When it comes to ISO certification and compliance, there is definitely more than meets the eye. The short answer is no as ISO certification involves ongoing maintenance as well as external input by way of maintenance audits on at least an annual basis. There are also triennial or recertification audits which need to occur. Continuous improvement is essential in getting the best value out of an ISO system.
Do I only have to do ISO certification once?
Setting up an ISO system is not rocket science, but neither does it come naturally to a lot of people. Once you, as a business owner, have gone to the effort and expense of creating such a system (whether with or without professional assistance), it is only natural to want to return to what you do best – running your own business.
However, what is often not explained fully at the outset, is that to reach compliance is one thing but to maintain it is another thing altogether.
There are various activities and practices which have to be continued throughout the entire process and records need to be kept in order to remain compliant and eligible for the renewal of certification when the time comes. Similarly, a practice of continuous improvement is essential in getting the best value out of an ISO system.
So while you actually don’t have to go through the process of setting up the system more than once, you are required to maintain the system by keeping up regular activities such as internal audits, management reviews and continuous improvement.
These can all be done yourself if you have the resources and the knowledge required, or you can engage a consultant to do at least some of these for you. The most common use of a consultant is for the internal audit process. These internal audits can range from as little as 1 to 12 days a year depending on the size of your organisation and the level of risk, how many standards you are certified to and how much internal resource is available.
Once you are certified, you need to be audited by the external certification body at least every year in order to maintain your certification. These are called maintenance audits. This means that samples are taken from various areas of the system as part of an internal health check to verify that everything is going according to plan.
Every three years thereafter you need to be recertified. This is called a triennial or recertification audit. This is an in-depth audit which generally takes about twice as long as the maintenance audit and is designed to assess whether the entire system is sound and can be recertified for another three years.
So, the short answer is no; ISO certification is by no means a once off exercise. It requires ongoing and habitual maintenance as well as external input on at least an annual basis in order to maintain certification.
If you would like more information or advice on ISO certification, or need help in deciding whether this option is suitable for your business or even required (there are sometimes ways around it!), you can either contact us via our website or give us a call on 1300 132 745.