Congratulations! You have reached the last article in our series on implementing ISO 55000. In this article, we want to discuss how to get your asset management system certified, including various certification schemes and certifying bodies. This will be critical information if your organisation is seeking certification, but will likely be of interest to those seeking to align or comply with ISO 55000 as well. This is because these organisations will still usually require gap assessments and audits to guide their implementation efforts and choosing a reliable independent provider is key to obtaining value from these activities.
This is the thirteenth in a series of 13 articles on Implementing ISO 55000.
Our exploration of certification will cover the following topics:
Selecting an ISO 55000 Certification Scheme. We will look at the options available and their strengths and weaknesses.
The ISO 55000 Certification Process. We will give you some idea of what to expect during the certification process, including:
The number and type of audits (including gap assessments and maturity assessments) you can expect; and
Tips for selecting an auditor (otherwise known as a Certification Assessment Body, or CAB).
Let’s begin with our recap of why you might want to certify anyway.
Why are you Certifying against ISO 55000?
In our second article, What is ISO 55000? we suggested the following reasons for implementing ISO 55000:
Regulatory Compliance – implementation as directed by an economic or safety regulator.
Contribution to Due Diligence – implementation as directed by the Board to demonstrate due diligence.
Marketing strategy – implementation to obtain a certification to place on marketing material.
Competitive advantage – holistic implementation to achieve a wide range of benefits to the organisation.
The reason that we are revisiting this now is that it is very important that organisations enter into the certification process with a clear understanding of the business case, including both a realistic estimate of the resources (time, money and otherwise) required to achieve certification and the benefits to the organisation of achieving that certification. Without this, there will be a natural tendency to adopt a “tick the box” approach to certification that focusses on cost rather than the quality of the outcome. Recent research by Professor Melinda Hodkiewicz at the University of Western Australia draws parallels between the current state of asset management and the state of quality management in the 1980’s and 1990’s and clearly shows that the “tick the box” approach is unlikely to lead to long-term organisational success. This finding is entirely consistent with our experience, and we would re-iterate our earlier warning about organisations seeking certification purely as a marketing strategy or in response to regulator direction. Keep the long-term benefits of good asset management in mind and the pain of certification will be easier to bear.
Selecting an ISO 55001 certification scheme
Assuming you have decided to pursue certification against ISO 55001, the next task is to select a certification scheme. This may seem like a nonsense question – after all, surely ISO will perform the certifications against ISO standards, right? Unfortunately, this is not the case. ISO itself does not perform any certifications, although it is linked to an international certification scheme. Further, there is no impediment to any organisation declaring itself a certification body and there are alternate schemes in operation. Consequently, there is a genuine decision to be made. As most organisations will probably wish to pursue certification via the ISO pathway, we will discuss this first and then go on to a discussion of the alternatives.
The ISO certification structure
In Australia, certification against an ISO management system standard is most commonly recognised by the “five tick” logo, with equivalent alternatives elsewhere. The only way to get one of these logos on your stationery is to follow the ISO rules for certification, which we discuss in detail in our article Your Guide to ISO 55000 Certification. We won’t repeat all of the detail here, so you may wish to revisit that article if you don’t quite follow all of the jargon below.
In ISO-speak, Conformity Assessment is the process used to show that a product, service or system meets specified requirements. In other words, a successful Conformity Assessment against ISO 55000 is required for certification. The only people who can undertake Conformity Assessments are Conformity Assessment Bodies (CABs), so you will need to locate one of these to get certified. You do this by locating your local Conformity Assessment Accreditation Body (CAAB), which is responsible for appointing CABs and which is linked to ISO through a series of committees and forums. Most CAABs (though not all) are national bodies, with examples including: 
the Joint Accreditation System of Australia and New Zealand (JAS-ANZ), in Australia and New Zealand
the United Kingdom Accreditation Service (UKAS), in the United Kingdom
the American National Standards Institute – American Society for Quality National Accreditation Board LLC (ANAB), covering Management Systems accreditation in the USA
These CAABs ensure that any organisation accredited as a CAB has appropriate processes and subject matter in specific areas to conduct conformity assessments. In particular, CABs for ISO 55000 are bound by the requirements of ISO/IEC 17021:2011 – Conformity assessment – Requirements for Bodies Providing Audit and Certification of Management Systems and ISO/IEC 17021-5:2015 – Competence Requirements for Auditing and Certification of Asset Management Systems. Together, these standards provide prohibitions against conflict of interest (i.e. the same company both consulting to and certifying an organisation) and ensure the use of appropriately skilled auditors.
