An essential step in seeking ISO 9001, ISO 14001, ISO 45001, or ISO 27001 certification is to undertake your Stage One audit. This can be daunting if your business has minimal experience with ISO certification.
The stage 1 audit is essentially a gap audit against the requirements of the standards. We want to make sure you have all of the parts of the standard in place. A common part of these audits is receiving non-conformances, which your Compass auditor will communicate as ‘issues’ rather than non-conformances. Although the term non-conformances or issues may sound negative and intimidating the golden rule here is –yes, you should expect to receive some non-conformances, we certainly expect it, and here is why this isn’t the end of your certification journey, it’s just the beginning.
In our experience, here are the four main areas of the standards we find non-conformances or issues.
Management Review
Management review may be partially done or not done at all. We often find experienced businesses are quite good at reviewing things, but not having the formal documentation the standard requires as evidence of the process.
Internal audits are not established
Most businesses have systems for checking in place to make sure things are on track. All the standards have more formal requirements around how this is to be done. Although businesses may have part of this in place, they may have no records of the process, or it might not be conducted on a regular basis.
Establishing and communicating objectives and targets
Each of the standards has specific requirements for developing and communicating objectives relevant to that management system. These are required to be communicated throughout the organisation. We often find there may be targets such as financial objectives established, however the may not meet the specific requirements of each management system standard (particularly with regards to the who is responsible, what will be done, what resources will be required, when it will be completed and how it will be evaluated)
Formalised correction action processes
Most businesses have a means of fixing things when they go wrong, which is termed ‘correction’. ISO standards require you to go one step further, and implement both correction and ‘corrective action’ Corrective action is when you put processes or systems in place that address the cause of an incident, in the hope of preventing that incident/issue/non-conformance happening again. Implementing corrective action and doing a causal analysis may take a little extra resources up front, however if done well, a good corrective action process should result in cost and effort savings down the track because issues are not recurring.
The key thing to take away here is that the ISO certification process is part of continual improvement, and continual improvement does mean picking up issues or non-conformances. It’s normal at the stage 1 to find a range of issues to be addressed, and we make sure you understand what they are and what the standard actually requires as part of our audit process.
Want to find out more? Request a Quick Quote or contact us directly!