ISO certification-An Introduction

ISO certification certifies that a management system, manufacturing process, service, or documentation procedure has all the requirements for standardization and quality assurance. Certification can be a useful tool to add credibility, by demonstrating that your product or service meets the expectations of your customers. For some industries, certification is a legal or contractual requirement. ISO (International Organization for Standardization) is an independent, non-governmental, international organization that develops standards to ensure the quality, safety, and efficiency of products, services, and systems.ISO certifications exist in many areas of industry, from energy management and social responsibility to medical devices and energy management. ISO standards are in place to ensure consistency. Each certification has separate standards and criteria and is classified numerically. ISO does not perform certification. ISO, develops International Standards, such as ISO 9001 and ISO 14001, but are not involved in their certification, and do not issue certificates. This is performed by external certification bodies, thus a company or organization cannot be certified by ISO. Thus the International Organization for Standardization (ISO) is a non-governmental system of national agencies whose resolution is the advancement of universal standards for government and business. Global standards are planned for trade between nations. They deliver a technical base and an arrangement of the best management practices. Measures guarantee safe organizational techniques and products that lessen the ecological effect. ISO Standards advantage business and trade by abridging procedures and decreasing an association’s environmental risk. Consumers are also advantaged by learning that best in class practices are thus created for worldwide relevancy. However ISO's Committee on Conformity Assessment (CASCO) has produced a number of standards related to the certification processes, which are used by certification bodies.

Certification– the provision by an independent body of written assurance (a certificate) that the product, service or system in question meets specific requirements.

Accreditation – the formal recognition by an independent body, generally known as an accreditation body that a certification body operates according to international standards. The International Organization for Standardization owns the registered trademarks abbreviated as, "ISO" and also owns the registered trademarks for the ISO logo. Hence, use restricted to ISO members and technical committees only i.e. Only ISO,ISO members, and ISO technical committees (TCs) are allowed to use the ISO logo and ISO short name in accordance with ISO Policies. All others are generally not allowed to use ISO’s trademarks

ISO Certificate

ISO certificate is one of the ways that provide standards to the organizations and thus lead way to innovation and development of trade. These standards also ensure that the products and services of the organization meet the customer and regulatory requirements. In addition to this, it also demonstrates continuous improvement. ISO is an independent, non-governmental, international organization that creates standards to ensure the quality, safety, and efficiency of the products, services, and systems. It also certifies that the management system, manufacturing process, service or the documentation process has fulfilled all the requirements for standardization and quality assurance.ISO certificate is provided in many areas of industry that is from energy management and social responsibility to medical devices and risk management.

ISO certificate is a certification that provides standards to the organizations and thus shows the way to innovation and development of trade. ISO Certification is mandatory to form certain standards that ensure the quality, safety, and efficiency of products and services. It also ensures that the products and services of the organization meet the customer and regulatory requirements.

Additionally, ISO Certification helps in demonstrating continuous improvement. It also certifies that the following process has fulfilled all the criteria for standardization and quality check. The certification is issued in various fields and every ISO certification has a different set of criteria.

The Management System,
Manufacturing Process,
Service or the Documentation Process

ISO 9001 certification implies that the products and services provided by the company meet international standards and indeed are of good quality. This certification is mandatory because:

It acts as proof of activities done as per the protocol
Management of the company can review the current processes and look for scope of improvement to ensure quality policy and deliverables
To carry out the process in a controlled manner

Enable effective communication between different verticals
Creates a benchmark and reference for understanding, implementation, and maintenance of a system
Helps in achieving consistency in actions
Brings transparency in business processes

ISO'S Brand and Reputation: Quality, Confidence, and Trust

For standards users, customers and consumers, ISO means quality, confidence, trust, safety and many other positive values. That is why ISO and their members care about how ISO's trademarks are used and whether unauthorized use of the ISO trademarks could mislead, create false impressions, or cause confusion. ISO and their members (located in many countries worldwide) will take appropriate action if they consider the misuse of ISO's trademarks puts their reputation at risk. For all others except ISO members and ISO technical committees (TCs), here are some non-exhaustive guidelines to help you avoid misusing ISO's trademarks. (ISO members and ISO TCs may use ISO’s trademarks according to ISO Policies).

Don't use or copy the ISO logo.
Don't modify or change the ISO logo.
Don't use a modified or changed ISO logo.
Don't register "ISO" as, or in, your domain name, website, or company name, e.g. www.isodatabase.com.
Don't use "ISO" as, or in, your product or service name.
Don't say that you, your products or your services are endorsed, approved or certified by ISO. (Remember, ISO doesn't perform certifications.)
Do refer to ISO or the International Organization for Standardization in a fair and appropriate way.
Do refer to ISO standards with their full reference, e.g., "ISO 9001:2015".

The primary elements of ISO 9001:2015 are-

Leadership
Major focus on customer
Process approach
People’s Involvement
Persistent improvement
A Structural approach to management
Fact-based approach to decision making.
Mutually beneficial supplier relationships

Objective of ISO certification

The aim of getting ISO certification is to advance the improvement of standardization in the technology of an organization.

ISO'S Committee on Conformity Assessment (CASCO)

CASCO is the ISO committee that works on issues relating to conformity assessment. CASCO develops policy and publishes standards related to conformity assessment; it does not perform conformity assessment activities. Membership to CASCO is open to full and correspondent members. CASCO is made up of a number of groups that take care of different tasks. CASCO’s standards development work is carried out by working groups of experts who are put forward by the ISO member bodies. The experts do not always belong to the member body but represent an expertise required by the working group. Membership to CASCO is open to all ISO members. CASCO’s policy work is carried out by three groups:

Chairman’s Policy and Coordination Group (CPC) coordinates the technical work of CASCO and assists the CASCO Chair in identifying strategic conformity assessment issues.
Technical Interface Group (TIG) liaises with other ISO technical committees (TCs) in order to ensure a consistent and harmonized approach to conformity assessment in those TCs.
Strategic Alliance and Regulatory Group (STAR) provides a forum for industry sectors and regulators to interact with CASCO.

Conformity assessment involves a set of processes that show your product, service or system meets the requirements of a standard. Undergoing the conformity assessment process has a number of benefits:

It provides consumers and other stakeholders with added confidence.
It gives your company a competitive edge.
It helps regulators ensure that health, safety or environmental conditions are met.

The main forms of conformity assessment are testing,certification, and inspection.

Resources for Conformity Assessment

Certification

Certification is the provision by an independent body of written assurance (a certificate) that the product, service or system in question meets specific requirements. Certification is also known as third party conformity assessment. Many companies and organizations decide to get certified to one of ISO’s management system standards, such as ISO 9001. This is a way of showing outsiders that the organization has an effective quality management system in place.

Testing

Testing is the determination of one or more of an object or product’s characteristics and is usually performed by a laboratory. CASCO has developed a number of standards that laboratories can follow to help ensure that their results can be trusted.

Inspection

Inspection describes the regular checking of a product to make sure it meets specified criteria. Fire extinguishers, for example, need regular inspections to ensure they are safe for use. CASCO has developed a number of standards that inspection bodies can follow to help ensure that we can trust their work.

Keeping It Consistent

ISO has produced standards to help make conformity assessment activities as uniform as possible across industries and across the world. Amongst other things, this reduces the need for duplication of testing when importing or exporting, thus facilitating global trade. ISO standards are in place to ensure consistency. Each certification has separate standards and criteria and is classified numerically.

Mutual Recognition

A Mutual Recognition Agreement or Arrangement (MRA) increases confidence in conformity assessment between countries as it formally recognizes the results of each other’s testing, inspection, certification or accreditation, reducing duplication of conformity assessment activities.

What does ISO 9001 certification mean?

If an organization bills them as "ISO 9001 certified," this means the organization has met the requirements designated under ISO 9001. ISO 9001 requires organizations to define and follow a quality management system that is both appropriate and effective while also requiring them to identify areas for improvement and take action toward those improvements. As a result, it's typically understood that an organization claiming ISO 9001 certification is an organization with products and services that meet quality standards.

The certification ISO 9001:2008 includes three components: ISO, 9001, and 2015. Here's what each component represents

ISO- As mentioned above, ISO refers to the International Organization for Standardization. This organization develops the standards, and it does in order to certify businesses or organizations. Certification is handled third-party and tested annually.

