What does it mean – to get certification?

That you are organisation is focused on customer satisfaction, thru quality product and services achieved thru streamlined and repeatable and continually improving processes. You have developed and implemented a management system based on the ISO 9001 Quality Management Systems (QMS) standard.

That your organisation has been audited by a third party and found to be conforming to the 9001 standard.

This third party audit or conformity assessment is performed by a certification body like Sustainable Certification™.(known by several other names such Conformity Assessment body CAB, or Registrar). It is vital that this Certification body is accredited by an accreditation body such as JAS-ANZ. Once found to be compliance with the standard we will grant you certification and register your certification with our accreditation body JAS-ANZ.

How to verify your certification?

Once we grant you certification your unique certificate number will be registered with JAS-ANZ. Anyone who wants to verify your certificate by looking up the JAS-ANZ online portal


Additionally you may be qualified to be listed in the quality trade portal enhancing your reputation and credibility as a responsible supplier of goods and services.

What does a business need to do to obtain certification?

A business can get certification if it defines and implements processes based on the ISO requirements. Whether you want to follow the ISO 9001 standard or implement the ISO 14001 Environmental management systems or AS 4801 standard you will have to address specific key elements such as:

1 . Proper documentation of all procedures

2 . Record management and maintenance

3 . Methods that can be used for dealing with non-conforming product issues

4 . Internal audits

5 . Identification and prevention of potential problems

6 . Issuance of purchase orders

7 . Selection and evaluation of suppliers

8 . Design methodologies

All processes that you implement must ensure that your basic business goals are being met effectively.

How much time will the certification process take?

The certification process begins as soon as you submit your application. Here is a quick look at what is involved. The duration varies depending on factors including:

1 . Your chosen standard
2 . Business scope
3 . Potential risks
4 . Number of full time employees and number of offices/sites
5 . Track record of of management systems such as development, adaption and previous certifications

How often will your business be audited?

Your certification is valid only if we regularly perform audits after every 6, 9, or 12 months. At all times, it is expected the system is up-to-date and is implemented well.

What is a non-conformity?

When a company’s management system or implementation is defective, or the company does not follow preferred and regulated guidelines. This is called a non-conformity.

There are basically two kinds of non-conformities – major and minor.

Major non-conformity: In this case, there is a significant or total absence in conformity with the required clause of the standard or Level 1 documentation used in the system.

Minor non-conformity: In this case, there is a breakdown in the implementation of a procedure or a partial breakdown in procedures.

How much will cost To Get Certified?

Costs vary depending on the requirements of your company. Generally, the fees depend on the total duration of the certification process. The following factors have significant influence on the duration:

1 . Your chosen standard

2 . Business scope

3 . Potential risks

4 . Number of full time , part time and casual employees and number of offices/sites

5 . Maturity of management systems such as development, implementation, adaption and previous certifications

We will customise our fees to match your requirements. All costs will be transparent and there will be no hidden costs.

Can your existing certification be transferred?

Certification transference is a simple process which you can avail for free. We will require a copy of your current certificate, latest audit report, non-conformities raised and customer complaints. In some cases, we may require a pre-assessment on your site.

During this process, we will avoid making any changes to your existing audit schedule, preventing your business from experiencing any disruption.

How can you apply for certification?

Application Submission You can initiate the certification process by filling out our obligation free Request a Quote or completing the Online Application form. Following steps are involved in the certification process:

Document Review

In this phase, we will determine if your management system fulfils all the requirements of your chosen standard. We will also prepare a report that highlights gaps and issues if any. These areas are expected to addressed before proceeding to the next step. While we can conduct document review at your office. However, many of our customers prefer that is done off-site to keep the disruption in your office to a minimum.

Certification Audit

The certification audit verifies that your business follows the exact same procedures which you have mentioned in your management system and that all processes meet international standards. The audit takes place at all your sites and offices.


Certification is issued to your business, upon your lead auditor’s recommendation. You will also be issued relevant logos.

Surveillance Audits

Surveillance audits are conducted on a regular basis after every 6, 9 or 12 months to assure that your management system has been implemented effectively. You can utilise the results of audit findings for further improving your processes.

Granting, refusing, maintaining of certification, expanding or reducing the scope of certification, renewing, suspending or restoring, or withdrawing of certification:

SCPL has internal processes to review and approve certification recommendations following audit activities. You will be notified of the decision as soon as the review is completed. Once you achieve Certification you will have immediate access to your certification documents including your accredited certificates and the relevant marks and logos ( refer to the Use of Marks and Logos for further requirements) .

