Frequently asked questions

From your first consultation with our ISO specialists through to certification, the process can take as little as 45 days. However, this does depend on the size and complexity of your business.

Remember, we can normally save you time and money by drafting the Documented Management System Manual for you. This can also help your business gain certification faster.

In accordance with ISO 17021, accredited certification bodies are required to issue certified organisations with certificates that are reflective of a 3-year certification cycle.

Certifications can be issued for longer than this period providing the requisite external audits are performed and the certification cycle followed. Citation ISO Certification typically issues certificates over the period of a ten year contract.

Citation ISO Certification is committed to making ISO certification affordable for all our clients. The cost varies depending on multiple factors such as your industry sector, annual turnover, number of employees and more. However, you can use our free calculator to gain an instant quote.

Individuals cannot be ISO certified.

A management review is a structured meeting held at least once a year. It is an essential part of your management system maintenance and is a way of checking that your management system still meets the needs of your organisation and that you are still complying with it.

A management review can be held at a frequency that suits you and your business, but to meet the requirements of your ISO you must ensure that you carry out at least one management review every year.

A management review is usually a great way for senior management to stay in touch with a business’ management system and check how it is performing. Meetings may also need to be attended by other relevant people who can feed back on specific processes or departments of the organisation. Having a cross-section of the business can help senior management to get a good overall view of the management system’s performance.

Benefits of management reviews include:

• They help to keep senior management up to date with how the management system is performing
• They provide an opportunity to check the fit of the management system with your organisation
• It reviews and evaluates the management system
• It provides a forum for considering data for more evidence-based decision-making

An internal audit is a scheduled, periodic check of the processes and procedures laid out in your management system. It is an essential requirement of ISO Standards and is a way of ensuring that processes are followed.

The benefits of carrying out an internal audit are:

• It helps to ensure that goals and objectives are being achieved
• It improves communication and understanding
• It provides individuals with an opportunity to report concerns
• It’s an effective training tool
• It ensures that planned arrangements such as product quality are being maintained
• It provides feedback to supervisors

You will need to decide what will be audited and when. This is recorded in an internal audit schedule, which is something your consultant will want to see.

Complex processes may need to be split up and audited separately, and if you have been experiencing regular problems in a certain area, you may need more regular and detailed checks. When building your schedule, you will need to bear previous non-conformities in mind too.

ISO 9001:2015 is the most recent revision of the ISO 9001 Quality Management Standard, replacing ISO 9001:2008 as of September 2018.

The 2015 version of the ISO 9001 standard aims to bring a number of benefits that the 2008 version of the standard either briefly touched on or did not previously offer:

• It has more focus on risk-based thinking
• It follows the same structure as other ISO management system standards, making system integration much easier
• It addresses supply chain management more effectively
• It now puts more emphasis on leadership engagement
• It helps address risks/opportunities in a more structured manner within Organisations
• It now uses a simpler language, with common structure and terms
• It’s been adapted to be more user-friendly for service and knowledge-based organisations

ISO 9001 can bring many benefits to your company. By creating a quality management system, you can streamline your processes to create a customer and quality-focused business, which means that you can deliver high levels of customer satisfaction. Other benefits include increased efficiency, better supplier relationships and a stronger reputation when it comes to winning new business. 

The 2008 version of ISO 9001 introduced clarifications to the existing requirements of ISO 9001:2000 and introduced some changes intended to improve consistency with ISO 14001:2004. There were no new requirements.

ISO 9001:2008 has since been revised and replaced by ISO 9001:2015.

The ISO 9001:2015 standard requires your organisation address seven key areas to achieve continual improvement:

1. Context of the organisation
2. Leadership
3. Planning
4. Support
5. Operation
6. Performance evaluation
7. Improvement

The seven principles of quality management are:

1. Engagement of people
2. Customer focus
3. Leadership
4. Process approach
5. Improvement
6. Evidence-based decision making
7. Relationship management

The quality management principles were developed by the quality management and quality assurance committee (ISO/TC 176) at the International Organisation for Standardisation and were introduced with the publication of ISO 9001:2000.

ISO 14001:2015 is the most recent revision of the ISO 14001 Environmental Management Standard, replacing ISO 14001:2004 as of September 2018.

The 2015 version of the standard aims to bring a number of benefits that the 2004 version of the standard either briefly touched on or did not previously offer:

• It has more focus on risk-based thinking
• It follows the same structure as other ISO management system standards, making system integration much easier
• It addresses supply chain management more effectively
• It now puts more emphasis on leadership engagement
• It helps address risks/opportunities in a more structured manner within Organisations
• It now uses a simpler language, with common structure and terms
• It’s been adapted to be more user-friendly for service and knowledge-based organisations

An environmental management system (EMS) helps you manage your resources more efficiently. The ISO 14001 standard is a generic EMS, which means any organisation, of any size and in any sector can use it. This includes manufacturing and services firms, whether operating in the public or private sectors.

The standard gives you the tools to reduce the environmental impact of your processes, both internal and across your supply chain. It will help you cut the costs of resource, energy and waste management. It will also ensure you comply with environmental legislation while publicly demonstrating your commitment to protecting the environment.

The ISO 14001 standard will show your organisation how to minimise its environmental impact. In doing so, it can improve your efficiency, reduce operational costs and help you win new business. Implementing the ISO 14001 guidance in full, can also ensure your business complies with environmental laws and regulations in the UK and EU.

Any business of any size and in any sector (whether offering products or services), can apply for ISO 14001 certification. This makes it one of the most popular ISO standards in the world, after ISO 9001. As such, businesses and governments see it as a credible way for organisations to demonstrate their commitment to improving environmental performance.

