Frequently asked questions

If you have a question that is not answered below, please get in touch. Call our friendly team on 0333 700 9001, email us: custservice@batalas.co.uk or contact us here.

 

General

ISO (International Organization for Standardization www.iso.org) is an independent international membership organisation that develop voluntary international standards. These standards provide specifications for products, services and systems that help to ensure things such as quality, safety and efficiency.

ISO is made up of approx. 160 member who act as national standards bodies. ISO itself is based in Geneva, Switzerland.

The most commonly known ISO standards for management systems are:

  • ISO 9001 Quality management systems
  • ISO 14001 Environmental management systems
  • ISO 27001 Information security management systems
  • ISO 13485 Medical devices management systems
  • AS9100 Aerospace management systems (although it starts with AS it is still an international standard)

The IRCA (International Register of Certificated Auditors www.irca.org) is the oldest and largest auditor certification body in the world. Over 10,000 professionals are registered auditors and every year over 60,000 people attend IRCA approved training courses worldwide

The CQI (Chartered Quality Institute www.quality.org) is a global professional body advancing the practice of quality management in all sectors

Auditing

Yes

Firstly, most ISO standards (inc ISO 9001/14001/18001/13485/AS9100) state that you must internally audit your organisation at planned intervals and that you must audit if it

  • meets the planned arrangements (with regards to product realization)
  • meets the requirements of the ISO standard
  • meets the requirements of your management system

But you will note that it does not directly say that you must audit every 12 months. Having said that, it is common sense that if you left it longer than 12 months (or even shorter) between audits then would you be able to prove that the system does everything above? Therefore the industry standard is every 12 months, although this can change:

The standard also states that when planning the audit programme you must take into account the “status and importance” of the processes and areas being audited, and very importantly the results of previous audits. In other words, if a process if critical to what you do, or previous audits have found problems, then that process must be audited more often.

Most international management system standards require a certain amount of interpretation and judgement as to whether your systems meet each individual requirement. Your external auditor should have enough experience to make these judgements, however, should you not agree make sure you ask the auditor to explain.

The explanation should be by referral to the requirements of the standard and not to the opinion of the auditor. If, after discussing the issue, you are still not satisfied, do not be afraid to escalate the matter. All certification bodies have a system for dealing with any disagreements between auditor and auditee

One of the main reasons why internal audits raise trivial, and in some cases repeating, nonconformities is that audit reports are not ‘closed out’ correctly. It is important that actions taken to address nonconformities are corrective action (correcting the root cause of the issue) and not correction (purely a short term fix)  

Yes.

The requirement in all standards is to conduct internal audits to the appropriate standard, and with conformity to regulatory and your own management system requirements. Obviously, if your management system documented every requirement of the standard then you could conceivably audit for conformance against your own system only. From our experience those organisations which have documented every aspect of an international standard within their own management system have created an overly bureaucratic system

Yes.

The advantage is that a good auditor may be able to use his/her experience to identify opportunities for improvement which would not have been possible by using your own staff. The downside is that the use of external auditors tends to lead to a lack of ownership of the management system.

Auditing can be seen as a fairly negative process, with the emphasis being on digging into the detail and raising what is seen to many as trivial issues. Consequently, when selecting internal auditors it is normal to add more junior staff to complement the small team of quality, environmental and health & safety professionals.

Internal auditing should be focused on improving the management system, and hence business performance, and therefore more senior managers should be involved in internal auditing. One of the ways to get them involved is to allocate to them the task of auditing for improvement, with more junior staff involved in the more time consuming tasks of conformance auditing.  

Using a consultant may could mean that you gain your certificate in a shorter time. However, too much reliance on a consultant to document all aspects of your management system will result in a lack of ownership. Also, be careful in selecting a consultant as there are many unqualified people assisting companies in achieving registration to the international standards. If the consultant’s approach is to take on all aspects of designing a system then be wary, particularly if he/she suggests that you design your system in line with the clauses of the standard

Definitely not.

The standards are not an easy read, and they contain terminology which you would not expect everyone to be familiar with. Consequently, constructing your manual in line with the clauses is unlikely to make your documentation user friendly. The simple rule is to construct your system in your organisation’s style and using the language your organisation feels comfortable with

Certification

You could ask the organisation for a copy of their certificate, but if you feel you need confirmation you can check the website of the certification body which issued the certificate. Most UKAS accredited certification bodies have a website which will provide details of their registered organisations. You will need to know the organisation’s name and/or registration number to be able to access the details.

Do not contact UKAS or ISO as they do not have this information.

If in doubt, get in touch and we will see if we can help.

Why not join our monthly newsletter

  • By submitting this form, you are giving your consent to receive marketing emails from Batalas. Your data will not be forwarded to any third parties and you can unsubscribe at any time.

    By clicking submit you agree to the Terms and Conditions and Privacy Policy
  • This field is for validation purposes and should be left unchanged.