Path Towards Certification


The different paths towards certification related to the standards listed below have many similarities, although some certification schemes are characterized by some specific features that make them peculiar.

NeM NeM provides consulting services for:

The ISO 9001 Standard is the standard that defines the requirements of a Quality Management System of an Organization, whether private or public. Since the requirements are of a general nature, they lend themselves to being implemented by all Organizations, of any size, whether they supply products or services.

The choice of a company to have a quality management system certified by an accredited Certification Body guarantees current and potential customers that the operating practices adopted by the company are suitable to provide a product or a service that meets the specified requirements .

This is why many companies choose ISO 9001 certification to improve their performance, streamline their operational processes through their continuous monitoring and improvement, and appropriately train the company personnel to be able to keep their activities scrupulously under control.

The ISO 9001 certification therefore represents a universally recognized “quality mark” that is often requested by customers to guarantee the product or service they purchase and which becomes in some cases a fundamental obligation or credential to work in certain industrial sectors or with Public Bodies .

The approach followed by NeM consultants provides for the identification of those interventions on the operating mode of the Client Company that are suitable to meet the requirements of ISO 9001 standard, maintaining an effective and easily implemented management system without unnecessary superstructures.

The IATF 16949 Standard, based on the ISO 9001 standard, defines the requirements that must be met by the quality management systems of companies that supply products to the “Automotive” sector. The IATF Standard 16949 has made it possible to overcome national barriers and related automobile manufacturers’ specific requirements by establishing common reference requirements for quality management systems in the automotive industry internationally.

IATF 16949 Standard objective is therefore the development of a quality management system oriented towards continuous improvement, emphasizing the reduction of variation and waste along the supply chain.

Currently, having an IATF 16949 certified Quality Management System is a discriminating requirement for suppliers included in Automotive manufacturers’ supply chain.

The IATF 16949 Standard requires the management of business dynamics for processes, focus on the client and its specific requirements and continuous improvement; it defines requirements and rigorous methods (core tools) that can be summarized in:

– analysis and integration of specific customer requirements

– product and production process design

– control and monitoring of production processes

– management of measurement systems

– analysis of results and planning of improvements

NeM consultants, involved in the Automotive certification schemes since their birth in the 90s, have a consolidated mastery of the Automotive issues, a solid knowledge of the requirements of the IATF 16949 Standard and the qualifications necessary to support a company in obtaining and retaining the Automotive Certification.


ISO 28000 is an International standard which determines the requisites for an Supply Chain Security Management System (SCSMS), taking into account menaces such as terrorism, fraud, falsification and piracy; it is an internationally recognized certifying standard that defines the requirements for implementing a SCSMS.

The ISO 28000 standard covers aspects related to logical, physical, ICT, transport and organizational security. Among the crucial aspects taken into consideration there are manufacturing, packaging, storage, transfer of goods but also financial, information management and human resources processes.

The standard is applicable to companies of any size (from the smallest ones to the multinational enterprises) operating in production, services, storage and transport / logistics sectors, at every level of the Supply Chain.

The ISO 28000 standard represents the ideal framework for identifying and controlling potential critical situations for people or goods, limiting their possible consequences. In particular, it is essential:

– To provide for goods control, for a precise match between goods to be sent and those actually sent;
– To ensure that the shipment is accompanied by 100% correct documentation;
– To monitor shipments in order that neither load nor documentation are modified during the journey;
– To verify that all products shipped reach the destination;
– To check the continuous availability of products in stock;
– To provide strict behavioral codes to be followed.

The ISO 27001 Standard is the standard that defines the requirements of an Information Security Management System.

The standard includes aspects related to logical, physical and organizational security.

Since most corporate data is stored on computer media and represents an asset of great value for the operation of the company, each organization must be able to guarantee the security of its data, especially in a globalized world where the IT risks caused by violations of data protection systems are constantly increasing. The goal of the ISO 27001 standard is to provide suitable requirements for the Company Information Security Management System to ensure that it is able to protect sensitive data and information from all kinds of threats, in order to ensure its integrity, confidentiality and availability.

The standard is applicable to organizations operating in the majority of commercial and industrial sectors, particularly in finance, insurance, services, transport and government sectors.

The structure of the ISO 27001 standard is in line with that of the ISO 9001 Quality Management System, with particular emphasis on the identification and analysis of risks, their evaluation and treatment, and finally their review and their after-treatment re-evaluation.

The ISO 22301 standard is the standard that defines the requirements that must be respected by an Operating Continuity Management System in order to guarantee the Organization’s ability to protect itself against destructive events that can directly or indirectly affect it and to recover its operations in an organized way .

