What is a Management System?
A management system is a structured set of policies, procedures, processes, responsibilities, resources, and practices that an organization adopts to achieve and maintain specific objectives (e.g., product/service quality, environmental management, occupational health and safety, information security). An effective management system allows an organization to standardize behaviors, reduce variability, demonstrate compliance with regulatory requirements, and improve its ability to respond to risks and opportunities.
Why certify a Management System?
Certifying a Management System through an independent body such as ACSQ S.r.l. yields a wide range of benefits, both technical and image-related. In addition to establishing full compliance with the requirements of a Standard, a certified System provides authority and professionalism. The main practical benefits include: greater credibility with customers and suppliers, access to markets and tenders requiring certification, continuous process improvement, reduction of waste and incidents, and enhanced risk management capabilities.
What are the most common Standards?
Corporate standards are approved technical documents that define precise rules, specifications, or guidelines for products, services, processes, and systems. Their main purpose is to ensure quality, safety, and efficiency by creating a common language and ensuring repeatable performance. Most global standards are developed by the International Organization for Standardization (ISO). Here is a list of the most common ones:
- ISO 9001 (Quality): The reference standard for implementing a QMS (Quality Management System) based on Risk-based thinking and the process approach. The standard defines the requirements to ensure that the organization can consistently provide products or services that meet customer and applicable statutory and regulatory requirements.
- ISO 14001 (Environment): A standard specifying requirements for an EMS (Environmental Management System), enabling the organization to identify, evaluate, and manage its environmental aspects and significant impacts from a Life Cycle Perspective. It requires the definition of an environmental policy, planning of measurable objectives for the improvement of environmental performance, and assurance of legislative conformity (compliance obligations). It does not impose specific performance criteria but provides a structural framework for ecological risk mitigation and pollution prevention.
- ISO 45001 (Occupational Safety): The first international standard defining requirements for an Occupational Health and Safety (OH&S) Management System. The goal is to provide organizations of all sizes and sectors with a structured framework to: Proactively prevent work-related injuries and ill-health; Ensure safe and healthy workplaces for employees and visitors; Improve safety performance through the identification and management of risks and opportunities.
- ISO 27001 (Information Security): An international standard defining requirements to establish, implement, maintain, and improve an ISMS (Information Security Management System). The technical focus is on protecting information assets through risk management, ensuring the three core principles of logical and physical security: Confidentiality, Integrity, and Availability (CIA Triad). The standard requires the drafting of a Statement of Applicability (SoA) in which the company selects security controls (from those listed in Annex A) necessary to mitigate vulnerabilities and threats identified during the risk assessment.
Is ACSQ S.r.l. an accredited body?
Yes. ACSQ S.r.l. is an accredited body for the issuance of System Certifications for the ISO series, Gender Equality, and PAS 24000. ACSQ S.r.l. is an Italian company operating in compliance with the UNI CEI EN ISO/IEC 17021 standard, which defines the Requirements for bodies providing audit and certification of management systems. The relevant Accreditation Certificate can be consulted on the corporate website at www.acsq.it.
Which certifications does ACSQ S.r.l. issue?
ACSQ S.r.l. is capable of issuing the following System certifications:
- ISO 9001 Certification (Quality): The most widespread standard indicating a series of rules and guidelines necessary for the realization of a Quality control and management system in an organization's production processes.
- ISO 14001 Certification (Environment): Identifies a series of rules, guidelines, and references useful for building a system capable of managing and controlling environmental policies, the primary objective of which is to reduce the impact and repercussions of corporate activities on the surrounding environment.
- ISO 27001 Certification (Information Security): Identifies a series of rules and guidelines necessary for the realization of an Information Security Management System. The standard includes aspects related to the logical, physical, and organizational security of information.
- ISO 45001 Certification (Occupational Health and Safety): Defines the requirements and duties necessary to obtain a management system for the health and safety of workers in the workplace, thereby preventing potential risks and reducing the incidence of accidents and occupational diseases in work environments and on corporate productivity.
- UNI/PDR 125:2022 Certification (Gender Equality): This standard promotes the elimination of gender discrimination and the adoption of policies and practices that favor fair treatment and opportunities for both genders, actively promoting equality at work.
- PAS 24000 Certification (Social Management System): Establishes minimum requirements in key areas such as labor relations, human rights, health, safety, and business ethics, contributing to ensuring equal, adequate, and sustainable social performance.
The list above may not be exhaustive regarding the certifications offered; therefore, it is advisable to consult the dedicated system certifications web page, which is always updated.
What is the duration and structure of the certification cycle?