There may be on occasion a requirement to reduce the certification scope depending on your operations, changes and your scope at the time of the audit.

There are also requirements to ensure you maintain your certification ( refer to surveillance audits above), if you do not comply with these surveillance audits or address major non conformities as noted in your report findings this may lead to certification suspension. SCPL ensures you are notified if this may be an issue and we do our best to communicate and work with you to ensure you maintain your certification where possible.

Please refer to the Terms and Conditions ( clause 21) for further information.

What are certification logos?

If your business receives certification, you will be issued with relevant logos based on your management system that has been certified. These logos can be displayed on your packaging, website, fleet, stationary and other promotional materials, giving you a competitive edge and reflecting your commitment to continuous improvement. You can also use the logos to emphasise the fact that your company follow best in class business processes, which have been certified by Sustainable Certification™. Sample logos are displayed below. Upon certification issuance, you will be given the option to choose forming a number of formats and versions.

What are the Certification Costs?

For us to provide you with an accurate costing, we need to obtain details about your organisation such as (Organisation Size, Scope,Number of sites/Locations).  This gives us the basic information we need to provide you with a quote.

Why should I get ISO Certified?

It enables a company to demonstrate its commitment to important business goals such as Customer Satisfaction and production.  There are a number of Public and Private Sector entities that request that a company has ISO Certification.

How does my business get ISO Certified?

There are a number of key steps including:
Gap Analysis (Optional) part of Stage 1 that highlights any gaps that need to be resolved before certification.
Stage 1: Provides an overview on your System documentation against requirements of the standard
Stage 2: Provides an overview of the implementation of your Management system documentation against your business operations

How long is ISO Certification Valid for?

ISO Certification validity lasts for 3 years from the original date of issue.  This needs to be reviewed at the end of the 3 year cycle.

How does certification help me and my organisation?

Certification is a tremendous opportunities to streamline your processes and improve your overall efficiencies as an organisation.It also enables you to expand your organisation giving you greater number of tenders you can bid for and higher likelihood of success with those tenders

What is ISO 45001?

ISO 45001 is the first internationally released ISO Standard for Occupational Health and Safety Systems. It is a relatively new standard, released in March 2018.

ISO 45001:2018 outlines the requirements for your organisation to develop efficient safety systems .  it shows interested parties and stakeholders your organisation is committed to the safety of workers and providing a safe work environment. It is an important sign of your business capability to reduce costs through preventing workplace injury and illness

How do you achieve ISO 45001 Certification?

  1. Gap Analysis (optional): The process begins with an optional gap analysis to evaluate your OH&S system against each clause of ISO 45001.
  2. Stage One: The mandatory first step is an assessment of your management system documentation to evaluate it against the standard, including policies, processes, management review records, scope and context. It sets the basis for Stage Two.
  3. Stage Two: The stage two assessment is the final step of the initial certification process. To achieve certification, we need to check that the documented requirements of the standard are implemented across the business. We visit your offices and sites, as well discuss your system with relevant people in your business.
  4. Certification: Once your stage two assessment is verified and the process is complete, a ‘Statement of Certification’ is issued, confirming compliance with the relevant standard. This certification is valid for a three-year period from the date of issue.

Surveillance assessments will need to be performed on a regular basis to maintain your certification.
Contact Us with any questions you may have, or to find out more about the certification process.

What is the latest version of ISO 45001?

ISO 45001 is the new internationally recognized Occupational Health & Safety standard. ISO 45001 is newly released and will replace AS/NZS 4801 and OHSAS 18001, as these standards will be withdrawn over the next three years.
ISO 45001 outlines the requirements of an OH&S management system to ensure worker safety and provide a safe work environment. They are influential indicators that an organization has measures in place to reduce workplace injury and illness.

How long does it take to implement ISO 45001?

The durations for implementing ISO 45001 will vary from company to company based on the variability of the appetite for change, the level of buy-in and the positive culture. However, company size is a big influence. Some standard practices are:

  • Small organizatons – up to 150 staff – 3-6 months
  • Medium organizations – up to 1000 staff – 8-12 months
  • Large organizations – more than 1000 staff – 12-18 months

What is ISO 27001?

