Certification - A definition

Certification is a confirmation by a "third party" that requirements of e.g. international standards, industry specifications or technical rules are met. Certification is based on a conformity assessment in which the fulfillment of the requirements is checked. The subject of such assessments can be, for example, products, projects, processes, or management systems.

Certification: certus facere (lat.) = "to make something safe"

The word certification comes from the Latin phrase "certus facere", literally "to make something safe". "Making something safe" is expressed in a confirmation or declaration that a conformity assessment has shown compliance with certain requirements, for example by way of an external audit. The externally visible proof of certification is the corresponding certificate.

Certification process

The essential prerequisite for certification is an independent, impartial and objective assessment by a competent third party, such as DQS.

In the context of certification, the certification audit is always part of a certification process that is designed to last. This involves a full-scale system audit and system monitoring, which covers a period of at least three years.

In the actual certification audit, our auditors check conformity with specific standards or sets of rules, usually on site at the client's location. In exceptional cases, certification can also be partially carried out, replaced or supplemented by remote audits (not on site).

Usually, a certification audit ends with an audit report documenting the results of the audit. Once conformity has been established and confirmed by the DQS certification board, this is officially acknowledged with a document - the certificate. Both the scope and the validity period of the certification are noted on the certificate.

What are the different certifications?

Both system and product certifications are relevant for DQS ' field of activity. The former are usually certifications of management systems according to recognized standards, industry specifications and technical rules. In addition, there are various audits in special areas such as process audits, supplier audits, mystery audits, etc., where usually no certificates are issued. Instead, customers receive confirmations or reports.

Which ISO certifications are there?

ISO standards concerning management systems are often known in companies by their numbering, first and foremost the quality management standard ISO 9001. Since 2012, all ISO management system standards are gradually being converted to a common basic structure, the High Level Structure, which simplifies both the implementation and the auditing and certification of integrated management systems.

The following management system standards are the most widely used worldwide:

Who can be certified?

Any company or organization that has introduced a management system in accordance with a certifiable standard, specification or technical rule can have it audited or certified by an approved (accredited) certification body in accordance with the requirements specified in that document. The size, type or industry of the company are irrelevant.

Who does healthcare certification apply to?

For companies such as manufacturers of medical devices, suppliers, hospitals, and medical practices that have to comply with legal requirements but are not subject to mandatory certification (e.g. under the European Medical Devices Act), certification of a quality management system in accordance with ISO 13485 and/or ISO 9001 provides a good basis for demonstrating performance to customer requirements and interested parties. It should be noted that service companies in the social and health care sector cannot be certified according to ISO 13485.

The introduction and certification of a quality management system based on other national and international standards (for example, ISO 15378 GMP standard for primary packaging materials for pharmaceuticals, ISO 15224 healthcare services) should be a strategic decision of an organization in order to meet the ever-increasing market requirements also in the long term.

Why should companies have their management system certified?

Certification is always useful and beneficial for a company when the effectiveness and efficiency of its management system, processes or products are to be guaranteed in the long term.

Certification of a management system by an independent third party such as DQS has many advantages that go far beyond mere confirmation of conformity with the requirements of a standard. A certified management system helps you to permanently improve your competitiveness and ultimately your business success. With an ISO certification, you show your customers, competitors, suppliers, employees and investors that you apply recognized standard procedures. And you demonstrate that your company is managed efficiently for the long term.

The regular certification process, from the certification audit and subsequent annual monitoring to recertification, promotes a sense of responsibility, commitment and motivation among employees, which leads to an overall increase in performance within the company.


Certification by DQS

Learn more about our certification process and accredited services

Contact us

What are the benefits of certification?

Certification gives companies the opportunity to improve their market position. For example, an ISO-certified quality management system (ISO 9001) allows a company to demonstrate its high quality standards with a certificate. Furthermore, certification can provide additional security in the area of product liability, as the certificate serves as proof that products are manufactured according to a certified process, among other things.

But companies can also benefit from certification internally, as the entire certification process reveals potential weaknesses that can be remedied. In addition, all employees are encouraged to adhere to the specified standards when certification is in place.

Other advantages at a glance:

  • Holistic, neutral view from the outside on people, processes, systems or products and results
  • High degree of certainty in decision-making due to high-impulse audits
  • Certainty about the effectiveness of processes for leadership and improvement
  • Internationally recognized certificate as proof of performance
  • Improved image and competitiveness

What is the value of certification for my company?