As you can see, there is a strong process here, with international acceptance and commitment. This is why the system is broadly accepted and why it is the first choice for most organisations. One word of caution, however – the wheels turn slowly in organisations such as ISO and, as at July 2016, there is not yet international agreement on how to audit against ISO 55000. Some CAABs, such as JAS-ANZ, have issued guidance to CABs seeking accreditation, while others are still allowing any CAB accredited to conduct management system audits to certify against ISO 55000.
If you wish to pursue this route, seek out your relevant CAAB, who will provide a list of CABs accredited to assess against ISO 55000 (or rather ISO 55001:2014, which is of course the requirements document).
While ISO has gone to considerable lengths to develop a framework to ensure quality assessments against its standards, there is no practical impediment to any organisation holding itself out as capable of certifying other organisations as complying with the requirements of any given standard, including ISO 55001:2014. As mentioned previously, obtaining certification outside of the ISO scheme simply removes the right to place the relevant logo on the certified organisation’s stationery – and you can expect that ISO will protect this right!
Given the above, an organisation seeking certification could look outside the ISO framework for an appropriate scheme (and – if they really like audits – could even choose to apply both!). The risks associated with this approach include:
- Recognition – while the ISO logos are well known, other certification schemes may not be widely recognised and therefore may not deliver the credibility desired by the organisation seeking certification.
- Quality – related to the previous, organisations that are not accredited via the ISO framework are not obliged to comply with the full ISO requirements and therefore may not provide appropriate audit processes or appropriately skilled and experienced auditors.
- Independence – again, related to the above, organisations that are not accredited via the ISO framework are not subject to the same strict controls to prevent conflicts of interest.
Nevertheless, organisations may find that this approach is adequate for their needs. They may even find that organisations offering these services are genuine asset management consultancies that have deep experience to draw on, rather than generic management system auditors that may be accredited as CABs through the ISO scheme and that have appended ISO 55000 to existing ISO 9000 and ISO 14000 accreditations. In this way, alternative certification schemes have the potential to support genuine improvement in asset management practices, rather than mere compliance.
The only such scheme that we are aware of is the IAM’s Endorsed Assessor Scheme. This scheme originated to provide certification against PAS 55, but has been extended to cover ISO 55001:2014. This scheme offers less stringent (though still effective and perhaps more realistic) conflict of interest protection than the ISO process while still requiring evidence of both organisational and individual auditor competency and has been running successfully for many years.
The ISO 55001 certification process
The details of your certification process will clearly vary with the scheme and certification body you choose, but you should expect it to look broadly as discussed in our previous article, Roadmap to ISO 55000 Compliance:
Within this process, you will see a Readiness Assessment, Gap Assessment and the Certification step itself. All of these activities are, in essence, audits and we will discuss them shortly. You may be able to conduct some of these yourself, but your certification audit will certainly need to be conducted by an independent CAB and it is common practice to have a Gap Assessment or Pre-Certification Audit conducted by the same party earlier in the process. Consequently, your first requirement is to identify a suitable organisation to conduct these audits.
Finding a suitable conformity assessment body
The process for finding a list of qualified CABs was discussed above and is usually as simple as visiting the CAAB’s website, or that of the alternative certification scheme organiser (e.g. the IAM). There are, however, a few cautions that organisations need to observe in choosing a CAB from these lists:
Independence – The rules against conflicts of interest under ISO 17021:2011 are extremely strict and require that no part of the CAB has worked with or consulted to the organisation seeking certification for at least two years. While the CAB should be safeguarding against this, a wise client organisation would also make their own enquiries to prevent their certification being struck down in the future.
Industry experience – A deep understanding of asset management is, of course, a pre-requisite for any CAB auditing against ISO 55001:2014. This will not, however, be enough and it will largely be up to the organisation seeking certification to ensure that the CAB they select has sufficient industry experience to rapidly assess practices and determine adequacy.
Coordination – If your organisation is already certified against other ISO management system standards, it may be preferable to engage a single CAB to complete all of your certification auditing in one pass. This will, of course, require that CAB to be accredited against all of the relevant schemes…
Value for money – Given the preceding requirements, organisations would be well advised to avoid merely seeking out the cheapest CAB. Rather, a little research will be likely to yield a less painful and more productive certification audit.
Your attention in selecting a CAB should be focussed on both the organisation and the individuals, since the former will provide the audit processes and on-going accreditation (ensuring the credibility of your certification) and the latter will provide the subject matter expertise and advice that will guide you on your asset management journey. Consequently, it is worth taking a few more moments to look at individual auditor competency in more detail.
