Implementing the requirements of an ISO management system standard and making a self-determination and self-declaration (often referred to as self-certification) involves a structured approach. This process enables an organization to declare conformity to a standard without seeking certification from an external certification body. It is also referred to as a first-party audit.
Follow these steps.
1. Understand the Standard
- Select the appropriate standard (e.g. ISO 9001 for Quality, ISO 14001 for Environment, ISO 45001 for OH&S).
- Obtain the latest version of the standard from an official source (e.g. ISO or national standards body).
- Study the requirements and intent of each clause.
- Understand definitions, principles, and annexes (especially Annex SL for the high-level structure).
2. Conduct a Gap Analysis
- Compare your organization’s existing processes and systems with the standard’s requirements.
- Identify areas where processes, documentation, or controls are lacking.
- Document findings to guide the implementation plan.
3. Plan the Implementation
- Define scope of the management system.
- Secure top management commitment.
- Establish an implementation project plan with responsibilities, resources, and timelines.
- Identify interested parties and their relevant needs and expectations.
4. Develop the Management System
- Establish the necessary documented information (policies, procedures, manuals, records).
- Define roles, responsibilities, and authorities.
- Set objectives aligned with the organization’s strategic direction.
- Implement processes to address risks and opportunities.
- Integrate legal and other compliance requirements.
5. Train and Raise Awareness
- Train staff at all levels on the standard’s requirements and the management system’s processes.
- Ensure awareness of individual roles and how they contribute to conformity and continual improvement.
6. Implement and Operate the System
- Begin applying the developed policies and procedures in daily operations.
- Monitor performance against objectives and requirements.
- Maintain records as evidence of conformity and performance.
7. Evaluate Performance
- Conduct internal audits to verify the system is effectively implemented and meets standard requirements.
- Use audits to identify nonconformities, weaknesses, and opportunities for improvement.
8. Conduct Management Review
- Top management must review the management system at planned intervals.
- The review should assess the system’s suitability, adequacy, effectiveness, and alignment with strategic direction.
9. Address Nonconformities and Drive Continual Improvement
- Take corrective actions to address nonconformities.
- Use results from audits, management reviews, and performance monitoring to identify opportunities for continual improvement.
- Update processes and documentation accordingly.
10. Make the Self-Declaration
- When confident the management system meets all applicable requirements of the standard:
- Prepare a statement of conformity (the self-declaration).
- Ensure it is supported by objective evidence (e.g., audit records, performance metrics, documented procedures).
- Optionally, publish or share this self-declaration with stakeholders.
Note
- Self-declaration is not equivalent to third-party certification, but it can be useful for internal assurance or stakeholder communication.
- ISO provides guidance on self-declaration in ISO/IEC 17050-1 (general requirements) and ISO/IEC 7050-2 (supporting documentation).
- Transparency, evidence-based assurance, and accountability are key for credibility.