Freely subscribe to our NEWSLETTER

Current UKAS guidelines – unchanged since August 2016 – state that: “If [a] recertification assessment cannot be undertaken within six months [of the anniversary of the certificate being issued] the certificate should be suspended, and a new initial assessment will be required.” To restore their certifications, affected organisations may incur financial costs easily three times higher than they were expecting to pay for their annual audits – plus considerably higher levels of time and resources – as well as having to remove any reference to their certifications from their websites and other collateral in the meantime.

The issue has been raised by InfoSaaS, a provider of industry-leading software solutions that help customers achieve information security, data protection and business compliance requirements, up to and including ISO management system certification level.

Peter Rossi, co-founder of InfoSaaS, said: “Across just three [ISO9001, ISO27001 and ISO45001] of the five ISO management system standards that we help organisations to achieve, an average of 2,500 UK certifications per month could be at risk of lapsing due to the break in audit activities - never mind all other ISO standards, and notwithstanding any backlog of audits, whenever they can resume at scale.”

The International Organisation for Standardisation (ISO) doesn’t publish figures for the number of certifications granted across every standard. However, there are more than 1.3 million certifications worldwide across 12 standards for which it has most recently published numbers, in the form of the ISO Survey 2018 (including ISO9001, ISO14001, ISO20000, ISO22000, ISO22301, ISO27001, ISO28000, ISO45001, ISO50001, ISO 13485, ISO37001 and ISO 39001).
Worldwide there are over 870,000 certifications for ISO9001 alone, indicating that – six months on from the start of lockdowns – over 70,000 per month may be at risk of lapsing should surveillance audits remain halted.

Remote audits are impossible when organisations rely on outdated approaches tools such as multiple spreadsheets, which require in-person explanation, justification and cross-reference. Accordingly, InfoSaaS wants to see Certification Bodies conducting remote surveillance audits where the candidate organisation is using an integrated, platform-based solution such as InfoSaaS’s own Compliance Framework platform, which make it easy for auditors to conduct the necessary surveillance and auditing activities.

InfoSaaS’s platform helps organisations achieve and retain several ISO certifications: ISO27001 (information security management), ISO27017 and ISO27018 (enhanced security control sets for cloud services,), ISO9001 (quality management) and ISO45001 (health and safety risks) - as well as data protection workflows in support of GDPR.

ISO certifications to various standards have become increasingly important to organisations operating in increasingly competitive markets around the world: having valid ISO management system certificates clearly communicates relevant or important competencies to potential customers. In particular, demonstrating certification against industry standards and evidencing a mature approach to the protection of sensitive information and personal data have become baseline requirements in many markets and for some customers.
[ends]

– Pricing and availability
The InfoSaaS platform is available now and is offered on Bounce Back pricing until the end of 2020.