Our Certification Process

A Structured, Transparent Path to ISO Certification

ISO certification at UAEC follows a clearly defined, stage-by-stage methodology — designed to be thorough, well-supported, and free of surprises at every step of the journey.

Stage 01
Consultation & Scoping
Stage 02
Gap Analysis
Stage 03
Documentation
Stage 04
Stage 1 Audit
Stage 05
Stage 2 Audit
Stage 06
Certification & Beyond
6

Structured Stages

A clearly defined process with no ambiguity at any step

1

Named Consultant

Assigned to you from first contact through to certification

2

Formal Audit Stages

Document review followed by full certification assessment

3 yrs

Certification Cycle

Valid for three years with annual surveillance support

50+

Countries Served

Remote and in-person audit options available globally

12+

ISO Standards

From quality management to information security and beyond

Stage by Stage

The UAEC Certification Methodology

Every UAEC engagement follows this six-stage process. While timelines vary depending on the size and complexity of your organisation, the structure — and the rigour — remains consistent.

Stage01

Initial Consultation & Scoping

Where it begins

Every engagement begins with a thorough initial consultation — either by phone, video call, or in person. This is not a sales call. It is a structured professional discussion designed to understand your organisation in sufficient depth to define the scope and approach of the certification engagement.

We discuss your organisation's structure, size, sector, existing processes, and the specific ISO standard or standards you wish to pursue. We ask about your supply chain obligations, any tender or contractual requirements driving the certification need, and your internal capacity to support the process.

The output of this stage is a formal scope definition — a clear written statement of the boundaries of the management system to be certified, which forms the foundation of everything that follows.

Stakeholder Mapping

We identify key personnel who will be involved in the management system and the certification process.

Scope Definition

A written scope statement is agreed and documented, defining precisely what is included in the certification.

Standard Selection

Where multiple standards apply, we advise on the optimal sequencing and integration of management systems.

Engagement Plan

A proposed timeline and engagement plan is prepared, outlining each stage and what is required from your team.

No-obligation Remote or in-person Scope document issued
Stage02

Gap Analysis & Risk Assessment

Know where you stand

The gap analysis is a formal, clause-by-clause assessment of your organisation's current practices, processes, and documentation against the full requirements of the relevant ISO standard. It is conducted by your assigned consultant and produces a detailed written report.

This stage is designed to give you an honest, objective picture of where your management system already meets the standard's requirements, and where development work is needed before the certification audit can proceed. Nothing is glossed over — a thorough gap analysis is what prevents surprises at audit stage.

We also conduct an initial risk assessment at this stage — identifying the key risks and opportunities relevant to your management system scope, which forms the basis for your risk register and subsequent risk treatment planning.

Clause-by-Clause Review

Every requirement of the standard is assessed against your current practices and rated for compliance.

Risk Register

A formal risk register is established, identifying risks to the management system and proposed treatment actions.

Gap Report

A written report is issued clearly documenting what is in place, what needs to be developed, and the recommended priority order.

Action Plan

A prioritised action plan is agreed with your team, mapping the path from current state to audit-ready.

Written gap report Risk register Prioritised action plan
Stage03

Management System Development & Documentation

Building the system

This is the implementation stage — where the gaps identified in Stage 2 are addressed through the development and formalisation of your management system. Your UAEC consultant works alongside your team to develop the documented information required by the standard.

This includes your management system manual (where applicable), policies, procedures, objectives, and the records and evidence needed to demonstrate that the system is operational. Critically, we do not simply hand you template documents — we develop materials that reflect how your organisation actually operates, ensuring they are meaningful, usable, and audit-ready.

We also support the development of internal audit procedures and the first internal audit cycle, and assist in preparing for the management review process required by most ISO standards.

Policy Development

Organisation-specific policies drafted and reviewed with key stakeholders to ensure accuracy and buy-in.

Procedure Writing

Operational procedures documented to reflect actual working practices — not generic templates.

