ISO CERTIFICATION PROCESS
- General description of the certification process
- Extending/limiting the scope of certification;
- Suspension/withdrawal of the certificate and cancellation of the agreement
- Certification costs
- Terms of use of the logo / name of the accreditation body
- General description of the certification process
The management system certification procedure for the ISO 9001 and ISO 22000 standards is carried out according to the scheme presented below.
The steps below represent the process at a general level.
Request a quote for certification
The purpose of this activity is to identify the client's needs, assess the possibility of providing the service by the certification body, and prepare an appropriate offer for certification and maintaining certification for a given management system. They include the following activities:
– contact with the client of a Grand Cert representative or a client from Grand Cert
– completion by the client of an application appropriate for a given management system called "Inquiry form" (download here).
– Review of the application by Grand Cert.
The steps below represent the process at a general level.
Request a quote for certification
The purpose of this activity is to identify the client's needs, assess the possibility of providing the service by the certification body, and prepare an appropriate offer for certification and maintaining certification for a given management system. They include the following activities:
– contact with the client of a Grand Cert representative or a client from Grand Cert
– completion by the client of an application appropriate for a given management system called "Inquiry form" (download here).
– Review of the application by Grand Cert.
Certification offer (Grand Cert)
Preparation by Grand Cert of an offer for certification called "OFFER" and sending it to the client for approval by e-mail.
The certification offer presents the terms and conditions of the certification process.
Certification agreement
After accepting the offer by the client, Grand Cert prepares and sends a contract for certification, the so-called Order form.
Audit planning
Appointment of auditors and setting an appointment with the client
Conducting the audit - Certification audit
The certification audit consists of two stages.
STAGE 1
Initial stage of the certification audit.
The purpose of this stage is:
Preparation by Grand Cert of an offer for certification called "OFFER" and sending it to the client for approval by e-mail.
The certification offer presents the terms and conditions of the certification process.
Certification agreement
After accepting the offer by the client, Grand Cert prepares and sends a contract for certification, the so-called Order form.
Audit planning
Appointment of auditors and setting an appointment with the client
Conducting the audit - Certification audit
The certification audit consists of two stages.
STAGE 1
Initial stage of the certification audit.
The purpose of this stage is:
1. Assessment of the completeness of the management system documentation; assessing the client's location-specific conditions and interviewing the client's staff to determine readiness for the second stage,
2. Perform a status review and understand the requirements of the standard / in particular, identify key aspects of how it works or relevant aspects, processes, goals and system operation.
3. Agreement on the scope of certification and exemptions
4. Collecting data on the operation of the management system, including customer location, processes and equipment used,
applicable legal and regulatory requirements, supervisory measures, (especially in the case of multi-branch clients);
Reviewing the second stage resource allocation and agreeing details with the client
second stage, audit planning;
assessing whether internal audits and management reviews are planned and performed, and whether the level of implementation of the management system justifies the client's readiness for the second stage.
After the 1st stage of the audit, the lead auditor informs the Organization about all areas that may be classified as inconsistencies in the 2nd stage of the audit. Any discrepancies detected during STAGE 1 of the audit must be completely eliminated within the specified time, but no later than 6 months from the date of the audit.
In the case of a negative result of the STAGE 1 audit, this audit, i.e. stage 1, must be repeated.
The client is notified of the audit result in a formal way by e-mail immediately.
You can proceed to the Stage 2 audit only after obtaining a positive result from the STAGE 1 audit.
2. Perform a status review and understand the requirements of the standard / in particular, identify key aspects of how it works or relevant aspects, processes, goals and system operation.
3. Agreement on the scope of certification and exemptions
4. Collecting data on the operation of the management system, including customer location, processes and equipment used,
applicable legal and regulatory requirements, supervisory measures, (especially in the case of multi-branch clients);
Reviewing the second stage resource allocation and agreeing details with the client
second stage, audit planning;
assessing whether internal audits and management reviews are planned and performed, and whether the level of implementation of the management system justifies the client's readiness for the second stage.
After the 1st stage of the audit, the lead auditor informs the Organization about all areas that may be classified as inconsistencies in the 2nd stage of the audit. Any discrepancies detected during STAGE 1 of the audit must be completely eliminated within the specified time, but no later than 6 months from the date of the audit.
