ISO Consulting and Implementation
Consulting
Our ISO Management System Consulting Services involve one of our experts guiding your organisation in implementing a Management System that conforms to the relevant Standard. Our consultants advise you during the process, review the work, and provide guidance on how to conform.
Implementation
One of our expert Implementers lifts the administrative burden by working with you, top management, and your employees to effectively document the Management System. This ensures records generated establish conformity to the Standards and compliance with legal requirements.
We have a range of professional Consultants and Engineers, who are registered Lead Auditors, to assist in the implementation and maintenance of any ISO Management System.
Our range of industry experience includes services, telecommunication, manufacturing, construction, engineering services, fast-moving consumer goods, mining, power generation, state-owned companies and government entities.
They look at how your business is run before deciding what ISO requirements are applicable in order to develop an ISO Management System that will better manage your business. In addition to assisting with saving costs and bringing your clients peace of mind, you will have a proper system in place for increased efficiency and greater service.
CERTIFICATION
WWISE Provides multiple options in System on route to Certification:
What is it?
Why does an organisation require a Gap Assessment?
Most organisations do conform to the Standard; however, they are unable to interpret the requirements of the Standard into their business practices. Our professional Consultants and Auditors facilitate the interpretation of the Standard and determine the required alignment to your business processes.
How long does this take?
This is largely dependent on the organisations’ scope of products and services, departments, processes, activities, functions, and sites.
We generally consider the following:
- Organisations with less than 10 employees or 8 processes – 2 Auditors (1 day), and
- Organisations with 11-30 employees or 9 to 16 processes – 2 Auditors (2 days).
An Auditor can audit 4 processes in 1 day, a process is a function of a department (e.g., Human Resources is the department – recruitment and induction are processes).
What is the Process?
- Contact admin@wwise.co.za or click on our Contact Us page and request a Gap Assessment on your specific ISO Standard requirements. Should you require clarity on which ISO Standard your business requires, a Consultant will call you back within 12 hours to understand your requirements.
- We identify your scope, location, processes, and boundaries by asking for your Company Profile, Organogram, or a Product and Service Catalogue.
- Our Consultants create a Proposal and Quotation for your Gap Assessment based on the information provided.
- Once the Proposal and Quotation is finalised, a 50% deposit is required to book the Auditors/Consultants for the Gap Assessment. This will take place on a day that suits you – virtual, physical or both. Our preference for physical face to face sessions is well supported by the engagement experienced.
- An Audit Plan, in line with the departments and processes, will be scheduled. Time allocation ranges between 60 to 120 minutes per process, dependent on the criticality of the process (core or supporting).
- The Audit scope, objectives, and Plan is required to be accepted by the client. Once accepted, the Audit is scheduled.
- A day before the Gap Assessment, the Audit is confirmed, and the Auditors arrive to audit your organisation’s systems and processes on the scheduled Audit day.
- An Opening Meeting is conducted with Top Management, process owners, and staff to understand the scope, and context is provided on the benefit, value, methodology, and output of the assessment. Furthermore, the definitions of major and minor findings are explained for continuous improvement.
- Questions related to the clauses are asked for each process with an emphasis on: Say What you do – Job Description or equivalent; Do What you Say – Process/Procedure; Show me – Evidence of 6-12 months; What are the Risks – Risk Assessment; How are you improving – Objectives and Key Performance Indicators. There are specific questions per Standard that are asked in relation to the requirements/controls.
- Conformance or non-conformance to the ISO Standard in regards to documentation and processes audited are shared during the Closing Meeting.
- A date on the Gap Assessment Report will be finalised, and options for Consulting (Option 2) or Implementation (Option 3) will be given.
- The Gap Assessment Report is compiled and presented to the client, with an Implementation Plan on either Consulting (Option 2) or Implementation (Option 3) – with the recommended “the WWISE Way”.
- The outstanding balance is paid on receipt of the Gap Assessment Report.
The decision is made on whether to pursue the Implementation or Consulting phase – this is dependent on your organisation with no obligation.
