• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

Consultancy Services to Support the Certification of Management Systems

---

• overview
• types of certification;
  • self certification (also called claimed compliance);
  • certification by a Certification body;
• types of Certification Body;
  • accredited;
  • not accredited
• the certification process;
• service offering;
• approach
• benefits
• next steps

Overview

There are a variety of consultancy services that can be used to assist in certification of a Management System. They will depend on exactly what you require and there is no 'standard' offering'.

Types of Certification

There are two different sorts of certification that you can undertake for your Management System

Self Certification / Claimed Compliance

You can claim 'self certification' or 'claimed compliance' to a management standard (or any other the standard or requirement).. This means that you operate the relevant Management System (e.g. ISMS - 27001, QMS - 9001, EMS - 14001, etc) but do not intend to seek or gain formal certification for the Management System.

Your Management System may be subject to a 2nd party audit by customers or clients who have imposed the requirement that your Management System has to be compliant through a contractual clause. These types of audits are also called 'Supplier Audits'.

By operating a Management System and claiming self certification or compliance you are claiming (unverified by a third party expert) that you have the same benefits as having had your Management System certified by a Certification Body.

Certification by a Certification Body

Formal certification is awarded by independent third party Certification Bodies.

Types of Certification Body

There are two types of Certification Body:

• accredited by the national Accreditation Service (in the UK this is the United Kingdom Accreditation Service - UKAS);
• not accredited by by the national Accreditation Service.

Accredited

An Accredited Certification Body is accredited by the national Accreditation Service to ISO 17021 and has to maintain that Accreditation. There are regular audits by the national Accreditation Service to ensure that the Certification Body and its employees comply with ISO 17021 and any other relevant standards, codes of practice or guidance relevant to the Management Systems being certified. The way in which audits are conducted is regulated by 19011.

This gives the assurance that the Certification Body has appropriate processes and procedures as well as competent employees to provide your certificate.

A UKAS accredited bodies and the standards they cover is here.

Not Accredited

A non accredited Certification Body has not been accredited to ISO 17021 by the national Accreditation service. Anyone can set up a Certification Body, there are no checks on skills, competence, etc of either the Certification Body or its Auditors. Typically, these are low cost routes to 'certification' and will issue a generic manual, a certificate and an invoice all at once!. They may even be co-located with a Consultancy that provides consultancy services to get you through the 'certification audit'.

When checking a claimed certificate for a management System it is always prudent to check to se that they are Accredited as this gives greater assurance for reliance on the state of the Management System - no matter what a non accredited Certification Body may say on its web site extolling the virtues of not being Accredited.

The Certification Process

The process for gaining certification by an Accredited Certification Body is similar between Certification Bodies and for all Management Systems:

The generic process for gaining certification is shown below:

1. You, when seeking certification for a Management System, will contact a Certification Body (CB), receive details of the relevant certification scheme, complete and return the application form to the CB;
2. when received, the application form will be reviewed to ensure that it is within the scope of the CB's Accreditation and, if appropriate, it will be further reviewed by the CB's relevant Management System team The CB will then assemble an Audit Team matched to your industry specific and technological environment;
3. once the CB determine that the proposed certification is within their scope of Accreditation and that an Audit Team matching your requirements can be fielded, the CB will submit a competitive quotation to you;
4. if the quotation is accepted, the CB will carry out the Stage 1 (also called a Document Review) audit, which is an initial assessment of the documented Management System to determine whether it meets the requirements of the standard. If the documentation fails to meet the required standard, the Audit Team will advise you and you will be required to address the outstanding matters before the next stage, a Conformance Audit, can start;
5. when the outstanding matters have been addressed successfully, a date for the start of the Conformance Audit will be arranged with you Client;
6. the Stage 2 (also called a Conformance / Certification) Audit will examine evidence that the implemented Management System conforms to your documented Management System. You will be advised of the findings and outcome of the audit at the Closing Meeting;
7. if the results of the Stage 2 Audit indicate that the requirements of the Management System standard have not been met, you will be required to agree to a Corrective Action Plan (CAP) to address the weaknesses identified. When you have successfully addressed the weaknesses a further Stage 2 Audit will be carried out;
8. if the outcome of the further Conformance Audit is successful, then the Audit Team will make a recommendation for certification. The audit report will be forwarded to the relevant Management System Certification Manager for final review and subsequent issue of the certificate.
9. You then start the surveillance audit process, ending with the Triennial (i.e. 3 year) Audit, and the surveillance process restarts. This process is designed to ensure that your Management System continues to conform to the requirements of the relevant Management System standard.

Service Offering

A number of BCRM ISO Consultants also work as Certification Body Auditors and so 'know both sides of the fence'.

Using the step numbers above, BCRM can assist you in the following areas:

1 Recommend appropriate CBs and assist in the application process;

3 Assist you to review the quotations and select a CB;

4 Assist you in developing all processes that are needed to implement the Management System and document them, perform internal document review audits, assist in meeting the requirements of the Stage 1 audit;

5 Assist you in addressing any non conformances raised at the Stage 1 Audit

6 Assist you in implementing and embedding the required procedures into your organisation, undertake appropriate implementation training, perform internal audits;

7 Assist you in addressing any non conformances raised at the Stage 2 Audit;

9 Assist you to continuously improve your Management System, assist in amending the objectives and supporting infrastructure on changing business requirements, perform internal audits, prepare you for the next audit in the Surveillance Audit Cycle.

Approach

The exact approach undertaken by BCRM will depend on exactly what services you want BCRM to supply to support your efforts in gaining certification for your Management System. The standard approach for supply of these services, irrelevant of what services are chosen from the service offerings above, is as follows:

• defining the scope of the services to be provided;
• understanding the business;
• understand your objectives;
• deliver the relevant services to support your certification project, including liaison with the CB, as required;
• deliver required training to support the services supplied, if appropriate;

Benefits

The BCRM approach ensures that you have:

• competent experts for your chosen Management System to advise and assist you;
• Consultants who understand and can interpret the relevant standard(s) for your scope of certification;
• pragmatic experience and advice;
• skilled consultants who are also CB auditors, so they know 'both sides of the fence';

Next Steps

• BCRM are justifiably proud of our 100% SUCCESS RATE, of achieving first time certification through an Accredited Certification Body for our Clients;
• BCRM has a number of other service offering, these are listed here;
• BCRM is committed to providing a consistently high value service to our Clients;
• David Lilburn Watson, who remains personally 'hands-on' throughout the process, manages this process.
• to understand how the BCRM suite of offerings can be used to transform your business, please contact us
• we look forward to discussing your specific requirements, at your convenience;
• whatever other type of consultancy you require, we can possibly offer a free Health Check.