In addition to the value that certification has externally as a signal of full compliance with certain requirements of standards, specifications or technical rules, the external audits along the entire certification process also act as a valuable impetus internally.

Companies and organizations of all kinds, be they industrial enterprises, skilled trades, service providers or public authorities - they all benefit from the innovative power of our audits, which provide top management and the entire executive team with certainty about the effectiveness of processes for leadership and change, and reveal where a company's strengths lie. This knowledge allows products, services, sustainability or safety aspects to be improved in a targeted manner and adapted to customer requirements.

An external certification audit protects against blind spots. To this end, we take into account the individual situation of each organization: The company-specific goals, the special processes, the complexity of the business activity, different levels of maturity, and individual needs. And when a certification audit is accompanied by a certificate, it also paves the way to new supplier relationships and markets.

What are the requirements for certification?

Since certifications always take place in line with a standard, a specification, a technical rule or other requirements, the respective requirements must already be implemented in the management system, and in use. If it is determined during the assessment that this is fully the case and no other reservations apply, the responsible DQS board will issue a recommendation for certification.

How can I successfully prepare for certification?

Companies seeking certification should ensure that the requirements of the underlying regulations are largely met. This should be done via internal audits by trained auditors in the run-up to the actual certification audit. DQS also offers our customers corresponding pre-audits, GAP analysis or delta audits if required.

What is the certification process for management systems?

If a company wants to have its management system certified according to a certain standard, it must have the conformity with the requirements of this standard determined by an independent third party, such as DQS ("third party audit").

According to the international standard ISO/IEC 17000, the conformity assessment underlying a certification provides for three phases:


Planning and preparation, collection of information and input variables as a basis for the subsequent determination.


Determining whether the management system as the subject of the conformity assessment meets the requirements of a standard, for example ISO 9001 or ISO 14001.

Evaluation - Decision - Confirmation

  1. Evaluation of the results from the determination, which are available in the form of a report of the certification audit.
  2. Decision, based on the evaluation, whether confirmation and thus issuance of the certificate can take place.

In practice, these three phases are integrated into a certification process which, depending on the certifier, differs in details of execution, terminology and, where applicable, additional offerings.

Details on the DQS certification process for management systems can be found here.

How long does certification take?

Depending on the scope of the management system to be certified, individual processes or products to be certified, the audit days are agreed upon with the certification body. For certification according to certain management system standards, for example ISO 9001, there are fixed specifications by the International Accreditation Forum (IAF), based on the number of employees.

The time required for a certification audit therefore varies greatly: In small organizations, an auditor may be able to arrive at an assessment result within a day. For large, international customers of DQS, teams of ten or more auditors and experts may be on site for several weeks.

Often, a so-called "gap assessment" takes place first. This can serve as an initial performance assessment or diagnosis to identify strengths and potential for improvement. If discrepancies or weaknesses are identified there, corrective measures should be planned and implemented within a certain period of time.

If the gap assessment leads to a favorable result, the certification audit can take place. As soon as the audit report confirms conformity with the underlying requirements, you receive the certificate. A certification is always valid for a limited period of time. Before it expires, a re-certification can be performed to reconfirm compliance and renew the certification.

What does ISO certification cost?

The costs of certification cannot be quantified across the board. Among other things, they depend on the size of the organization, the number of employees, the locations to be audited, and the complexity and type of management system. The standard(s) on which certification is based can also have an influence on the costs. Contact us and we will be happy to provide you with a quote that takes your individual goals into account.

Who is allowed to certify according to ISO standards?

Certification bodies should be accredited to perform conformity assessment in order to prove their professional competence, for example by the German Accreditation Authority (DAkkS), the ANSI National Accreditation Board (ANAB), the United Kingdom Accreditation Service (UKAS), or other national accreditation bodies. Accreditations and authorizations also make a decisive contribution to ensuring the international comparability and recognition of certificates.

What happens after certification?

Certificates issued in accordance with an ISO management system standard are generally valid for three years. The certification process, which proceeds in a kind of spiral, provides for two surveillance audits during this period, after the first and after the second year.

After three years and well in advance of the certificate's expiration, re-certification takes place. The certification process starts all over again, but without a system analysis, which is only necessary for initial certification.