CERTICATION PROCESS FLOW CHART

ISO Management system Standards(MSS)

 ISO refers to International Organization for Standardization. ISO  is an independent membership private organization. ISO develops & publishes  international  standards on Quality management,  Environment management, Occupational health&  safety management, information security management, food safety management etc.

Benefits of ISO management system standards(MSS)  

For long term sustainability in a fiercely competitive  market ,it is essential for any organization to constantly deliver high quality of goods & services to  ensure customers loyalty  and  fulfill legal compliance.  ISO certification helps to protect reputation as well as bring an overall sustainable improvement in the performance and  regulatory compliance of any organization  irrespective of  their size or nature of business.  Besides, international standards published by ISO also helps in the improvement of an organization’s overall management system  related to  Quality, environmental performance, health&  safety of workers,  information security  and food safety etc.

Total Cost of Quality

There is often a misconception on total cost of Quality, which some people mistakenly identify as the total amount of money to be spent to achieve a Quality management system certification , but it is not so.

Total cost of quality is an intangible cost which an organization is forced to  incur for  not having an effective  Quality  management standard  built into the  business system in the first place.

Every time a company looses a potential sales to the nearest competitor because of poor quality of products & services, it largely remains invisible to the company”s  management and does not get reflected on the annual profit& loss account or balance sheet. Similarly every time a rejection is made or a rework is ordered or products are recalled from the market on quality related issues, companies suffer huge losses to the tune of billions of dollars in revenue. The total of such costs  taken together which the company is compelled to loose due to lack of an effective management system is termed as the total cost of Quality.

Therefore, the ultimate objectives of any business is to increase profits. In order to increase the profits it must constantly deliver high quality of  Products & Services to satisfy  customers requirements  and achieve legal and regulatory compliance.  In order to achieve all these objectives you need to adopt an effective management system based on international standards.


ISO certification may sound a daunting, complex and costly affair , but it is not so.  It is pretty straightforward, simple and cost effective if you adopt the right approach.  There is always a right way and wrong way of doing ISO. If you will like to embark on an ISO certification process and don’t know where to start, you can follow these simple steps to get you started to  fulfill your desired objectives  ;

 To start with Let’s understand the  different processes of getting ISO certified .

1.      Pre-Requisite to ISO Certification Process

2.      Process for ISO Certification

3.      Time involved in the ISO Certification Process

4.      Cost involved in the ISO Certification Process

1.Pre-Requisite to ISO Certification Process

A. Choosing the type of ISO Certification scheme

First of all, you need to select the type of ISO certification scheme suitable to your business needs.  There are various types of ISO certification available in the market. We have selected the five most popular  certification schemes for you along with a brief summary on each standard.

1.      ISO 9001: 2015 Quality Management System.(QMS)- ISO 9000 family of standards comprising of ISO 9001 (QMS Requirements)and ISO 9000 ( Terms & definitions) are being used globally  by over 1 million companies in 180 countries  to improve the Quality of performance of their interrelated business processes. The ultimate objective of ISO 9001 standard is to  achieve  a high efficiency  of  process performance to constantly deliver quality products& services to exceed customers satisfaction and achieve legal compliance for  sustainable growth. ISO 9001 forms the basis of many other international  standards such ISO 13485 Medical devices, TS16949 automotive, Aerospace AS9100 etc. ISO 9001 uses a process based approach and PDCA cycle to improve the process performance of an organization in a time bound and systematic way.  ISO 9001 can be easily integrated with any other ISO standard such as ISO 14001,ISO 45001 etc and can form the basis of building a good foundation for your business organsiation.

2.      ISO 14001: 2015 –  Environmental Management system (EMS)- ISO 14001 Environmental Management system standard basically deals with identification and control of  significant environmental aspects& related impacts on the environments caused  by industrial activities of any particular nature. It basically aims to achieve a sustainable improvement of a company’s environmental performance in the entire lifecycle of the products(services) right from the input to the output and recycling stage through better waste management techniques. It brings a  systematic cohesion between a company’s environmental performance & achievement of  business objectives and also helps in compliance with environmental legislations. Companies who fulfills its environmental responsibilities are favored by customers over their competitors and helps to bring additional brings business gains. ISO 14001 can be easily integrated with any other ISO standard such as ISO 9001,ISO 45001 etc.    