9001- The number appearing after ISO classifies the standard. All standards within the ISO 9000 family refer to quality management. ISO 9001 is among ISO's best-known standards, and it defines the criteria for meeting a number of quality management principles. It helps businesses and organizations be more efficient and improve customer satisfaction.

2015- The final number in an ISO certification refers to the version of the standard that's being met and is represented by the calendar year those standards were launched. 2015 is the fifth edition of ISO 9001. It was launched in September 2015, and Mead Metals has updated its processes to meet the specifications of this newest version.

The best way to learn about new, revised, or updated ISO standards is from ISO themselves. As the organization that sets the standards, they would be the best source. Additionally, there are outlets that offer summaries and explanations of ISO updates to help individuals and businesses understand them. For instance, the website 9001simplified detailed what changed when ISO 9001 changed from 2008 to 2015

Who is Eligible to Grant ISO 9001 Certification?

Many people assume that ISO grants certification, but in fact, this is not true; instead, a registrar or certification body (CB) will be the one to grant certification. When choosing a registrar you should make sure that they are accredited. They should be a member of the International Accreditation Forum (IAF), and additionally need to be ISO/IEC 17021:2015 certified. One of these standards is ISO/IEC 17021:2015 Conformity assessment. “Requirements for bodies providing audit and certification of management systems“, which in effect stipulates the requirements for Registrars who certify organizations to ISO management standards like ISO 9001, ISO 14001, etc.

People often say “ISO Certified” but ISO does not issue certificates or certify individual companies to any standard. So who can Grant ISO 9001 Certification? They are issued by certification/registration bodies (also called Registrars or CB’s), which are independent of ISO. Certification Bodies (CBs) need to be accredited by an IAF member to be internationally recognized.

ISO/IEC 17021 ensures international acceptance of the CB’s certifications (i.e. your ISO 9001:2008 certificate) by requiring that all Accreditation bodies (ANAB, etc.) belong to an internationally accredited organization, like the IAF. Likewise, the IAF ensures that CB’s comply with ISO/IEC 17021. Some Quality System Registrars are not accredited by IAF, and thus are not meeting ISO 17021 — and will not be internationally recognized. Make sure that you choose a Registrar who is accredited by an IAF member (ANAB or the equivalent of ANAB in your country or region). When you receive your registration certificate, it should display the ANAB and the IAF logos and unfortunately, without them, you are not officially ISO 9001 certified.

Benefits of ISO Certification

➡ ➡

Decreased Operational Costs

➡ ➡

International Business Recognition

➡ ➡

Increased in overall Revenue

➡

Improved Customer Acquisition

➡

Government Tender Eligibility

➡ ➡

Improved Resource Management

➡ ➡

Help Protect your Business Brand

➡

Reduced Business Risks

Advantages and features of ISO certification

International Credibility

This standard is recognized internationally, which would ultimately help your business in branching out overseas. ISO Certification plays a vital role in helping the organization to build credibility in overseas business.

Marketability

ISO helps in developing business marketing directly as it improves the credibility of the business.

Government Tenders

ISO certificate gives your business an advantage when there is any government tender released.

Business Efficiency

Functional efficiency of organizations is improved by obtaining ISO Certification. The ISO certification agency will help in the development of your SOP (Standard Operating Procedure) and work instructions, which will ultimately benefit the business.

Product Quality

In case a business obtains an ISO certificate, then this would imply a product is of international standards and hence, this would mean fewer chances of rejection that could have occurred due to flawed products.

Customer Satisfaction

These standards help the business in achieving efficiency in their ways and methods of production and this would ultimately result in better service to the customers that would simultaneously increase customers’ satisfaction

ISO certification bodies

ISO certification refers to the seal which is approved from an external body whereby a company complies to one of the internationally recognized ISO management systems. This certification can further be used to tender for a business as a proof of a company’s credibility but also instills confidence in a potential client that promises will be kept. By ISO certification body we mean a registrar which is competent and authorized to issue certification on the management system after an audit. It is the awards credentials to individuals who meet specific competence requirements relating to a particular profession, an occupation, a job or a portion of a job. Distinguishing the best ISO certification body is really a very challenging task being an individual or organization. Any certification body can only be stated as leading when they meet below requirement:

Have 100% success rate on project completion.
Have competent auditors within the organization.
Have auditors on every industry sector.
Have auditors on every industry sector.

Some of the best ISO certification bodies in India

Bureau Veritas
Tuv Nord
TuvSud
BSI
TuvRheinland
Intertek

How to choose the right ISO certification Body in India?

No doubt the price is the main criteria and you should ask a couple of certification bodies for their proposals and think over it what to do what not to do. However, the price is not the only thing that we should look for but we should consider other things also:

Reputation

If you are to use your ISO certification for marketing purposes then do not get the certification from a body that is known to give them away with no criteria whatsoever. It would be better if you choose a certification body with a solid reputation.

Accreditation

Here, the point to think if anyone can give you a piece of paper by saying that you are ISO 27001 Certified or any kind of standards but not anyone is accredited (licensed) to do so. Hence, you need to check whether that certification body has accreditation i.e if they have the license from the local government body in your country.

Specialization

If you belong to a bank, then it is actually not a very good idea to have a certification body that has until now certified only manufacturing companies. It may happen that this auditor may have a lot of experience in business continuity but if he has audited only manufacturing companies by now, you will lose too much time explaining to him how the bank works. Ultimately, as a result, he will be learning much from you will from him.

Experience

If you have ever wished to choose an auditor with low experience to get by easily then actually it is in your best interest to have an experiences auditor because you might miss some valuable insight. Therefore, never be afraid to ask which auditor will audit you. Moreover, ask for his CV and a list of companies he has audited.

Integrated audit

Maybe, you have started with ISO 27001 or whatsoever, but if you are planning to implement ISO 22301,ISO 9001 and other standards you can actually ask your certification body to do an integrated audit. This ultimately means you will not have to go through separate audits for each and every system but you can do one audit for all these systems together. From this, you will not only save time but also you will have to pay less.

Flexibility

If in case, the ISO certification body has to fly in the auditor from any other continent then it will be very difficult for you to change the date of the audit. Since all the travel arrangements have been made already.

Language

If necessary, the ISO certification body might provide a translator. And still, the audit will go much smoother if the auditor speaks your language. He will be going to read your entire documents much more easily and you will be able to develop a better relationship with him when there is no language barrier.

Why use an accredited ISO certification body?

A wise decision must be taken in selecting the right organization to carry out your ISO certification. Always choose an accreditation body that is a signatory to the IAF Multilateral Recognition Arrangement (MLA) that would be proved the best practice. It will be competent to deliver a consistently reliable and impartial service which meets the appropriate, internationally-recognized standard. To find an accredited certification body in our country, contact the National Board of Accreditation (NBA), India.

Benefits of choosing an accredited ISO certification bodies

Following are the benefits of choosing an accredited ISO certification body:

It gives you the confidence of getting the service that closely meets your requirements.

A chance to win a new business since the use of accredited conformity assessment services is increasingly a stipulation of specifiers in both the public and private sector;

Through accredited ISO certification bodies, you can gain access to overseas markets since certificates issued by them are recognized well and accepted throughout the world.

It helps to identify the best practice since the certification body needs to have an appropriate knowledge of your business sector.

It controls the cost with the help of knowledge transfer since accredited certification bodies can be a good source of impartial advice.

It also offers market differentiation and leadership by showing to others credible evidence of good practice.

Besides, it demonstrates due diligence in the event of legal action.

Last but not least, it reduces paperwork and increases efficiency by reducing the relevance of re-audits your business.

ISO Certification & Registration in India – Detailed Process

➡ Step-1-Choosing The Kind Of Certification

The very first step is to choose the kind of certification the organization wants.

➡ Step-2-File An Application

Once the entrepreneur selects the ISO standard; it shall make an application in a respective form based on the ISO registrar. The application shall include the power and responsibilities of the entrepreneur and certification body and includes liability issues, confidentiality, and access rights.

➡ Step-3-Submission Of Documents

Application shall be filed along with the requisite documents and the same shall be reviewed by the ISO certification body. ISO Certification body will review all the quality manuals and documents related to various policies being followed in the organization.

➡ Step-4-Documents Review by Registrar

The ISO certification body will review all the quality manuals and documents related to various policies and procedures being followed in the organization. Review of existing works will help the ISO registrar to identify the possible gaps against the requirements stipulated in the ISO standards.

➡ Step-5-Determination of Pre-assessment Needs

The Pre-assessment is an initial review of the Quality Management System in an organization to identify any significant weakness or omissions in the system and registrar will provide the organization with an opportunity to correct the deficiencies before the regular registration assessment is conducted..

