ISO (International Organisation for Standardisation) is an independent, non-governmental body that develops standards to ensure best practice business processes, policies, and controls are effectively implemented, recorded, maintained, and improved. Achieving ISO certification provides assurance that a company’s products, systems, or services meet the quality, safety and efficiency requirements of the designated standard. ISO standards are appropriate for businesses of all sizes, in any sector or industry, and virtually any geography, being recognised in over 165 countries worldwide.
Each standard is created by a technical committee made up of subject matter experts, including industry representatives, research organisations, government departments and consumers. The outcome is a set of comprehensive criteria, definitions, and guidelines that provides a robust framework to help organisations implement efficiencies, streamline services, reduce risk, and maintain compliance.
About ISO Certification
FORTIS CONSULTANCY ASSOCIATIONS
As a BSI Associate Consultancy, Fortis has extensive experience of certified management systems and provides expert advice to help you accomplish industry best practice. We support your business throughout the entire implementation and certification process, sharing our knowledge of regulatory requirements and showing you
you how to stay resilient and responsive. Associate Consultants act independently from the BSI but must fulfil a number of rigorous selection criteria that clearly demonstrate the expertise required to work with ISO standards.
As an LRQA Registered Consultancy Fortis has broad knowledge and experience of implementing and maintaining management systems for international standards within a wide range of market sectors and provides independent support and advice. Membership of the LRQA Consultant Network provides assurance that Fortis has the necessary skills and competencies to successfully guide you through the implementation
implementation and certification journey for your chosen international management system standard.
As an LRQA Registered Consultancy Fortis has broad knowledge and experience of implementing and maintaining management systems for international
As a BSI Associate Consultancy, Fortis has extensive experience of certified management systems and provides expert advice to help
international standards within a wide range of market sectors and provides independent support and advice. Membership of the LRQA Consultant Network provides assurance that Fortis has the necessary skills and competencies to successfully guide you through the implementation and certification journey for your chosen international management system standard.
help you accomplish industry best practice. We support your business throughout the entire implementation and certification process, sharing our knowledge of regulatory requirements and showing you how to stay resilient and responsive. Associate Consultants act independently from the BSI but must fulfil a number of rigorous selection criteria that clearly demonstrate the expertise required to work with ISO standards.
FORTIS ISO CERTIFICATION CONSULTANCY SERVICES
The breadth of the Fortis service portfolio enables us to deliver a variety of risk management and consultancy support solutions. We specialise in helping clients achieve compliance to the standard they need to operate with confidence; from a simple one-off gap assessment through to complex multi-standard integrated management system projects, Fortis offers comprehensive certification services that can be tailored to suit your organisation’s specific requirements.
Our specialist ISO consultants guide, support, and work with clients throughout the entire process from implementation to certification. Fortis can then continue to work with your organisation beyond certification, via the Stay Certified Service (SCS) which supports the ongoing maintenance and assurance of management systems to ensure certification is retained during annual surveillance and re-certification cycles.
Globally recognised:
With more than 165 member countries, ISO certification sets a benchmark for best practice. Recognised all around the world, it quickly and easily demonstrates your organisation’s commitment to the international standard.
Regulatory compliance:
There are a growing number of international laws and regulations relating to all aspects of business and the possibility of prosecution and/or fines for non-compliance is very real. ISO standards provide the ideal framework to help organisations manage regulatory and legal requirements.
Reputation:
Enhances your company’s brand and builds trust and confidence. Certification reassures existing or potential customers and stakeholders that you are committed to industry best practice and continual improvement.
Competitive advantage:
Certification can increase commercial opportunities and enable your organisation to win new business and customers. ISO certification may also be mandated for suppliers in certain industries and sectors.
Cost savings:
ISO frameworks help to eliminate downtime and any associated loss of revenue, as well as potential fines as a result of regulatory or legal non-compliance. An evidence-based approach to decision making also helps businesses to identify cost saving opportunities more easily.
Increases efficiency/productivity:
Policies and procedures are all clearly defined and documented, and a continual review process enables companies to eliminate duplication of task, streamline internal procedures and optimise business operations.
Staff engagement:
Involves employees in the certification process by enabling them to provide feedback and suggest improvements, promoting a sense of ownership and responsibility.
Collaboration:
Encourages teams to work together across functions for the wider benefit of the organisation, aligning processes, providing transparency, and avoiding silos and divisions.
Resilience and futureproofing:
The ISO frameworks encourages companies to regularly review their policies and processes and implement appropriate measures to continually improve business operations.