3.      ISO 45001: 2018-  Occupational health & safety Management system (OHS&S)- The enormous burden of poor working conditions. The ILO estimates that some 2.3 million women and men around the world succumb to work-related accidents or diseases every year; this corresponds to over 6000 deaths every single day. Worldwide, there are around 340 million occupational accidents and 160 million victims of work-related illnesses annually. The ILO updates these estimates at intervals, and the updates indicate an increase of accidents and ill health.( International labor organization. ref: https://www.ilo.org/moscow/areas-of-work/occupational-safety-and-health/WCMS_249278/lang--en/index.htm ).ISO 45001 is a framework adopted by companies to prevent work related hazards and minimize health & safety  risks of employees and  any other third party visiting the factory/ office premises. It also helps to comply with  health & safety legislations, minimize insurance premiums & liability payouts, reduces absenteeism  for ill health  and ensures a better lifestyle and working conditions for staff & workers to increase productivity for the company.    

*Pl note OHSAS 18001 not an ISO standard but  a British standard on occupational health & safety has already been changed to an ISO standard to be referred as ISO 45001.

4.      ISO 27001:2013  –  Information security Management system (ISMS)- ISO 27001 focuses on cyber security. Shockingly, 5 million data records are stolen each day worldwide. A data breach is expensive, not just in financial terms, but in terms of your reputation too. Gaining ISO 27001 shows that you take cyber security seriously and is a step towards GDPR compliance. The certification process will also give you independent insight into your current procedures and how they can be improved.

5.      ISO  22000: 2005  –   Food Safety Management system (FSMS)- ISO 22000 Food Safety Management System – Hazard Analysis and Critical Control Points is a systematic approach to ensure effective control, identification and controlling microbiological, chemical or physical hazards in all stages of production from the receipt of raw material to the delivery of the final product

 B. Choosing an ISO Certification Body

It must be noted that ISO itself does not provide certification to the companies. Certification is done by the external certification bodies. It is very important that you choose recognized and credible certification body.

While choosing the ISO registrar or certification body, you should keep the following in mind:

·        Evaluate several  ISO Certification service providers.

·        Avoid going for cheap   certification bodies because they do not follow any audit process to issue their certificates and in the long run it becomes costly for the organization.

·        Check if they are following the relevant  CASCO standards of  ISO 17021. CASCO is the ISO committee that works on issues relating to conformity assessment.

·        Check whether it is accredited or not. Accreditation is not compulsory but they provide confidence  to the consumers that the audit process being followed by the ISO certification body is credible and neutral that meets the latest  criteria’s  of CASCO standards such as ISO 17021 2015.  

2. ISO Certification Process

A. Create an application /contract :The applicant and the registrar should agree on a certification audit contract. This contract usually defines the rights and obligations of both parties and includes liability issues, confidentiality, and rights of access to logos. To start with, the application and contract must be duly filled,  and signed by the applicant company. Application &contract ( annex 13) can be downloaded from our company website @www.qcspl.com. or  can be sent  through an email on receipt of an enquiry  from the applicant organization.

B.  Review of application & issue an Offer for certification:   On receipt of the signed application form , the certification body will  review the  application form and issue an offer for certification to the applicant .

C. Registration &  issue of audit plan :  Once the applicant  organsiation accepts the offer for certification & completes the registration process, an audit plan will be issued  in advance by the CB before each audit stages after  mutually confirming  the audit  dates in consultation with the  client .

D. Review of documented information’s : The ISO auditor appointed by the CB will  review all your QMS/EMS/OHS/FSMS/ISMS  manuals/ documents/ records  related to various policies & procedures being followed in the organization as per the requirements of the respective  international standards. Review of existing work will help the ISO auditor to identify the possible gaps against the requirements stipulated in the ISO standards.