➡ Step-6-Initial Review Of The Quality Management System

To identify any significant weakness in the Organization, the Pre-assessment (Initial review) of the Quality Management System in an organization is reviewed by the registrar and will also provide an opportunity to correct the deficiencies before the regular registration assessment is conducted.

Step-7-Preparing An Action Plan

Once the initial review of the Quality management system is reviewed, the ISO registrar notifies the existing gaps in the organization, and to eliminate these gaps the applicant has to prepare an action plan. The action plan should contain the list of the requisite work to be performed to meet the Quality Management System.

Note: The entrepreneur may need giving training to employees to work efficiently to achieve quality management system. Make all the employees in the organization to aware of the ISO standards concerning work efficiency and quality standards.

➡ Step-8-On-Premises Audit By The Registrar

The registrar will conduct a non-premises inspection to audit the changes made in the organization. However, if the registrar finds that the requisite changes do not meet the requirements of the ISO standards, the registrar will categorize the organization into two categories depending on severity.

Minor Non-compliances
Major Non-compliances

Note-The ISO registration cannot precede until all significant non-compliances are closed by the Registrar while doing a re-audit.

➡ Step-9-Final audit

The registration cannot proceed until all significant nonconformities are closed and verified by the Registrar. This usually involves a re-audit of the affected areas and, of course, the associated costs.

Note: Minor nonconformities require a corrective action plan and that will be closed at the first surveillance.

➡ Step-10-Obtaining ISO Certificate

The registrar will issue the ISO certification when all the non conformities are resolved and are updated in the ISO audit report.

Step-11-Surveillance Audits

Surveillance audit will be conducted primarily to ensure that the organization is maintaining ISO quality standards. It will be performed from time to time.

Pre-Requisite to ISO Certification Process in India

Before getting an ISO certification, the following aspects have to be considered:

The first thing is to get the right ISO 9001 certification that benefits a business
The second step is to find the best ISO registrar who is certified by ISO and follows the CASCO standards. The ISO body can be IAF certified and non-IAF certified. IAF stands for the International Accreditation Forum. An IAF accreditation only adds more credibility to the certificate and the absence of an IAF accreditation does not impact the legality of the certification. It is these third-party agencies who will test the company on behalf of ISO and judge its worth.

Before you can get certified, you will first have to develop and document your production processes, implementing the correct procedures to ensure you can maintain your quality standards. Here are the four essential steps to becoming an ISO-certified business

Develop your management system	Identify your core or business processes. Document processes with the involvement of employees. Review, approve and distribute the documents to those who need access to the information.
Implement your system	Ensure procedures are being performed as they are described in your documentation. Ensure employees are trained properly for the tasks they are performing Create effective reporting systems to cover inspection, testing, corrective actions, preventive actions, management review meetings, monitoring of objectives, statistical techniques and so on. Monitor the effectiveness of your processes through the use of measurable data, where possible
Verify that your system is effective	Conduct the audit and review the processes and system for compliance and effectiveness. Observe interview people and look at sample records. Identify and report strengths and weaknesses of the management system. Take corrective or preventive action as required.
Register your system	Select the appropriate auditing body for external registration. Submit your management system documentation for review to ensure it complies with the applicable standard. Prepare for review by an external auditor to confirm that the system’s requirements are being satisfied and that the management system is implemented effectively.

Choosing the type of ISO Certification-First of all, the entrepreneur needs to choose the type of ISO certification required for the business. There are various types of ISO certification are available such as listed below:

ISO 13485 for medical devices
ISO 18091 for local governments
ISO/IEC 90003 for software engineering
ISO/TS 29001 for the oil and gas industry
ISO 17582 for government electoral organizations
ISO 22000 that proves a company has operative food safety management along with ISO 22008 dealing with Food Safety Management
OHSAS 18001 shows customers that the company has an effective health and safety management system
ISO 20000 demonstrates excellence and proves best practice in IT & improvement in the delivery of IT services
CE marking on any product shows that it complies with the necessary requirements of the applicable European health, safety, and environmental protection benchmarks
ISO 50001 describes the best energy management practices which help save energy, conserve resources, and tackle climate change i.e. EnMS EN 16001 ISO 50001 – Energy Management

ISO/IEC 27001 describes a best practice of a company that is involved in the information security management system (ISMS).
ISO 9001 2008 for Quality Management
ISO 14001 for Environmental Management
ISO 22008 for Food Safety Management
ISO 37001 – Anti-bribery management systems
ISO 31000 – Risk Management
ISO 10002 – Compliant Management System
ISO 14001:2015 – Environment Management System
ISO 26000 – Social Responsibility
ISO 28000 – Security Management
SA 8000 – Social accountability
SO/IEC 17025 – Testing and calibration laboratories
ISO 639 – Language codes
ISO 4217 – Currency codes
ISO 3166 – Country codes
ISO 8601 – Date and time format
ISO 20121 – Sustainable events

Choosing an ISO Certification Body

It must be noted that ISO itself does not provide certification to the companies. Certification is done by the external bodies. It is very important that you choose recognized and credible certification body. While choosing the ISO registrar, you should keep the following in mind:

Evaluate several ISO Certification service providers.
Check if they are following the CASCO standards. CASCO is the ISO committee that works on issues relating to conformity assessment.
Check whether it is accredited or not. Accreditation is not compulsory but they must meet the requirements of ISO Accreditation bodies.

It is advisable that an attorney with “ISO experience” must be appointed to overwhelm many of the potential pitfalls that creep around within ISO Registration and to understand the requirement in detail. The elementary information would be mandatory from your end to start the process. The Attorney will begin working on your request once all the information is provided, and the payment is received.

How much does it cost?

The costs for developing and registering a formal management system vary depending on the size and complexity of your organization and your internal processes.

First— there are developmental costs, namely the time spent documenting and implementing the system

Second— there are costs associated with training employees to prepare the necessary documents and to plan and conduct effective internal audits.
Third— there is the cost of registration, which includes conducting the audit and registering the management system. The cost depends on the number of locations; Level of risk associated with the scope of services of the organization the scope of work, Processes of Organization, Accreditation Body, the number of shifts and so on

You can reduce some of these costs by using an external consultant, especially since this reduces the risk of starting down the wrong path or missing critical requirements of the standard. As a general guideline, it usually takes eight to 18 months from inception to registration, with the average being 12 months. ISO certification processing time also varies from organization to organization. The ISO certification body will notify the details processing time for completion of ISO certification after assessing the size of an organization.

Types of Audits conducted under ISO Registration

Industry-Wise ISO Certification Applicability or Requirements

Industry	ISO 9001	ISO 27001	ISO 14001	ISO 45001	ISO 22000
Manufacturing / Fabrication	Yes		Yes	Yes
Construction / Architecture	Yes		Yes	Yes
IT Companies	Yes	Yes		Yes
Engineering Design	Yes	Yes
BPO	Yes	Yes		Yes
Banks / Financial Institutes	Yes	Yes		Yes
Import & Export Businesses	Yes
Mining, Petroleum, Oil & Gas	Yes	Yes	Yes	Yes
Staffing / HR Solutions	Yes			Yes
Trading Companies	Yes
Travelling, Cargo, Shipment & Supply Chain	Yes
Automotive (Service & Manufacturing)	Yes	Yes		Yes
Power & Energy	Yes		Yes	Yes
Software/App/Website Development	Yes	Yes
Food Manufacturers	Yes		Yes	Yes	Yes
Rubber/Plastic Manufacturer	Yes		Yes	Yes
Restaurants / Caterers / Hotels	Yes			Yes	Yes
Facility Management	Yes		Yes	Yes
Service Providers	Yes			Yes
Security Guard Agencies	Yes
Interior Design Companies	Yes
Chemical Companies	Yes		Yes	Yes
Pharmaceuticals	Yes	Yes	Yes	Yes
Laboratorys	Yes	Yes	Yes	Yes
Recycling Organizations	Yes		Yes	Yes
Hazardous Waste Handling	Yes		Yes	Yes
Agriculture	Yes		Yes
Printing Companies	Yes		Yes
Event Management	Yes
Public Administrations	Yes	Yes
Govt. Offices	Yes	Yes
NGO	Yes
Schools or Educational Institutes	Yes
Colleges or Educational Institutes	Yes
Training Institutes (Non-Formal)	Yes
Spas & Salons	Yes
Organic Products	Yes		Yes	Yes
Gyms & Sports Center	Yes
Hospitals	Yes		Yes	Yes
Skin, Dental & Eye Clinics	Yes
Fitness & Slimming Clinics	Yes
Medical (Manufactures/Suppliers/Traders)	Yes		Yes	Yes
Textile & Apparel	Yes			Yes
Telecommunication	Yes		Yes	Yes
Aerospace	Yes	Yes	Yes	Yes
Entertainment Sector	Yes
News & Media	Yes
Electronics Industry	Yes	Yes	Yes	Yes
Advertising Industry	Yes
Retail Sector	Yes
Space Industry	Yes	Yes		Yes
Robotics	Yes	Yes
Hospitality	Yes			Yes	Yes
Small Businesses	Yes
Consumer Durables	Yes			Yes
E-Commerce	Yes	Yes
FMCG	Yes
Biotechnology	Yes	Yes	Yes	Yes
Gems & Jewelry	Yes
Insurance Agencies	Yes	Yes
MSME	Yes
Renewable Energy (Solar & Other)	Yes			Yes
Railways	Yes		Yes	Yes
Roads	Yes		Yes	Yes
Tourism	Yes
Science & technology	Yes	Yes
Real Estate	Yes
Ports	Yes			Yes
HealthCare	Yes		Yes	Yes
Defense Manufacturing	Yes	Yes	Yes	Yes
Consulting Agencies	Yes