The ISO 14001 environmental management system has two primary goals:

1. Compliance with laws and regulations: by reaching and maintaining basic legal standards, companies can avoid fines, government intervention and sanctions against their business.
2. Reduce environmental impact: the ISO 14001 EMS can help you develop, implement, and manage your environmental policies. For instance, it can help you plan for all phases of waste reduction from product design to end-of-life recycling.

The main aim of ISO 14001 is to help you control your organisation’s environmental impact. It does this by implementing a framework of processes that help you to identify, assess, manage and monitor your business’ operations. By following these processes, you can work towards reducing waste, improving resource efficiency and lowering costs.  

The 2004 version of ISO 14001 came with a focus on proactive initiatives for environmental protection, and life-cycle thinking which would consider environmental implications at each stage of a service or product.

ISO 14001:2004 has since been revised and replaced by ISO 14001:2015.

ISO 45001 is the international standard for occupational health and safety management. Obtaining an ISO 45001 certificate ensures that you have a system in place focused on reducing the likelihood of occupational injuries and diseases.

Find out more about ISO 45001 certification.

ISO 45001 is suitable for any organisation looking to improve health and safety risk management, drive productivity and protect its reputation.

ISO 45001 can also make your business more efficient by reducing absenteeism and accidents in the workplace.

The main difference between OHSAS 18001 and ISO 45001 is that the latter has a much more proactive approach and wider scope, incorporating requirements that focus on leadership, employee engagement and awareness, and a stronger emphasis on all kinds of health, including mental wellbeing. It also places emphasis on the identification and analysis of both risks and opportunities. 

ISO 45001 can help to protect your staff from accident, illness and injury by reducing the risks and hazards of your workplace. Its benefits also include:

1. Establishing controls to ensure legal compliance
2. Increasing employee health and safety awareness
3. Reducing absenteeism and enhance efficiency
4. Reducing the number of accidents at work
5. Improved staff morale and loyalty
6. An enhanced reputation

Read our full list of benefits for ISO 45001 certification.

ISO 45001 is not a legal requirement. However, it is highly advisable for businesses who care about the workers and reputation, and are interested in improving efficiency.

ISO 27001 is perfect for any organisation which wants to demonstrate their commitment to information security. The standard is applicable for startups, large organisations and everything in between.

ISO 27001 certification is not a legal requirement. However, it is highly advisable for businesses who frequently process and store data to ensure protection against information security risks. Furthermore, some suppliers will specify certification to this ISO in their contracts.

There are four main groups of requirements for ISO 27001.

The first set of requirements focus on management responsibility, the areas of your information management system in which your senior leaders need to be involved with.

The second set of requirements focus on the management of resources; in other words, how you organise your staff, business infrastructure, facilities and equipment.

The third group of requirements revolve around information security, which requires you to develop processes that protect both physical and digital information assets.

The last group of requirements focus on measurement, analysis and improvement. This last set requires you to put in place processes that allow you to assess how well your management system is working, and what you can do to improve it. 

The current version of ISO 27001 is ISO/IEC 27001:2013 which was released in 2013 and reviewed in 2019.

Implementing an integrated management system can give your organisation plenty of benefits, including:

• Greater performance thanks to streamlined procedures and continual improvement.
• Aligned objectives and processes for more efficient management.
• The development and implementation of new management systems in a shorter timeframe.
• Greater coordination when it comes to continual improvement across your organisation.
• Savings of both time and money thanks to shared tasks and processes and the need for just one audit and one management review for the whole system.

An integrated management system gives businesses a sleeker way to implement, manage and monitor multiple ISO Standards. By merging multiple Standards into one smart system, you can take advantage of a leaner, more streamlined set of processes and procedures. This can help organisations to save money, boost efficiency and remove unnecessary hassle.

Having just one system means that you can address and coordinate all elements of your management system at the same time, combining processes so that they cover all Standard-specific requirements at the same time. Essentially, all of your organisation’s tasks, goals and objectives are aligned, so that you can tackle them as a whole.

The Annex SL high-level framework means that many ISOs now share their 10 clauses with other Standards. This means that they work very well together in an integrated management system.

At QMS, we offer the following ISO combinations for integrated management systems.

• ISO 9001 (quality management) and ISO 14001 (environmental management)
• ISO 9001 (quality management) and ISO 45001 (occupational health & safety)
• ISO 9001 (quality management) and ISO 27001 (information security management)
• ISO 9001 (quality management), ISO 14001 (environmental management) and ISO 45001 (occupational health & safety management)
• ISO 45001 (occupational health & safety) and ISO 45003 (psychological health & safety at work)

Once you are booked in with Citation ISO Certification, we will give you access to our online ISO management platform, Atlas ISO. This platform is specially designed to support you when it comes to managing your ISOs. Once you’re logged in, you will get access to a pre-consultancy checklist, but you don’t have to work on this until your appointment if you don’t want to.

During your initial appointment, one of our consultants will carry out a gap analysis, which will take one-and-a-half days for two integrated Standards or two days for three Standards. You will then receive your gap analysis report, which contains recommendations for meeting the Standards’ requirements, and our consultant will write up your documented management system.

Once you have made the recommendations in the gap analysis report, our consultant will check your processes and recommend you for certification.

The cost of an Integrated Management System depends on the combination of Standards you choose, and other factors related to your business.

Each of our quotes is tailored to you, so if you’d like to find out more about getting an integrated management system, you can get in touch with our Sales Team on 0333 344 3646 or by emailing [email protected].