C. Make an  Action Plan: After the ISO auditor communicates the existing gaps in your organization, you should prepare an immediate action plan to address these gaps. Prepare the list of the required tasks to be performed to bring the desired changes in your organization. You may be required to give training to your employees to work efficiently while adapting to new procedures. Make all the employees aware of the ISO standards in terms of work efficiency and QMS/EMS/OHS/FSMS/ISMS  standards.

D. Initial Certification Audit:                                                                                                 

The initial certification audit is divided into two categories-  Stage 1 and Stage 2.

Stage 1 audit : The ISO auditor will audit the changes made by you in the organization. They will then try to identify the possible non-conformities in your systems and procedures to the desired quality management system. They will divide these non-conformities into minor and major non-conformities. The applicant must carefully assess all these non-conformities and get it aligned as per the desired quality standards through modification in the techniques and processes used by the organisation.

 Stage 2 audit : After all the required changes are done in the organization, the ISO auditor does the final auditing. The auditor will check whether all the  observations & non-conformities  of stage 1 audit have been  satisfactorily addressed by the organsiation  as per the standards. The company must submit the objective evidences of implementing the necessary  actions or tasks raised in the corrective action plan.  If the ISO auditor is satisfied  , they will prepare the final ISO audit report and forward it to the registrar  with a recommendation for certification.

E. Certification decision & issue of  ISO Certificate- After all non-conformities are effectively addressed by the applicant organization  as per the audit findings mentioned on the audit report, the registrar will grant the ISO certificate for  an effective term of three years followed by a recertification audit  before the end of the given term to maintain the continuity of the certificate.

F. Surveillance Audits -  Within the specified certification  cycle  of three years, it is mandatory to conduct (minimum two)  Surveillance audits  at annual intervals from each other with the first surveillance audit falling due within the 1st year of the initial certification date. The overall  purpose of each surveillance audit is to ensure  that QMS/EMS/OHSAS/FSMS/ISMS   policies  &objectives as per the requirements of the standards are being continuously accomplished  and improved  by the organization.

G. Renewal audit- The client organsiation need to conduct a Re- certification audit minimum two months before the end of its term of three years  from the initial audit/ issue date.

G. GAP Analysis audit ( optional ) – This audit is generally conducted  by the regsitrar  to assess the strengths & weaknesses of the  applicant organization, related to  the requirements of the international standards, so that the organization can initiate possible action steps to meet the deficiencies found in his management system before the final external audit by the certification body.  

3.Time involved in the ISO Certification Process

Time taken in completing the whole process of ISO certification also varies from organization to organization. The fair idea can be given by the ISO certification agency after assessing the size of the company.

Generally, the time required to complete the process of ISO certification is approximate :

·         Small organisations: 2-3 months

·         Medium organisations: 4-6 months

·         Large organisation: 6-12 months

4. Cost involved in the ISO Certification Process

Cost for getting ISO certification is not fixed and varies from organization to organization.  QCS calculates the cost of ISO certification separately for each organization after considering them on different parameters such as :

·         Number of employees

·         Number of units

·         Number of Processes

·         Level of risk associated with the scope of services of the organisation

·         Complexity of the management system

·         The number of working shifts etc.


 Advanced Surveillance and Recertification Procedures (ASRP)

Cost Savings for Certification of Mature Management Systems via ASRP

 What is ASRP?

Advanced Surveillance and Recertification Procedures, or ASRP, is a process applied to certified organization that have a proven performance track record of maintaining the integrity of their management system. Only organizations that have established confidence and demonstrated system effectiveness over the course of their certification can meet the minimum requirements. The benefits of applying ASRP favor the organization by providing more effective and efficient audits to the organization and reduce certification fees to the organization. The ASRP program places more dependence on the organization’s internal audit and management review processes. This is done by allowing qualifying companies to rely more heavily on internal audits, special targeted surveillance audits, and the use of inputs from the organization to demonstrate the conformance of the organizations management system.