ISO 9001 audit

ISO 9001 Audit Activities

In general, the flow of activities during the ISO 9001 audit is as follows:

Opening Meeting. An introduction of the audit team and key personnel in your company. The scope and general approach to the audit is discussed. This is also the time to question anything that is unclear in the audit schedule and communicate any last minute changes to the system or schedule.
Brief tour of the facility. Keep it brief, the auditors just want to get a general feel for the layout and processes involved. This may also be done at the pre-assessment.
Additional review of documents. Audit team members review documentation for areas they will audit
Examination. The audit is conducted, personnel are interviewed, and objective evidence is collected to show the system has been effectively implemented.
Daily review. At the end of each day or the beginning of the next, the audit team reviews any issues identified during the assessment. Potential findings or nonconformities may be clarified at this time.
Closing Meeting. The audit team states their conclusions regarding the audit and presents any findings or nonconformities that were identified along with any observations they may have.
Audit Report issued. Within a few weeks of the audit, the Registrar issues the audit report. The report generally restates what was discussed in the closing meeting.

ISO 9001 Audit Findings

During the audit, if the auditors find anything that does not meet with the requirements of the ISO standard or that does not meet the requirements of your procedures; they determine the severity and issue a finding. Audit findings are usually called nonconformities and fall into one of two categories depending on severity.

ISO 9001 audit

A Minor Nonconformance deals with minor infractions of procedures or minor failures of the system in meeting the ISO 9001:2008 requirements. These will not hold up your registration.
A Major Nonconformance deals with issues where nonconforming product is likely to reach the customer or where there is a breakdown in the Quality System that results in the system not being effective in meeting the requirements of the standard. This will hold up your registration. The primary difference to you between a major and minor nonconformance is that your registration cannot proceed until all major nonconformities are closed and verified by the Registrar. This usually involves a re-audit of the involved areas and, of course, the associated costs. Minor nonconformities require a corrective action plan and they are closed at the first surveillance.

ISO 9001 Auditors

ISO auditors work for or contract to ISO Registrars to perform ISO registration assessments and surveillances. They are the “front line” in the process. The Registrars are responsible for ensuring Auditors meet qualification requirements. Their requirements include training in auditing, ISO 9001 training, and at least one member of the audit team must have experience in the industrial sector of the company being audited.

Verify credentials

If a person claims to be certified as an ISO 9000 lead auditor, ask to see proof of his or her certification. Make sure the certification is current by checking the expiration date. Auditors collect the objective evidence demonstrating the effectiveness (or lack thereof) of the company’s quality management system and make registration recommendations to the Registrar. The Registrar has the ultimate decision, however.

Steps of the ISO 9001 Registration Process

ISO Registration Process

The ISO Registration Process comes after your company’s ISO 9001 audit. The purpose of registering your company is to show that you’ve met the requirements. And to do this effectively, you will need to follow eight essential steps.

1. Find an ISO 9001 Registrar

You’ll need to begin searching for an ISO registrar during the 2 to 3 months your company is still building its quality system

Registrars must meet the requirements of the ISO Accreditation Bodies. These requirements include things such as independence; Registrars cannot consult for instance. This system ensures uniformity in the registration process.

Accreditation Bodies maintain directories of the Registrar organizations that they accredit. These directories are available on their websites. You can normally find these websites by doing a search on the Accreditation Body’s name or initials.

2. Select an ISO 9001 Registrar

Select a registrar that has experience within the scope category of your specific industry. Keep in mind accreditation, scheduling issues, fees and comfort level when selecting the registrar right for you.

Registrar qualifications are a key consideration. As you research Registrars you will notice that some appear to be very limited in scope just based on their names. Registrars must be accredited in a particular industrial sector in order for them to be able to certify a company in that sector. Some Registrars are accredited in several if not all sectors; others specialize in certain sectors. The best approach to evaluating a Registrar’s qualifications for your industrial sector is to contact the Registrar.

After qualifications, price is always a concern. Be sure to evaluate the total cost including expenses, fees and the cost of surveillance.

Probably as important as price, within limits of course, is the overall experience a client gets with a registrar. Important areas to consider are the interpersonal skills of the auditors; the office support and ability to get questions answered; are the audits a value-added experience, will the Registrar work with you, how flexible are they in adjusting dates – how many weeks notice.

3. Complete an ISO 9001 Application

A company and a registrar will agree on the application contract. This is an important step of the ISO Registration Process because it defines the rights and obligations of both parties, and includes liability issues, confidentiality and access rights.

4. Conducting a Quality Document Review

The registrar will require a copy of your quality manual and procedures to verify that all the requirements of the standard are addressed. The ISO Registration Process is not a quick process, be sure to allow 2-4 weeks in advance for the registrar to fully review all of the necessary documents.

5. Determining Pre-Assessment Need

Though optional, this 2-4 week initial review of the system identifies any significant omissions or weaknesses. It saves time and allows the registrar to assess any issues and resolve logistics before the actual assessment audit.

The Pre-assessment is an initial review of your Quality Management System to identify any significant omissions or weakness es in the system and provide your organization an opportunity to correct any deficiencies before the regular registration assessment is conducted.

NOTE: During ISO 9001 Registration, only one pre-assessment may be conducted and Registrars cannot provide quality consulting or advice on system implementation. Evaluating the quality system and documentation to meet ISO requirements is allowed but registrars cannot provide guidance on how to implement a quality system.

6. Conduct a Registration Assessment Audit

During the ISO audit process, or physical onsite inspection of procedures in action, the auditors will issue findings if they assess anything that doesn’t meet requirements, or nonconformities. The length of this step of the ISO Registration Process will depend on the scope of the audit and the size your organization.

7. Complete the ISO 9001 Registration

After all of the findings are put into the ISO audit report and nonconformities are addressed, your company has the option to register as ISO 9001 conformant. You will receive a certificate and can also be listed in a register, which the company can use to publicize its registration and use in advertising.

8. Ongoing Surveillance Audits

To ensure that the system is maintained and that changes don’t result in deficiencies in the system, registrars perform regular surveillances of the system. Over the three-year period of your certificate, auditors will perform one full and two partial checks of your system.

ISO 9001 Registration Considerations

The Document Review and Pre-assessment typically require 2-4 weeks each. However, the number of registrars and the number of days for each stage of the registration audit depends on the size and complexity of your organization. To help the ISO Registration Process go smoother, set target dates accordingly to allow both you and the registrar time to fully prepare. It is to be noted that, registration and the entire audit process should provide you with valuable feedback to improve your system.

The Training Timelines for ISO Standards

All in all, the training timeline will depend on numerous factors including the understanding of the requirements, the preparedness of an organization, and the size and complexity of the organization. Still, most can expect to receive their ISO 9001:2015 certification in three to six months.Point to be noted that individuals cannot become ISO certified only businesses and organizations can. It's also worth noting that ISO doesn't provide the certification. Instead, certification is made possible through third party organizations

When ISO 9001:2015 became available in September 2015, there was a three-year transition period for businesses and organizations to receive training and update processes, which allowed businesses of all shapes and sizes the time they needed to receive training and update processes.

