Implementation
From initial contact through to certification and ongoing support, we work with you every step of the way. The ISO process can be confusing when you first explore it.
How it works
Business fact find
After you contact us, the first step towards certification begins with an initial fact-finding conversation. This can be conducted in person or over the phone but typically doesn’t need to last more than 15-30 minutes. Our goal during this step is to understand more about your business, processes and goals.
Proposal
Our proposal details your ISO journey: timeline, strategy, and costs for implementation (or internal audits/system improvements). We can also help you find certification bodies and understand their services.
Implementation
Implementation involves working with our consultants on documentation, system development, internal audits, and management review to prepare you for your external audit. Timeline varies (3-9 months) based on your organization’s complexity and chosen ISO standards.
External Audit
After implementing your security system, an external audit in two stages ensures everything meets ISO standards. Stage 1 is a readiness check, Stage 2 is the deep dive. Stage 3 determines certification, minor fixes, or a full re-audit.
Certificate
Once the Stage 2 is complete, the technical team at the certification body needs to check the auditors work. If the report passes the technical review (we find it almost always does) and you have provided satisfactory evidence to the certification body of how you intend to address any nonconformances, the certification body will issue your certificate. This process of review typically takes 2-4 weeks. Once acquired, the certificate is valid for three years, requiring annual surveillance audits (and a recertification audit every third year).
Ongoing, Tailored Support from twoSB
Our commitment goes beyond certification. We provide ongoing support to ensure you maintain your hard-earned status. This support can be tailored to your needs, but typically includes assistance with annual internal audits, management reviews, and system upgrades. For clients seeking a deeper partnership, we offer regular sessions to help your management system continuously evolve.
Maintaining Your ISO Certification: Audits Explained
ISO certification. After the initial 3-year certificate, you’ll have:
Annual surveillance audits: Surveillance audits are ‘lighter’ audits than the initial certification audit and will generally focus on higher risk/more critical business functions and on areas that nonconformances have been previously observed. If a minor nonconformance is raised during a surveillance audit, you will be required to address this before the next annual audit. If a major nonconformance is raised, this will need to be addressed and proof submitted or further audits carried out to ensure the system has been repaired.
Recertification audits: The recertification audit looks at your whole business again and occurs every third year (replacing the surveillance audit in that year). The auditor will look at all processes and controls, and like the stage 2 audit, if any nonconformances are raised, you will need to provide evidence to the certification body about how you intend to remedy the issues before the certificate is renewed.
Ready to embark on this journey together?
As our relationship with clients evolves, we often take on various other roles. We can assist you in tackling complex client compliance questionnaires; we can serve in outsourced roles such as Quality Manager, Chief Information Officer, and Health & Safety competent person; we can also provide a fresh perspective to directors and executive teams as they face challenges.