If costs are an issue, WWISE provides the best possible solutions to assist, and may consider “Option 4 – Do it on my own”, with ad hoc hourly fees.
What are the benefits?
This is an investment an organisation makes to understand where their processes lie in accordance with best practice international Standards or frameworks. The need for standardisation, process conformance, legal compliance, and ISO certification is what clients require as a means of assurance. This assurance ensures that the respective products and services are being delivered in a consistent manner and meet their needs and expectations as defined.
The Gap Assessment identifies your process deficiencies and determines an Implementation Plan aligned as to these requirements.
What are the disadvantages of a Gap Assessment?
Many other Auditors/Consultants may not understand your business or its products and services – resulting in an assessment that will not add value and will be difficult to interpret. With our range of knowledge and industry experience, our registered Consultants/Auditors have reputable references and track records – ensuring your organisation is in safe hands.
What are the Costs?
Our rates are R9250,00 per Auditor/Consultant, per man-day. This excludes travel outside of Gauteng and the greater Cape Town area.
All our Auditors/Consultants are professionals with specific industry experience and are registered Auditors. We have over 100 years of combined experience with a 100% Certification Record.
What is it?
Why does an organisation require a Consultant?
Consultants have the required competency, understanding, and experience the different businesses, industries, and ISO Standards. The cost of a Consultant in marrying the Standard to your Values and Objectives is key in reducing the risk of failing a Certification Audit. Failure comes at a cost, and often involves reputational damage.
Industry experience, qualifications, and competency for registered Auditors is key. A certificate only shows the theoretical expertise of a Consultant, while registration validates their practical competency and credibility. Auditors can be searched on www.saatca.co.za and www.quality.org.
How long does a Consultant take to guide the organisation on Implementation?
This is largely dependent on the organisations’ scope of products and services, departments, staff complement, processes, activities, functions, sites, and commitment from Top Management. This process can range from a minimum of 3 months to a maximum of 3 years.
What is the Process to hire a Consultant?
- Contact admin@wwise.co.za or click on our Contact Us page and request a Gap Assessment on your specific ISO Standard requirements. Should you require clarity on which ISO Standard your business requires, a Consultant will call you back within 12 hours to understand your requirements.
- We identify the Standard you require to conform to, bearing in mind: time frame, location, scope, boundaries, processes, products and services. This is achieved by requesting your Company Profile, Product and Service Catalogue, Legal Register (if any), and Organogram (functional).
- Our Consultants create a Proposal with the following key Milestones and Tasks:
- Step 1: Gap Assessment. We advise to consider Option 1 (Gap Assessment) before Option 2 (Consulting).
- Step 2: Awareness training to all staff, combined with Top Management or separate. Explanation of the history of ISO, benefits of a Management System, Project Plan, and requirements of each individual for the project is defined, communicated, and understood.
- Step 3: Implementation Training for ISO Champions for 5 days, for a minimum of 2 employees from different departments/processes. ISO Champions are selected from the employee pool, with a focus on those who are assertive, motivated, dedicated, and can influence change.
- Step 4: ISO Management System Templates is supplied, with training on how to complete each Template. This includes an action plan with individuals responsible for: document creation, review, verification, validation, and sign off. These are aligned to the Corporate Identity of the company, and the Control of Documented Information Procedure. Assistance in documentation of a Risk Assessment is also provided.
- Step 5: Guidance of how to generate Records for each mandatory requirement of the Standard is provided. Policy implementation and procedural outputs are undertaken and evaluated.
- Step 6: Internal Audit Training for ISO Champions is provided. Additionally, an Internal Audit is conducted by an independent Consultant/Auditor.
- Step 7: Non-conformance and Corrective Action (Root Cause Analysis) Workshops are conducted – risks are updated as required.
- Step 8: Management Review Meeting is held, and statistical Objectives are proven. Thereafter a final action plan on what is required for the Certification Audit is prepared.
- Step 9: Stage 1 Audit with an accredited Certification Body is undertaken. Completion of the application forms with multiple Certification Bodies is conducted and preference is chosen. The Stage 1 and 2 fees are paid to the Certification Body and a date is set for the Stage 1 Audit, or desk study Audit, for a day or 2. The Stage 1 Report is presented highlighting areas of concern.