Time involved in the ISO Certification Process

Time taken in completing the whole process of ISO certification also varies from organization to organization. The fair idea can be given by the ISO certification agency after assessing the size of the company. Generally, the time required to complete the process of ISO certification is approximate:

Small organizations: 6-8 months
Medium organizations: 8-12 months
Large organization: 12-15 months

Time taken in finishing the entire procedure of ISO certification additionally changes from business to business. Thereasonable thought can be given by the ISO certification office in the wake of surveying the size of the organization. For the most part, the time required to finish the procedure of ISO certification is somewhere between 15 to 60 Days.

Cost involved in the ISO Certification Process

Cost for getting ISO certification is not fixed and varies from organization to organization. The ISO certification agency calculates the cost of ISO certification separately for each organization after considering them on different parameters such as-

Number of employees
Number of Processes
Level of risk associated with the scope of services of the organization
Complexity of the management system
The number of working shifts etc.

Different types of documents required for ISO 9001 registration

The entire process of documentation is divided into four different levels:

Basic Documents required for ISO Registration

1.Copy of PAN Card

2.Passport size photograph

3. Copy of Aadhaar Card/ Voter identity card

4. Two copies of sales bill/purchase bill

ISO Certification & Registration in India – online Process

Step 1: Visiting the ISO online registration portal

Step 2: Submitting the scanned copy of your passport size photos

Step 3: Submitting the scanned copies of your Aadhaar card and purchase bill

Step 4: Emailing in the scanned documents to the ISO certification body

Step 5:Selecting the type of certificate from the list

Step 6: Filing the documents with the registrar

Step 7: Your ISO certificate is audited and issued via email.

Process of ISO Implementation in India

The overall ISO Implementation Process may take a minimum of 45 days to 150 days based on the nature and size of the Organization. The Timeline shown below is just for indication to give you a pictorial imagination of the ISO Implementation Process. Actual Actions may vary based on the Business Factors and Requirements.

Gap Analysis

Application Process- The applicant and the registrar should agree on a contract. This contract usually defines rights and obligations of both parties and includes liability issues, confidentiality, and access rights.
Quotation Acceptance
Discussion with Management
Initial Analysis of System

Awareness Program

Awareness Training

Documentation Training

Implementation

System Planning- After the ISO auditor communicates the existing gaps in your organization; you should prepare an action plan to eliminate these gaps. Prepare the list of the required tasks to be performed to bring the desired changes in your organization. You may be required to give training to your employees to work efficiently while adapting to new procedures. Make all the employees aware of the ISO standards in terms of work efficiency and quality standards.
Roles & Responsibilities
Communication

Documentation

Manuals, Objectives and Scope
Preparation of Policies

Standard Operating Procedure
Instructions, Forms & Records

System Review

Internal Audit- the ISO auditor will view all your quality manuals and documents related to various policies and procedures being followed in the organization. Review of existing work will help the ISO auditor to identify the possible gaps against the requirements stipulated in the ISO standards
Management Review Meeting

Corrective & Preventive Actions
Continual Improvements

Initial Certification Audit

Stage -1 Audit (Initial Review) - The ISO auditor will audit the changes made by you in the organization. They will then try to identify the possible non-conformities in your systems and procedures to the desired quality management system. They will divide these non-conformities into minor and major non-conformities. The applicant must carefully assess all these non-conformities and get it aligned as per the desired quality standards through modification in the techniques and processes used by the organization
Stage -2 Audit (Onsite Evaluation) - After all the required changes are done in the organization, the ISO auditor does the final auditing. The auditor will check whether all the non-conformities have been eliminated or not as per ISO quality standards. If the ISO auditor is satisfied, they will prepare the final ISO audit report and forward it to the registrar.
Issue of Certification- After all non-conformities are addressed and all the findings are put in the ISO audit report, the registrar will grant you the ISO certification.
Surveillance Audits- Surveillance audit is basically conducted to ensure that ISO quality standards are being maintained by the organization. It is conducted from time to time.

Our ISO Implementation approach is based on the System and processes of your organization. Decisions are made based on facts and not by opinions of any kind, this brings consistency and confidence in the operation of your business. A systemized approach to solving problems enables to prevent the occurrences of problems in the future.

ISO Standards

S.No.	ISO Standards	Description	Body
1	ISO 9001:2015 (Quality Management Systems)	ISO 9001:2015 sets the criteria for Quality Management Systems (QMS), although this is not necessary. Any company can get registered under this, despite its size (large or small) or field of activity. ISO certificate specifies the requirements for a quality management system. This includes documented information, planning, and determining process interaction Any responsibilities related to resource management like human resources. ISO also conducts various activities like internal audits and corrective & prevention plan. Based on this, it analyses, measures, and improves the QMS. This certificate is issued to any organization that can demonstrate its ability to control food safety hazards to ensure that food is safe. Any organization can get this certificate regardless of its size or position in the food chain.	AIAO-BAR
2	ISO 14001-2015 (Environmental management systems)	This certificate is allotted to any organization irrespective of the size, type, and nature and applies to the environmental aspects of the activities, products, or services that an organization determines it can either control or influence considering the life cycle perspective	AIAO-BAR
3	ISO 45001:2018 (Occupational Health and Safety Management System)	This certificate specifies the requirements of any occupational health and safety management system, which gives guidance for its use. This enables organizations to provide safe and healthy workplaces and prevent work-related injuries and ill-health.	AIAO-BAR
4	ISO 22000:2005 (Food Safety Management)	Certificate demonstrates its ability to control food safety hazards to ensure that food is safe. It can be used by any organization regardless of its size or position in the food chain	AIAO-BAR
5	ISO 29990:2010 (Learning services for non-formal education and training)	This ISO standard provides a generic model for quality professional practice & performance. It also provides a common reference for Learning Service Providers (LSPs) and the clients in the development, design, and delivery of non-formal education, training, and development.	AIAO-BAR
6	ISO 15001:2010 (Anesthetic and respiratory equipment)	This certificate specifies the requirements for the oxygen compatibility of materials, components, and devices for anesthetic and respiratory applications, which can come into contact with oxygen in normal conditions or single fault conditions at gas pressure greater than 50kPa.	AIAO-BAR
7	ISO 50001:2011/15 (Energy Management System)	This type of ISO certificate specifies requirements for establishing, implementing, maintaining and improving an energy management system. The purpose of this is to follow a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy use, and consumption.	AIAO-BAR
8	ISO 16732-1:2012 (Fire Safety Engineering)	It provides the conceptual basis for fire risk assessment by stating the principles underlying the interpretation and quantification of fire-related risk. As these fire risk principles apply to all fire-related phenomena and all end-use configurations, so this would mean that these principles can be applied to all types of fire scenarios	AIAO-BAR
9	HACCP (Hazard Analysis Critical Control Point)	Hazard Analysis and Critical Control Point or HACCP is a food industry standard. It is a systematic food safety program that was developed by the food industry that examines every step in a food processing operation. Like identifying a specific hazard, implementing effective control measures, and monitoring procedures.	AIAO-BAR
10	ISO 27001:2013 (Information security management systems)	This ISO standard specifies the necessary requirements for establishing, implementing, maintaining, and continually improving an information security management system. In addition to this, it also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.	AIAO-BAR
11	ISO 20000-1:2016 (Information technology)	The ISO/IEC 20000-1:2016 certification is one such standard certification that helps in the implementation of an efficient Standard Quality Management System (SQMS) in the IT companies. Thi is certification is internationally acclaimed and most of the IT companies used this to enhance the quality of services that they deliver to the clients. The ISO/IEC 20000-1:2016 certificate is mandatory for the companies that are involved in the IT sector and provide different services to the clients. Attaining this certificate helps them in easy monitoring and improvement of service quality.	AIAO-BAR
12	ISO 13485:2016 (Medical devices QMS)	This is a type of certificate that specifies requirements for QMS where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.	AIAO-BAR
13	ISO 16949:2009 (QMS for automotive production and relevant service part)	This ISO certificate defines the quality management system requirements for design and development, production, and relevant installation and services of automotive-related products.	AIAO-BAR
14	ISO 20121:2012 (Event Sustainability Management System)	This certificate specifies requirements for an event sustainability management system for any event type or related activity. And thus it guides on conforming to those requirements.	AIAO-BAR
15	ISO 19011:2011 (Guidelines for Auditing Management System)	This type of standard applies to every organization that needs to conduct internal or external audits of management systems or manage an audit program.	AIAO-BAR
16	ISO 4217:2015 (Codes for representation of currencies)	This type of standard specifies the structure for a 3-letter alphabetic code and an equivalent 3-digit numeric code for the representation of currencies. For any of the minor currencies, it shows the decimal relationship between such units and the currency itself.	AIAO-BAR
17	ISO 10012:2003 (Measurement Management System)	This type of standard specifies certain quality management requirements of a measurement management system that can be used by an organization performing measurements as a part of the overall management system. This is also to ensure all metrological requirements are met.	AIAO-BAR
18	ISO 31000:2018 (Risk Management)	This standard provides certain guidelines on managing risk by organizations. These guidelines can be customized to any organization and its context. In addition to this, these can also be used throughout the life of the organization and in any activity as well (including decision-making at all levels)	AIAO-BAR
19	CE Mark (Certification Mark)	In case one finds a CE mark on any product/packaging of the product, then this would mean that the product has met all the requirements of the harmonized European standard. This mark indicates that the product has met with the essential health and safety requirements of all directives that apply to the product. The European Commission, handling the administration of the program, describes that the CE mark is used to freely trade a product in the internal European market. If any product is to be sold in the European community, this mark is necessary.	AIAO-BAR
20	GMP 22716 (Goods Manufacturing Practices)	Guidelines are given for the production, control, storage, and shipment of cosmetic products. The guidelines provided cover the quality aspects of the product. But they do not cover safety aspects for the personnel engaged in the plant nor do they cover aspects of protection of the environment	AIAO-BAR
21	HALAL	Halal is a Quranic term that means ‘permitted’ or ‘lawful’. When this term is used to any food or consumables, then it would mean any item which is permissible for consumption and is used by Muslims based on Islamic law. According to this law, it is a responsibility of a Muslim to make sure that the food consumed or any business performed is not detrimental to their health or well-being. Halal mark is the new benchmark for quality. Halal trade specifies the trade of certified quality products that meets the rigorous internationally accepted standard in production and hygiene.	AIAO-BAR
22	ISO 3834-2:2005	This standard specifies comprehensive quality requirements of fusion welding of metallic elements either in shops or at field installation sites.	AIAO-BAR

