Step 1 – Applicant

The process begins when an organization (the applicant) decides to obtain ISO or other management system certification.

The applicant prepares initial details about their company, such as:

• Company name, address, and contact details
• Nature of business and activities
• Number of employees and work locations
• The management system standard they want certification for (e.g., ISO 9001, ISO 14001, etc.)
• Status of system implementation (whether new or existing)

Step 2 – Submission of Application

The applicant submits a formal application form to MS CERT (the Certification Body).
This application includes:

• Basic company profile
• Scope of certification
• Declared standards (e.g., ISO 9001:2015)
• Details of sites/locations
• Confirmation that the management system is implemented

The application can be submitted online or offline. Once received, MS CERT registers the application and assigns it to the Application Review Team.

Step 3 – Scrutiny by MS CERT

MS CERT reviews the application to ensure it is complete and that the organization’s activities fall within MS CERT’s accredited scope.
During scrutiny:

The applicant prepares initial details about their company, such as:

• The completeness of the application is checked.
• Additional information may be requested from the applicant if any detail is missing.
• The suitability of the applicant’s industry and processes for certification is verified.

If the application is acceptable, it moves forward to the Document Review stage. If not, MS CERT requests the applicant to provide more information or clarify details.

Step 4 – Document Review (May be done onsite during Stage 1)

At this stage, MS CERT reviews the applicant’s management system documentation, which may include:

• Quality Manual / Policy Manual
• Procedures and work instructions
• Process flowcharts and records
• Internal audit and management review reports

The purpose of this review is to:

• Verify that the documented system meets the requirements of the relevant ISO standard.
• Check readiness for the Stage 1 Audit.

If observations or nonconformities are found:

• MS CERT issues an Observation Report to the applicant.
• The applicant must carry out Corrective Action and submit evidence or updated documents.

Once the document review is satisfactory, the applicant is recommended for Stage 1 Audit.

Step 5 – Stage 1 Audit

The Stage 1 Audit (also known as a Readiness Audit) is usually conducted onsite but may be remote.
Objectives:

• Evaluate the preparedness of the organization for Stage 2.
• Verify the documented information aligns with actual implementation.
• Assess the location, processes, and resources.

Activities include:

• Reviewing key documents and records
• Interviewing management and key staff
• Checking if internal audits and management reviews have been performed
• Identifying gaps or areas for improvement

If Observations or Nonconformities are raised:

• The applicant must take Corrective Actions and provide evidence to MS CERT.
• Once accepted, the organization is recommended for Stage 2 Audit.

Step 6 – Stage 2 Audit

The Stage 2 Audit is the main certification audit. It is conducted onsite to assess the effectiveness and full implementation of the management system.

Key activities:

• Checking compliance with all requirements of the ISO standard.
• Reviewing process performance, competence, training, and operational control.
• Verifying that policies and objectives are implemented effectively.
• Examining evidence of continual improvement and customer satisfaction.

If Observations or Nonconformities are raised:

• The organization must take Corrective Actions within a defined time frame (typically 15–30 days).
• Evidence of closure is reviewed and verified by the auditor.

Once all nonconformities are satisfactorily closed, the audit team recommends the organization for certification.

Step 7 – Certification Review

After successful Stage 2 Audit, MS CERT conducts an independent Certification Review (by a qualified reviewer who was not part of the audit team).

This review ensures:

• Audit findings are valid.
• Corrective actions are properly implemented.
• The certification recommendation is justified.

If any ambiguity or missing evidence is detected, the reviewer may seek clarification from the auditor or request additional information from the applicant.

If everything is satisfactory, the reviewer approves the certification recommendation.

Step 8 – Certificate Granted

Once the Certification Review is accepted, MS CERT issues the certificate to the organization.
The certificate includes:

• Name and address of the certified organization
• Standard and version (e.g., ISO 9001:2015)
• Scope of certification (products/services covered)
• Certificate number, date of issue, and validity period

The certificate is typically valid for three years, subject to ongoing surveillance.

Step 9 – Surveillance Audit

After certification, MS CERT conducts periodic Surveillance Audits (usually once every 12 months).
The purpose is to ensure that:

• The management system continues to conform to ISO requirements.
• The organization maintains compliance and effectiveness.
• Any changes in the organization’s processes or structure are properly controlled.

If major nonconformities are found, MS CERT may suspend the certificate until corrective action is verified.

Step 10 – Recertification Audit

Before the end of the 3-year certification cycle, a Recertification Audit is conducted.
Objectives:

• Evaluate continual conformity and system improvement.
• Review all parts of the management system for long-term effectiveness.
• Renew certification for the next 3-year cycle.

Upon successful recertification, a new certificate is issued.