Integrated certification - Integrated systems -

Many organizations need to implement and certify more than one standard at the same time and address several disciplines in a single, integrated management system. For example an integrated Quality - Information security management system that addresses time the requirements of ISO 9001 and ISO/IEC 27001 or an integrated system covering ISO 9001, ISO 14001 and ISO 45001 (Quality - Environment - Occupational Health and Safety).

Such an approach brings important benefits to an organization like reduced costs and effort for both implementation and certification. Also an integrated management system requires less effort to manage compared to addressing each discipline individually.

ISO did provide significant support in facilitating the integration of two or more standards into a single management system, by using the same high level structure for all management system standards published in the last years.
Management system standards have always included a number of similar requirements - like the need for a documentation, policies, objectives, internal audit and management review or nonconformities and corrective actions. Those elements were used as a basis for the integration but there were still significant differences and the use of a common structure (meaning the same major chapters) for all standards is helpful for both implementation and auditing purposes.

To support organizations in their efforts to address the requirements of several standards into an integrated management system there is also this document PAS 99 (Publicly Available Specification) published by the BSI (The British Standards Institution).

RIGCERT can offer combined audits that address more than one management system standard to reduce the effort and costs for your organization. Following a succesful combined audit the organization will obtain a conformity certificate for each management system standard included in the integration.

frequently

asked questions

It is a set of elements (policies, processes and procedures) used by an organization to fulfil its objectives and perform its tasks. A management system can address a single discipline (e.g. quality management system or information security management system) or several disciplines at the same time, in what is referred to as an integrated management system. It is the choice of the organization what type of management system it chooses to implement and certify.

For every discipline there are specific standards that define the requirements for a management system (e.g. ISO 9001, ISO 14001 or ISO/IEC 27001). An organization wishing to obtain the certification of its management system has to demonstrate during an initial certification audit that it fulfils the requirements of the specific standards used as reference for certification.

Regardless of the discipline all management systems generally require organizations to define roles, responsibilities and authorities for personnel, document policies, establish objectives and actions to achieve them, demonstrate operation in controlled conditions, monitor, measure, analyze and evaluate performance and act to continually improve the system.

A management system can be implemented by the organization using internal resources or with the help of external consultants . The management system needs to be maintained and continually improved.

To be useful, a management system should become an integral part of the organization’s activities and not a set of requirements separated from operational routine.

The support from top management is vital for the success of a management system in the organization.



Certification is an attestation from a third party (usually called registrar or certification body) that the management system implemented by an organization fulfills the requirements of applicable standard(s).

So, in fact, not the organization is the subject of certification but its management system.



The certification process begins with the application sent by the organization looking to obtain certification. It has to be a written application and its useful to the certification body for understanding what is required and to plan the resources needed to provide the certification services.

A contract for the certification is signed.

The certification audit is done to evaluate how the requirements of the standard(s)/ reference documents are implemented. The audit team is made of one or several members and the audit duration depends on a series of factors like the standards for certification involved, the size of the organization, its activities. locations, etc.

In case the conclusions of the audit are positive and there are no other elements that may affect the certification, the certification body issues the conformity certificate(s).

The document General rules for the certification of management systems contains detailed information about how the certification process works, what are the requirements for obtaining and maintaining certifications.



Management system certifications are valid for 3 years, with the condition that successful yearly surveillance audits are performed (in the first and second year after certification). Surveillance audits are meant to evaluate if the management system certified continues to respect applicable requirements.

The certification program is the document that specifies the planning of surveillance audits and it is communicated to the organization at certification date.

In the third year the recertification audit takes place and the organization enters another 3-year certification cycle in similar conditions as the previous.



In case surveillance audits are not performed as scheduled the certification may be suspended. During suspension the certification is temporarily invalid. If during suspension the situation is not corrected the certification is withdrawn.



Appeals refer to decisions of RIGCERT with regards to a certain certification (e.g. not granting, suspending, withdrawal, etc) while complaints may refer to a series of aspects like: the personnel working on behalf of RIGCERT, activities of the organizations certified by RIGCERT, activities of third parties connected to RIGCERT, etc.

Appeals and complaints should be sent at office@rigcert.org and are treated confidentially.

RIGCERT personnel involved in the review and decision regarding a certain appeal or complaint have not been involved in the case being reviewed.

The review can include actions like performing special audits, request of information from the parties involved and is concluded with a formal decision communicated to the appellant and/ or complainant.

Detailed information on the appeals and complaints handling process are available in the document General rules for the certification of management systems.



do you

Want to work with us

Complete the form below with your personal information and we will contat you as soon as possible.