ISO Certification bodies, what are the differences? Be aware...

Dear all

I'd like to bring your attention to a most important issue that I need you to be aware of, for your own businesses sake. There are differences between certification bodies, there are some that are regulated and supervised by the national authority and some that are not; those that are not properly accredited by our National Accreditation body may bring out any excuse if you dare to challenge them if they are not accredited by our National Accreditation Body, UKAS. See their website at UKAS for details of registered UKAS Accredited bodies.

UKAS is appointed as the only National Accreditation body by Accreditation Regulations 2009 (SI No 3155/2009) and the EU Regulation (EC) 765/2008 and operates under a Memorandum of Understanding with the UK Government through the Secretary of State for Business, Energy & Industrial Strategy.

In their own words from their website: "UKAS is the UK’s National Accreditation Body, responsible for determining, in the public interest, the technical competence and integrity of organisations such as those offering testing, calibration and certification services."

Steven Burgess Consulting will only recommend Certification to ISO 9001 and ISO 27001 through UKAS Accredited Certification bodies like BSI or World Certification Services Limited.

The certificating bodies should be regulated and supervised, UKAS use ISO 17021 to Accredit the certification body as suitable to undertake audits of management systems such as ISO 9001, ISO 14001 or ISO 27001, this is a very important thing to ask of certification bodies to make sure that you get the right one to serve your business. They should have a registration number with UKAS and their literature and website material may show appropriate logos.

There are some certification bodies out there that perform consultancy and certification services combined, this is dangerous for one reason, any self respecting consultant cannot both consult and certificate, it's not in the best interests of the client, who is looking for impartiality. We at Steven Burgess only offer consultancy support to help you to achieve say ISO 9001 or ISO 27001, we do not undertake certification as this would lead to a conflict of interest. I'd say some of the non accredited certification bodies doing consultancy and certification combined are only in it for the money at the top level of management, not the standards themselves. Whereas certification bodies who are properly accredited are looking to uphold the law, standards and properly written business procedures. That's not to say that others aren't, it's just in my experience the accredited certification bodies are overseen to apply standards which otherwise may go unenforced.

To me, applying certification needs to be a robust process undertaken by a separate body, they need to be disciplined, impartial and not afraid to use their experience in helping the company aiming for certification. A UKAS Accredited body will provide you with these attributes and those who do not, leave well alone in my opinion. The only caveat to this is that there are some certification bodies who are 'working towards accreditation' - and this is fine, but just ask a few more questions about their intentions before engaging with them. Maybe they'd like to use your company in assisting them to be UKAS Accredited, after all, UKAS have to supervise some certification audits, and that's right.

I have heard on many occasion that some organisations will not accept non accredited ISO certificates, so be wary. A UKAS Accredited certificate will be universally accepted by those who understand the sector, understand certification and understand standards themselves.

Be wise when it comes to choosing a certification body for your company, and as UKAS responsibly says - "in the public interest."

That's why i'm informing you.


Regards


SteveB


Steven Burgess is a Consultant to companies in the UK and also a Data Protection Officer for Disclosure Services Limited, a company that process data relating to criminal record checks.