ISO Certification: How does it work?

Mar 17, 2025

Contact Us

ISO Certification: How does it work? (and, is there a difference between Certification & Accreditation?)

ISO certification; whats the crack. Is it just another hoop to jump through then?

We get a fair few people coming to us particularly when they’re moving their business into the world of bids and tendering. Quite often you’ll get to that point and whilst looking at the sometimes, dizzying amount of information you need to submit; you’ll see a statement along the lines of “If you have ISO 9001 Certification, submit your certificate and skip to the next section” or something along those lines. If you’ve been sat there and gone What the hell is that. You aren’t alone!

To keep it brief. ISO certification is a globally recognised process of verifying a company is meeting a certain standard or level of professionalism is whatever aspect of work that ISO is written around. So, ISO 9001 (being the most well-known) is focused around Quality; ISO 14001 focuses on how Environmentally you operate, ISO 27001 focuses on your Information Security and so on.
An ISO certificate means you’ve been checked by someone else and they are essentially vouching for you and your business by saying you meet the minimum requirements detailed within the ISO standard you want.

A Long time ago in a country far, far away…

For as long as there has been recorded history, and probably the time before that; there has been trade of goods between civilised mankind. When people traded then it was often that they would see the goods before they agreed a price so that both parties knew what they were getting.

As society developed, trade expanded to being between towns, then cities and eventually internationally. Perhaps if certification was around in ancient Babylonia, we never would have found the worlds oldest existing customer complaint about Ea-nāṣir and his sub-par stock of copper ingots!

People soon realised that these trades needed agreed standards for goods; and with-it people who would independently check or inspect those goods.

It wasn’t until the early 20th century though that we come across the concept of certification; this was certification for standardisation; in 1901, what became the British Standards Institute (BSI) was founded with the aim of standardising the quality of steel sections used in construction within the UK. During World War II, standardisation played a crucial role in manufacturing and production of military equipment.

With the seeds sown; post war efforts from multiple countries saw the creation of the ISO (the International Organization for Standardization). 23rd Feb 1947 saw the official launch of ISO, the founding members saw international standards as a key to rebuilding the world after war.

Japan’s post-war industrial success was a sight to behold; they had developed the Total Quality Management philosophy which emphasised continuous improvement, customer satisfaction and involvement of all employees in achieving their goals around quality of work.
By the 1970’s the UK and other countries recognised the success of Japanese manufacturing achieving higher quality products than their own which led to a focus on quality improvement.

Britain up till then had a mishmash of different services, councils and contractors and had probably got fed up of having to pay all these different levels of administration for disparate industries so they began to make moves.

In 1979 the new British standard BS 5750 (which later became ISO 9001) was published. The big certification bodies such as Lloyds Register of Shipping (and later BSI); companies who had existing networks of inspectors were invited to become the first companies able to issue certificates to businesses for this new standard. Other similar certification companies eventually followed suit and the industry of certification started.

The ISO, forever looking to create universally applicable standards for different industries, took BS 5750 and turned it into the first iteration of ISO 9001, the Quality Management Standard. Since then they have continued to expand their repertoire of standards and both businesses and governments have adopted these standards to demonstrate competence, improve efficiency and ensure compliance with legislation.

Bringing it back to the UK; Through the 1980’s there was a flurry of government ‘requested’ consolidations, the BCS merged with NATLAS and became NAMAS; a few years later they were asked by the government to merge with the NACCB and the child of this merger was the United Kingdom Accreditation Service also known as UKAS in 1995.

So, what is UKAS accreditation and why should you care?

As we eluded to in our previous blog here; Within the UK, third-party assessment is viewed as being critical for a proper certification process. By that, we mean it’s imperative to make sure that the companies issuing the certificates are being fair, meeting the correct standard and are suitably independent from their customers to avoid conflicts of interest. This process is called Accreditation.
In the UK, the United Kingdom Accreditation Service (UKAS) is the sole responsible party for checking the competence of organisations that provide certification, testing and inspection services.

UKAS accreditation is a mark of trust and reliability, demonstrating that a certification body has undergone rigorous assessment of its competence.

UKAS accredited certification bodies and the certificates they issue, will often include the UKAS tick and crown logo. This is a visual cue that the certificate body has been approved by UKAS and complies with their stringent requirements.

You can also verify if a body is accredited by checking the UKAS website here.

