Certification Process

Certification Process

The certification process follows a number of steps which are to be followed. While all certification bodies follow the same core steps, The InteRisk Group’s point of difference is the exceptional support and communication you will receive throughout. This process can be followed step by step at a pace that meets your needs and we will ensure you have a thorough understanding of the next step before we proceed.

If you have been previously certified by an organisation other than The InteRisk Group and are interested in having us support your ongoing certification, please contact us to discuss.

Step 1: Application

Use the Contact Us page to make an enquiry about certification. We will get back to you with an application form which will ask about your organisation, and the scope of certification you are seeking. Based on this information The InteRisk Group will develop a fee proposal tailored to the scale and scope of your organisation and the certification you are seeking. You will receive a fixed fee contract for the entire certification cycle (including initial, surveillance and recertification audits). Upon acceptance of this proposal you will proceed to the initial audit.

Step 2: Initial Audit

The Initial Certification Audit is split into two parts. Stage 1 involves a document review which may or may not be conducted on your site. The purpose of this audit is to ensure you are ready for Stage 2 by evaluating your documented processes in line with the standards for which you are seeking certification. Stage 1 is designed to give us an insight into and understanding of your organisation. The Stage 2 audit will be conducted on site and may include visits to other sites if you are a multi-site organisation, in accordance with the defined certification scope. Site visits may be conducted by electronic means if practical. The purpose of this audit is to:

  • Determine compliance with the requirements of the standard
  • Consider the ability of your management system to meet the requirements of the standard
  • Evaluate the effectiveness of the management system to meet your organisational objectives
  • Identify opportunities for improvement.

You will be notified of any nonconformities or areas for improvement. If nonconformities with the standard are identified, you will be required to rectify these items and provide evidence of such.

Step 3: Certification Decision

The InteRisk Group management will review the findings from both Stage 1 and Stage 2 audits as well as the auditor’s recommendation for certification. If there is sufficient evidence that your management system meets the requirements of the standard and is effectively implemented, certification will be granted.

If there is insufficient evidence or your management system is not yet effectively implemented, you will be notified, and we will explain what is missing. You will have the opportunity to make changes and correct inefficiencies and provide evidence to us. In most cases there will be a delay in certification until adequate evidence is provided. But The InteRisk Group will endeavour to work with you to ensure you gain certification wherever possible.

Once you are certified you will be able to commence using The InteRisk Group certification marks which will be issued to you. However, you must ensure to follow The InteRisk Group Certification Mark Use Policy in all circumstances

Step 4: Surveillance Audits

After certification has been granted, we will begin the surveillance cycle. We will conduct regular surveillance audit for the duration of certification.

If all is found to be okay at the surveillance audits certification will continue. If any concerns are noted, we will communicate these to you and provide you an opportunity to rectify them. As long as these concerns are tended to in an appropriate and timely manner, certification will continue uninterrupted.

Only in cases where insufficient action is taken will the matter be referred to The InteRisk Group management and may result in suspension or cancellation or your certification.

Surveillance may be conducted on a 6 or 12 monthly basis as required.

Surveillance audits may be required to be conducted on short notice or unannounced. This may be required due to significant changes in your organisation, non-conformances identified or another circumstance. The InteRisk Group will endeavour to provide as much notice to you as possible. However, you may be required to accommodate an audit with limited notice on exception.

Step 5: Recertification Audit

Recertification audits normally occur after 3 years. A recertification audit is identical to the Stage 2 audit as mentioned in Step 2 of this process. When your management system is found to continue to be operating in line with the requirements of the standard, certification will be reissued for another 3 years and surveillance audits will recommence.

Complaints and Appeals

At any stage of the process above you are entitled to make a complaint or appeal the certification decision. All complaints and appeals will be handled in accordance with the associated policy. You can access our policies here.

    Etiam magna arcu, ullamcorper ut pulvinar et, ornare sit amet ligula. Aliquam vitae bibendum lorem. Cras id dui lectus. Pellentesque nec felis tristique urna lacinia sollicitudin ac ac ex. Maecenas mattis faucibus condimentum. Curabitur imperdiet felis at est posuere bibendum. Sed quis nulla tellus.


    63739 street lorem ipsum City, Country


    +12 (0) 345 678 9