"How do I get ISO certification?" is a question often asked by organisations, and when thrown into Google means you’ll get hit with a myriad of ads and organic posts by consultancy companies and certification bodies.
It’s at this point many organisations find the whole thing a bit too confusing and the task goes back down the ‘to-do’ list to be looked at another time.
So we’ve come up with the following pathway to make things a bit clearer when you’re looking to get ISO certification (e.g. ISO 9001, ISO 14001, ISO 45001 or ISO 27001):
So there’s a few things to consider as you progress through the journey. Firstly, how do you decide the best way to put in a management system? And how much does it cost?
Well, implementation and consulting costs for a management system in any organisation can vary greatly. The range of prices that you're likely to hear is anything from £500 to £40,000+. The actual price depends on the size and complexity of your organisation and on what you're trying to achieve. It also depends on the level and type of service you're looking for.
On the low end of the scale, you can purchase an “ISO in a box” documentation package for around £500 (some run even less). This approach will provide you with a set of generic text-based documents that you will then have to edit to make them somewhat representative of your company’s operations. You will still need to have some training for your general staff, management, and internal auditors. Generally, most mass market, low cost, do-it-yourself ISO products are designed for companies that manufacture/produce some kind of product.
In the lower-middle of the range are providers of “hybrid” services that merge the generic “canned” documentation approach with some hands-on (on-site) training and some coaching. In general, these approaches do not differ that much from the “canned” products. The resulting management system is typically compliance-orientated and of limited (if any) business value, but the results are generally better and faster than with a purely “canned” product. Customers also feel a bit better about the outcome because they receive some hand-holding.
Then there are companies such as ours who are ISO consultants that work directly with companies to implement standards in a way that is specific to your company. The objective and expertise of our consultants is to achieve registration by developing a custom system that meets the requirements of the applicable standard(s), but also uses this as a platform for genuine business improvement.
Then we get into the whole ‘ISO certification’ or ‘ISO accreditation’ thing. When it comes to ISO, the words ‘certification’ and ‘accreditation’ seem to be used interchangeably, but there is actually a difference. Certification represents a written assurance by a third party of the conformity of a product, process or service to specified requirements (‘specified requirements’ could be, for example, the ISO 9001 standard).
Accreditation, on the other hand, is a ‘type’ of certification, in that the third party doing the certifying has been accredited by a suitable body - in our world, this would mean that a Certification Body has been accredited by UKAS (the United Kingdom Accreditation Service). So if you have been certified by a UKAS-approved Certification Body for the ISO standard you’ve chosen, you have gained accredited certification.
When you install a management system in your business, and it’s been operating for at least three months, then you CAN (please note that you DO NOT have to) get it certified. A Certification Body will audit you (i.e. they check that you, as a business, comply with the requirements of the standard or standards you are implementing). If you pass this audit then you will be awarded certification. Referring to above, if the Certification Body is accredited, then you will be awarded accredited certification.
Some certification bodies specialise in certain industries, some have international reputations, and some are more competitively priced than others. There are around 100 certification bodies who are accredited by UKAS and it is up to your business who you ask to assess your ISO system. All certification bodies should do a similar job - however, as with anything, the type of service given can vary.
The costs of a Certification Body are usually calculated on a ‘day rate’ basis. The rate depends entirely upon the Certification Body which you choose. This is where it's useful to get quotations as prices can vary anywhere between £600 - £1,200 per day. Again, the number of days depends on the size and complexity of your company, and it's also important to take into account something called the ‘certification cycle’ (you can find out more about this in our FAQs section).
But to get your initial certification, as well as the size and complexity of your organisation, there is the consideration of how many standards you are asking them to audit. One standard could be as few as two days, and then would increase to three days for two standards, then four days for three standards, etc.
But if you just want some advice on starting your journey - whichever route you want to go down - then we’re always happy to help, just get in touch.
Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.
Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...