- Step 10: Areas of concern will be addressed and preparation for Stage 2 Certification Audit is undertaken. Note: this must take place within 3 months of the Stage 1 Audit, or the Stage 1 Audit is forfeited.
- Step 11: The Stage 2 Audit is conducted with Top Management, process owners, and staff audited against inputs of the Standard (Policies, Processes, Procedures, and respective Standards controls) to outputs evidence of 6-12 months. Thereafter a Report is submitted with any non-conformances noted.
- Step 12: Corrective actions with evidence supplied to the Auditor. This is necessary, as evidence of closure of the findings must be provided.
- Step 13: Certification is awarded. This includes the benefit of utilising the ISO logos for marketing purposes. Furthermore, the annual Surveillance Audits of year 2 and 3 are agreed upon.
- Step 14: Consultant guidance can be provided – this may be a monthly retainer or adhoc.
What are the benefits of a Consultant?
The guidance of a competent Consultant who understands the requirements of the Standard and the organisation’s business and strategic objectives is key when documenting a system. This system will align with the culture of the organisation and provides assurance that there are no drastic changes required, rather improvements and adjustments. A Consultants’ objective is to assist in guiding an organisation to develop a system that is embedded within current practices. Our Consultants have the ability to understand blue- and white-collar employees – communicating effectively and translating the value of the improvements to daily activities.
What are the disadvantages of a Consultant?
A Consultant functions to advise on what to do. Organisations and employees do not have the time to document Policies, Processes, Procedures, and standardise Forms which is an administrative burden and results in delays of the project.
To mitigate this, WWISE recommends Option 3 – Implementation.
What are the Costs?
On average, for all 14 phases, this ranges from a total of 7 days (56 hours) for smaller companies, excluding training and the Certification Audit (Stage 1 and 2) dates, or 15 days for medium sized organisations that can be spread out in an hourly, daily, weekly, or monthly basis.
A system is required to provide at least 3-6 months of Records to be considered for certification.
Costs vary based on time required, for example:
- For an organisation between 0-10 employees, on average the days and costs are, excluding training:
- 5 days or 40 hours over a period of time, either a month or 3.
- R 750,00 an hour R 30 000-00 ex. VAT and travel expenses, for 5 days or 40 hours.
- An organisation between 11-20 employees, on average the days and costs are, excluding training:
- 10 days or 80 hours over a period of time either a month or 3.
- R 750,00 an hour or R 6000,00 per day. A total of R 60 000-00 ex. VAT and travel expenses, for 10 days or 80 hours.
- For 21 employees or more – Options 1 and 3 are recommended unless a set number of days and hours are required. This will be at a rate of R 9250-00 per day or R 1200-00 per hour ex. VAT and travel expenses.
All our Consultants are professionals with specific industry experience and are registered Auditors. We have over 100 years of combined experience with a 100% Certification Record.
What is it?
Why does an organisation need to consider the Implementation route and WWISE Way?
Implementation is a hands-on approach with a 100% success rate for organisations that seek to implement a system that is effective, manageable, aligned to business objectives, and is easily maintained.
Employees lack time to document their processes but may spare an hour or so to explain the process, controls, and requirements of their activities. WWISE documents this on the clients’ behalf and aligns the outputs with related statutory, regulatory, contractual, and other requirements. This results in an effective ISO Management System aligned to relevant Standards and frameworks – custom-built according to the organisations’ requirements.
We have resources, professionals, and experts to assist in accordance with the clients’ time frames. This covers continuous on the job training and mentoring of Top Management to take ownership of the system and monitor its performance through unique solutions that we create for the business.
How long does it take to Implement an ISO Management System?
This is largely dependent on the organisations’ scope of products, services, departments, staff complement, processes, activities, functions, sites, and commitment from Top Management – this process may take a minimum of 3 months and maximum of 1 year.
What are the Costs?
Refer to our Brochure (page 8 – 13) for a detailed Project Plan, costing, and an explanation of an effective Management System Implementation process for any ISO Standard or Governance, Risk, and Compliance (GRC) Framework.