ISO 55000 auditor competencies
We mentioned earlier that CABs accredited for ISO 55000 auditing via the ISO framework are bound to ISO/IEC 17021-5:2015 with respect to auditor competence. This is a reasonable standard, but it only goes so far in providing assurance that the individuals assigned to your audit will provide reasonable assessments and sound advice. You need a recognised qualification to validate the CAB’s internal assessment. Fortunately, there is at least one scheme for independently assessing the skills and knowledge of an asset management assessor. This is the Certified Asset Management Assessor (CAMA) scheme, run by World Partners in Asset Management (WPiAM).
The CAMA scheme awards CAMA accreditation on successful completion of a two hour, closed book examination and submission of an appropriate CV/professional profile. WPiAM is a consortium of national peak bodies for asset management, including the Asset Management Council of Australia, Society of Maintenance and Reliability Professionals (SMRP) in the United States, Plant Engineering and Maintenance Association of Canada (PEMAC), Institut Français d’Asset Management Industriel et Infrastructures (IFRAMI) in France and Associação Brasileira de Manutenção e Gestão de Ativos (ABRAMAN) in Brazil. They constructed the scheme to meet the requirements of ISO/IEC 17021-5:2015, as well as the more stringent requirements of the GFMAM Competency Specification for an ISO 55001 Asset Management System Auditor/Assessor (the GFMAM is a broader international consortium of peak bodies in asset management).
We would note that the IAM accepts either its own Certificate in Asset Management or CAMA status as evidence of competence for auditors under its Endorsed Assessor Scheme.
The CAMA qualification proves a satisfactory level of theoretical knowledge in the principles of asset management, but you should also be looking for evidence that individuals within your audit team have experience in the application of these principles to your industry. They do not need to be experts in your particular industry, but a degree of familiarity will substantially improve the quality of the audit findings as well as reduce the pain of the audit process.
Our advice is therefore to examine both the credentials and experience of the audit team offered to you to ensure that it has adequate knowledge and experience. Lastly, wherever possible, we would suggest meeting the auditors ahead of time to understand their approach to auditing and to ensure they are a good fit with your organisation in terms of personality. You don’t need to see your auditors socially, but you are unlikely to get good outcomes from people who set your teeth on edge every time you see them…
ISO 55000 audits and maturity assessments
The only essential component of your journey to ISO 55000 certification is the final certification audit. This is ultimately a pass/fail exercise, where you either do or do not achieve the requirements for certification. Your results will, however, influence the frequency and nature of the subsequent audits to maintain your certification. Details depend on the CAB and the scheme, but usually include the following options:
Follow-up audit – follow-up audit in 3-12 months to ensure minor non-conformities identified during the certification audit have been rectified (i.e. you effectively got a qualified pass on the certification audit).
Surveillance audit – on-going routine audit to ensure continued compliance, usually on a 1-2 year cycle. May have limited scope that varies from year to year.
Re-certification audit – a full repeat of the certification audit, usually infrequently (3-4 years).
You should note that these are in addition to your on-going internal auditing, which will be an essential part of passing the certification as per Clause 9.2. It is also important to be aware that ISO 55000 (and all future ISO management system standards) are more exacting that previous standards. On your surveillance and re-certification audits, you will be required to demonstrate that:
You are actively seeking out and evaluating improvement opportunities, as required by Clause 10.3
That the asset management system is delivering the required organisational outcomes, as required by Clauses 4.3, 4.4 and 9.3
The audit process focusses on collecting evidence of compliance against each clause in the standard. We like to divide this up into the following three categories:
Procedural compliance – evidence that the organisation’s processes meet the requirements of the standard (usually achieved through documented processes, but occasionally via interview responses)
Behavioural compliance – evidence that the workforce is complying with the processes (usually achieved through interviews and workplace observations – e.g. sampling maintenance records from the organisation’s maintenance management systems)
Outcome compliance – evidence that the organisation is achieving its stated goals (usually achieved through interviews with high level staff and corporate documents – e.g. monthly and annual reports)
Collecting this evidence usually consists of three steps:
Preparation – the auditors will obtain and review your documentation and use this to plan out the remainder of the audit process, including:
Identifying focus areas (e.g. any elements of the documentation that are unclear or inadequate)
Identifying interviewees and allocating questions
Identifying workplace observations (meetings, databases to interrogate, processes to observe)
Site visit – the auditors will visit your site and undertake the required interviews and workplace observations. This may lead to further requests for documents, interviews and workplace observations to explore specific issues that arise during the audit.
