Thousands of ISO certifications at risk of lapsing due to halted re-certification audits

Thousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organizations’ premises to conduct essential re-certification audits during the current coronavirus pandemic.

Worldwide, hundreds of thousands of certifications are at risk of lapsing as lockdown conditions look set to continue for the foreseeable future.

Affected organizations may incur significant financial costs

Current UKAS guidelines – unchanged since August 2016 – state that: “If [a] recertification assessment cannot be undertaken within six months [of the anniversary of the certificate being issued] the certificate should be suspended, and a new initial assessment will be required.”

To restore their certifications, affected organizations may incur financial costs easily three times higher than they were expecting to pay for their annual audits – plus considerably higher levels of time and resources – as well as having to remove any reference to their certifications from their websites and other collateral in the meantime.

“Across just three [ISO9001, ISO27001 and ISO45001] of the five ISO management system standards that we help organizations to achieve, an average of 2,500 UK certifications per month could be at risk of lapsing due to the break in audit activities – never mind all other ISO standards, and notwithstanding any backlog of audits, whenever they can resume at scale,” said Peter Rossi, Director at InfoSaaS.

Some organizations may decide not to be re-audited

The International Organization for Standardization (ISO) doesn’t publish figures for the number of certifications granted across every standard. However, there are more than 1.3 million certifications worldwide across 12 standards for which it has most recently published numbers, in the form of the ISO Survey 2018 (including ISO9001, ISO14001, ISO20000, ISO22000, ISO22301, ISO27001, ISO28000, ISO45001, ISO50001, ISO 13485, ISO37001 and ISO 39001).

Worldwide there are over 870,000 certifications for ISO9001 alone, indicating that – six months on from the start of lockdowns – over 70,000 per month may be at risk of lapsing should surveillance audits remain halted.

“The uncomfortable truth is that, under current circumstances, some organizations may decide not to be re-audited and simply to let their ISO certifications lapse. Any such de-prioritisation may, in turn, lead to an unwanted decline in standards for the likes of information security, environmental management, health and safety and quality management. This is not a good outcome for anyone,” explained Rossi.