What is it?
What are the advantages?
This method of documenting a management system is the most cost-effective.
What are the disadvantages?
Through years of experience, we have identified that Audit failure is often caused by ineffective implementation. Documentation of Policies, Processes, Procedures, and standardising Forms is only an aspect of an ISO Management System. There is still a need to embed the controls of the Standard into organisational culture and day to day activities.
Can a Consultant be outsourced on an ad hoc basis?
Yes. WWISE offers a number of hours or days to assist in guiding your implementation process.
Certification costs?
WWISE is not a Certification Body and cannot predict the costs of independent third-party Certification Bodies. It is important to note that when choosing a reputable Certification Body, they are accredited, and their accreditation body is linked with the International Accreditation Forum (IAF). This will assist the organisation in pursuing certification on the value of the ISO certificate they receive. An estimation of certification costs can be determined based on factors such as the scope, products and services, boundaries, locations, processes, and legal and other requirements once a Gap Assessment is conducted. Alternatively, Certification Bodies can be contacted directly, and an application form can be completed to understand the costs of certification fees over the 3 years. *Terms and Conditions Apply.
WWISE WAY
The WWISE Way – Option 3 ISO Implementation Steps:
Gap Assessment Audit, Information Gathering & Awareness Training
Why do organisations need Gap Assessments?
- To understand the organisation’s current conformance to the ISO Standard of their choice.
- To identify documentation and Records the organisation may already produce, aligned to the Standard. Thereafter it is determined how to map these activities to the ISO Standard’s requirements.
- A Gap Assessment indicates the amount of work required to conform to the ISO Standard, and comply with legal requirements.
What are the outputs of the Gap Assessment?
- The Gap Assessment Report indicates the current conformance to the Standard the performance the Management System.
- An obligation-free Proposal is presented, to assist in closing the identified gaps, to conform to the Standard. A Task List/Project Plan for implementation is created and preparation for certification begins.
ISO System & Document Development
Closing gaps in accordance with the ISO Standard from a documentation and governance perspective.
- Gaps are closed from a documentation and governance perspective in accordance with the ISO Standard..
- Awareness training is conducted for all staff on the importance of ISO, the benefits of ISO certification, and the requirements per role/individual in the organisation.
- Information is gathered to understand the respective roles, responsibilities, processes, and procedures.
- The Templates for all documentation are standardised and aligned to the organisation’s corporate identity.
- The Management system Standards is documented and aligned to the Standard requirements.
- Risk management and the specific plans aligned to the Standard are focused on. Forms are created to collect data in order to generate statistics.
Implementation & Audit Training
Implementation of the ISO Management System documentation, with a generation of at least 3-6 months of Records.
- ISO Management System documentation is implemented and Records of at least 3-6 months are generated.
- On-the-job training and workshops to use the Management System are conducted.
- Internal Audit training and maintenance training is conducted to ensure skills transfer.
- Internal Audits (dress rehearsals) are conducted with workshops on non-conformances, corrective actions, the updating of risk assessments, and the Management System if required.
- A Management Review is conducted. During the Management Review an Action Plan is established to ensure all items, either capital or operational expenditure, are managed and documented.
Certification Process
Key points to consider when choosing a Certification Body.
- Is the Certification Body accredited? Logos to look out for are: South African National Accreditation System (SANAS), United Kingdom Assurance Services (UKAS), International Accreditation Forum (IAF), Deutsche Akkreditierungsstelle (DAkkS), and many more.
- There are multiple Certification Bodies globally – it is important that the Certification Body chosen is accredited and is being audited by an Accreditation Body against the ISO/IEC 17021-1:2015 Standard. This ensures credibility of the Certification Body and provides confidence that the certification was not attained through the internet or purchased illegally.
FAQ
frequently asked questions
What can I do to get my Organisation Certified?
Any organisation wishing to become ISO certified, needs to implement and maintain an ISO Management System. The steps that are recommended for an organisation to become ISO certified are as follows:
Step 1 – Gap Assessment
Why do organisations need gap assessments?
