This useful guide from CertiKit outlines the process of choosing a Registered Certification Body (RCB) when certifying to an ISO standard.
What is an accredited RCB?
Simply put, an RCB certifies your organisation to ensure the requirements of the standards are met, and these must be accredited by the national members of the International Accreditation Forum (IAF).
Based in Quebec, Canada, the IAF is the worldwide body that represents the highest level of trust concerning accreditation of RCBs. They have lots of strict rules that national accreditation bodies must agree to, embodied in a charter and a code of conduct.
National accreditation bodies will then provide accreditation to RCBs to ensure the high standards of auditing are met. The accreditation body depends on your country, so if you’re based in the UK you’ll want to choose a UKAS accredited certification body; if you’re based in the US, you’ll need an ANAB accredited certification body, and so on.
The core message here is that whichever RCB you choose to carry out your certification audit, make sure they are accredited by the IAF member for your country. Most auditing companies display their accreditation logo prominently on their website so it should be easy to tell. You can search for your country’s national accreditation body here.
Note that there is a scheme run by the IAF to provide for mutual recognition of accreditation bodies across countries. It’s called the “Multilateral Recognition Arrangement (MLA)” and it means that you do have the option of using an RCB in a different country as long as they are accredited by an accreditation body that has signed up to the MLA.
There are companies out there who will offer cut-price certification services who are not accredited by an IAF member organisation. In our opinion a certificate from such companies will not carry the weight of one from an IAF-accredited RCB so our advice is to think very carefully before using them. Remember this is all about reputation and credibility; make sure your certificate stands up to scrutiny from your customers and regulators, otherwise you will have wasted your time and money.
Choosing the right RCB
So you’ve checked that the audit companies you’re considering are accredited, but what other factors come into play when making your decision? In our experience considering the following questions will help you choose.
Which standards do they audit? Check the RCB has the capability to audit the standard you are going for. How long have they been auditing the standard and how many qualified people do they have? Do they use their own people or contract auditors? Try to avoid having to describe what your company does to a new auditor every visit as this uses up time you are paying for.
Do they cover the geographical areas you need? There’s no point in considering an RCB that can’t cover the geographical area you need. This is particularly relevant if you need to have more than one office audited, possibly in different countries. They may cover one country but not another. It’s worth checking whether they feel an onsite visit is needed to all the offices in scope before you dismiss them.
How long will it take? Officially there is a formula that should be used when calculating how many days an audit should take. This considers variables such as number of locations and employees, and which standards are involved. However, there is some flexibility in how the formula is applied so you may get differing estimates from RCBs on how many days will be needed, which will obviously affect the cost.
How much will it cost? This follows on from the question about time as most RCBs charge by the hour or day, but rates can vary significantly. Consider the ongoing certification fees as well as the cost for the stage one and stage two audits. Some charge an additional annual maintenance fee, some don’t.
What is their availability? Auditors are generally busy people so if you are in a hurry to get your organisation certified then their availability will be an important factor.
What is their reputation? Even amongst accredited RCBs, there are more and less well-known names. Since a lot of the reason for certification is to gain credibility with your customers and perhaps regulators, consider which RCB would carry most weight with them.
How good is their administration? A lot of the frustration seen with RCBs is not due to the quality of their auditors, but their administration processes. You need an auditing company that will arrange the audits professionally and issue your certificate promptly, providing additional materials to help you advertise your certification. When you contact them initially, do they return your call and sound knowledgeable?
Do they have experience in your industry? Some RCBs and auditors specialise in certain industries and build up a strong knowledge of the issues relevant to their customers. This can be helpful during the audit as basic industry concepts and terms will be understood and time will be saved. Check whether they have audited similar organisations to yours previously.
The steps to certification
The steps to certification are similar of all the ISO standards, and involve:
1) Implementing procedures and methods within the organisation as requirements of the standard. This can be done by hiring a consultant, or by using a toolkit.
2) Performing an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
3) The final external audit by an accredited RCB is in two stages. Stage one is basically a review of how ready you are for the main event, the stage two certification audit. You may pick up a few pointers for improvement (known as nonconformities) at stage two but, if these aren’t too serious, your organisation will become certified and can advertise the fact to anyone with an interest.
Once certified, you will then have an annual surveillance audit to confirm your compliance, and then every three years there will be a re-certification audit, which is when you will be re-issued your certificate.