In the case of a negative result of the STAGE 1 audit, this audit, i.e. stage 1, must be repeated.
The client is notified of the audit result in a formal way by e-mail immediately.
You can proceed to the Stage 2 audit only after obtaining a positive result from the STAGE 1 audit.
STAGE 2
The main stage of the certification audit - is carried out in order to assess the adequacy of the implementation and application of the requirements contained in the audit criteria.
The purpose of this stage is:
The main stage of the certification audit - is carried out in order to assess the adequacy of the implementation and application of the requirements contained in the audit criteria.
The purpose of this stage is:
- Information and evidence of compliance with all requirements of the applicable standard or other normative documents,
- Monitoring, measuring, reporting and evaluating performance against major goals and objectives;
- The ability of the organization's management system and operations to comply with applicable legal and contractual requirements;
- operational process management,
- Internal audits and analysis by management;
- Responsibility of the management for the policy of the Organization.
The second stage of the audit takes place at the client's location(s).
The date of the STAGE 2 audit should be set taking into account the time needed to solve the problems identified during the STAGE 1 audit, with the proviso that in the case of FSMS, the interval between stages 1 and 2 should not exceed 6 months. If the interval is longer, the first step of the initial certification is repeated.
The audit result is documented in a report. Detected non-compliances are documented and provided to the organization in writing in the form of so-called "non-compliance cards".
The lead auditor prepares the audit report and at the same time coordinates the corrective action plan with the client and must send it within 21 days from the date of the audit to the Certification Body.
The date of the STAGE 2 audit should be set taking into account the time needed to solve the problems identified during the STAGE 1 audit, with the proviso that in the case of FSMS, the interval between stages 1 and 2 should not exceed 6 months. If the interval is longer, the first step of the initial certification is repeated.
The audit result is documented in a report. Detected non-compliances are documented and provided to the organization in writing in the form of so-called "non-compliance cards".
The lead auditor prepares the audit report and at the same time coordinates the corrective action plan with the client and must send it within 21 days from the date of the audit to the Certification Body.
ATTENTION:
In the case of small discrepancies, corrective actions are defined and their effectiveness is verified during the next audit.
A large non-compliance leads to the repetition of the audit, i.e. re-checking the area, or to the submission of new documents.
Certification decision – Decision to grant/refuse/maintain certification
The certificate is issued after positive verification of the audit documents, including the audit report, evidence of closing any non-compliances, confirmation of compliance with the certification procedure.
The certificate is issued only when non-conformances have been closed.
In the case of small discrepancies, corrective actions are defined and their effectiveness is verified during the next audit.
A large non-compliance leads to the repetition of the audit, i.e. re-checking the area, or to the submission of new documents.
Certification decision – Decision to grant/refuse/maintain certification
The certificate is issued after positive verification of the audit documents, including the audit report, evidence of closing any non-compliances, confirmation of compliance with the certification procedure.
The certificate is issued only when non-conformances have been closed.
Certificate issue
The approved report and the Management System Certificate as a document confirming the granting of certification is delivered to the Client.
The date of granting the certificate is the date of making the certification decision.
The approved report and the Management System Certificate as a document confirming the granting of certification is delivered to the Client.
The date of granting the certificate is the date of making the certification decision.
Surveillance/control audits during the validity period of the certificate
Grand Cert certificates are valid for a maximum of 3 years, provided that annual control audits / supervision are carried out in the company.
Supervisory audits are carried out twice during the three years of the certificate's validity.
The purpose of the surveillance audit is to confirm that the certified management system still meets the requirements of the given standard.
Scope of the surveillance audit.
Before the follow-up audit, the company's data is updated in order to take into account significant changes affecting the scope of the client's activity or process. For significant changes such as
– significant increase in employment
– reduction of employment,
– extension or reduction of the scope of activity
it may be necessary to prepare a new audit quote and submit an updated offer for a surveillance audit.
The follow-up audit is conducted in accordance with the audit plan agreed by the auditor.
The audit is planned in consultation with the client.
The first control audit must be carried out no later than 12 (+ - 3 months) months from the date of the decision to issue the certificate. If the surveillance audit is not carried out on time, the certificate must be suspended or withdrawn, but the suspension may not last longer than 6 months.
