The 10 steps to certification
Sept. 4, 2025
Team uComply
Certification is all about structure, understanding and documentation. The route to that is virtually identical for any standard or norm and can be described in 10 steps. That makes it extra important to work with a compliance system that supports multiple norms and standards. This way you avoid duplication of work, maintain an overview and can switch efficiently between different certification processes.
10 generic steps to certification - regardless of standard or norm
Achieving certification is an important step for organizations that want to professionalize their processes, manage risks and project confidence to customers and partners. Whether it is ISO 27001, NEN 7510, ISO 9001, or another standard, the process requires structure, insight and documentation.
The 10 steps we describe below are generically applicable to almost any standard or norm. This means that with a good basic approach, you can prepare for multiple certifications. It is therefore essential to work with a system that supports multiple standards so that you can avoid duplication of effort, document consistently and switch efficiently between different pathways.
Step 1: general inventory of the scope
The first step is to define the scope of your management system. This includes analyzing internal and external factors (context analysis), identifying stakeholders and their expectations, and defining the scope of the system.
Important because a clear scope eliminates confusion and ensures that your ISMS (or other system) matches the reality of your organization.
uComply helps with templates and tools for context analysis, stakeholder mapping and scope description.
Step 2: implementing the risk analysis
Risk analysis is at the heart of many standards. You identify risks, assess them and determine measures.
Important because without an understanding of risk, you cannot take appropriate management measures.
uComply helps with a clear method for identifying and weighing risks. But also linking risks to related control measures. Traceable and plannable.
Step 3: policy
You establish policies that guide your system, and define roles and responsibilities.
Important because policies ensure consistency and clarity. Roles ensure that tasks and responsibilities are well distributed in the process.
uComply helps with templates for policies, role descriptions and procedures. Roles can be linked directly in the system.
Step 4: competencies and communication
Support within the organization and integration into its own processes is essential for an effective route to certification.
Important because a compliance management system only works if people know what is expected of them and how to act.
uComply helps with templates for communication plans and awareness actions.
Step 5: operational activities plans
You plan the implementation of processes and measures resulting from your policy and risk analysis.
Important because without planning there is no structure. Activities must be demonstrable and repeatable.
uComply helps with a clear planner menu where you can capture, assign and track operational tasks.
Step 6: performance measurements and audits
You measure whether your system is working as intended, and conduct internal audits to identify areas for improvement.
Important because to measure is to know. Audits ensure continuous improvement and preparation for external audits.
uComply helps with clear dashboards, and a clear and transparent method for measuring and recording audit findings.
Step 7: improvements transit
You implement improvement measures based on findings from audits, reviews and measurements.
uComply helps with a clear method for recording and managing improvement proposals where you can capture, track and document actions.
Important because continuous improvement is a core principle of virtually every standard.
Step 8: management review
Management periodically evaluates and makes decisions about improvements.
Important because without management involvement, an organization lacks support and direction for certification.
uComply helps with guidelines for the management review and an overview of all relevant inputs (audits, performance, risks).
Step 9: implementation and assurance
You will ensure that policies, processes and work instructions are implemented and secured in the organization.
Important because without implementation, the system is just paper. Assurance ensures durability and reliability.
uComply helps with templates, workflows and dashboards for implementation, internal audits, reviews and certification preparation.
Step 10: certification
After going through all the preliminary steps, the time has come: your organization is ready for the external audit and certification. This is the official proof that you meet the requirements of the chosen standard(s), such as ISO 27001, NEN 7510 or ISO 9001.
Important because certification shows that your organization is serious about quality, information security or other relevant topics.
uComply helps because thanks to the modular structure of uComply.cloud, you can easily switch between different standards, without duplication of effort. This way you are not only ready for one certification, but immediately lay a solid foundation for future pathways.
In the coming weeks, we will dive deeper into each step. We show you how uComply.cloud helps you concretely with practical examples, tips for documentation, smart tools and efficient workflows. Together, we make the road to certification not only feasible, but also manageable and clear.
Our mission to compliance
Ensuring availability, integrity and confidentiality
With the uComply App, you ensure that data is protected and only available in your organization's Microsoft 365 environment.
Innovative AI technology
uComply Bot uses advanced AI technology to provide smart answers and enhanced user instructions, with, of course, live support from the uComply team.
Seamless integration
Integrates seamlessly with Microsoft 365 making uComply a versatile and efficient choice for businesses of all sizes.