Different Types of ASRP

The procedures used in ASRP rely mostly on the organizations internal audits process, but different kinds of audits are used as part of the process to monitor the organizations management system. Some of the defined monitoring that occurs in the program are described below.

  • Witnessed Audits: These are audits that are observed, but not done, by the third-party auditor. The certification body will choose internal audits that represent company’s processes and internal auditors that will be sampled and audited.
  • Delegated Audits: These are internal audits that are used in exchange for the certification body’s audits. These audits are not done or overseen by the certification body.
  • Third-Party Audits: Audits performed by the certification body or other third-party. These will happen throughout the year and have focus that spreads widely. Some of the things that are audited during this process are levels of compliance, system changes, internal auditing processes, and continuous improvement.

 ASRP Requirements

Companies looking to save money and time should look towards ASRP if they meet these qualifications:

  • All previously raised nonconformances during the certification shall be successfully closed and actions have remained effective.
  • The organization’s system shall remain in conformance with the management system requirements for at least one complete cycle of certification (initial, surveillances, and recertification).
  • Strong performance indicator trends that will allow the determination that the system has continually been effective and the organization consistently meets or exceeds these goals.
  • Management system(s) must have the ability to continually improve effectiveness over time.
  • Substantial proof of future improvements and impartial consumer satisfaction measurements.


According to Quality Digest, ASRP “is a solution that shows demonstrated cost reductions in external audit frequency, but has also increased value through its unique approach.” Not only does ASRP provide benefits for companies, but for consumers as well. The efficiency of the process can lead to quicker effectiveness and more efficient resource allocation over time. In terms of cost reduction for businesses, companies using ASRP will see reduced third-party audits. When reducing the amount of time, visits, and money spent on audits during recertification, companies can allocate resources elsewhere to improve efficiency and effectiveness of their systems. This allows qualifying organizations access to greater flexibility during auditing and certification processes.

The value these procedures offer is endless. Companies can expect to find the certification focus to shift from premature to mature systems. By having a more mature outlook on recertification, management systems will see enhancement on performance indicators and preventive actions and risks completely eliminate and/or mitigated quicker. Management systems will see continuous improvement despite the reduced rate of external audits. While relying on internal audits, organizations using ASRP will spend more time doing normal day to day activities rather than experiencing disruptions in their business or management systems.

 Why QCS ?

QCS MANAGEMENT PVT LTD. (QCS) has been a key participant in developing and defining ASRP since its beginning. QCS  has been accredited by ASCB-UK  for international management systems and operates in over 20 countries. QCS  aims to  provide auditing services with more efficiently for greater productivity, reduced waste, and higher profits for companies . QCS  has the ability to provide services internationally with Rep offices around the world. With various certification, auditing, training, and assessment services, QCS has the means and capabilities to audit and certify using ASRP to help companies with mature management systems take the next step.

Getting certified for an ISO can be an extensive process, but over 99% of our clients will recommend QCS to others. QCS  has had incredible success in providing ISO clients with sustainable processes that reduce costs and enhance current market share. By switching your ISO certifications to QCS , businesses can be assured that their certifications are up to standard for their industry.

Please fill up the QCS application form with the necessary details of  your company to receive an offer for certification .  You may please send all communications to  the following address;

Quality Manager,

 QCS Management Pvt Ltd,

Email : qcsert56@yahoo.com.  

Website:  www.qcspl.com








Head Office

QCS Management Pvt Ltd.
Address: 37E/1(310) 2nd street,
Modern Park, Greenage Apartment
2nd Floor, Santoshpur, Kolkata - 700075,
West Bengal, India.
Telefax: 033 - 6541 6557

Mob: +91-08697724963/8697979463/8902447427
Email: qcsert56@yahoo.com / qcs.partha@gmail.com / qcsplkolkata@gmail.com