Frequently Asked Questions

Is the ISO 9001:2008 certification restrictive as regards the size of an organization?

There are no restrictions in this respect. Any organization, regardless of its size, can obtain an ISO 9001:2008 certificate. We have to bear in mind that when we talk about the ISO 9001:2008 certification, we talk about the certification of a quality management system that needs to be established, implemented and maintained in any organization. The number of employees is not relevant in this respect.

Do the certification procedures differ with regard to the size of an organization?

Not at all. The size of an organization has nothing to do with the certification procedure. It does dictate the amount of work of a certification body and consequently the costs, but not the procedure. Any organization, whether small or big, must fulfil all the requirements of the standard to be given a certificate. However, while the standard does define what an organization must meet, it does say nothing about how it should do that. This is left to an organization to define for itself, and this is where the size if an organization, as well as other factors, are taken into consideration.

Must every organization meet all the requirements of the standard in order to be granted a certificate? 

On principal, yes. However, in some cases the standard does allow exceptions or the so-called exclusions. This is, when a requirement of the standard cannot be applied due to the nature of an organization and its product, and never just because an organization wishes so. Furthermore, it is the duty of auditors to check all the reasons for the exclusion and decide, whether it is justified or not.

Is every organization that applies for a certificate given a certificate as well?

Not at all. A certificate is granted only to those that apply for it, pay a fee and have their management system established, documented, implemented, controlled and maintained in compliance with all the requirements of the standards. If auditors during an audit find out that all the requirements are not fulfilled, a certificate is not granted. However, we must point out that organizations usually apply for a certificate only when they are hundred percent sure they have fulfilled all the requirements of the standard. In spite of that, many of them still have to take and implement some corrective actions after the audit in order to improve their management system and to be given a certificate. Only rarely does it happen that after a completed certification procedure an organization would not be granted a certificate.

In what cases can a certificate be withdrawn or cancelled?

A certificate is cancelled or withdrawn if an organization no longer meets the requirements of the standard. The on-going compliance is checked annually at surveillance audits. If the certification body finds out that the compliance with the requirements of the standard is no longer maintained and that the particular organization is fully aware of that and has no intention of further maintaining the certificate, this is cancelled in mutual agreement.

It may also happen that a client of a certified organization demands a withdrawal of a certificate. If such a client is not familiar with the standard and with what the certificate refers to, some problems may arise. As the certificate represents compliance of a management system with the requirements of the standard, only non-compliance with those requirements can justify its withdrawal or cancellation. Other reasons cannot be taken as an excuse for its withdrawal.

Where can I get more information about the requirements and procedure for obtaining the ISO 14001 certificate?

There is a requirement in many public tenders as well as of many business partners that an organization should be certified to the ISO 14001 standard for environmental management system. Where can I get more information about the requirements and procedure for obtaining the ISO 14001 certificate?

On the first Friday of every month we hold free of charge informative seminars where we introduce management system standards and certification procedures, including the ISO 14001 standard and procedure.

We wish to establish an environmental management system in our organization. The question is, where to begin?

An introductory environmental review is the first step in establishing an environmental management system in any organization. It serves for drawing up an environmental management system plan. The introductory environmental review includes:

  • a review of main activities with environmental impacts (emission to the air and releases to water, waste management, use of raw materials and natural resources);
  • a review of environmental permits, obligatory reports to public authorities and other requirements of environmental legislation that must be considered; 
  • a review of the existing processes for reducing environmental impacts (legally required warehouses for chemicals, waste water treatment plants, etc);
  • evaluation of past incidents and emergency situations.

Can a holder of an ISO 14001 certificate for environmental management system disregard legal environmental requirements?

A holder of an ISO 14001 certificate must systematically follow legal environmental requirements, consider them when performing its activities and regularly review the on-going compliance with these requirements. Any detected non-compliance results in corrective actions to put the processes back in line with the legal requirements, and in preventive actions to avoid the repetition of non-compliance. Non-compliance with the legal environmental requirements namely justifies a withdrawal of a certificate.

The ISO 14001 standard states in article 4.5.4. Environmental management system audit that the organization shall carry out periodic environmental management system audits. Can you explain the purpose of this requirement?

The aim of environmental management system audits is to determine whether or not the environmental management system has been properly established, implemented, maintained and whether or not it conforms to the internal requirements and the requirements of the standard. To achieve this, they need to be carried out annually. Organizations that operate on various sites must carry out audits on every site and assess all the elements of the system there established. Only if these sites share same environmental aspects (e.g. gas stations in similar environment), may an organization select only some of them for audit. However, in the period of three years all sites must be audited.

What training course would be most appropriate for quality management system internal auditors who wish to become environmental management system internal auditors?

Although the standard does not say anything about which course to take to become an environmental management system internal auditor, one should take and pass an environmental management system internal auditor course (2 to 3 days), regardless of one's qualifications. However, quality management system internal auditors with practical experience in auditing may decide on a one to two day course on the requirements of the ISO 14001 standard and differences between the two audit procedures.

An internal auditor may be entered into the SIQ register of internal auditors. Being SIQ registered means being competent and qualified for carrying out internal audits as each year we check whether or not their knowledge and qualifications still meet the requirements, and whether or not their knowledge has improved or been upgraded.