BUSINESS BENEFITS
COMMON ISO CERTIFICATIONS
Fortis specialises in supporting all types and sizes of organisations with implementing, maintaining, and achieving accredited ISO certification. In addition to achieving externally accredited certification, ISO management systems can enhance the daily management and routine operations for many companies.
The most common certifications for which Fortis provides consultancy and support services include:
ISO/IEC 27701
International Standard for Privacy Information Management
ISO 22301
International Standard for Business Continuity Management
ISO 45001
International Standard for Occupational Health and Safety Management
TYPICAL ISO CERTIFICATION PROCESS DIAGRAM
You are now a certified business!
Congratulations!
UKAS ISO Certification Achieved and Formally Awarded for Certification
Post certification we will help you to successfully maintain your certifications over their three year lifecycle. With internal audits, management reviews, compliance for surveillance audits, re-certification and updates to your management system.
ISO Certification Ongoing Maintenance and Support
You are now a certified business!
Congratulations!
We establish the size & scope of the project by working with you to understand your overall business needs, your expectations and how implementing the ISO standard can help you. We also take a look at your existing certifications, e.g. ISO 9001 or Cyber Essentials.
Initial
Review
Implementation includes the major steps below alongside regulatory compliance & industry standards. We assist with development of policies & processes and staff training plus pre-certification audit.
1. Internal audit / gap assessment
2. Start to design and build the management system for the standard.
3. Corrective actions from the internal audit / gap assessment implemented
Start of Certification
This audit will verify your use of the management system. Your dedicated consultant can provide technical support and reassurance through your certification audit. When successful you will be recommended for certification with UKAS
Stage 2 Certification Audit
Our fees include implementation of your management system against the ISO standard requirements by our technical information security lead consultants, who work with you through the project and beyond.
Formal Quotation
The Stage 1 Audit consists of an extensive documentation review in which ISO 27001 auditor reviews the organisation's policies and procedures for compliance to the requirements of the standard.
-
Collect opportunities for improvements and then implement the corrective actions.
-
Conduct a management review
-
Deliver a pre-certification audit to ensure readiness
Stage 1 Audit Documentation Review
The timeline to achieving initial ISO certification can take anywhere between 4-12 months, depending on the individual organisation’s size and complexity and the chosen standard.
An annual surveillance audit ensures that all companies are maintaining the standards and best practices that are set out in the certification frameworks. The audit process covers all the components of the original Stage 2 audit to evaluate the implementation and effectiveness of the businesses management systems and ensure compliance with the standard’s requirements.
ISO certification is valid for three years, after which time re-certification is necessary. The process is very similar to the initial audit but without the Stage 1 requirement. A thorough assessment of the organisation’s policies, processes and systems is undertaken, and the company must also be able to clearly demonstrate its commitment to a program of continuous improvement.
ISO CERTIFICATION LIFE CYCLE
MAINTAINING COMPLIANCE WITH THE STAY CERTIFIED SERVICE
Once certification is achieved it is essential that organisations continue to work to the defined standard operating procedures to maintain, manage, and continually evolve best practice measures.
ISO certification encourages a culture of continuous improvement, and a systematic review of policies, processes and controls mitigates risk, keeps companies up-to-date with any changes to the applicable standard, and simplifies the annual surveillance audit and/or re-certification cycle to ensure ISO certification is retained.
The Fortis Stay Certified Service (SCS) is a 12-month program of work aligned to the annual certification cycle. Three service options (SCS Essentials, SCS Business, and SCS Enterprise) offer different levels of support to suit the needs of your business and deliver a cost-effective solution to maintaining certification of your chosen standard.
Fortis offers access to discounted training courses through BSI to support clients at each stage of the certification journey. Each of these course structures is available for the core standards for which Fortis provides consultancy, including Information Security Management (ISO/IEC 27001) Quality Management (ISO 9001), Business Continuity Management (ISO 22301), Environmental Management (ISO 14001) and Health & Safety (ISO 45001). Courses cover an array of topics from understanding ISO requirements and implementation to auditor training and management briefings.
ISO TRAINING
If you are aiming to become certified, purchasing a BSI standard gives you access to all the information required to achieve compliance to your chosen standard. Each document provides comprehensive guidance, technical specifications and precise criteria relating to the standard to ensure best practice, efficiency and consistency. Available as either digital or hard copies, standards can be bought directly from the BSI shop using the following link.