- To understand the organisation’s current conformance to the ISO Standard of their choice.
- To identify the relevant documentation and records the organisation might already have which are aligned to the standard, and identify how to map it to the ISO Standard’s requirements.
- A gap assessment assists the organisation and WWISE to indicate the amount of work required to conform to the ISO standard and to comply with legal requirements.
What are the outputs of the Gap Assessment?
- A Gap Assessment report indicates the current conformance to the standard and the performance of its Management System.
- An Obligation-free proposal to assist the organisation in closing the identified gaps to conform to the standard with a task list/project plan for implementation and preparation for certification.
Step 2 -Closing Gaps.
- Gaps are closed from a documentation and governance perspective in accordance with the ISO standard.
- Awareness Training for all Staff on the importance of ISO, the benefits of ISO certification and the requirements required per role/individual in the company.
- Information is gathered to understand the respective roles, responsibilities, processes and procedures.
- The templates for all documentation are standardised and aligned to the organisation’s corporate identity.
- The Management system is documented and aligned to the standard’s requirements.
- Risk management and the specific plans aligned to the standard are focused on and forms are created to collect data to generate Statistics.
Step 3 – Implementation of the ISO Management System
- ISO management system documentation are implemented and records of at least 3 – 6 months are generated.
- On the job training and Workshops on how to use the management system are conducted.
- Internal audit training and maintenance training are conducted to ensure a level of skills transfer.
- Internal audits (dress rehearsals) are conducted with workshops on non-conformances, corrective actions, the updating of risk assessments and the management system if required.
- A management review is conducted. During the management review an action plan is created to ensure all items, either capital or operational expenditure, are managed and documented.
Step 4 – Certification
Key points to consider when choosing a certification body:
- Is the Certification Body accredited? Logos to look out for are: South African National Accreditation System (SANAS), United Kingdom Assurance Services (UKAS), International Accreditation Forum (IAF), Deutsche Akkreditierungsstelle (DAkkS) and many more.
- There are multiple certification bodies globally, it is important that the certification bodies are accredited and being audited by an accreditation body as mentioned above. This ensures credibility of the certification body and respective clients would want to note that the certification was not attained through the internet or purchased, as each certification body is audited by an accreditation body to the ISO 17021 standard.
Who are the different certification bodies?
- The Different Certification Bodies are:
- South African Bureau of Standards (SABS)
- British Standards Institute (BSI)
- TUV Nord
- TUV Rhineland
- TUV Sud
- Bureau Veritas
- Standard Global Service (SGS)
What is the difference between Single Site and Multi-Site Certification?
- Single Site Certification –One site/location and its departments (HR, Finance etc) and Processes (Recruitment, Induction, Creditors and Debtors) are audited.
- Multi-Site Certification – Organisations with various sites or offices across the country or world require multi-site certification. The sites are sampled over a 3-year period. The Initial Stage 2 audit will be conducted for all sites.
What is ISO and why do clients require an organisation to conform to an ISO Standard?
-
ISO is the recognised name for the International Organisation for Standardisation. It is not an acronym, it is derived from the Greek word ISOS, which means equal to, which suggests that all members of the organisation have an equal voice.
- ISO was founded in the 1940s and is a voluntary organisation that consists of multiple countries, where their standards division collaborates to discuss best practice standards.
- The objective of ISO is to standardise standards globally, to ease trade and create a level of uniformity in conforming to best practice standards.
- There are over 26 000 different ISO standards ranging from Geometrical Specifications, Environmental, Textiles, Cabling, Quality, Safety and Health.
- Clients who require an ISO Certificate are looking for confidence and assurance your organisation is conforming to best practice standards and can to deliver products and services to an optimum standard.
What are my risks in the process of attaining ISO Certification?
-
Implementing an ISO Management System and conforming to the standard is tedious and challenging, the amount of work required to implement a system that works for the organisation requires careful understanding of the organisation’s culture.
- Approximately 55% of clients lose their certification in the first year of attaining it.
- The key to a successful management system is to document what the organisation does and to align the generic requirements of the standards to the organisation’s environment with appropriate documentation.