Each certification cycle has a standard duration of 3 years and follows a rigorous structure defined by international accreditation standards. During this cycle, the company commits to ensuring continuous compliance with the reference Standard and the timely resolution of any Non-Conformities detected by auditors, under penalty of certificate suspension or withdrawal. The certification issued by ACSQ S.r.l. is typically valid for three years. The process is articulated as follows:
- Initial Audit (Stage 1: document review; Stage 2: on-site verification);
- Periodic surveillance audits to confirm the maintenance of requirements;
- Recertification audit (renewal) at the end of the three-year cycle.
Surveillance audits aim to verify that the system continues to be effective and that corrective actions for any detected non-conformities have been implemented. For more information and details on certification procedures, please refer to the internal Contractual Conditions document.
What are Audit Stage 1 and Stage 2, and what should be expected?
Stage 1 is a preliminary assessment focused on documentation, the organization's context, applicable legal requirements, and general preparedness: the goal is to confirm that the client is ready for Stage 2.
Stage 2 is the main audit, involving on-site verification of processes, staff interviews, examination of records, and observation of operational activities. At the end of Stage 2, any non-conformities are determined, and recommendations are made to the Technical Committee.
How to manage potential Non-Conformities (NCs)?
Non-Conformities are findings indicating a failure to fulfill requirements of the standard or the management system. They are generally distinguished into minor and major:
- Minor NCs: Limited deficiencies that do not compromise the system as a whole; they require correction and a corrective action plan with evidence of implementation.
- Major NCs: Issues indicating a significant failure in the system's effectiveness and may require additional audits or the refusal/deferral of certification.
ACSQ S.r.l. requires the submission and verification of corrective actions within established deadlines; failure to resolve them may result in the suspension or withdrawal of certificates.
What does the Technical Committee do, and what is its role?
The ACSQ S.r.l. Technical Committee reviews auditor reports (Stage 1 and Stage 2), evaluates the adequacy of the collected evidence, and makes the final decision regarding the granting, maintaining, suspending, or withdrawing of the certificate. The Committee provides independent oversight on the quality of the decision-making process and ensures that decisions are based on evidence and documented criteria.
How do surveillance visits take place?
Surveillance visits serve to check the continued effectiveness of the management system during the certificate's validity period. ACSQ S.r.l. schedules at least two visits during the three-year period: the first within 12 months of the certification decision and the second in the following calendar year. During surveillance, progress on corrective actions, management of any changes, regulatory compliance, and performance indicators related to the scope of certification are verified.
What do certificate suspension or withdrawal entail?
Suspension is a temporary measure that invalidates the use of the certificate and logo until the removal of the causes that led to the suspension (e.g., non-payment, unresolved NCs, impediment to audits). If the situation is not resolved within the deadlines (typically 6 months), ACSQ S.r.l. may proceed with the withdrawal (revocation) or reduction of the scope of certification. During suspension/withdrawal, the organization must cease all public reference to the certificate. For further details on suspensions and withdrawals, please refer to the internal Contractual Conditions document.
What are the costs and payment methods?
Costs are communicated in the acceptance document (contract) and include fees for the initial evaluation, surveillance, travel expenses, and board and lodging for personnel. The rates shown are VAT excluded and usually require advance payment for visits. Cancellation beyond the deadlines may result in penalties (e.g., flat-rate amount indicated in the contract). Non-payment may affect the possibility of issuing/using the certificate and may lead to its suspension or withdrawal.
How are complaints and appeals handled?
Complaints against ACSQ S.r.l. must be sent to the Management via PEC (Certified Email) or registered letter. ACSQ S.r.l. confirms receipt within 5 working days and communicates the outcome within 30 working days from the last communication received. Appeals against decisions of the certification body must be presented within 14 days of communication, with details and supporting documentation; the procedure foresees management times and a final decision by the Technical Committee.
What are the client's obligations after certification is issued?
The client must maintain the effectiveness of the management system, implement corrective actions, record and manage complaints received from their own customers, and promptly communicate any significant changes to the certification body (e.g., corporate structure, addresses, scope, sites, legal proceedings impacting certification). They must also respect the rules on the use of the logo and certificate and retain the evidence required for surveillance audits.
Why is Management System certification useful?
Certification by an independent body provides external and impartial validation that the system meets the requirements of the standard. This increases the confidence of customers, stakeholders, and authorities. Furthermore, certification helps identify gaps that might not emerge from internal audits, promoting measurable improvements and comparability between organizations.
How can the logo be used and what are the limitations?
The use of the ACSQ logo is permitted only for activities included in the scope of certification and in accordance with the Mark Usage Regulations for certificates and logos. It is forbidden to use the certificate or logo in a misleading manner (for example, indicating unverified scopes) or during periods of suspension. Improper use may result in claims for damages.
Who can I ask for further information?
The ACSQ S.r.l. information office is available to answer any user questions and doubts. You can contact the information office via email (
Download the PDF version of the ACSQ S.r.l. FAQ.