Achieving ISO certification requires a structured audit process to verify compliance with international standards. As auditors, we conduct thorough assessments to ensure organizations meet the necessary requirements for certification.

1. Understanding the Certification Scope

• Organizations must determine which ISO standard applies to their operations (e.g., ISO 9001 for Quality Management, ISO 27001 for Information Security).
• A clear definition of scope ensures the certification process remains focused and effective.

2. Documentation Review

• The organization must have policies, procedures, and records in place as required by the selected ISO standard.
• Auditors assess documentation to ensure it aligns with ISO requirements.

3. Initial Audit (Stage 1)

• The first stage of the audit involves reviewing the organization's documented management system.
• This includes checking the existence and completeness of necessary documents and policies.
• Any major gaps are identified and reported for corrective action before moving to the next stage.

4. Certification Audit (Stage 2)

• The main audit involves an in-depth assessment of the organization’s management system.
• Auditors verify compliance through interviews, process observations, and records examination.
• Findings are documented, and any non-conformities are reported.

5. Issuance of Certification

• If the organization meets all ISO standard requirements and non-conformities (if any) are addressed, certification is granted.
• The certificate is typically valid for three years, subject to periodic audits.

6. Surveillance Audits

• Annual surveillance audits ensure the certified management system remains compliant and effective.
• Any deviations identified must be corrected to maintain certification status.

7. Recertification Audit

• Before the certification expires, a recertification audit is conducted to assess ongoing compliance.
• A successful recertification audit results in the renewal of the certification for another cycle.

This process ensures organizations maintain high standards of quality, security, and compliance in alignment with international ISO requirements.

---

Process for granting, refusing, maintaining of certification, expanding or reducing the scope of certification, renewing, suspending or restoring, or withdrawing of certification

KV Registrar – Certification Process & Certification Status

1. Granting of Certification

Certification is granted after successful completion of the certification process, including:

• Submission and acceptance of application
• Application review
• Audit programme determination
• Stage 1 audit (documentation/readiness review)
• Stage 2 certification audit (implementation/effectiveness assessment)
• Closure and verification of nonconformities
• Independent technical review (where applicable)
• Certification decision by authorized competent personnel independent of the audit team

Certification will only be granted when:

• conformity with applicable standard requirements is demonstrated;
• identified nonconformities are satisfactorily addressed;
• certification decision is positive.

2. Refusal of Certification

KV Registrar may refuse certification where:

• the applicant fails to demonstrate conformity with certification requirements;
• major nonconformities remain unresolved;
• access for audit is denied;
• misleading or false information is provided;
• impartiality/conflict of interest concerns cannot be resolved;
• legal or regulatory barriers prevent certification;
• Non availability of Accredited scope with KV Registrar.

Reasons for refusal shall be documented and communicated to the applicant.

3. Maintaining Certification

Certification is maintained subject to continued conformity through ongoing surveillance activities.

This includes:

• periodic surveillance audits (normally annual unless scheme rules require otherwise);
• review of complaints related to the certified client;
• verification of continued effectiveness of the management system;
• review of changes affecting certification.

Certification remains valid only if ongoing compliance is maintained.

4. Expansion of Scope

A certified client may request expansion of certification scope.

KV Registrar shall:

• review the request;
• determine required audit activities;
• conduct additional audit(s) where necessary;
• verify competence coverage for new technical scope;
• make an independent certification decision.

Expanded scope becomes effective only after formal approval.

5. Reduction of Scope

Scope may be reduced when:

• part of the certified activities no longer complies;
• client requests reduction;
• business activities change;
• audit evidence indicates exclusion is necessary.

A revised certificate shall be issued reflecting the reduced scope.

6. Renewal / Recertification

Certification is renewed following successful recertification prior to certificate expiry.

This includes:

• recertification audit;
• review of overall management system effectiveness;
• review of surveillance performance;
• review of complaints, changes, and corrective actions;
• independent certification decision.

Failure to complete recertification before expiry may result in certification lapse/withdrawal.

7. Suspension of Certification

Certification may be suspended where:

• management system persistently or seriously fails to meet requirements;
• surveillance/recertification audits are not completed as required;
• certification mark/logo is misused;
• certified client voluntarily requests suspension;
• complaints or serious incidents require investigation;
• contractual obligations are breached.

During suspension:

• certification is temporarily invalid;
• client shall not claim active certification;
• certification marks/certificates shall not be used in a misleading manner.

8. Restoration Following Suspension

Certification may be restored when:

• causes of suspension are resolved;
• corrective actions are verified effective;
• required assessments are successfully completed;
• certification decision confirms reinstatement.

Failure to resolve suspension within defined timeframe may lead to withdrawal.

9. Withdrawal of Certification

Certification may be withdrawn where:

• suspension conditions are not resolved within prescribed period;
• serious integrity or compliance failures occur;
• certification is fraudulently used;
• client ceases operations;
• client voluntarily requests withdrawal;
• contractual/legal requirements cannot be maintained.

Upon withdrawal:

• certification becomes invalid;
• certificate shall be returned if requested;
• all certification claims must cease immediately.

10. Certification Status Verification

KV Registrar shall make available information regarding certification status upon request, including:

• certified organization name
• applicable standard
• scope of certification
• certification status
• geographical location