Analysis and reporting – the auditors will review their results, finalise their assessments and prepare a report. This must include a list of any non-conformances, but should also include strengths and observations. Based on this report, they will make their findings and issue a certificate (or not!). Note that further evidence may be required during this step in order to resolve any issues (e.g. conflicting findings from different auditors).
An assessment must be made for each “shall” statement in ISO 55001:2014 – 177 as we count them. Further, most assessments will be made on the basis of several pieces of evidence, including multiple interview responses. This may sound like a laborious process and it is – the minimum team size you should expect is two and the minimum duration (for VERY small organisations with one critical asset) is about three days. Lloyds of London took three months to complete the certification audit for London Underground. This is probably at the upper limit of audit duration, but you should remember the long-term benefits on offer and be extremely wary of “cheap and cheerful” audit options. You may not get what you expect…
Certification assessments, as mentioned earlier, simply indicate, via pass-fail criteria, whether your organisation meets the minimum requirements for certification. For those organisations interested in improvement, rather than just certification, a maturity assessment will give more information to guide future improvement activities.
As an example, the IAM has prepared a “Self-Assessment Methodology” or SAM Tool for use by both auditors and internal staff. This and other similar tools have scripted questions that must be answered and a maturity scale against which to score the responses. This turns the pass/fail requirement for certification into a more useful tool for identifying and prioritising improvement opportunities. The following table illustrates the concept.
|Innocent||0||The organisation has not recognised the need for this requirement and/or there is no evidence of commitment to putting it in place.|
|Aware||1||The organisation has identified the need for this requirement, and there is evidence of intent to progress it.|
|Developing||2||The organisation has identified the means of systematically and consistently achieving this requirement, and can demonstrate that these are being progressed with credible and resourced plans in place.|
|Competent||3||The organisation can demonstrate that it systematically and consistently achieves relevant requirements.|
|Optimising||4||The organisation can demonstrate that it is systematically and consistently optimising its asset management practice in line with the organisation’s objectives and operating context.|
|Excellent||5||The organisation can demonstrate that it employs the leading practices and achieves maximum value from the management of its assets, in line with the organisation’s objectives and operating context.|
Other audits and maturity assessments
While the certification audit is the only audit activity required for certification, we have typically found that there is value in putting additional formal reviews/audits into an organisation’s asset management journey to ensure that the work being done is effective and moving the organisation in the right direction. These might include the gap assessment and readiness assessment in our roadmap and are also often referred to as pre-certification audits. All such activities are risk mitigation activities. They represent the investment of a moderate amount of resources to ensure that the effort being expended in pursuing certification is not being wasted. As such, most audits and assessments will follow the same basic process as described above, but with some specific requirements to match their role in the asset management journey:
The level of detail should increase as certification approaches, so that resources are not wasted looking for detailed evidence that is unlikely to exist in the early stages of the journey (for example, readiness assessments are usually short and seek to identify missing or inadequate processes rather than non-compliance with good processes)
While the certification is pass/fail, the interim assessments should use a maturity scale so that future development work can be prioritised
Ideally, the assessments will produce a proposed/amended roadmap for progress to certification
It is entirely possible to conduct most of the initial assessments using internal resources and to only call on the CAB for the certification audit itself, however most organisations have the CAB conduct a pre-certification audit as well. In addition, where internal expertise is limited, there can be significant benefit from engaging a separate consulting organisation to advise and assist you on your asset management journey. Note, however, that the conflict of interest requirements in the ISO framework strictly prohibit the CAB from filling this role, even if using entirely different staff.
Certification is an arduous process, which is why we only recommend it to those clients that have a clear business case. If you are in that situation, then we would suggest the keys to success are:
Keep the business case in mind (both benefits and likely resources)
Select a certification scheme that is appropriate to that business case, particularly ensuring that it is recognised by your key stakeholders (regulators, customers, etc)
Find a CAB that is accredited and can offer an audit team with the right credentials, experience and personality to work effectively with your organisation
Include resources for risk-mitigating assessments in your journey and consider engaging external expertise to guide you on this journey
Good luck and happy auditing! If you believe you need assistance to prepare for or undertake a certification audit, we would be delighted to hear from you.
Looking for further training in ISO 55001 certification?
We offer a range of asset management courses, some of which specialise in ISO 55001 deliverables. If you are interested in reading more about our courses, you can do so by following the links below.
 Hodkiewicz, M.J. 2015, ‘Asset management – quo vadis (where are you going)?’, International Journal of Strategic Engineering Asset Management, 2, 4, pp. 313-327.