UNDERSTANDING THE NEED FOR ISO 27001

by Posted on

Hi there!

Last time out we discussed why your organisation does not need an ISO Standardisation certification (Irony intended, lol). We started out by explaining what ISO certification is, what it pertains to and the benefits of being ISO certified. Today we look at steps to take in order to achieve ISO certification.

The process is as straightforward as possible, with the right level of awareness, and cooperation from all stakeholders getting an ISO certification. It could be as easy as baking a pie! The following steps should help you achieve this in no time:

Step 1.  Choose the right standard

There are different ISO standards that play unique roles in organisations. The first task will be to identify the needs  of your organisation and select the required standard that adequately addresses those needs. Some of the major standards include ISO 9001, ISO 27001, ISO 14001, and ISO 45001. In our subsequent series, we will explain each standard. Where you determine that your organisation will benefit from having more than one certification, you may take steps to become certified for two or more at the same time.

Step 2.  Choose an accredited certification body

It is very important to choose an organisation that can assure quality services. It is advisable to carry out due diligence on the organisation to ensure that you are making the best possible choice. Remember that the quality of work this organisation offers will determine if you will end up with your desired result. Here are a few tips to help you with your due diligence:

  • Ensure the organisation is accredited by the Nigeria National Accreditation System.
  • Check for reviews from peers, colleagues, other businesses, and on the internet. Great reviews mean that customers have generally been satisfied with the services they’ve received.
  • Check out their service offering; does it offer added value?

Step 3.  Ensure that your management is aware of ISO certifications and the importance

This will ensure that the process is smooth, and everyone cooperates to ensure that the desired result is achieved. Ensure that every stakeholder in the business is kept informed of the process every step of the way. A quick introductory course to the ISO as a way of training/raising awareness of stakeholders is a wonderful idea for getting everyone involved. If people  know the purpose of the certification, they are likely to be cooperative.

Step 4.  Stage 1 Audit

The first stage is not complex and simply involves understanding the organisation so that recommendations can be made to improve them. It will spot any gaps in the current procedures of your organisation so that recommendations can be made to fix the gaps.

Step 5.  Developing a management system

After first stage audit, you’ll need to develop a management system based on the recommendations from your auditor. A management system is a set of documents that outline your business processes and shows how you’ll meet the standard required for certification.

Step 6.  Stage 2 Audit

This involves a second audit to ensure that all the recommendations from the first stage audit have been implemented. If everything is in place, a certification will be granted to your organisation. However, if things don’t check out completely, your auditor will guide you through the necessary steps to get you on the right track. Another audit will be scheduled for a later date to make sure everything is in place by then. Consequently, annual audits will be carried out on your organisation to ensure continual improvements are made and the standards upheld.

For more information, kindly get in touch with us.

See you next week!

Leave a Reply

Your email address will not be published. Required fields are marked *