ISO certification procedure step by step

Here’s a clear, practical step-by-step guide to the ISO certification procedure, whether you're going for ISO 9001, ISO 27001, ISO 14001, or others.

✅ ISO Certification Procedure – Step-by-Step
Step 1: Choose the ISO Standard
Select the ISO standard based on your business needs:

ISO 9001 – Quality Management

ISO 27001 – Information Security

ISO 14001 – Environmental Management

ISO 45001 – Occupational Health & Safety

ISO 22000 – Food Safety Management

Step 2: Learn the Standard Requirements
Study the chosen ISO standard:

Buy the standard from https://www.iso.org

Use online summaries, training, or hire a consultant

Understand what policies, processes, and documentation are needed

Step 3: Conduct a Gap Analysis
Compare your current system against the ISO requirements:

Identify missing areas

Plan improvements to meet compliance

Step 4: Implement the Management System
Develop and implement the required processes:

Define company policies (e.g. Quality Policy, Information Security Policy)

Write standard operating procedures (SOPs)

Set objectives (e.g., customer satisfaction, risk control)

Maintain records (logs, forms, reports)

Train employees

🕐 Let the system run for at least 1–3 months to generate records.

Step 5: Conduct Internal Audit
Before applying for certification:

Audit your system internally

Identify and correct non-conformities

Keep audit reports and action plans as records

Step 6: Management Review Meeting
Hold a formal meeting with leadership to review:

Audit results

Objectives

Non-conformities

Areas for improvement

Step 7: Select a Certification Body
Choose an accredited certification body (CB), such as:

TÜV, BSI, SGS, DNV, Intertek, UR, SIS

Ensure they are accredited by IAF, UKAS, NABCB, etc.

Step 8: Stage 1 Audit – Document Review
The CB will review your:

Policies

SOPs

Risk assessments

Internal audit & management review records

📍Purpose: Ensure your system is ready for the full audit.

Step 9: Stage 2 Audit – Certification Audit
A lead auditor visits (physically or remotely) and:

Interviews employees

Reviews records

Observes operations

Checks compliance with the ISO standard

✅ If successful (no major nonconformities), you'll proceed to certification.

Step 10: Receive Your ISO Certificate
Issued by the certification body

Valid for 3 years

Subject to annual surveillance audits

Step 11: Surveillance Audits (Year 2 & 3)
Certification body returns each year to check ongoing compliance

You must:

Keep records

Conduct internal audits and management reviews

Show improvements and corrective actions

Step 12: Recertification (After 3 Years)
Full audit again

New certificate issued for another 3-year cycle

📁 Key Documents Required
Company profile & scope of certification

Management system manual

Policies (e.g., Quality, Security, Environmental)

SOPs/work instructions

Training records

Audit reports

Management review records

Risk analysis (especially for ISO 27001, 45001, etc.)

🕒 Typical Timeline
Activity Duration
Implementation 1–3 months
Internal audit & review 1–2 weeks
Stage 1 & Stage 2 audit 2–4 weeks
Total time to certification ~2–4 months (on average)