In order for standards to be useful -- they must be used. The primary use of ISO 14001 is for management system certification or registration. In this context, the words "certification" and "registration" mean the same thing and are used interchangeably.
The purpose of this web page is to provide basic information about the ISO 14001 certification processes. In particular, information is provided about the following topics:
What is Conformity Assessment?
Conformity Assessment is the process whereby a product, process, service or system is evaluated against specified requirements. It includes activities such as sample testing, management system registration and product certification.
Conformity assessment is supported by three separate, yet interrelated, processes - standard-setting, accreditation and certification. Just as you need at least three legs to support a stool, each of these underlying processes is one leg supporting the integrity of the overall conformity assessment process.
An Overview of Standard-Setting
The first leg supporting conformity assessment is standard-setting. In order to assess conformance, you need to know the specific requirements you need to meet. These requirements are typically set out in a written standard.
There are hundreds of organizations around the world which develop written standards. Each country typically has at least one standard-setting body and many have several. ISO, the International Organization for Standardization, was established in 1947 specifically to promote the development of international consensus standards to replace country-specific standards to promote international trade.
There are literally thousands of voluntary standards - as many as 50,000 standards just in the United States alone. Some standards are very specific, whereas others are general in nature. Some standards have been adopted universally, while others may apply in only one country. Some are specific to a particular company or industry; others have been developed for use across a number of industries. There are more than 12,000 ISO standards covering topics from paper sizes and film speed to measurement units and management systems.
Certification - the Process of Determining Conformance
Certification is the process by which a party gives a written assurance that a product, service, system, process or material conforms to specific requirements (a standard). It is the second leg supporting the conformity assessment process.
There are hundreds of certification bodies around the world. These organizations inspect, audit, test and certify everything from bananas and shoes to electronic components, chemicals and management systems.
Although certification can be done through self declaration (first-party certification) or customer audits (second-party certification), it is considered more reliable if it is conducted by an independent third-party. The fundamental requirement for third-party certification is independence, commonly understood as the lack of potential conflicts of interest on the part of the organizations and the individuals conducting the evaluation.
Other requirements for a certification program include developing a means of assuring technical proficiency on the part of inspectors or auditors and establishing systems that ensure reliable and consistent results. These requirements are imposed on certification bodies through the accreditation process.
Accreditation - Evaluating the Evaluators
Lately, there has been increased interest in answering the question - "Who audits the auditor?" In other words, what "watchdog" agencies, programs or processes are in place to make sure the public can rely upon the results of an audit or certification process?
This is the role of the third leg of the conformity assessment process, accreditation.
Accreditation is the process by which an authoritative body gives formal recognition to a person or an organization that it is competent to carry out specific tasks. Typically, each country has at least one accreditation body. These accreditation organizations are usually government agencies or non-profit organizations endorsed by the government. As part of the accreditation process, accreditation auditors review the processes and systems of the registrars.
The ISO 14001 Conformity Assessment Process
To understand how conformity assessment works for ISO 14001, it is helpful to understand the interrelationship between the standards, processes and the players that play a role in registering a company.
First, the standards. ISO 14001 sets out the requirements a company must meet to establish a "conforming" environmental management system. In addition to the ISO 14001 standard, ISO has published an auditing standard, ISO 19011, that specifies what needs to be included in an environmental auditing program and the competencies needed for environmental management system auditors.
These standards were developed in accordance with the directives and guides that govern the ISO standard-setting process. The development, and subsequent revision, of these standards is the responsibility of ISO Technical Committee 207, which is made up of representatives of each of the member countries to ISO. The United States develops input and comments on the ISO 14001 and ISO 19011 standards through the Technical Advisory Group (TAG) to TC 207, which is an ANSI committee with the American Society for Quality (ASQ) as the Secretariat.
Next, the processes. The conformity assessment processes are certification (registration) and accreditation. These processes are influenced or governed by host of national and international agreements, standards and parties. In particular, the rules for accreditation and registration are developed by CASCO - ISO's Committee on Conformity Assessment. These CASCO rules are Guide 61 (the rules governing accreditation bodies), Guides 62 and 66 (the rules governing registrars) and ISO 17024 (the rules for organizations that certify individuals). There is currently an ISO standard-setting effort underway to replace Guides 62 and 66 with a new ISO standard, ISO 17021, Conformity Assessment - Requirements for bodies providing audit and certification of management systems. A second draft of this standard was issued in late 2005 because of the significant opposition raised over the content of the first draft.
In order to be certificated, an organization must follow the rules established by the registrar who issues it a certificate, and, in turn, the registrar must follow the rules established by the accreditation body that accredits that particular registrar. These rules may be more stringent than the requirements established within ISO 14001 and ISO 19011.
Finally, the parties. In the United States, the accreditation body that certifies ISO 9001 and ISO 14001 registrars is the ANSI/ASQ National Accreditation Board (ANAB). There are several other accrediting bodies around the world. These accreditation bodies have entered into a mutual recognition agreement to recognize each others accreditations as members of the International Accreditation Forum (IAF).
In order to be accredited, each registrar must develop written procedures to govern its ISO 14001 registration process. Registrars are subject to periodic surveillance audits by their accreditation bodies to ensure audit reliability and impartiality. A registrar that fails to follow its written procedures or is found to have engaged in improper activities may have its accreditation withdrawn.
One of the requirements registrars must meet is to use competent auditors. RABQSA is an organization who provided a program for certifying that individual environmental and quality auditors have meet auditor competency requirements. Registrars may, but do not have to, use RABQSA certified auditors.
Choosing a Registrar
Now that you have a basic understanding of the overall ISO certification process, how do you go about selecting a registrar to certify your environmental management system?
The first question you need to answer is whether you need third-party certification. ISO 14001 does not require it. Organizations can self-certify their conformance to the standard and many have used this approach. This is particularly true for governmental agencies that already have independent oversight mechanisms in place. On the other hand, if you have a major customer who is requiring an ISO 14001 certificate, third-party certification will likely be mandatory.
If third-party certification is not required, the next question to ask is "Will it be beneficial?" Organizations have found third-party certification to be helpful for several reasons:
Once you decide to move forward with third-party certification, it is important to choose your registrar carefully - taking into account your overall business goals. Given the nature of the conformity assessment process, you will be choosing someone with whom you will have a business relationship for at least three years, so it is important to choose carefully.
Approaches vary widely so it is worthwhile to get proposals from several registrars. It is also important to keep in mind that the overall cost to your organization includes the costs of implementing a system that meets the registrar's particular requirements, travel costs for the registration auditor(s) who will be visiting your facility and the time and resources you will need to support the periodic in-person registration audits. These indirect costs may be substantially more than direct costs spelled out in the registration contract.
ISO registration is a service business. The best choice for you will be based on which registrar has the appropriate expertise, makes you feel comfortable with its approach and provides the best value - given your particular needs. Like any other major purchase, it is important to evaluate several companies, ask for and check references and take into account all of the cost involved - not just the contract price. Be very careful in evaluating "value-added" services to ensure that they truly do provide value and be careful that they retain the impartial evaluation which is the true purpose of the third-party registration.