ISO Standards

Transferring Your ISO 9001 Certification

Many organizations with ISO Certification are unaware that you can transfer your ISO Certification from one Certification Body to another at any stage you wish, you are not tied into any contract. This is the rule for all Accredited Certification Bodies such as Auva Certification.Organizations transfer for many different reasons such as:

The transfer process is free when transferring to Auva but some other Certification Bodies may charge for the service

Eligibility

In order to transfer your certification, the current certification must be accredited by an IAF or Regional MLA. If you are holding a certification from a registrar that is not covered by such accreditations, then you should reach out to a registrar as a new client. If your accreditation is suspended, you are not allowed to transfer. If your registrar let their accreditation expire, the organization must transfer to a new registrar within 6 months, if longer than 6 months the organization will not qualify as a transfer and will be treated as a new client.

How does the transfer process work?

The transfer process is simple and you do not lose any time in your certification, your certificate is protected throughout the entire process so you do not need to worry about something happening to it. The first stage is to receive a no obligation quotation from new Accredited Certification Bodies, and ensure that you are transferring from another Certification Body as this has an implication on the assessment costs and stages.

Once you have accepted the quotation you can send a copy of your current certificate, do not inform your current Certification Body at this time. The new Accredited Certification Body will send a request to your current Certification Body and request the last three years assessment reports and findings and notify them of your intent to transfer. A copy of this email will be sent to you so that you are clear of the actions which are taken. After your current Certification Body has received this notification they are obliged to maintain your current certificate and provide the new Accredited Certification Body with the documents requested in line with Accreditation requirements.

When these documents have been received, the internal technical team of the new Accredited Certification Body will perform a review and determine if the transfer is valid. This should never be an issue unless there are outstanding non-conformances, if there are, then this can get these closed before the completion of the transfer takes place.

Once the new Accredited Certification Body is satisfied, they will issue you with a certificate that replicates your current certificate (dates, scope, address etc) but now on new Accredited Certification Body certificates instead of your current Certification Body. They will also issue you with the logos which you can put onto your stationary.

The last stage is to send a confirmation email to your now previous Certification Body informing that the transfer process has been completed and they can cancel the certificate you had with them. Again, a copy of this email will be sent to you so that you are fully aware of the process and stage completions.

Which standards can be transferred?

Generally any ISO standard which has been certified by an Accredited Certification Body whose accreditation is with a member of the IAF MLA, you can check these out here. This might sound confusing but generally any globally recognized Accreditation Body such as UKAS and ANAB, if in doubt you can ask us here. There are other schemes which are not ISO standards such as AS9100, AS9120, AS9110 and IATF 16949 are also transferrable.

ISO 9001 (Quality Management Systems)
ISO 14001 (Environmental Management Systems)
ISO 45001 (Health and Safety Management Systems)

Transfer ISO Certification

Step 1 – Send the basic information about your organization or, use up to 3 registrars

Step 2 – Expect to receive a prompt quotation or a follow up call.

Step 3 – Once the quotation is approved by your organization, the registrar should contact you to discuss an audit timeline based on your next surveillance audit or your recertification audit that would normally have been conducted by your current registrar.

Step 4 – When the audit date is set, the registrar will ask you to send your transfer documentation. This would include previous audit reports and current certificate

Step 5 – The auditor(s) conduct the audit and issue to the client any non-conformances for corrective action response.

Step 6 – Following the review and approval by the registrar, they issue a new certificate. This step usually takes a few days.

Step 7 – An organization’s certification is then posted to a public registration database

Renewal of ISO in India

An organization undergoes many changes during and after certification to fill all the identified gaps in its journey of quality management. Once an organization has made a commitment to get ISO certified, it requires a huge investment in terms of time, effort, cost and change. Dedicated personnel must be identified, trained and deployed to manage this certification process. A baseline status is established and analyzed for gaps against the specifications of ISO 9001 QMS. Addressing these identified gaps may require adding new personnel, processes, documents and new quality controls. Organizations often employ Plan Do Check Act (PDCA) cycle to address gaps and improve the current state to reach the desired goal.

Internal audit

Organizations then perform an internal audit. It is intended to mimic an external audit and review the developed system to check if it meets ISO 9001 requirements. Established processes are checked to ensure that they comply with the quality manual the organization has put in place. For any gaps found during the internal audit, defined processes as per the quality manual must be followed to close the gaps. This approach puts the Quality Management System QMS into practice even before certification. It should be noted that implementing a QMS must enable an organization to continuously improve than merely satisfying certification requirements.

Maintenance & Recertification

Once an organization is awarded an ISO certification, it is valid for 3-years. A QMS established for certification must be maintained on a regular basis to stay compliant and achieve intended objectives. QMS must be maintained for both continuous improvement and for recertification. Also, the certifying authority or registrar must conduct periodic checks within 3 years of time to ensure that the system is being maintained and is rooted in the processes and procedures of the organization. Quality management is a continuous journey and not an end state. For certified companies, continuously improving and maintaining compliance and getting recertified is a more difficult journey than the first-time certification. But, this can be simplified by managing changes to documents and processes efficiently using an Enterprise QMS. ISO 9001 certification renewal has to be done once a year and for the renewal, the authorities conduct a surveillance audit to ensure adherence to all the standards

Reasons for losing certified status

For an organization that is fully committed to follow its QMS and continuous improvement, recertification will become a natural process step. However, many companies fail in maintaining ISO 9001 certification requirements and eventually lose the certified status during their next certification cycle. Typical reasons for such failure can be broadly categorized into: commitment, competence, complexity and change management, statuses of all of which can get altered from the state before.

When a senior management of a company embarks on an ISO journey for reputation alone, quality management and continuous improvement are hard to accomplish. Processes don’t get followed effectively and quality management remains on paper. Personnel who are managing ISO requirements, who fail to maintain a quality management system, will fail in enforcing continuous improvement. Assigning responsibility of quality management system to external contractors alone and not having efficient internal oversight will also result in a failure of the system. Competence in the personnel responsible for maintaining a QMS is an absolute requirement and needs to be planned and implemented through regular training programs. Some organizations make QMS too complex to adopt. This typically happens when several different systems are put in place and understanding the system relationships is hard for the employees who use them. This can be easily avoided by engaging Enterprise QMS software that integrates all quality management activities into a single platform. Lastly, but undeniably, most critically, one of the reasons for a QMS failure is inability to handle change management issues. After a quality management system is certified, an organization may encounter several changes in its documents, processes, tools used and procedures to be followed. These changes often arise due to changes in the business’s functions, management team, systems and markets. Any of these changes, if not handled in a planned manner, may disrupt the original quality management system that the organization has put in place. This will lead to quality management activities that are not per the defined quality manual. In fact, handling a change in a planned manner is an explicitly stated requirement in the ISO 9001 specifications.

