Certification is a declaration, issued after an audit by a certification body, that an organization conforms to the requirements of an ISO management system standard, for example ISO 9001:2015 for its quality management system.

Certification gains for an organization wider market confidence, higher business performance and distinctive reputation. Trade barriers are overcome due to mutual recognition of certificates between countries. Certification enhances the sustainability of the organization as well as its ability to consistently comply, where applicable, with legal requirements. These benefits result from effects of the regular audits by a certification body of the maintenance and continual improvement of disciplines exercised by a certified organization to help meet the needs and expectations of its interested parties.

An organization applies to CIP for certification of its management system to its chosen ISO standard. After contract agreement, the organization undergoes two stages of initial audit. See CIP’s audit process. If these audits conducted by CIP are satisfied that the organization’s management system is established, implemented, maintained and continually improved in accordance with the requirements of the ISO standard, CIP grants the organization a Certificate of Registration, valid for three years, declaring its conformity to the ISO standard. The Certificate remains valid for three years provided the management system is maintained and continually improved as verified by two annual surveillance audits. The Certificate of Registration is product/service- and site-specific.

The audits comprise the initial audits and the annual surveillance audits.

The initial audits have two parts: Stage 1 and Stage 2. After implementing its management system for at least three months with satisfactory results and when it deems ready to undergo Stage 1, the applicant organization notifies CIP and may nominate a schedule for these audits.

Stage 1 is successfully completed after CIP finds the management system adequately planned and documented to support its scope of operations in accordance with the criteria of its chosen ISO standard. On agreed dates, Stage 2 follows. The entire management system is assessed by CIP audits whether it is implemented as planned by the organization against the criteria of the ISO standard. If the management system is found adequately implemented, CIP declares it as such in its audit report, with a recommendation to the CIP technical review and approval board to grant certification to the management system of the organization. Upon approval, the Certificate of Registration is issued to the organization, valid for three years, provided the management system is maintained and continually improved as verified by annual surveillance audits.

The surveillance audits assess the level of maintenance of the certified management system. Satisfactory implementation of the management system, if established by these surveillance audits, leads to the reconfirmation of the validity of the Certificate of Registration.

The cost of the certification process, from initial audits to annual surveillance audits in a three-year period, will depend on the number of audit man-days determined appropriate for the organization under the ISO standard/s it intends to be certified against. A small or medium enterprise has much less audit man-days, and therefore less audit fees, than a large, multi-site company. Organizations with thriving business operations often point to the beneficial effects of their certified management system as a key factor for their success, far outweighing and well worth the cost of gaining and maintaining ISO certification.

Factors such as size of organization, number of sites, manpower count, manufacturing or service processes, risk level and the ISO standard/s as audit criteria are considered by CIP against man-day requirements set by the International Accreditation Forum (IAF) when determining the number of audit man-days applicable to an organization, from initial audits to surveillance audits over a three-year period. This is to ensure CIP’s client organizations that their management systems are thoroughly audited for their adequacy, implementation and effectiveness to support the business performance requirements of their organizations.

The Certificate is valid for three years, subject to satisfactory results of surveillance audits. If surveillance audits find the management system maintained and continually improved, the Certificate is reconfirmed for its validity.

Yes. It is renewable for another three-year period. The organization applies for renewal before the Certificate expires. Under a new three-year contract with CIP, the organization undergoes a reassessment of its entire management system. The audit man-days of this reassessment and the two annual surveillance audits in the next three-year period depend on the changes to the management system over the past three years, for example in terms of its scope, the number of sites and manpower of the organization. A successful reassessment results in a new Certificate of Registration. Its validity during the succeeding three-year period is again subject to satisfactory results of two annual surveillance audits.

Without a functioning management system, the Certificate is cancelled.

Yes. If the Certificate was previously cancelled, the organization needs to re-apply for its restoration. Re-application entails a new contract review that requires Stage 1 and Stage 2 audits again. Successful completion by the applicant of both audit stages results in a new Certificate of Registration, valid for three years.

If the Certificate was suspended and if within a period not exceeding six months the restoration of its validity is formally requested by the organization, a follow up audit is conducted by CIP. If audit results are satisfactory, the Certificate of Registration is restored but its original validity period remains the same, i.e. with no extension.

If the suspension period exceeds six months, the Certificate is terminated. The organization may later request restoration of its Certificate but the management system is subject again to Stage 1 and Stage 2 initial audits under a new contract with CIP. If audit results are satisfactory, a Certificate of Registration is issued but with a new validity date of three years, subject to annual surveillance audits.