Accredited vs. Unaccredited Certification Bodies

Like anything, there are cheap look-alike options you can take, this includes companies selling certificates of conformity. These companies are not assessed by UKAS so you have no guarantee of their competence, impartiality, integrity or auditing process. As a result, a lot of these certificates end up having very little value across many industries.
With accredited certification you know the certification body has been assessed themselves by UKAS. This plays into your own business once you are certified as it these certificates are:

Recognized internationally

Z

Provide credible and independent verification

Enhance reputation and trust among customers and stakeholders

Can be required in certain industries, especially for government contracts

I know we’ve gone a little deep but shake that reminiscent glaze from your eyes! We’re done with the history now so here’s the bit you’re probably most interested in.

How the Certification Process Works (or should work!)

ISO certification involves several key steps, each is designed to make sure your business meets the required standard you’ve chosen to pursue.
1

Understanding the Standard

Each ISO standard outlines specific requirements that businesses must follow to achieve certification. It’s a good idea for you to familiarise yourselves with the standard you want to go for and make the decision of whether you want to go for it on your own or use the help of some fantastic consultants that try to help people make sense of certification!
2

Gap Analysis

Whether you use us or go for it solo, doing a gap analysis can help identify where your business currently stands in relation to the ISO requirements. Many companies are already doing some of the work needed for an ISO, it’s rare that you wouldn’t be doing anything to use a gap analysis to highlight the key areas you have, what needs improvement and what still needs implementing.
3

Implementation

Once gaps are identified, you should implement whats necessary to comply with the standard. This step often involves:

  • Establishing new policies and procedures
  • Training employees
  • Improving documentation and record-keeping
  • Conducting internal audits
4

Internal Audits

An internal audit is a check of your own operations how they relate to the ISO you want. Ideally, they should be independent so get someone from a different department or team to do the internal audit for you (we, as consultants, can also complete internal audits for you if you need them). Internal audits will ensure that all implemented changes are effective and your business is ready for external assessment.
5

Selecting a Certification Body

Once you are confident you are compliant; you need to choose a certification body to conduct external audits. As we’ve already identified above, this is a crucial step so you will need to decide on what kind of certification you want and who you want it from (brand recognition within the certification industry is also a thing!).
6

Stage 1 Audit

Documentaion Review

During the Stage 1, the certification body reviews your documentation checking if it aligns with the standard’s requirements. If any issues are found, you’re given time to address them. These aren’t typically referred to as non-conformities at this stage, just as findings.
7

Stage 2 Audit

On-Site Assessment

A follow-up is then completed. This is known as a Stage 2 audit. These assessments are a more in-depth look at your business. This is where auditors will typically visit your premises to evaluate the implementation of the standard (checking that you’re doing what you said you do in your documentation). This includes interviews with employees, process observations, and reviewing records. If you meet the required standard, the auditor will then “recommend” your business for certification. Issues found at this point are raised as non-conformities and you’ll be given a deadline for fixing them.
8

Technical Review

Auditors submit their reports from these audits back to the certification body along with their recommendation for certification. Because these bodies are subject to UKAS review, they insist that auditors’ reports are verified by one of their peers.
9

Certification Issuance

If the audit is successful, the certification body issues an ISO certificate; these are valid for 3 years. However, your business must then also undergo regular surveillance audits to ensure continued compliance.
10

Surveillance Audits

Surveillance audits are usually conducted annually. This is to confirm that your business is still meeting the requirements of the standard. Depending on the size of your business, scope of the certification and complexity of the standard; these surveillance audits often look at particular snippets of your system rather than the entire thing.
11

Recertification

After three years, a recertification audit is required to renew the certification. A recertification audit is essentially a mini stage 1&2 assessment all over again. They look at the whole management system rather than just the snippets they did during the surveillance visits.

And that’s the cycle. Rinse and repeat every 3 years. Beware though; if you lose your certification or decide to let it time out then you’ll have to go through the whole stage 1 and stage 2 process all over again.

Conclusion

ISO certification is a valuable tool for businesses looking to enhance quality, efficiency, and customer trust. However, the credibility of a certification depends on the integrity of the certification body. UKAS plays a crucial role in ensuring that certification bodies operate to the highest standards, providing businesses and stakeholders with confidence in accredited certification.

While unaccredited certification bodies may offer a quicker or cheaper alternative, the risks associated with unverified certification far outweigh the benefits. For businesses seeking long-term growth, international recognition, and compliance with industry best practices, choosing a UKAS-accredited certification body is the best approach.

By understanding the ISO certification process and the importance of accreditation, businesses can make informed decisions that benefit their reputation, compliance, and operational success.

We understand the ISO certification process and believe that it is important for our customers and others in general to understand it too. It’s the best way for you to make informed decisions about your ISO journey; we’re here to help make sense of certification. So please contact us if you have any questions about your business and how we can help with your certification.

Contact us HERE