Standards by ISO/CASCO - Committee on conformity assessment

S.No.	Standard and/or Project Under The Direct Responsibility of ISO/CASCO Secretariat	Description
1	ISO/IEC GUIDE 23:1982	Methods of indicating conformity with standards for third-party certification systems
2	ISO GUIDE 27:1983	Guidelines for corrective action to be taken by a certification body in the event of misuse of its mark of conformity
3	ISO/IEC GUIDE 60:2004	Conformity assessment — Code of good practice
4	ISO/IEC GUIDE 68:2002	Arrangements for the recognition and acceptance of conformity assessment results
5	ISO/IEC 17000:2020	Conformity assessment — Vocabulary and general principles
6	ISO/IEC 17007:2009	Conformity assessment — Guidance for drafting normative documents suitable for use for conformity assessment
7	ISO/IEC 17011:2017	Conformity assessment — Requirements for accreditation bodies accrediting conformity assessment bodies
8	ISO/IEC 17020:2012	Conformity assessment — Requirements for the operation of various types of bodies performing inspection
9	ISO/IEC 17021-1:2015	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements
10	ISO/IEC 17021-2:2016	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 2: Competence requirements for auditing and certification of environmental management systems
11	ISO/IEC 17021-3:2017	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 3: Competence requirements for auditing and certification of quality management systems
12	ISO/IEC TS 17021-4:2013	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 4: Competence requirements for auditing and certification of event sustainability management systems
13	ISO/IEC TS 17021-5:2014	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 5: Competence requirements for auditing and certification of asset management systems
14	ISO/IEC TS 17021-6:2014	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 6: Competence requirements for auditing and certification of business continuity management systems
15	ISO/IEC TS 17021-7:2014	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 7: Competence requirements for auditing and certification of road traffic safety management systems
16	ISO/IEC TS 17021-8:2019	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 8: Competence requirements for auditing and certification of management systems for sustainable development in communities
17	ISO/IEC TS 17021-9:2016	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 9: Competence requirements for auditing and certification of anti-bribery management systems
18	ISO/IEC TS 17021-10:2018	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 10: Competence requirements for auditing and certification of occupational health and safety management systems
19	ISO/IEC TS 17021-11:2018	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 11: Competence requirements for auditing and certification of facility management (FM) management systems
20	ISO/IEC TS 17021-12:2020	Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 12: Competence requirements for auditing and certification of collaborative business relationship management systems
21	ISO/IEC TS 17023:2013	Conformity assessment — Guidelines for determining the duration of management system certification audits
22	ISO/IEC 17024:2012	Conformity assessment — General requirements for bodies operating certification of persons
23	ISO/IEC 17025:2017	General requirements for the competence of testing and calibration laboratories
24	ISO/IEC TR 17026:2015	Conformity assessment — Example of a certification scheme for tangible products
25	ISO/IEC TS 17027:2014	Conformity assessment — Vocabulary related to competence of persons used for certification of persons
26	ISO/IEC TR 17028:2017	Conformity assessment — Guidelines and examples of a certification scheme for services
27	ISO/IEC 17029:2019	Conformity assessment — General principles and requirements for validation and verification bodies
28	ISO/IEC 17030:2003	Conformity assessment — General requirements for third-party marks of conformity
29	ISO/IEC TR 17032:2019	Conformity assessment — Guidelines and examples of a scheme for the certification of processes
30	ISO/TS 17033:2019	Ethical claims and supporting information — Principles and requirements
31	ISO 17034:2016	General requirements for the competence of reference material producers
32	ISO/IEC 17040:2005	Conformity assessment — General requirements for peer assessment of conformity assessment bodies and accreditation bodies
33	ISO/IEC 17043:2010	Conformity assessment — General requirements for proficiency testing
34	ISO/IEC 17050-1:2004	Conformity assessment — Supplier's declaration of conformity — Part 1: General requirements
35	ISO/IEC 17050-2:2004	Conformity assessment — Supplier's declaration of conformity — Part 2: Supporting documentation
36	ISO/IEC 17065:2012	Conformity assessment — Requirements for bodies certifying products, processes and services
37	ISO/IEC 17067:2013	Conformity assessment — Fundamentals of product certification and guidelines for product certification schemes

Conclusion

The National Accreditation Board for Certification Bodies (NABCB) provides accreditation to Certification, Inspection, and Validation & Verification Bodies based on assessment of their competence as per the Board's accreditation criteria and in accordance with International Standards and Requirements. NABCB is a full member of International Accreditation Forum (IAF), International Laboratory Accreditation Cooperation (ILAC) and Asia Pacific Accreditation Cooperation (APAC), as well as signatory to its MLAs / MRAs. NABCB is also MRA signatory of Asia Pacific Accreditation Cooperation (APAC) for Occupational Health Safety Management Systems.

Policy and Objectives

National Accreditation Board for Certification Bodies will provide service to the satisfaction of its customers in accordance with the national and international norms. It is committed to provide equal opportunity to all the applicants with highest regard to transparency, integrity, and confidentiality. The Board has decided to provide accreditation services to certification / Inspection Bodies established as legal entities within the SAARC nations. However relevant locations of the certification / inspection body in other countries may be included in the accreditation process. The Board will strive for the international recognition of its accreditation schemes through international and regional forums like IAF, PAC etc. and through bilateral and multilateral mutual recognition arrangements.
The above said policy is pursued by complying with the ISO/IEC 17011 “Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies” and other relevant international/national standards and IAF Guidance Documents.

Objectives:

The Objectives of NABCB are:

To be equally accessible to all the certification body applicants who wish to be accredited to the criteria of the Board within its scope and capability, within the geographical limitations decided by the Board
To upgrade criteria of accreditation in line with international improvements and to foster improvement in the quality of certification process with the support of certification bodies.
To be impartial in its decision on criteria and process of accreditation
To seek mutual recognition of the accreditation schemes internationally.
To be independent of any undue influence of any stakeholder and to conduct its business professionally .

Thus BIS (Bureau of Indian Standards) represents India in ISO. NABCB (National Accreditation Board for Certification Bodies) is one of the accredited certification bodies in India which uses CASCO standard.

ISO or The International Organization for Standardization is a non-governmental International federation of national standards with about One hundred and sixty-two Countries as its member. They provide International standards so as to generate products and services for high quality, safety, and efficiency. International standards are basically documents which provide certain specifications, guidelines or characteristics which help check the consistency of your product or services. There are more than One thousand nine hundred International Standards (which are updated as per the requirements) published by ISO. Few of the popular Standards are ISO 9000 (Quality management), ISO 22000 (Food Safety management), ISO 1400 (Environmental Management), ISO 26000 (Social responsibility), ISO 4217 (Currency codes), ISO 27001 (Information security) and so on. As an Entrepreneur, ISO 9000 (eligible for every sector) which includes ISO 9001:2015 is of our prime concern.

