone who can.
We can tailor a service specific to your needs to help you along your ISO journey. We can provide basic guidance to full “White Glove” support. If it’s business or ISO related, we’ve got you covered. A few of our services include:
- General ISO Consulting
- Documentation Prep
- Training
- Auditing
- Maintenance
Contact us with any questions you have or for services not listed here.