Maintaining your ISO Certification

Maintaining ISO Certification

Earning and maintaining the right ISO certification (like ISO 9001 or ISO 27001, for example) is critically important for businesses that want to compete in the 21st century.

An international standard that can either open doors to opportunities that would not have existed otherwise or cause great businesses to lose a lot of sales and credibility in their industry, it is not just enough to earn the ISO certification – it’s important to maintain that certification moving forward, too.

Below we highlight important details that will better illuminate the ISO certification process as well as the ongoing maintenance routine that businesses will need to adhere to.

Let’s get right into it.

Choosing the Right Standard

While ISO 9001 is often the most popular of the ISO standards to move forward with, there are other options to consider as well.

Let’s run through them quickly:

  • ISO 9001 – This standard focuses on management and organisational processes, improving efficiency across the board
  • ISO 14001 – This standard deals mostly with environmental management standards
  • ISO 27001 – This standard focuses exclusively on cybersecurity, letting the international business community better understand how seriously your operation takes data protection and digital privacy rights
  • ISO 45001 – This is the standard that pertains most to health and safety standards

All of the standards have ongoing certification procedures that go beyond the initial certification process. We talk more about that in just a moment.

Choosing the Right Certification Organisation

Choosing the right ISO standard is (obviously) important, but so is choosing the right certification organisation.

For starters, you’ll want to choose an organisation that has United Kingdom Accreditation Service (UKAS) accreditations. This accreditation is the only accreditation recognised by the government for not only providing the initial certification but also testing and handling ongoing certifications, too.

From there, you’ll want to look into the reputation of the certifying body as well.

Have a look at the reviews that organisation has, dig deeper into the testing protocols that they take advantage of, and see if they provide any extra value on top of the certification and ongoing certification procedures they offer.

Above all else, make sure that they are a legitimate organisation. The last thing you want to worry about is pursuing ISO certification and ongoing certification only to find out that opportunities start to disappear because the accrediting body was in some way illegitimate or not UKAS approved provider.

How Long Does Certification Take?

Each ISO certification process is going to unfold in a unique pattern, dependent entirely upon the size of that organisation as well as the structure of that company, too.

To streamline things significantly, it’s important to designate a specific representative of your business that will move through the ISO certification process and handle ongoing certification, too.

You do not necessarily have to hire a “Quality Manager” or “Compliance Manager” with these kinds of responsibilities exclusively in their purview, but you are going to want to make sure that a management or executive level employee is spearheading the initial and ongoing certification process.

As a general rule of thumb, it’s not a bad idea to expect that the entire ISO initial certification process to take anywhere between four months and seven months to be completed. It may take a little bit longer than that to be awarded this certificate from an accredited agency, but it will very rarely take less than three months.

The Ongoing Certification Process

Ongoing certification, however, is a “permanent” process that will involve (at the very least) one surveillance audit each and every year.

The surveillance audits are designed to ensure that ISO certified organisations are continuing to take advantage of these principles, continuing to leverage your management systems, and are still embracing and embodying all that the ISO certification embodies.

On top of the on-site surveillance audits that will happen at least once per year a written report may be required as well.

Every three years businesses are required to undergo a complete recertification audit from top to bottom.

This kind of recertification audit involves a deeper look at the entire business structure, the strengths and weaknesses of that particular business, and the creation of a plan to better optimise things going forward.

Third-year audits are significantly more extensive and a lot more time intensive than traditional on-site annual audits. Unsurprisingly, these in-depth audits are usually more expensive as well.

Businesses should also know that while an ISO 9001 consultancy (especially one  that is accredited through the UKAS) is entitled and empowered to provide insight and information into their findings, they aren’t allowed to cross the line between objectivity and impartiality.

Most of these agencies will try and provide informational resources about how there ISO ongoing certification clients can best move forward, often times pointing them towards best practices and shining a light on what can be improved without abandoning their core principles.

At the end of the day, it’s important to remember that the ongoing certification process is intended not just to confirm that businesses are still abiding by ISO principles but that they are continuing to find new ways to fold ISO principles into a business that grows and evolves over time.

Clear goals, open lines of communication across all levels of management and staffing, and regular trainings regarding ISO certification and best practices will go a long way towards making sure that ongoing certification is relatively simple, straightforward, and almost effortless.

It is never a bad idea conduct internal audits quarterly to prepare for the annual surveillance audit, either.

This will ensure compliance, help to find inefficiencies wherever they might exist, and to guarantee that there are not any surprises that pop up when the auditors are actually brought in to do their official certification.

Annual audits can also be a great time to address any of the major or minor nonconformities and observations that were discovered during the more traditional surveillance or three-year audits as well.

Take advantage of every opportunity to adhere more closely to ISO standards and ongoing certification turns into just another day at the office.


Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?