Frequently Asked Questions

1. What is ISO certification?
- ISO certification is a certificate of approval from a third party body. This certificate is an indication that shows your company’s credibility and also instills confidence in your clients.
2. Will I get a certificate in the pre-audit stage?
- No, at the pre-audit stage you will not get a certificate. The auditor will only assess your business system and procedures to make suggestions so that you can work towards making your company ISO compliant.
3. Can I choose any ISO accreditation?
- No, not all ISO accreditations are genuine and valid. It is important for you to pick the right ones.
4. Does an ISO certification work as a permit or a license?
- Self-attested Documents and Details required are
- An ISO certification only certifies standards; it has got nothing to do with permits and licenses. Even though you might have an ISO certification, you still need government and authority permission, permits and licenses to work your business.
5. Do I have to renew my ISO certificate?
- Not really, but auditors do conduct surprise checks from time to time to see if your business standards and procedures meet the required ISO mark.
6. What are the benefits of ISO certification?
- The International standard supports its own benefits within every industry; however, the common benefits across the certifications include widened market potential, compliance to procurement tenders, improved efficiency and cost savings, a higher level of customer service, and therefore satisfaction, and heightened staff morale and motivation. By having a recognized management standard, it tells your customers that you are serious about their needs.
7. What benefits does international standardization bring to business?
- For customers, the worldwide compatibility of technology which is achieved when products and services are based on International Standards brings them an increasingly wide choice of offers, and they also benefit from the effects of competition among suppliers.
8. How do I know that I am an ISO certified entity?
- When you get ISO certified you will receive a certificate bearing a unique certificate number. Using such a unique number over accreditation’s body website you can verify that your business is an ISO certified entity
9. What is the time involved in the ISO certification process for various Industries? - Like small, medium, and large
- The time involved in the process to get an ISO certificate varies from organization to organization. It takes a minimum of six months to get the ISO certificate for even small businesses in India. Moreover, the time depends on the size of the company. Let’s check them out in the following:
  - The time involved for small organizations to get ISO certification is 6 to 8 months.
  - The time involved for medium organizations to get ISO certification is 8 to 12 months.
  - The time involved for large organizations to get ISO certification is 12 to 15 months.
10. What is the validity of ISO certification?
- The ISO certificate, in India, is valid for three years. You can send for re-approval of the ISO, but the process remains the same. The reassessment process includes the verification of the documents and reviews of the quality management systems, which must be maintained overall. The recertification can be applied before the expiry of the certificate that is before the 3rd year gets over. During the period of holding the ISO certificate, the ISO body jumps in for conducting an annual evaluation of the system and monitors them closely.

11. What is the difference between all the accreditation bodies providing ISO certification?
There isn’t any difference between accreditation bodies; all of them provide ISO standards certifications. The only difference you can mark is of market recognition, branding, and their prices
12. What is the difference between ISO certification and accreditation?
- In simple words, accreditation is a kind of certification but accreditation should not be used as an interchangeable alternative for certification or registration. The workings of ISO certification and accreditation are the same. The only difference is in the body who certifies it and how it is done. For the ISO certification, you need to just pay a minimal fee and email the required documents. The whole process takes 10-15 days. But in the case of accreditation, only accredited body such as UKAS (UK) and INAB (Ireland) provides it. Moreover, there is no help from these bodies, they just conduct an assessment and based on it, and they either pass or fail the company.
13. Why is ISO 9001 mandatory?
ISO 9001 is not mandatory to have, but it may be a client-imposed mandatory requirement. For example, you may need to have ISO 9001 certification to be eligible for tenders and work
14. What is ISO audit?
- ISO audit is the basic tool to check the quality process system to ensure that organization is following the requirements as prescribed. Once you take an ISO certification, ISO audit needs to be done on an annual basis
15. Why do I need to have an audit?
- Audit is mandatory if you wish to get yourself ISO certified. This audit would mean that the system implemented is fit for its purpose and continually improving. For effective management of your systems, you need to comply with these standards. The auditor’s role is to inform you about the requirements in your process/operation/management that need improvement. Your company can see this as an opportunity and so improve on these procedures using a step-by-step guide.
16. What do you mean by non-conformance?
- Non-conformance is a situation when something doesn’t go according to plan and so it could result in complaints or delays in the process. The company can see it as opportunities and after tracking these situations, specific action can be taken action.
17.As a company, we have backups, virus protection, and protection firewalls- do we still need an ISO 27001 information security management system?
- Many of the technical breaches happen not because of lack of enough firewalls, but because of the lack of understanding among the employees about the firewalls. Any error could leak the information to the competitors. So by providing proper information to these employees, most of the breaches could be avoided. Now, if you decide to consider this ISO, just remember that proper training and information will be provided so to reduce the chance of future breaches.
18. For a startup with 10 or fewer employees, is ISO certification relevant for it?
- Yes, the new amendments made to the ISO standards include every organization. That is, there is no exclusion for the start-up of any kind. Be it large scale or small scale, this certification would help your business improve and increase customer satisfaction
19. What is the role of BIS (Bureau of Indian Standards) in ISO 9001?
- BIS stands for Body of India and is the founder of ISO. For the advancement of ISO 9000 standards, the technical and its sub-committees are responsible. BIS officers who are included in the Quality and industry experts’ panel are nominated by BIS. They are the one who enthusiastically participates in the gatherings offered by Technical Committee ISO/TC 176 and its Sub-committees.
20. How can I implement the requirements of ISO 9001 in my business?
- As a minimum, you should familiarize yourself not only with the requirements of IS/ISO 9001 but also the vocabularies that are given in IS/ISO 9000 and direction standard IS/ISO 9004. This will help you to clearly understand your association’s activities and processes and appropriately interpret the requirements of the standards. Implement the requirements in the different activities and processes adding value to these processes and activities. For training programs on general awareness on the requirements, the National Institute of Training for Standardization (NITS) may be reached

Frequently Asked Questions

21. What is ISO Accreditation?
- ISO accreditation signifies an independent 3rdparty endorsement of the certification in which the ISO certification acts as a third-party endorsement of the products/services representing the organization
22. Can a person transfer ISO Certification?
- Yes, a person can transfer ISO certification, but for the same, the current certificate has to be accredited by an IAF or a registrar.
23. Is the ISO certification work as a permit/license?
- ISO certification is used to set certain standards only and is not equivalent to permit/license. For ease in conducting business, you still need the government’s authority permission, permit or license.
24. Are there any benefits associated with the new ISO?
- The new ISO standards are:
  - More user-friendly for service and knowledge-based organizations
  - Higher leadership engagement
  - Better structured planning to set objectives
  - Flexible in documentation
  - Better alignment of management review and organizational results
  - It addresses supply chain management more effectively
25. Does the new standard contain the quality manual?
- It is not mandatory to maintain a quality manual. The ISO issuing agency specifies that the organization should maintain the documented information necessary for the effectiveness of the Quality Management System (QMS). This could be accomplished by using multiple ways, quality manual being one of them. If a company chooses this method, then it is perfectly acceptable.
26. What are the documents required to get ISO registration?
- Copy of PAN card
- Passport size photograph
- Copy of Aadhaar card/Voter Identity card
- Two copies of sales/purchase bill
- Utility Bill or Electricity Bill
- Copy of Sale deed in case of owned property.
- If the place of business is a rented property, a Rent Agreement is required.
- In the case of the company, a Certificate of Incorporation and MOA & AOA is also required.
27. What is ISO 9001?
- ISO 9001 is a Quality Management System that ensures a consistent level of quality to its customers. This is done by defining and reviewing the process and procedure. This can be applied to any business model. 8 main points covered under this are:
28. What is ISO 14001?
- ISO set an environmental management system that can be an integral part of any business. The main focus of this standard is to reduce the costs, reuse the resources or recycle (if it’s not possible). This would make the business more efficient and make it eco-friendly. Though it is not possible to be 100% eco-friendly, yet it encourages the business to either reduce the raw materials used or maintain the current levels of usage. In layman’s term, it sets standards to be met while not disturbing the day-to-day business operations
29. Why should I get an ISO certification?
- ISO certification is like a statement to your company’s stakeholders, creditors, employees, and others that your established business operates in a specific framework. And your company uses this framework to achieve all your objectives, be it customer satisfaction, production objectives or environmental objectives. It being an external certification, it keeps the credibility of the certification as well. There are many requests from many public sector tenders, where the ISO certification is a pre-requisite before allotment. In that case, it’d improve your chances of getting that tender.
30.What is ISO certification in India?
- ISO certification guarantees that an organization operates its business using international norms for goods, services, and operations. These may include business management, environmental policies, or they may be standards established by the ISO for particular business industries.

31. Who can get an ISO Certification in India?
- All Companies can be certified with ISO Standards. Regardless of size, nature, and type, all organizations are eligible for the ISO Certification. From Small Scale (Even one person) organizations to large scale organizations can take ISO Certification.
32. How to verify the ISO Certificate?
- All Certificates come with Unique Identification Numbers. You can verify the certificates in the respected Certification Body websites. Even the certification details are found in the Accreditation bodies.
33. How to get ISO Certification in India?
- 1. Requirements to ISO Certification Process
- 2. ISO Certification Cost in India
- 3. ISO Certification Processing Time
- 4. ISO Certification Process in India
  - Complete ISO Application
  - Documents Review
  - Prepare an Action Plan
  - ISO Certification Audit
  - Get ISO Certification
  - Surveillance Audits