After the follow-up audit, the client receives an approved audit report
Surveillance audits are on-site audits of an organization.
Recertification audit:
Before the expiry of the certificate, a recertification/renewal audit must be carried out in the enterprise, extending the validity of the certificate for another 3 years.
The purpose of the recertification audit is to confirm the compliance and effectiveness of the management system and its continued suitability and compliance with the scope of certification.
Prior to the renewal audit, the company's data is updated to take into account significant changes affecting the scope of the client's business or process.
Changes to the management system must be submitted by the client in writing.
A new application is completed and an offer is prepared for the next three-year cycle. The previously concluded contract remains valid.
If the recertification audit is not completed and / or it is not possible to assess the effectiveness of the implementation of the correction and / or correction, the validity of the certificate will not be extended before the end of the certification period. Informing the client of the certification decision by postal mail.
If the recertification audit ends with a positive result, before the certificate expires. The issue date of the new certificate should be the date of the recertification decision or a later date.
After the certification period expires, you can renew the certificate within 6 months, provided that all recertification activities are completed. The certificate is issued from the date of the decision or later than from the date of the recertification decision. The end date should be based on the previous certification cycle.
Multi-site certification
A multi-site entity is an organization with an identified central office (headquarters) where specific activities are planned and supervised or managed, and a network of local offices or subsidiaries (branches) where these activities are carried out in whole or in part. The head office does not necessarily have to be the main management of the entity
Grand Cert certificates are valid for a maximum of 3 years, provided that annual control audits / supervision are carried out in the company.
Supervisory audits are carried out twice during the three years of the certificate's validity.
The purpose of the surveillance audit is to confirm that the certified management system still meets the requirements of the given standard.
Scope of the surveillance audit.
Before the follow-up audit, the company's data is updated in order to take into account significant changes affecting the scope of the client's activity or process. For significant changes such as
– significant increase in employment
– reduction of employment,
– extension or reduction of the scope of activity
it may be necessary to prepare a new audit quote and submit an updated offer for a surveillance audit.
The follow-up audit is conducted in accordance with the audit plan agreed by the auditor.
The audit is planned in consultation with the client.
The first control audit must be carried out no later than 12 (+ - 3 months) months from the date of the decision to issue the certificate. If the surveillance audit is not carried out on time, the certificate must be suspended or withdrawn, but the suspension may not last longer than 6 months.
After the follow-up audit, the client receives an approved audit report
Surveillance audits are on-site audits of an organization.
Recertification audit:
Before the expiry of the certificate, a recertification/renewal audit must be carried out in the enterprise, extending the validity of the certificate for another 3 years.
The purpose of the recertification audit is to confirm the compliance and effectiveness of the management system and its continued suitability and compliance with the scope of certification.
Prior to the renewal audit, the company's data is updated to take into account significant changes affecting the scope of the client's business or process.
Changes to the management system must be submitted by the client in writing.
A new application is completed and an offer is prepared for the next three-year cycle. The previously concluded contract remains valid.
If the recertification audit is not completed and / or it is not possible to assess the effectiveness of the implementation of the correction and / or correction, the validity of the certificate will not be extended before the end of the certification period. Informing the client of the certification decision by postal mail.
If the recertification audit ends with a positive result, before the certificate expires. The issue date of the new certificate should be the date of the recertification decision or a later date.
After the certification period expires, you can renew the certificate within 6 months, provided that all recertification activities are completed. The certificate is issued from the date of the decision or later than from the date of the recertification decision. The end date should be based on the previous certification cycle.
Multi-site certification
A multi-site entity is an organization with an identified central office (headquarters) where specific activities are planned and supervised or managed, and a network of local offices or subsidiaries (branches) where these activities are carried out in whole or in part. The head office does not necessarily have to be the main management of the entity
Group certification is possible if the following conditions are met:
- The management system that applies to all sites/production sites is set up, developed and maintained in the same way. This also applies to most of the documented process information.
- Supervision over the entire management system is conducted centrally by a quality management representative located in the headquarters, including internal audits and management review. He is authorized to issue instructions to all branches/production sites.
- Some activities are carried out centrally: product and process design, procurement, human resources, etc.
- All locations are legally linked to the headquarters.
