Environmental Management Systems
Safety and Health Management Systems
Disaster Planning
EHS Laws and Regulations
Corporate Governance
ISO Registration
Order Products
Resources and Links
Contact ENLAR
OHSAS 18001 Expert Blog

ISO Registration

In order for standards to be useful -- they must be used. The primary use of ISO 14001 is for management system certification or registration. In this context, the words "certification" and "registration" mean the same thing and are used interchangeably.

The purpose of this web page is to provide basic information about the ISO 14001 certification processes. In particular, information is provided about the following topics:

What is Conformity Assessment?

Conformity Assessment is the process whereby a product, process, service or system is evaluated against specified requirements. It includes activities such as sample testing, management system registration and product certification.

Conformity assessment is supported by three separate, yet interrelated, processes - standard-setting, accreditation and certification. Just as you need at least three legs to support a stool, each of these underlying processes is one leg supporting the integrity of the overall conformity assessment process.

Top of Page

An Overview of Standard-Setting

The first leg supporting conformity assessment is standard-setting. In order to assess conformance, you need to know the specific requirements you need to meet. These requirements are typically set out in a written standard.

There are hundreds of organizations around the world which develop written standards. Each country typically has at least one standard-setting body and many have several. ISO, the International Organization for Standardization, was established in 1947 specifically to promote the development of international consensus standards to replace country-specific standards to promote international trade.

There are literally thousands of voluntary standards - as many as 50,000 standards just in the United States alone. Some standards are very specific, whereas others are general in nature. Some standards have been adopted universally, while others may apply in only one country. Some are specific to a particular company or industry; others have been developed for use across a number of industries. There are more than 12,000 ISO standards covering topics from paper sizes and film speed to measurement units and management systems.

Top of Page

Certification - the Process of Determining Conformance

Certification is the process by which a party gives a written assurance that a product, service, system, process or material conforms to specific requirements (a standard). It is the second leg supporting the conformity assessment process.

There are hundreds of certification bodies around the world. These organizations inspect, audit, test and certify everything from bananas and shoes to electronic components, chemicals and management systems.

Although certification can be done through self declaration (first-party certification) or customer audits (second-party certification), it is considered more reliable if it is conducted by an independent third-party. The fundamental requirement for third-party certification is independence, commonly understood as the lack of potential conflicts of interest on the part of the organizations and the individuals conducting the evaluation.

Other requirements for a certification program include developing a means of assuring technical proficiency on the part of inspectors or auditors and establishing systems that ensure reliable and consistent results. These requirements are imposed on certification bodies through the accreditation process.

Top of Page

Accreditation - Evaluating the Evaluators

Lately, there has been increased interest in answering the question - "Who audits the auditor?" In other words, what "watchdog" agencies, programs or processes are in place to make sure the public can rely upon the results of an audit or certification process?

This is the role of the third leg of the conformity assessment process, accreditation.

Accreditation is the process by which an authoritative body gives formal recognition to a person or an organization that it is competent to carry out specific tasks. Typically, each country has at least one accreditation body. These accreditation organizations are usually government agencies or non-profit organizations endorsed by the government. As part of the accreditation process, accreditation auditors review the processes and systems of the registrars.

Top of Page

The ISO 14001 Conformity Assessment Process

To understand how conformity assessment works for ISO 14001, it is helpful to understand the interrelationship between the standards, processes and the players that play a role in registering a company.

First, the standards. ISO 14001 sets out the requirements a company must meet to establish a "conforming" environmental management system. In addition to the ISO 14001 standard, ISO has published an auditing standard, ISO 19011, that specifies what needs to be included in an environmental auditing program and the competencies needed for environmental management system auditors.

These standards were developed in accordance with the directives and guides that govern the ISO standard-setting process. The development, and subsequent revision, of these standards is the responsibility of ISO Technical Committee 207, which is made up of representatives of each of the member countries to ISO. The United States develops input and comments on the ISO 14001 and ISO 19011 standards through the Technical Advisory Group (TAG) to TC 207, which is an ANSI committee with the American Society for Quality (ASQ) as the Secretariat.

Next, the processes. The conformity assessment processes are certification (registration) and accreditation. These processes are influenced or governed by host of national and international agreements, standards and parties. In particular, the rules for accreditation and registration are developed by CASCO - ISO's Committee on Conformity Assessment. These CASCO rules are Guide 61 (the rules governing accreditation bodies), Guides 62 and 66 (the rules governing registrars) and ISO 17024 (the rules for organizations that certify individuals). There is currently an ISO standard-setting effort underway to replace Guides 62 and 66 with a new ISO standard, ISO 17021, Conformity Assessment - Requirements for bodies providing audit and certification of management systems. A second draft of this standard was issued in late 2005 because of the significant opposition raised over the content of the first draft.

In order to be certificated, an organization must follow the rules established by the registrar who issues it a certificate, and, in turn, the registrar must follow the rules established by the accreditation body that accredits that particular registrar. These rules may be more stringent than the requirements established within ISO 14001 and ISO 19011.