The requirements specified by the standard can be applied to the whole Organization or a part of it, regardless of the nature, type and size of the Organization itself. The degree of application of the requirements of ISO 22301 depends on the environment in which the organization operates and on its complexity.

The Operational Continuity Management System must take into consideration the legal requirements, the reference standards, the products and services provided by the Organization, its processes and the requirements of the interested parties.

The Operational Continuity Plan must provide procedures that guide the Organization to respond and restore operations to a predefined level after a destructive event. It must provide for initiatives to be implemented following emergencies that are typically not addressed by the company’s normal management policy such as, for example, a natural disaster (earthquake or flood), the consequences of a terrorist act or a long-lasting power outage or the detention of a critical supplier along the supply chain. The plan must allow the company to overcome an emergency phase while safeguarding its ability to meet the needs of customers and stakeholders and minimizing damage from a managerial point of view.

The Operational Continuity Management System must also be able to minimize the consequences caused by a destructive event on:

– employee safety

– loss of productive resources

– the economic losses of customers and possibly of market shares

The procedures established by a Business Continuity Management System must therefore address all operational aspects both inside and outside the company and the relationship with the parties involved. They must be tailored to the specific characteristics and needs of each company.

The ISO 17025 standard establishes the management and technical requirements for the accreditation of testing and calibration laboratories.

While the ISO 9001 Certification refers to the Quality Management System implemented by the Organization / Laboratory, the Accreditation covers both the Management System and each individual test or calibration for which the Laboratory intends to be or is “accredited”

Accreditation is obtained by implementing both the requirements of the ISO 17025 standard and the technical regulations applicable to the tests / calibrations in question. Such technical regulations are envisaged by the Accreditation Body (for Italy, ACCREDIA documents applicable to the test and calibration laboratories).

To access the accreditation services, the Organization requesting it must complete an application consisting of a general section (containing the general information on the Organization) and a specific part for the requested scheme. After acceptance of the application, the Laboratory must send the technical and management documentation to the Accreditation Body and only after a positive evaluation of such documentation the inspection visit to the Laboratory can be planned. This includes any branch offices, or visit to the field where applicable.

If the visit is successful, a Certificate of Accreditation is issued to the Testing / Calibration Laboratory, accompanied by the cards listing the accredited tests / calibrations.

Similarly to the Management Systems, also the Accreditation of the tests / calibrations is subject to periodic surveillance visits and renewal of the Accreditation itself by the Accreditation Body.

The Accreditation of testing and calibration laboratories can be a mandatory requirement at national or international level based on laws / regulations or specific requests of reference markets. For example, the Automotive sector requires that testing and calibration laboratories outside the Organization subject to IATF 16949 certification are accredited according to ISO 17025 or to an equivalent national standard

NeM has the knowledge, experience and methodology necessary to support the Laboratory especially for the management part and also has specific technical skills related to electrical measurements and physical quantities.

With the exception of the ISO 17025 scheme, whose peculiarity is mentioned in its dedicated section , the path proposed by NeM consultants consists of a first phase dedicated to understanding the organization: the context in which it operates, its Customers, the interested parties directly or indirectly involved, its processes and the related operating procedures. This first phase is followed by a preliminary analysis of the client company’s positioning with respect to the requirements of the standard. This is achieved carrying out a review of the organization and of the operating practices used by the company, in order to be able to find their compliance with the requisites required by the norm and to highlight any gap that requires a corrective intervention.

This second stage allows to quantify the extent of the intervention and the time necessary to implement it, allowing NeM to present a commercial proposal on the basis of the responsibility allocation in the various phases of the project agreed with the client. Such commercial proposal shall contain:

– The objectives of the intervention

– A high level work program

– The responsibilities associated to the program

– The required documentation

– The necessary training sessions

– The verifications to be carried out

Based on what agreed, the program will include both visits to the company’s offices and activities carried out independently.

Upon acceptance of the commercial proposal by the Customer, NEM proceeds, together with the client company, to implement the steps listed below:

  • Identification and training of the Manager of the Management System
  • Support to the definition of the Management System policy and related objectives
  • Support to the formalization of company processes to be certified
  • Drafting of system documentation in line with company needs, applicable laws and regulations
  • Training of the company staff involved
  • Operational implementation of the management system
  • Performing of internal audits and management reviews
  • Activation of any corrective actions
  • Assistance during the certification visit

After following the Client company during the initial implementation and certification phases, NeM consultants are available to follow also the phases of consolidation of the management system and the subsequent surveillance visits of the Certifying Body, according to modalities that will be agreed with the Customer.

Get in touch with NeM to know more.