Internal Audit Setup

Internal audit schedule and procedure established to demonstrate the system's self-monitoring capability.

Readiness Review

A final review confirms that all required documentation and evidence is in place before Stage 1 Audit.

Policies & procedures Evidence pack Internal audit programme Management review support
Stage04

Stage 1 Audit — Documentary Review

Formal audit begins

The Stage 1 audit marks the formal beginning of the certification assessment. At this stage, the auditor conducts a thorough review of your documented management system — assessing the scope, policies, procedures, and supporting records against the requirements of the relevant ISO standard.

The purpose of the Stage 1 audit is to determine whether your management system is sufficiently developed and documented to proceed to the Stage 2 certification audit, and to identify any areas that require further attention beforehand. The auditor will produce a formal Stage 1 report detailing findings and any observations or minor non-conformances to be addressed.

The Stage 1 audit is typically conducted remotely, though in-person assessment can be arranged where preferred or required.

Document review Formal Stage 1 report Remote or in-person Findings communicated clearly
Stage05

Stage 2 Audit — Certification Assessment

The certification audit

The Stage 2 audit is the full certification assessment. The auditor evaluates whether your management system is not only adequately documented — as confirmed at Stage 1 — but genuinely implemented, operational, and effective across the scope of the certification.

Objective evidence is gathered through a combination of document review, process observation, interviews with relevant personnel, and examination of records. Each clause of the standard is assessed against the evidence available. Any non-conformances identified are documented in the audit report, classified as either major or minor, and must be addressed and closed out before the certificate can be issued.

Our auditors conduct Stage 2 assessments with professionalism and respect for your team's time. Findings are discussed openly at the closing meeting, ensuring there are no surprises in the written report.

Objective Evidence

Records, interviews, and process observations used to confirm the system's implementation and effectiveness.

Non-Conformance Assessment

Any non-conformances are documented, classified, and communicated with clear requirements for corrective action.

Closing Meeting

All findings are discussed openly at a closing meeting before the written report is finalised.

Certification Recommendation

Upon satisfactory completion, a recommendation for certification is made and the certificate issuance process begins.

Full on-site or remote assessment Formal audit report Closing meeting Corrective action support
Stage06

Certificate Issuance & Ongoing Compliance

Certification achieved

Upon successful completion of the Stage 2 audit and resolution of any non-conformances, your internationally recognised ISO certificate is issued. The certificate confirms that your management system has been formally assessed and found to meet the requirements of the relevant standard.

ISO certification is valid for a three-year cycle, during which your management system must be maintained and demonstrated to remain effective. UAEC supports you through the full certification lifecycle — including annual surveillance audits and the triennial recertification assessment at the end of each cycle.

Certificate Issued

Your ISO certificate is issued and valid for three years from the date of the certification audit.

Year 1 Surveillance

Annual surveillance audit confirms your management system remains effective and compliant.

Year 2 Surveillance

Second annual surveillance audit maintains certification currency ahead of recertification.

Year 3 Recertification

Full recertification audit conducted at the end of the three-year cycle to renew your certificate.

Certificate valid 3 years Annual surveillance support Recertification guidance Ongoing consultant access
The Full Lifecycle

Certification is a Continuous Cycle

ISO certification is not a one-off event — it is a continuous management process. The three-year certification cycle is designed to ensure that your management system evolves with your organisation, responding to changing risks, objectives, and operating conditions.

Each annual surveillance audit is an opportunity to demonstrate improvement, address emerging risks, and confirm that the system remains relevant and effective. UAEC supports you through every point in this cycle — not just at the initial certification stage.

Organisations that engage actively with their management systems between audits consistently achieve better audit outcomes, stronger compliance cultures, and greater commercial benefits from their certification.

The 3-Year Certification Cycle

From initial certification through to recertification — what happens and when.