Finally, the parties. In the United States, the accreditation body that certifies ISO 9001 and ISO 14001 registrars is the ANSI/ASQ National Accreditation Board (ANAB). There are several other accrediting bodies around the world. These accreditation bodies have entered into a mutual recognition agreement to recognize each others accreditations as members of the International Accreditation Forum (IAF).

In order to be accredited, each registrar must develop written procedures to govern its ISO 14001 registration process. Registrars are subject to periodic surveillance audits by their accreditation bodies to ensure audit reliability and impartiality. A registrar that fails to follow its written procedures or is found to have engaged in improper activities may have its accreditation withdrawn.

One of the requirements registrars must meet is to use competent auditors. RABQSA is an organization who provided a program for certifying that individual environmental and quality auditors have meet auditor competency requirements. Registrars may, but do not have to, use RABQSA certified auditors.

Top of Page

Choosing a Registrar

Now that you have a basic understanding of the overall ISO certification process, how do you go about selecting a registrar to certify your environmental management system?

The first question you need to answer is whether you need third-party certification. ISO 14001 does not require it. Organizations can self-certify their conformance to the standard and many have used this approach. This is particularly true for governmental agencies that already have independent oversight mechanisms in place. On the other hand, if you have a major customer who is requiring an ISO 14001 certificate, third-party certification will likely be mandatory.

If third-party certification is not required, the next question to ask is "Will it be beneficial?" Organizations have found third-party certification to be helpful for several reasons:

  • In large organizations, third-party certification can supply information for executive management to get an independent evaluation of their management systems. This prevents top management for only hearing what middle managers want them to hear.
  • Regularly-scheduled third-party reviews can prevent other activities from taking top priority and focus management attention, at least periodically, on environmental concerns.
  • Third-party auditors can provide input to assist organizations in benchmarking their systems against industry best practices and for continual improvement of their management systems.

Once you decide to move forward with third-party certification, it is important to choose your registrar carefully - taking into account your overall business goals. Given the nature of the conformity assessment process, you will be choosing someone with whom you will have a business relationship for at least three years, so it is important to choose carefully.

Approaches vary widely so it is worthwhile to get proposals from several registrars. It is also important to keep in mind that the overall cost to your organization includes the costs of implementing a system that meets the registrar's particular requirements, travel costs for the registration auditor(s) who will be visiting your facility and the time and resources you will need to support the periodic in-person registration audits. These indirect costs may be substantially more than direct costs spelled out in the registration contract.

Questions you should consider asking a prospective registrar include:
  • What are the registrar's processes for ensuring auditor competency and what are the qualifications of the individual(s) who will be conducting the audits at my facility? In particular, does the auditor have the environmental qualifications and hands-on experience necessary to evaluate your company's environmental management system?
This is the most important question, since the individual(s) performing your registration audits are the ones you will interact with the most and will have the most impact on the value you receive from the registration process.
  • What is the registrar's views on regulatory compliance requirements, maintaining confidentiality and external reporting requirements? Are the views expressed to you verbally consistent with the terms and conditions set out in the registration contract?
  • What kinds of audit documentation will the registrar generate? Is it too much (a potential liability issue), too little (doesn't supply enough to assist you in improving your system), or just right to meet your needs?
  • Does the registrar have processes in place for resolving differences of opinion on interpretations of the requirements of ISO 14001? Are you comfortable with them?
  • Are you comfortable with the extent to which the registrar either sticks solely to auditing against the requirements of ISO 14001 or focuses on providing "value-added" auditing? What happens if you disagree that a particular "value-added" change is needed - can you lose your certificate?
  • If your environmental and quality management systems are integrated, how will the registrar audit your quality and environmental procedures for similar processes? Are you comfortable with the registrar's interpretation of the extent to which ISO 9001 and ISO 14001 requirements are the same?

ISO registration is a service business. The best choice for you will be based on which registrar has the appropriate expertise, makes you feel comfortable with its approach and provides the best value - given your particular needs. Like any other major purchase, it is important to evaluate several companies, ask for and check references and take into account all of the cost involved - not just the contract price. Be very careful in evaluating "value-added" services to ensure that they truly do provide value and be careful that they retain the impartial evaluation which is the true purpose of the third-party registration.

Top of Page


ENLAR Compliance Services, Inc.
3665 East Bay Drive, Suite 204-C, Largo, FL 33771-1965
Phone: 727-754-3670

Environmental Management Systems | Safety and Health Management Systems | Disaster Planning
EHS Laws and Regulations | Corporate Governance | ISO Registration | Order Products | Consulting
Training | Introductory Training | Environmental Training | Occupational Health & Safety Training
Course Schedule | Course Registration | Publications | Free Publications | Resources & Links
About ENLAR | Contact ENLAR | OHSAS 18001 Expert Blog | ENLAR Home Page | Top of Page
Copyright 1999-2013, ENLAR Compliance Services, Inc. All rights reserved. Trademarks not owned by ENLAR Compliance Services, Inc. are owned by other companies.  Rights to design elements such as photos, graphics and computer programs remain the property of their respective owners.