Roadmaps for achieving 3rd party certification.

Conformity assessment.

We have taken the time to study all the relevant official guidance from the International Standards Organisation (ISO) to include ISO/IEC 17021-1:2015 Conformity assessment -- Requirements for bodies providing audit and certification of management systems -- Part 1: Requirements. This coupled with our experience has enabled us to produce a proven methodology; ensuring we produce an implementation plan for you that is focused on outcomes and therefore fit for purpose.

Management Systems - Design, implementation and improvement.

Risk based thinking, the Process approach and Plan-Do-Check-Act.

These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk-based thinking is used throughout the process approach; below shows the typical hierarchy of a management system design:

  • Policy.

  • Processes.

  • Procedure.

  • Forms/templates.

  • Technology/digital e.g. workflow (if applicable)

Support - Ongoing management system administration.

Change control and management.

Certified management systems require the administration to withstand ongoing conformity assessment and improve. Systems thinking should be applied within change control, ensuring all implications are being considered and exploiting any opportunities, continually improving.


Contact us for advice on roles, responsibilities & authorities and how robust lines of communication can be put in place to achieve this. 

Management review.

Management review is an important activity to maintain any certified management system; it should be conducted by top management in alignment with the organisations' strategic direction and with inputs from all levels. In taking a holistic approach, we realise through collating information, then periodically reporting.

We can support with chairing or co-chairing, participation, and coordination.

First party internal auditing - Based on risk and performance.

Working with us we transfer all our knowledge and experience across first, second, and third-party audit disciplines, along with an interpretation of key standards and references from leading institutions such as the CQI & IRCA. We can develop an audit programme, ensuring it holds and is meeting its own objectives which are consistent with strategy and policy.

We can perform audits, act as a lead auditor within a team along with developing your audit programme based on risk and performance. 

Second party auditing - Supply chain.

Evaluation of the supply chain can often be commercial and health & safety bias. Beyond applicable obligatory requirements and relevant to scope, supply chains should be further tested against numerous facets to include specific charters and industry commitments & performance targets etc. Evaluations and controls are especially important where outsourcing takes place.

Our offerings include targeted and proactive second party auditing. We also have experience in producing evidence type files for third parties that require independent assurance.

Assistance with hosting third party audit.

Beyond the initial decision (see conformity assessment above) accredited certification bodies will need to conduct audits periodically, we can assist as subject matter experts or simply to support the logistics of your visit plan.

Management Consultancy & Advisory.

Maturity assessment and organisational resilience.

We often describe a 'management system' in terms of maturity; in developing your operating model we can use a blend of best practice management tools to identify strengths & weaknesses. For example, in 2017 collaborating with the Cranfield School of Management, the British Standards Institute has created the first index for Organisational Resilience; after piloting its’s reference for a year ‘GPR PS’ are now able to assist in facilitating its use as a benchmarking tool.

Policy review.

Across organisations, we often see a variety of policy that is typically, either misinterpreted or poorly implemented; this could be within a large-multination grappling with governance or a small/SME needing to rationalise, perhaps for business development purposes. We can provide a comprehensive review based on best practice. Following this, a targeted audit programme ensures a consistent approach with their implementation. Beyond this, we can develop a ‘code of business conduct’ for the relevant target audiences such as employees and or the supply chain.


Contact us for an example of best practice policy for ‘sustainable development’.​

Corporate responsibility - Supply chain.

Notwithstanding the scope and scale of your supply chain, business owners and their employees often get exposed to the risks created by others.


We can provide support, from reporting against corporate responsibility to the creation of a supply chain code of conduct. Other examples include the assurance that conflict minerals are not being used and preparing a ‘modern slavery statement’. 

Statutory & regulatory.

From the perspective of ISO 9001, contact us for interpretation of how business standards meet the intent of obligatory requirements specified by a legislative body and or authority which has been mandated by a legislative body.


Ultimately organisations should have a methodology in place for identifying, maintaining, and updating all applicable statutory and regulatory requirements.

See also 'supply chain' above.

Business Development and marketing.

If you work in the public sector responding to pre-qualification questionnaires (PQQ’s) and or tenders, perhaps a review of your responses to ‘business standards’ related questions would add some value; ultimately with the endeavour of taking every opportunity to differentiate yourself from the competition.

Also, if you need credentials, such as accredited certifications, for strategic marketing/business development we can provide a health check on how you are presenting yourself; capitalising on their use to demonstrate both governance and assurance. For example, this could be the development of policy around corporate responsibility, and if relevant, supply chain risk management in the context of ‘modern slavery’ and the use of conflict minerals.

Business improvement & change/transformation.

Continuous improvement can be realised in various forms such as breakthrough change and innovation; any initiative that involves time, effort and capital investment should start with some form of a business case. Beyond this, we will always use the appropriate level of change management, ensuring all stakeholders are not just identified, but also engaged & communicated with.

Sometimes change is not always for the better; you may be working in a highly regulated environment where, in places, governance and assurance have been duplicated and you are simply having to comply. Here we can help you meet your requirements in the most effective & efficient way; from reviewing organisation design (roles & responsibilities) to underwriting evidence files. 

The word transformation should neither be used lightly nor confused with change; although a transformation can last years it should always be seen as a temporary state, whereas change, can be constant in the context of continuous improvement. Portfolio, programme and project offices are often an inherent feature within the transformation. Based on best practice we can assist in building a portfolio of projects, identifying any opportunities for programmes; ultimately prioritising capital investment, ensuring business cases are sound and return on investment can be achieved.

Contact us for consultancy and advise on how to approach a project or for any ‘ad hoc’ support.