Achieving ISO 45001

In the second of our blog series Head of Technical & Approvals - Management Systems, Lee Horlock, gives an overview of the standard and how certification works.

The ISO 45001 certification process should be straightforward and typically follows a generic process including application, application review, initial certification consisting of a stage one and stage two audit and finally certification.

All areas of the organization need to be considered, so working with the right certification body is essential to make the process manageable and easy to understand. You should ensure the certification body is United Kingdom Accreditation Service (UKAS) accredited. UKAS is the only UK Government recognized accreditation for organizations that provide certification, testing, and inspection of services. You can check the status of a certification body here.

Certification

The certification process is carried out in distinct stages:

Stage one

The purpose of this audit is to confirm that your organization is ready for the stage two audit. This audit will take place at your management system central office and during the stage one assessment, your assessor will:

• Confirm the accuracy of the information that you submitted during the application process
• Confirm that the management system documented information is in place and conforms to the requirements of the standard
• Evaluate the organization's site-specific conditions and undertake discussions with the client’s personnel to determine the preparedness for stage two
• Confirm necessary information regarding the scope of the management system, including the client’s site(s); processes and equipment used; levels of controls established (particularly in case of multisite clients); applicable statutory and regulatory requirements
• Review the allocation of resources for stage two and agree the details of stage two with the client
• Provide a focus for planning stage two by gaining a sufficient understanding of the client’s management system and site operations in the context of the management system standard or other normative document
• Evaluate if the internal audits and management reviews are being planned and performed, and the level of implementation of the management system substantiates that the client is ready for stage two.

The output of the stage one assessment will be a report that identifies points for action which, if not addressed, could be raised as non-conformances at the stage two assessment. 

Stage two

The purpose of stage two is to evaluate the implementation, including effectiveness, of the organization's management system to confirm it conforms to all requirements of the chosen standard. The stage two takes place at the client site(s). It includes the auditing of at least the following:  

• Information and evidence about conformity to all requirements of the applicable management system standard or other normative documents
• Performance monitoring, measuring, reporting and reviewing against key performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document)
• The client’s management system ability and its performance regarding meeting of applicable statutory, regulatory and contractual requirements
• Operational control of the client’s processes
• Internal auditing and management review
• Management responsibility for the client’s policies.  

The audit team analyses all information and audit evidence gathered during stages one and two, to review findings and agree on conclusions which will be presented in a formal audit report. If the auditor identifies any major non-conformances, certification cannot be issued until corrective action is taken and verified.

Accreditation requirements stipulate that if this is not completed within six months, then certification cannot be recommended without a further stage two audit.

How do I achieve certification?   

Following a successful two stage audit a certification decision is made by an independent panel and if positive, certification to the required standard is issued by BM TRADA in the form of a certificate which you can use to demonstrate your certification with third parties to demonstrate the high standards your organization adheres to. You certified status will also be available on the UKAS CertCheck portal.

Your certification is valid for three years and is maintained through a program of annual surveillance audits and a three yearly recertification audit (full system audit).

Surveillance audits are undertaken annually (calendar year) to ensure compliance to the chosen Standard(s) is maintained throughout the three year certification cycle.