If I had a dollar for every time someone told me their business was “accredited” to ISO xxxxx, I would be a rich person and would be able to retire.

The correct terminology, as a business, you are certified to ISO xxxx, by an externally accredited Certification body (CB).

The CB itself is certified by a recognized “Accrediting body¹[i]  either JAS.ANZ or ANAB.

The CB will audit your organisation against:

  • the relevant Standard(s); and

  • your management system

If found to be compliant and meeting the requirements, they will issue you typically with a Certificate of Approval.

Certification lasts for a period of three years; with annual Surveillance visits and a Recertification audit every three years.

Surveillance audits typically cover a selection of clauses from the relevant Standard which should be communicated to you prior to the audit taking place via an Audit Plan.

Surveillance audits are normally shorter in duration than a Recertification audit which includes all clauses of the Standard.

There are numerous companies who have set themselves up as CB’s, a web search will display dozens, ranging from the large very well established organisations through to smaller niche CB’s who have been set up normally as a result of an enterprising Lead Auditor leaving one of the larger CB’s and starting out on their own.

All charge a cost for their service, prices vary, as does the level of service, it is important to note that the business owner who wishes to initially apply for and then maintain their certification is in control of the process in regards to accepting the level of service which the CB provides.

It is drummed into all external Auditors that at no time are they to provide “consulting” during an audit, the extent of “auditing” depends exclusively on the Auditor.

Moving on to the “dynamic triplets” aka ISO 9001 – Quality Management ISO 14001 – Environmental Management  and ISO 45001 – Occupational Health & Safety, the journey taken starts way back in the 1970’s, with many of the major organization (Ford and  Ministry of Defence to name two) developed their own “quality management system”  which floated the notion that by following processes and procedures confidence could be assured.

Fast forward to the late 1970’s, it was agreed that a National Standard would be developed primarily and predominantly based on the Ministry of Defence (MoD) tried and tested protocols.

And so, BS 5750 (British Standards) was written, fast forward three decades the increase in international trade brought consensus for an internationally recognised quality system to be developed.

In 2000 the demise of BS 5750 was complete and the new incarnation of ISO 9001:2000 was borne.

There are currently three main International Standards bodies which develop international standards for the world:

  • the International Electrochemical Commission (IEC);

  • Internal Telecommunication Union (ITU) and

  • Internal Standards Organization for Standardization (ISO).

Generally, the three entities cooperate and work together to ensure that international standards fit well together, there are joint committees which combine the relevant expert knowledge in the related fields to the betterment of the development of the individual standards.

ISO standards are reviewed every five years, which does not mean that there will be a new revision after each review, there was a seven-year gap from 2008 till 2015 for 9001.

Like its older “brother” ISO 14001 was originally a British Standard, BS 7750 published in 1991, with its origins back in the 1960’s, when the environmental movement started gaining popularity and interest, ISO created ISO 14000 in 1991, it was revised in 2004 with the latest current version dated 2015.

In 2013 ISO 45001 was proposed, the finalized standard was published in March 2018.

ISO 45001 has officially superseded AS/NZS 4801 and OHSAS 18001 there is a three-year transition period (March 2021) by which time all business who currently are certified must make the transition.

However based on previous transitions there will be a little bit of wriggle room for those who aren’t in a position to fully transfer, my advice have a plan which you can present to your auditor outlining how and when you intend to be ready.

International standards are intended as a means of assuring consistency, interoperability, conformity, safety and quality.

The ISO website has the following explanatory statement:

International standards make things work.  They give world class specifications for products, services and systems, to ensure quality, safety and efficiency.  They are instrumental in facilitating internal trade”.

The dynamic triplets all use the same “Risk based framework” including number of clauses, and main titles, more and more companies are consolidating their business processes to create an Integrated Management System (IMS) which enables risk to be identified across the business, and to develop a cohesive system removing duplication.

Good design, development and planned roll out of your IMS can reduce costs, increase productivity and efficiency, provide clear accountability, and support continuous improvement.

The Skytrust Audit module makes life extremely easy for its users and fits well with the framework requirements.  The ability to tailor the drop-down menus to individual organisation’s terminology enables effective communication, ensures consistency and standardisation, and aids with initial training in the software.

From a Lesson’s Learnt perspective, launching a new system is inherently problematic, particularly with established employees who may be reluctant to any changes.  If you call something a “pinkie” and everyone knows it as a pinkie then you want to replicate that within your system.

And you can with Skytrust, the design of how you want to use the software is completely up to you and your team when creating or transferring data and terminology across into Skytrust.

Within the audit function “Quality, Safety and Environment” are identified, the flexibility of the system enables audits to be undertaken against any discipline/criteria or scope which the organisation requires.  The breakdown of each discipline is great if you do not currently have an IMS and your management system is one discipline.

Skytrust have created and uploaded a number of audit templates including the main ISO Standards which saves you time in setting up, the great news is you can also create your own templates, if you are currently using a paper format or even another software you are able to replicate and create the same template.

Once created as a “master template” auditors simply click on the drop-down menu and select the required template, ensuring consistency and standardisation across all audits.

Recording non-conformances (NCR) and opportunities for improvement (OFI) is easy and is included within the audit function, NCR’s and OFI’s are then automatically transferred into the “master register” providing full transparency and ease of reconciliation and management.

The audit module is a one-stop-shop for all auditing requirements whether in-house/internal or recording outcomes from third-party audits.

Your IMS should be the backbone of how you do business, it should be pain-free and easy for all to understand, if it is not, then something is wrong.



[i] JAS-ANZ Joint Accreditation System of Australia and New Zealand is an accreditation authority and framework with the purpose to enhance national, tran-tasman and internal trade via accreditation to achieve internal are recognition for the excellence of Australia.  ANAB The ANSI National Accreditation Board is the largest multi-disciplinary accreditation body in North America, is a non governmental organization that provides accreditation services to the public and private sector organisation and is owned by American National Standard Institute (ANSI)

Written by Andrea Carling, Director, 7366 Pty Ltd, A Corporate Partner of Skytrust