How quickly can I get an ISO Certificate?
- Attaining an ISO certificate is not a membership you pay for, it is a process where you implement a Management System.
- A Management System comprises of Policies, Processes, Procedures, Work Instructions, Risk Assessments, Forms, Templates and records aligned to the requirements of the standards.
- Depending on the size of the organisation and its current conformance to the ISO Standard, an organisation will have to provide a minimum of 3 – 6 months of records to justify conformance to the standard.
- WWISE has assisted organisations from as short as 7 days to as long as 3 years, depending on the organisation’s size, the current conformance to standards, the commitment of management and the culture of the organisation.
- On average WWISE can commit to assisting an organisation to conform to an ISO Standard within 3 months.
How do I maintain my Management System and prepare for Annual Audits?
WWISE offers multiple options to be as Cost-effective for the organisation as possible. These range from:
-
- Monthly consulting on a retainer, where our Consultants assist in reviewing, editing, managing, and assisting with the maintenance of the Management System.
- Ad-hoc consulting, where we are required to come and assist on a “when and if” required basis.
- Internal Audits, Non-Conformance and Corrective Action workshops, and Management Review Meeting facilitation.
How do I, as an individual, become competent to understand the requirements of ISO Standards?
-
There are various training programs that WWISE offers, depending on your understanding of the Standard/s and exposure to it.
- WWISE recommends that individuals who are new to the ISO world follow this Training Plan:
-
- Awareness Training (1 day – Classroom Training or 8 hours online eLearning).
- Implementation Training (5 days – Classroom Training or 40 hours online eLearning).
- Statistical and Continuous Improvement (4 days – Classroom Training or 32 hours online eLearning).
- Internal Audit Training (3 days – Classroom Training or 24 hours online eLearning).
- Lead Audit Training – Provided that Implementation and Internal Audit Training has been completed (5 days – Physical Training or 40 hours online eLearning).
How to attain a quote from a Certification Body
-
The first step is to ask for a quotation for a Conformance Audit. The Certification Body will send you an application form which requires the organisation’s details, such as the organogram, number of processes, number of employees and number of sites (Locations).
- A quotation for stage 1 and stage 2 audits for year one, a surveillance audit for year 2, and a re-certification audit for year 3 will be submitted.
- The costs will be per year, and the contractual requirement will be for 3 years. The contract can be terminated due to poor service with a month’s notice.
- Stage 1 Audit – The stage 1 audit has a duration of either one or two days, depending on the size of the organisation and the number of ISO Standards the organisation chooses to conform to. This is a desk study audit, where all the documents of the Management System are reviewed (the inputs). There are no Non-conformances raised and areas of concern have been identified.
- Stage 2 – During the stage 2 audit, employees in the organisation are audited, being the medium to a process to verify the conformance to the requirements of the standard. The employees understanding and implementation of the organisation’s policies, processes, procedures and risks with records are verified.
- Depending on the Certification Body, stage 1 and stage 2 audits should be between 3 – 6 months apart. If not, the stage 1 audit is forfeited and is to be re-done at an additional cost.
- The surveillance audit is similar to the stage 2 audit, where processes / departments will be sampled to verify conformance.
- During the re-certification audit, all processes will be audited to verify the maturity of the organisation’s performance to the relevant ISO Standard.
How do I know the training I attend is credible.
-
Awareness, Implementation, Internal Auditing and Statistical training can be provided by any training provider. It would be beneficial if the Facilitator is experienced and speaks well. Accreditation is not required. However, if the organisation is accredited it would be helpful.
- What type of accreditation should I look out for?
- Sector Education Training Association (SETA)
- South African Qualifications Authority (SAQA).
- Professional Evaluation and Certification Board (PECB)
- Southern African Auditor and Training Certification Authority (SAATCA)
- Exemplar Global
- Chartered Quality Institute and The International Register of Certificated Auditors (CQI | IRCA)
- When attending a Lead Auditing course, the highest level of the ISO family courses, it is important to do so at an accredited training provider to ensure registration as a Lead Auditor is possible.