0800 038 5389

Lolly’s Top 10 tips on managing the ISO accreditation process

Written by Jessica Cross


Software house leads the way in quality assurance, information security and environmental management

In February 2024, the hospitality software house Lolly, announced that the company had achieved three prestigious ISO certifications – ISO9001 in Quality Management, ISO140001 in Environmental Management, and ISO27001 covering Information Security Management.

Here, Tom Lewis, operations manager at Lolly, offers his top 10 tips on how to manage the accreditation process.


TIP 1 – find and source the right ISO certification supplier.

There are a variety of great companies to partner with, however some will only be UKAS accredited. If you are looking for a UK specific accreditation, then you need to look for ISO UKAS accredited companies.


TIP 2 – if you have SharePoint, create an ISO folder.

Start collecting and departmentalising all the documentation required from the outset.


TIP 3 – host regular meetings and 1:1s with the head of departments.

This is a vital process to ensure that you are helping them to understand what’s required, what to expect at the audits and following up with the action raised across the meetings and internal audits.


TIP 4 – set up regular ‘manager review meetings’.

Start these as monthly while the department heads get to grips with the new processes. Once there is a good workflow in place then the meetings can be quarterly or bi-annual.

For every meeting create formal agendas and take meeting notes and actions. Ensure the actions go out in a follow up email and keep evidence of all documents in your ISO folder.


TIP 5 – decide what your main documents will be.

My top three documents to get started on right away are:

  • A Master Document Control, this lists every important document required for your ISO accreditation and includes information such as hyperlinks to the documents and their last reviewed date.
  • The Improvement Log, this is where you will list all improvement opportunities identified through the management review meetings, audits and customer feedback loops.
  • Statement of Applicability, is the document that you declare what parts of your business relate to the ISO standard and what controls you have in place for each mechanism. The auditors will use this as a guide on what areas to audit for your Stage 2.


TIP 6 – Conduct and evidence all your internal audits before going into your second stage.

Your audits should include a yearly plan, the scope and objectives for each audit, the questions listed, and the meeting minutes and action outcomes.

There are three types of internal audits you can complete for each department, these are: a clause-based audit, a risk-based audit and a departmental audit (we found the latter was the most practical for us).

List all actions and non-conformities identified in the audit in your Improvement Log and review the actions in your managers meetings.


TIP 7 – Understand what controls are required for each area.

Be sure to implement any controls that you may not have in place.


TIP 8 – Evidence and document all the processes relevant to your ISO standard.

This includes areas like customer feedback, change requests and incident responses.


TIP 9 – Keep the teams engaged and focused on continuing the process.

ISO is an ongoing process of continuous improvement. It can be tempting to fall back into the old ways so it’s important to keep the teams engaged and celebrating the improvements that are driving positive change.


TIP 10 – Be mindful of the audit timings.

Don’t forget there is a waiting list of about three months to have your accreditation audit. If you have a hard deadline, then you should be aiming to book your stage two audit a few months before that deadline.



Latest Blogs

Prev 1 2 3 4 5 6 7 8 9 Next