What is ISO certification?

ISO certification is a management tool used to ensure that policies are in compliance with ISO standards; a firm may describe itself as ISO Certified, which means that its policies and procedures have been audited by an accredited ISO certification body.

ISO only publishes standards; the organization does not conduct any testing and audit. Thus, ISO is not involved in any certification activities and does not issue any ISO certificate.

When a company has operational policies and procedures it believes are in compliance with the ISO requirements for certification, it can pursue certification through an independent firm called a certification body that performs inspections and audits. An auditors of the ISO certification body will perform a certification audit to determine whether the company’s policies and procedures meet the requirements for certification.

If the organization meets the standard requirements during auditing, the certification body will recommended the company for an ISO 9001 certification and the certificate will be awarded to the company within 8 to 10 weeks. The ISO certification is valid for three years, with continuing audits conducted on a periodic basis.
ISO certification is not compulsory. The organization can choose to implement the quality management system without certifying. But most companies in Malaysia go for certification due to customer preference and to show their commitment in product or service quality.

Please note not all management system standards can be certified. For example, ISO 26000 Social Responsibility and ISO 14051 Environmental Material Flow Cost Accounting only serves as guidelines or frameworks.