ISO IEC 27001:2013 is an internationally recognized Information Security Management System (ISMS) standard.
ISO 27001 is the framework for the requirements to manage your organization’s information security risks. ISO IEC 27001:2013 Information Security Management standard, when implemented, is a strategic activity that preserves the confidentiality, integrity and availability of information by applying risk management processes to adequately manage threats.

It is the most recognized information security standard in the world. It is applicable to organizations of all sizes and industries, regardless of the products and services it offers.

We are JAS-ANZ accredited to provide certification to this standard.

How do I get certified to ISO 27001?

The certification process has four steps.

  1. Gap Analysis (optional): The process begins with an optional gap analysis to evaluate your management system against each clause of ISO IEC 27001:2013.
  2. Stage One: The mandatory first step is a desktop assessment to evaluate your management system documentation, including policies, processes, management review records, scope and context as well as system implementation. It sets the foundation for the stage two assessment.
  3. Stage Two: The stage two assessment is the final step of the initial certification process. To achieve certification against your systems, we need to verify that the documented requirements of the standard are implemented across the business. We visit your offices and premises as well as partake in discussions with relevant people in your business.
  4. Certification: Once your stage two assessment is verified and the process is complete, a ‘Statement of Certification‘ is issued, confirming compliance with the relevant standard. This certification is valid for a three-year period from the date of issue. Surveillance assessments will need to be performed on a regular basis to maintain your certification.

Contact Us with any questions you may have, or to find out more about the certification process.

What is the latest version of ISO 27001?

ISO IEC 27001:2013 is the latest version of ISO 27001, replacing ISO/IEC 27001:2005. The standard was updated in 2013 to meet the requirements of today’s rapidly growing information security risks. It provides a framework to preserve the confidentiality, integrity and availability of information by applying risk management processes.

It is an emerging standard, as information risks and threats become more prevalent.

ISO IEC 27001:2022 has now officially been released and there will be a transition period for our clients to move to this new standard.

What does it mean to be ISO 27001 Certified?

When you are certified to ISO 27001, you are able to show interested parties, stakeholders and customers that you have met the requirements set out in the ISO/IEC 27001:2013 standard. ISO 27001 gives confidence that your organization adequately manages risks, and that your information retains its integrity, and is confidential.

How long does ISO 27001 Certification last for?

Once you are ISO 27001 certified, your certification expires three years after your certification has been approved. For ISO 27001 certification you will need regular audits to maintain your certification and keep it valid, known as surveillance audits. This is only applicable to IAF (International Accreditation Forum) certifications.

What is ISO 14001?

ISO 14001:2015 is the internationally recognised Environmental Management Systems standard.

It provides a framework that organisations can follow to manage their environmental responsibilities and risks. ISO 14001:2015 Environmental Management System standard, when implemented, is a strategic activity that helps manage environmental aspects, fulfil compliance obligations, and address risks and opportunities.

As a part of the ISO family of standards, ISO 14001 can easily be integrated with other management system standards, most commonly ISO 9001.

We are JAS-ANZ accredited to provide certification to this standard.

How do I get ISO 14001 Certified?

Sustainable Certification is JAS-ANZ accredited to provide your organisation with ISO 14001 certification.

What is the latest version of ISO 14001?

ISO 14001: 2015 is the latest version of ISO 14001, which has an increased emphasis on risk-based thinking in the context of environmental management in your organisation.

How much does ISO 14001 cost?

We look at three key variables: the risk of the industry, the scope of your operations and how many people are involved/employed, and then tell you how much your ISO 14001 certification will cost, as the quote is dependent on these variables.

What are the requirements of ISO 14001?

ISO 14001 requires your organisation to take into account environmental concerns to minimise its footprint. This can be inside the organisation or extend to suppliers as well as the end deliverable.

How long does ISO 14001 Certification last for?

ISO 14001 certification lasts for three-years following your initial certification date.

How can I transfer my existing ISO 14001 Certification?

You can transfer your current ISO 45001 certification to Sustainable Certification seamlessly. We will continue your current certification schedule, contact us for an obligation free quote, and we’ll take the hassle out of transferring your ISO 14001 Certification.

Why do I need an audit?

  • The NDIS Commission requires all NDIS providers have audits conducted by ‘Approved Quality Auditors’ to ensure quality and safety safeguards they mandate are maintained and adhered to.
  • This is not optional and is required of all providers.
  • Details of this can be seen on the commission website • The timeframe for Certification and Verification are: – 1 July 2018 – New South Wales and South Australia – 1 July 2019 – Victoria, Queensland, Tasmania, ACT, Northern Territory – 1 July 2020 – Western Australia
  • Existing State Quality and Safeguard arrangements remain in place until State transitions to the NDIS Practice Standards

What standards am I being audited for?