Year 0 Certification audit completed. Certificate issued.
Year 1 1st surveillance audit. Confirm ongoing compliance.
Year 2 2nd surveillance audit. System improvement evidenced.
Year 3 — Recertification Full recertification assessment. Certificate renewed for a further three-year cycle.
Between each formal audit, UAEC remains available to support your team with internal audit preparation, system updates, and compliance queries — ensuring your management system stays current and effective throughout the full cycle.
What You Receive

Everything Included in a UAEC Engagement

Every UAEC certification engagement is fully inclusive. There are no unbundled add-ons or surprise costs at audit stage.

Dedicated Consultant

A named, qualified consultant is assigned to your engagement and remains your primary point of contact from initial consultation through to certificate issuance.

Formal Gap Analysis Report

A written clause-by-clause gap analysis report, identifying the current state of compliance and providing a clear action plan for addressing gaps.

Full Documentation Pack

Organisation-specific policies, procedures, and supporting documents developed in collaboration with your team — not generic templates.

Stage 1 & Stage 2 Audits

Both formal audit stages are included — the documentary review and the full certification assessment — with written reports issued for each.

ISO Certificate

An internationally recognised ISO certificate issued on successful completion of the Stage 2 audit, valid for three years from the date of certification.

Surveillance & Recertification Support

UAEC remains engaged throughout the three-year certification cycle — supporting annual surveillance audits and the recertification process at the end of each cycle.

Common Questions

Questions About the Certification Process

How long does the certification process take?

The timeline varies depending on the size and complexity of your organisation, the ISO standard being pursued, and the current state of your management systems. A small business with relatively straightforward processes and a well-prepared team will progress through the stages more quickly than a large, multi-site organisation certifying against a complex standard. Your UAEC consultant will provide a realistic, tailored timeline estimate at the outset of your engagement.

What happens if non-conformances are found during the audit?

Non-conformances found during the Stage 2 audit are classified as either major or minor. Minor non-conformances can typically be addressed through a corrective action plan submitted to and accepted by the auditor within an agreed timeframe, after which certification can proceed. Major non-conformances require evidence of effective corrective action before a certification recommendation can be made. UAEC supports you in understanding and addressing all findings efficiently.

Can the audit be conducted remotely?

Yes. UAEC operates a structured remote audit model that allows us to conduct both Stage 1 and Stage 2 assessments for clients in any location. Remote audits are conducted using secure video conferencing tools and involve the same rigour and evidence requirements as in-person assessments. For certain standards or contexts where physical site observation is a requirement, in-person audit arrangements can be made.

Do we need to have our management system fully in place before contacting UAEC?

No. Many clients come to UAEC at the very beginning of their ISO journey, with little or no formal management system in place. Our consultancy support is specifically designed to help you develop the required system from the ground up. If you already have elements of a management system in place, the gap analysis will identify exactly where further development is needed.

What is a surveillance audit and are they mandatory?

Yes, surveillance audits are a mandatory part of maintaining ISO certification. They are conducted annually during the three-year certification cycle (in Years 1 and 2) and are designed to confirm that your management system remains implemented, effective, and compliant with the standard. Failure to complete surveillance audits will result in the suspension or withdrawal of your certificate.

Can we certify against more than one ISO standard at the same time?

Yes. Many ISO standards share a common high-level structure (HLS), which means they can be integrated into a single management system and certified simultaneously or sequentially. UAEC has considerable experience in integrated management system engagements — for example, combining ISO 9001, ISO 14001, and ISO 45001 into a single Integrated Management System (IMS). Your consultant will advise on the most appropriate approach for your organisation.
Ready to Begin?

Start Your Certification Journey With UAEC

Contact our team today to discuss your requirements. We will assess your organisation's needs, explain the process in full, and outline a clear, structured path to internationally recognised ISO certification.

Speak to a Consultant Browse ISO Standards

📞 +447380185821  |  +61466373938  |  ✉ info@uaexpertcorporation.com