When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.
Simply put, an RCB certifies your organization to ensure the requirements of the standards are met, and these must be accredited by the national members of the International Accreditation Forum (IAF).
Based in Quebec, Canada, the IAF is the worldwide body that represents the highest level of trust concerning accreditation of RCBs. They have lots of strict rules that national accreditation bodies must agree to, embodied in a charter and a code of conduct.
National accreditation bodies will then provide accreditation to RCBs to ensure the high standards of auditing are met. The accreditation body depends on your country, so if you’re based in the UK you’ll want to choose a UKAS accredited certification body; if you’re based in the US, you’ll need an ANAB accredited certification body, and so on.
The core message here is that whichever RCB you choose to carry out your certification audit, make sure they are accredited by the IAF member for your country. Most auditing companies display their accreditation logo prominently on their website so it should be easy to tell. You can search for your country’s national accreditation body here.
Note that there is a scheme run by the IAF to provide for mutual recognition of accreditation bodies across countries. It’s called the “Multilateral Recognition Arrangement (MLA)” and it means that you do have the option of using an RCB in a different country as long as they are accredited by an accreditation body that has signed up to the MLA.
There are companies out there who will offer cut-price certification services who are not accredited by an IAF member organization. In our opinion a certificate from such companies will not carry the weight of one from an IAF-accredited RCB so our advice is to think very carefully before using them. Remember this is all about reputation and credibility; make sure your certificate stands up to scrutiny from your customers and regulators, otherwise you will have wasted your time and money.
So you’ve checked that the audit companies you’re considering are accredited, but what other factors come into play when making your decision? In our experience considering the following questions will help you choose.
Which standards do they audit? Check the RCB has the capability to audit the standard you are going for. How long have they been auditing the standard and how many qualified people do they have? Do they use their own people or contract auditors? Try to avoid having to describe what your company does to a new auditor every visit as this uses up time you are paying for.
Do they cover the geographical areas you need? There’s no point in considering an RCB that can’t cover the geographical area you need. This is particularly relevant if you need to have more than one office audited, possibly in different countries. They may cover one country but not another. It’s worth checking whether they feel an onsite visit is needed to all the offices in scope before you dismiss them.
How long will it take? Officially there is a formula that should be used when calculating how many days an audit should take. This considers variables such as number of locations and employees, and which standards are involved. However, there is some flexibility in how the formula is applied so you may get differing estimates from RCBs on how many days will be needed, which will obviously affect the cost.
How much will it cost? This follows on from the question about time as most RCBs charge by the hour or day, but rates can vary significantly. Consider the ongoing certification fees as well as the cost for the stage one and stage two audits. Some charge an additional annual maintenance fee, some don’t.
What is their availability? Auditors are generally busy people so if you are in a hurry to get your organization certified then their availability will be an important factor.
What is their reputation? Even amongst accredited RCBs, there are more and less well-known names. Since a lot of the reason for certification is to gain credibility with your customers and perhaps regulators, consider which RCB would carry most weight with them.
How good is their administration? A lot of the frustration seen with RCBs is not due to the quality of their auditors, but their administration processes. You need an auditing company that will arrange the audits professionally and issue your certificate promptly, providing additional materials to help you advertise your certification. When you contact them initially, do they return your call and sound knowledgeable?
Do they have experience in your industry? Some RCBs and auditors specialize in certain industries and build up a strong knowledge of the issues relevant to their customers. This can be helpful during the audit as basic industry concepts and terms will be understood and time will be saved. Check whether they have audited similar organizations to yours previously.
The steps to certification are similar of all the ISO standards, and involve:
1) Implementing procedures and methods within the organization as requirements of the standard. This can be done by hiring a consultant, or by using a toolkit.
2) Performing an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organization.
3) The final external audit by an accredited RCB is in two stages. Stage one is basically a review of how ready you are for the main event, the stage two certification audit. You may pick up a few pointers for improvement (known as nonconformities) at stage two but, if these aren’t too serious, your organization will become certified and can advertise the fact to anyone with an interest.
Once certified, you will then have an annual surveillance audit to confirm your compliance, and then every three years there will be a re-certification audit, which is when you will be re-issued your certificate.
CertiKit’s ISO Toolkits and ISO Services are available help you understand and implement your chosen ISO standard(s). The toolkits include easy to understand templates and guides, plus a perpetual licence with ongoing updates and support, so you’ve got help whenever you need it.
Click the links to find out more about our ISO Toolkits and ISO Services.