  • NDIS Practice standards are formally published as the National Disability Insurance scheme  (Provider registration and Practice standards) Rules 2018
  • The standard can be accessed here
  • NDIS Practice standards include a series of schedules or modules which need to be audited, depending on the types of services delivered by an NDIS Provider

Which Registration groups should I have?

  • This is a decision for you and your business to make , as it is based around what services you wish to provide that will be eligible to be used by NDIS funded clients
  • For more information on the registration groups and their details, review the NDIS provider Toolkit

What types of audits do I need?

  • The audit type, including specific modules that need to be audited are determined by an organisations legal entity status and the NDIS Registration groups delivered and registered with the NDIS Commission. These are included in the rules.
  • There are two types of audits, a Verification audit and a Certification Audit

What is the difference between Verification and Certification?

  • A Verification audit is a desktop audit of your management systems, done off site. Verification audits need to be done once every three years
  • A Certification audit include a Stage 1 (document) audit which can be done on and off site, a Stage 2 (Certification  Audit) is done on site, and annual surveillance audits (on site) with a Recertification audit done 3 yearly

I am only a small provider, Do I still have to be audited?

  • Yes, the Commission requires all providers be audited, even if they are sole traders or the NDIS funded activity is a small part of their business.
  • Sole Traders and Partnerships in many registration groups however only need a Verification audit, which will help minimize your costs.
  • The Commission will advise if you require a Verification or a Certification audit.

What does an Audit involve?

  • We review documents, records and participant files to confirm your systems are in compliance with the NDIS Commission’s rules and standards.
  • We also conduct participant interviews to confirm the services/supports provided to them and get their feedback on services received.
  • From this, we generate an audit report which is provided to both you and the Commission

What rules do the auditors have to follow?

  • The NDIS Commission has documented its rules for auditors in the National Disability Insurance Scheme Guidelines 2018. The scheme can be accessed here: https://www.legislation.gov.au/Details/F2018N00114
  • You do not need to know these rules as a service provider but it might help you to understand what the auditors need to do.


The NDIS Commission needs to ensure all NDIS providers are managing NDIS services appropriately, providing participants with the quality of care and support that are expected.

  • A key thing to remember is: ‘if it isn’t documented, it didn’t happen’. FREQUENTLY ASKED QUESTIONS expertise to advance confidently SAI Global ABN 67 050 611 642 © November 13, 2018 9:59 AM SAI Global. The SAI Global name and logo are trademarks of SAI Global. All Rights Reserved. 130350 1118 www.saiglobal.com NDIS Auditing and Certification
  • Audits are about reviewing evidence of conformance with requirements, rules and/ or standards that need to be met. The systems need to address how an organisation makes sure it follows the required standards and records demonstrate that the system is followed and implemented.

How can I make sure I pass the audit?

  • You should review the NDIS Scheme Provider Registration and Practice Standards Rules and perform a ‘self-assessment’ or ‘internal audit’ to check that your system addresses all requirements.
  • The auditor will need to see supporting evidence

Can this be done by phone? I have a small business and work from home?

  • A verification audit is done ‘off site’ and may include a phone conversation to check on requirements and records.
  • A certification audit is done on site. This allows Auditors to both ask questions and gather the evidence needed to prepare our reports in line with the NDIS Practice Rules Commissions.
  • The Commission mandates Certification audits must be done on site with a two person audit team.

Do I need to have clients before I am audited?

  • You need to discuss this with the NDIS Commission. The Commission makes the decision when your audit needs to occur.
  • If you do not have clients yet, a provisional audit is conducted.

What happens during a Provisional Audit?

Auditors will review your documentation and records to verify that you have the systems and processes in place to manage clients and provide appropriate services (new provider, no clients yet).

  • If you have other clients that you already service, a sample of those records can be part of the audit evidence to show systems are in place and effectively implemented.
  • This will grant you a Provisional Certification, which will be upgraded after a later audit when you have clients that can be interviewed.

When do I have to have my audit done by?

Having an Approved Quality Auditor appointed and your audit conducted by a certain date are mandatory requirements for gaining or maintaining your NDIS Provider Registration.

  • The exact timing of this for you is decided by the NDIS Commission. If in doubt, please contact them directly on 1800-035-544 or registration@ndiscommission.gov.au