During the readiness review (stage 1) and stage 2, internal audit reports from all sites as well as recommendations for corrective actions and their implementation are additionally assessed. In the case of the same activity in different locations, it is possible to sample in accordance with the normative document IAF MD 1 2023, available on the PCA website.
Scope extension/limitation; Suspension/withdrawal of the certificate and cancellation of the agreement
Extending the scope of certification
The scope of certification is extended at the request of the organization. The extension requires the submission of an application, based on which the audit activities necessary to decide on the extension are determined. In order to assess the new scope of certification, an additional audit is carried out during the validity period of the certificate held or during the assessment during the recertification audit. Based on documents informing about additional products or processes received from the client, the unit decides whether a visit is required to extend the scope of the audit.
Scope extension/limitation; Suspension/withdrawal of the certificate and cancellation of the agreement
Extending the scope of certification
The scope of certification is extended at the request of the organization. The extension requires the submission of an application, based on which the audit activities necessary to decide on the extension are determined. In order to assess the new scope of certification, an additional audit is carried out during the validity period of the certificate held or during the assessment during the recertification audit. Based on documents informing about additional products or processes received from the client, the unit decides whether a visit is required to extend the scope of the audit.
Limiting the scope of certification, suspension, withdrawal of certification
Limiting the scope of certification
It is possible to limit the scope of certification to exclude those parts of the client's operations that consistently or seriously fail to meet certification requirements. However, these parts must not affect the organization's ability to meet the requirements of the management system standard. In the case of limiting the scope of certification, a new certificate is issued with a new scope of certification, but with the same validity date as the existing certificate.
Certification Suspension
occurs in the following cases:
Limiting the scope of certification
It is possible to limit the scope of certification to exclude those parts of the client's operations that consistently or seriously fail to meet certification requirements. However, these parts must not affect the organization's ability to meet the requirements of the management system standard. In the case of limiting the scope of certification, a new certificate is issued with a new scope of certification, but with the same validity date as the existing certificate.
Certification Suspension
occurs in the following cases:
- the certified management system of the organization persistently or seriously fails to meet the certification requirements, including the requirements for the effectiveness of the management system;
- the organization does not agree to carry out surveillance audits or audits for
- recertification with the required frequency, at least once per calendar year; the organization voluntarily requested a suspension;
- finding that the organization has exceeded the rights and obligations set out in the certification agreement;
- failure to meet financial obligations towards Grand Cert on time.
Suspension of the validity of the certificate may not exceed six months. In suspension, the certification is temporarily invalid. In the event of suspension, the organization refrains from further reference to certification and the use of the Certification Mark.
The suspension period may not exceed 6 months.
If the issues that caused the suspension of certification are removed, then certification is restored.
The suspension period may not exceed 6 months.
If the issues that caused the suspension of certification are removed, then certification is restored.
Withdrawal of certification
The inability of the company to solve the problem that causes the suspension, under the conditions established by the certification body, will be taken to cancel the certification or reduce the scope of the certification.
Certification is withdrawn in the case of:
The inability of the company to solve the problem that causes the suspension, under the conditions established by the certification body, will be taken to cancel the certification or reduce the scope of the certification.
Certification is withdrawn in the case of:
- stating that the issues that gave rise to the suspension have not been resolved within 6 months;
- determination of permanent cessation of: production of products, provision of services or use
- processes covered by the scope of the certificate;
After revoking the certificate, the Client is obliged to stop referring to the status of a certified organization and
use certificates in all advertising materials within one month of informing the Client about its status.
In the case of certificate withdrawal, information about this fact is published on the Grand Cert website.
Certification costs
Certification costs consist of a fixed fee covering participation in the accreditation system, technical verification, issuing a certificate and fees for audits throughout the certificate's validity cycle. The audit time is calculated based on the normative documents ISO 22003-1:2022, IAF MD 5 2023, IAF MD 1 :2023 (IAF MD available on the PCA website).
use certificates in all advertising materials within one month of informing the Client about its status.
In the case of certificate withdrawal, information about this fact is published on the Grand Cert website.
Certification costs
Certification costs consist of a fixed fee covering participation in the accreditation system, technical verification, issuing a certificate and fees for audits throughout the certificate's validity cycle. The audit time is calculated based on the normative documents ISO 22003-1:2022, IAF MD 5 2023, IAF MD 1 :2023 (IAF MD available on the PCA website).


