Audits in the implementation process of ISO Certification

implementation process of ISO Certification

The implementation process of ISO certification can be described as a meticulous process in which a company, either on its own or with an external consultant will perform certain changes within the organsation to become compliant with the requirements of ISO standards. Being compliant with the standard is key in becoming officially certified for ISO certification for a particular ISO standard.

The route of getting ISO certified may not always be clear. But worry not. You can see what the implementation process of ISO certification involves by reading the blog on how to get certified with Luke Desira. In this article, we will be focusing mainly on what comes next after the implementation process.

One of the very first things that must be executed in the implementation process of ISO certification is the Gap Analysis. The Gap Analysis is a vital aspect of the implementation process of ISO certification. It goes beyond the training of the staff – it identifies gaps between your current practices and the requirements of ISO certification. Through this process, you will be able to identify what your company is missing, what must be achieved in order to be compliant and see how you can bridge the gaps between what you currently have and what you should have.

Working with a consultant, such as Luke Desira, will help you better understand that the implementation process of ISO certification is only the beginning. After going through the Gap Analysis, the organisation must have its processes fine-tuned and become fully aligned with the requirements for ISO certification. This critical phase involves implementing changes to the company’s operations, policies, and procedures to ensure compliance with ISO requirements. This is made possible by establishing clear guidelines and developing effective controls.

So, let us cut a bit forward. Imagine you got a consultant to help you out. All processes have been optimised, the staff has been taught about the elements of continual improvement and all gaps have been filled,you are now ready to take it to the next step. The process of implementing the new ISO-optimised systems have been a success!

Now as an organisation, you have to go through 4 different steps, one after the other.

The Audits that come after the implementation process of ISO Certification

The first thing you need to do is the Management Review Meeting. The management review meeting is a meeting of the organisation’s senior management whose aim is to identify further things that the organisation can improve upon. Each standard dictates what the management review meeting should talk about. However, there are some topics that are common throughout the vast majority of ISO standards, such as the corrective and preventive actions for certain situations and the adjustment of the organisation’s resources to respond to changes that are affecting the management system of the organisation.

Following the management review meeting, the organisation must then perform an Internal Audit. The internal audit is a process where an internal auditor, who can be either someone who works for the company or an external person, such as Luke Desira, will gather evidence to see how the organisation and its employees are following the processes and procedures that have been set out by the company throughout the journey to become ISO compliant. Whoever will be conducting the internal audit must be objective and understand that any flaws, be them minor or major, must be reported and backed up by the respective evidence. This is what an internal audit is all about.


Whether you’re after ISO Certification, internal audits, or results-oriented consultancy, Luke has the plan for you. Reach out to him and start your journey today.
ISO Consultant in Malta


Luke has a plan for you whether you want ISO certification, internal audits, or results-oriented consulting. Contact him immediately to begin your adventure.

The third step is the process of choosing a certification body. Note that the most important thing to look out for when working with a certification body is to make sure that the certification body itself is certified. If you work with a non-accredited certification body, you will have a meaningless certification. This would have zero value and you might as well just print one yourself and save the hassle and resources.

Certification bodies will ask the organisation a number of questions, such as how many employees work with the organisation and how many offices does the organisation have? Is the organisation located in a single country or is the organisation found in multiple countries? What is the industry that the organisation specialises in?

Certification bodies vary in their price, some are cheaper than others but what matter the most is that you work with one which is accredited. After you review the proposal and agree on a timeline that works for all parties involved, the next and final step would be to start doing the audits.

In the first year of getting ISO certified, the organisation must undergo two external audits. The first one being the Stage 1 Audit, also known as Desk Audit. This is done remotely by the certification body. They will compare the documentation of the organisation with the ISO standard and see how compliant the organisation’s processes are. Then there is Stage 2 Audit, also known as the Field Audit. The Stage 2 Audit looks at the procedures’ documentation and how they should be functioning versus how they actually are being carried out. The Field Audit is basically an audit of the internal audit. Here they will evaluate the implementation process of ISO Certification.

If your organisation successfully passes both external audits, you will be awarded with the ISO certification

After you become certified, your work is not done. Every year, you need to do a management review meeitng, followed by an internal audit and an external audit, referred to as Surveillance Audit. This type of external audit is similar to how a certification audit is performed but is called a surveillance audit because the certification body is revisiting the organisation to see how well the processes are holding up. After 3 years of being ISO certified, you need to undergo what is known as a recertification audit. This is another type of external audit which follows the same principles as the others. It forms part of a system based on continual improvement.

It can be said that ISO certification works in the opposite manner of the educational system. The educational system expects that if an individual is a graduate of engineering, then automatically they are an expert engineer. However, this is not the case for ISO. Being ISO certified does not mean that you do not make any mistakes, but rather that you have a system in place which will identify the mistakes and take the necessary preventive and corrective actions. Being ISO certified means that you have had a successful implementation process of ISO Certification and are willing to improve your processes as you go forward into your business venture through continual improvement.

WANT  TO LEARN MORE about the implementation process of ISO Certification?

As an ISO management system consultant Luke Desira will make it his personal mission to put your company on a class above all others! Read more about ISO and other content related to business process transformation here.

If you are on the hunt on information on how to get certified, have a look at this guide on how to get ISO certified with Luke Desira, and find out about the 10 pitfalls that you may encounter during the implementation process of ISO Certification.

Don’t forget to follow us on our Facebook and LinkedIn profiles, and subscribe to our Youtube Channel for more great content.

Book a Free 15 minute discovery call

Select a date and time to schedule a free 15 minute discovery call with Luke Desira.

Message Luke through an email


Give Luke a call

+356 7920 6686

Related Articles

High Level Structure

Breakdown of the High Level Structure of ISO Standards

If you take a look at all the ISO standards that have been published after 2015, you may notice a pattern in their structure. You see, ISO 9001, ISO 45001, ISO 14001 and the latest ISO 27001, amongst others, have adopted a high level structure. What this effectively means is that every one of these

Read More »
Preparing for a Stage 1 Audit for an ISO Standard - Stage 1 Audit

Preparing for a Stage 1 Audit for an ISO Standard 

In this blog, we are going to discuss the audit objectives and steps of the Stage 1 Audit. It also includes information on how to prepare for and conduct on-site activities, together with an introduction into the types of documented information to be reviewed during the stage 1 audit.  Objectives for a Stage 1 audit

Read More »
certification bodies

Certification Bodies and What to Look Out for

When getting ISO certified, one of the most important steps is found at the end of the process, that of choosing a certification body. You see, when you implement an ISO standard in an organization, you have to get certified. This has to be done through an accredited certification body. In this blog, you can

Read More »
Scroll to Top