An organization needs to first understand the requirements of ISO 9001:2015 and how they are made applicable to their operations. Conducting a gap analysis can provide useful findings to what extent an organization’s current management system meets ISO 9001:2015 requirements. Resources need to be invested in the effort: trainings, team work across the organization, persons to plan and lead the development and maintenance of the QMS, budget, time, policy issuances, evaluations, corrective actions. Top management leadership is key to communicating to the entire organization the value of instituting a quality management system. Top management after all is the one that needs the system to help rally the whole organization to achieve its strategic goals through the path of customer satisfaction. Without a customer there is no business.

The criteria of ISO 9001:2015 need to be understood in order for them to be interpreted and tailored fit to the specific circumstances of an organization. In many cases, organizations may already have in place various processes and controls that meet, either in full or in part, specific requirements of the standard. At the start, doing a gap analysis between existing management practices and ISO 9001:2015 requirements may reveal to an organization that it has more ISO 9001 requirements already in place than previously thought. Where gaps are found in some functions or processes, these would be the areas that need to be addressed how best to meet applicable criteria of the standard. Where there are no gaps, no further actions might be needed unless the organization decides to enhance these areas as part of its continual improvement practices.

Understanding the requirements of ISO standards involve self-study, group study, readings, formal training, learning from experienced users of ISO standards, including those found in ISO’s Auditing Practices Group website. Experienced consultants in ISO management systems may also be helpful. It should also be understood that instituting a Management System, whether for Quality, Food Safety, Occupational Health and Safety, Environment or whatever field is chosen by top management, does not mean setting up an additional or parallel management system to what might already be existing within the organization. There should be only one management system in any organization. The existing management system may simply need some continual improvements by bringing its processes into alignment with requirements of the chosen ISO standard.

Copies may be obtained from the Bureau of Philippine Standards under the Department of Trade and Industry, as well as from the official ISO website.

A certification body, like CIP, can demonstrate the competence and independence of its certification schemes and its auditors if it is accredited under ISO/IEC 17021-1-2015 and other standards in the ISO/IEC 17021 series by the Philippine Accreditation Bureau (PAB) of the Dept. of Trade and Industry.

There is no international accreditation body.

That is a wrong notion. There are no internationally accredited certification bodies.

In all countries, accreditation bodies are national organizations. In the Philippines, it is the Philippine Accreditation Bureau (PAB), which was created by the Dept. of Trade and Industry as the national authority for the accreditation of management system certification bodies in the Philippines. Other countries have their own national accreditation bodies: for example the United Kingdom Accreditation Service (UKAS) in the United Kingdom which is appointed by the UK government to perform accreditation of management system certification bodies in UK; in Japan the national accreditation authority recognized by the Japanese Government is the Japan Accreditation Bureau (JAB); in the United States it is the ANSI National Accreditation Board (ANAB).

Yes. Nearly all national accreditation bodies (such as PAB) are members of the International Accreditation Forum (IAF). A mutual recognition agreement is administered by IAF under which accredited certificates issued, for example, in the Philippines by a PAB-accredited certification body is recognized in other member countries.

To uphold their agreements as IAF members and to facilitate mutual recognition of accredited certificates they issue, PAB and all its foreign counterparts use the same ISO standards and IAF mandatory documents to perform audits and accreditation of management system certification bodies in their respective territories. These national accreditation bodies undergo audits by regional accreditation bodies (such as the Asia Pacific Accreditation Cooperation in the case of PAB), also affiliated with IAF, for mutual recognition of their competencies and of the equivalence of their accreditation work.

Yes. CIP has a long standing working relationship with QSCert, a leading certification body in Slovakia. CIP and QSCert collaborate in serving the certification requirements of Philippine companies such as for FSSC and Energy Management System. QSCert is accredited by the Slovak National Accreditation Service (SNAS), an IAF member.

Not necessarily. Commonly foreign buyers deal with numerous global sources in their search for varied products, competitive prices, consistent product quality and supplier reliability. Consequently they want their incoming product inspection and supplier evaluation processes to be more efficient, less costly, transparent, non-repetitive. One way to achieve these goals is to require their sources to be certified to ISO 9001:2015. Certified once, certified everywhere. This is a widely-accepted standard in global trade, used in no less than 160 countries.

Consultancy is not provided by CIP. Certification bodies must be independent and have no conflict of interest with any of their clients.

Trainings on ISO standards are publicly available. The subjects of these trainings are strictly treated in a generic manner and do not in any way provide specialized or unique guidance to participants. The Philippine Accreditation Bureau (PAB) is at liberty to examine the independence of CIP’s training materials and training proceedings.

Yes. Transfers are subject to regulations under IAF MD2:2023.

The organization notifies its certification body about its intention to transfer to another certification body. It coordinates with the certification body it wishes to transfer to for audit and administrative arrangements.