The service consists of business consulting for the implementation and maintenance of the ISO standard as an integral part of the certification process.

During the creation and preparation of documentation for a particular ISO standard, the client’s internal processes are adjusted.

Boost provides clients with the service of compliance with the following ISO standards:

  • ISO 9001 – Quality Management Systems
  • ISO 20000-1 – IT Service Management System
  • ISO 27001: Information Security Management System
  • ISO 22301 – Business Continuity Management System
  • ISO 27017 – Information Technology — STANDARD-Based Code of Practice for Information Security Controls
  • ISO/IEC 27002 for cloud services
  • ISO 27018 – Information Technology – Code of Practice for the Protection of Personal Data (PII)
  • ISO 27701 – Security Techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management (GDPR)
  • ISO/DIS 31700 – Consumer protection — Privacy by design by design
  • ISO 26000 – Guidelines on Social Responsibility
  • ISO 14001 – Environmental Management Systems
  • SA 8000 – Social Responsibility Management
  • ISO 45001 – Occupational Health and Safety Management System
  • ISO 37001 – Anti-Bribery Management Systems
  • ISO 37301 – Compliance Management Systems

 

THE PROCESS OF IMPLEMENTATION OF ISO STANDARDS AND CERTIFICATION

1) Selection of the standard and definition of the scope of certification

  • Selection of the standard you want to implement in your business (ISO 9001 – quality, ISO 14001 – environment, ISO 27001 – information security, ISO 2000-1 – service management, ISO 45001 – health and safety, etc.).
  • Define the scope of the standard you want to certify (define locations, products/services, processes that are included in the certification)

2) Defining the project plan and project team

  • Define the project plan (deadlines, goals, responsibilities, risks, expected results)
  • Designation of responsible persons for the project and for the management system being implementedEdukacija projektnog tima o normi koja se implementira
  • Perform a compliance assessment with the requirements of the standard (GAP analysis)

3) Documentation development

  • Document the mandatory requirements of the standard by creating policies, procedures, strategies, manuals, forms, etc.
  • Conduct analyses, tests, exercises, and other activities (as required by the standard).
  • Ensure documentation and change management

4) Implementation and education of employees

  • Implement the management system in business processes
  • Conduct employee training on the implemented system and defined procedures and policies, make employees aware of the obligations and contribution to the management system
  • Ensure monitoring of the performance of the management system (monitoring of KPIs, objectives, non-compliance, risks and other elements) and continuous improvement

5) Conducting the internal audit and management review

  • Plan and conduct an internal audit
  • Conduct a Management Review

6) Application for Certification

  • Choosing an accredited certification body
  • Application for Certification
  • Defining the dates of the initial and certification audit

 

Certification process (by an accredited certification body)

Phase 1 – Initial audit

  • Verification of the implementation of the basic structure of the management system
  • The auditor verifies whether the fundamental requirements of the standard are met, including the understanding of the requirements, scope, policy/objectives, and other documented requirements
  • Actions based on the report identifying any nonconformities that must be corrected before certification.

Phase 2 – Certification

  • A more detailed review of the management system, based on which the auditors provide a recommendation for issuing the certificate.Provodi se audit sukladnosti sustava kroz intervjue, promatranje procesa i pregled dokumentiranih procedura i zapisa.
  • Taking actions based on the certification audit report within the specified deadlines and/or internally planned timeframes (depending on the audit results).
  • The results of the audit may indicate non-conformities, observations, opportunities for improvement, good practices and strengths of the audited system
  • The certification decision and issuance of the certificate (in accordance with the contract, issued for a 3‑year period with mandatory annual surveillance audits)

 

Survelliance audits and recertification

  • Annual surveillance audits (conducted each year to verify the continued effectiveness of the management system)
  • Recertification audit every 3 years (deeper check of the entire system).

 

Timeframe, resources and costs (indicative)

  • Smaller organizations: 3–6 months; larger/complex: 6–12+ months.
  • Required resources: time, project team and other employees as needed, internal auditors, education and awareness-raising, external consultant, certification body, financial resources (for implementation and certification purposes)
  • The cost depends on the scope, number of locations and certification body.

 

The most common mistakes and what to avoid

  • Lack of top management support and unclear roles and responsibilities within the management system being implemented.
  • Engaging in ‘paperwork for the sake of paperwork’ rather than effectively managing the implemented system through existing internal processes, software tools, and other available resources
  • A system that does not reflect day‑to‑day operations and is neither monitored nor improved will face challenges in maintaining its certification

BOOST d.o.o.

Business principles

Equal opportunities

Social responsibility

Quality Policy

Information Security Policy

Anti-Bribery Policy

ISO 27001 / ISO 9001