What Your Organisation Should Know About the Certification Audit Cycle
Implementing a Quality Management System (QMS) under ISO 9001:2015 requirements means consulting with a certification body.
This involves learning what your organization must do to certify your management system as compliant with the requirements.
There are processes your organization will face:
- documentation audit;
- certification audit;
- a cycle of surveillance audits;
- re-certification audit
They could prove tiresome and complex. But to help your organization overcome these audits, QSE Academy made this brief discussion to explain what to expect at audits.
The Processes of Certification and Certification Audit
The 3-year certification cycle is used for organizations certified against ISO 9001. However, there are some possible amendments.
For example, your organization should begin with a documentation audit if you have implemented your QMS and are having your first certification.
Consequently, a certification body’s auditor will review all of your organization’s documentation.
The auditor will then compare it to the ISO 9001:2015 standard requirements, to validate that what your organization has documented fulfills the standard’s requirements.
You can only schedule a certification audit once the documentation is confirmed.
Next, a certification body will conduct an on-site audit of all of your organization’s QMS processes. It will issue your ISO 9001:2015 certification if you have completely addressed any corrective actions.
Note that there will be on-site surveillance audits for the next two years. This is until your re-certification audit on your cycle’s third year.
Furthermore, most certification bodies execute one surveillance audit per year. Yet, this could be more often if your organization negotiates with the certification body.
As long as you are maintaining your current certification with the same certification body, you will not need to go back to the certification audit.
However, you will have to transfer an audit if you change certification bodies or your version of the ISO 9001 standard. It involves a full audit where old certificates are withdrawn to issue new certifications.
For instance, some organizations are shifting from ISO 9001:2008 to ISO 9001:2015.
What Does a Surveillance Audit Cover?
Surveillance audits, certification audits, and re-certification audits have things in common:
- On-site audits performed by a certification body;
- Will have corrective actions issued that must be tackled;
- Will have an audit report issued to your organization as the audit’s record.
The main difference is the number of hours allocated to the audits’ processes.
For the certification and re-certification audits, certification body’s auditors will check for conformance to the ISO 9001 standard.
This involves assessing the implementation of every process within your QMS, company documentation, process effectiveness, and constant improvement.
It usually takes several days for many auditors to finish the process. Hence, the size of your organization and the number of processes within your QMS impact the duration of the audit.
Meanwhile, a surveillance audit will spend less time on only some portions of your organization’s QMS processes, rather than everything.
It will look at key processes like internal audit, management review, and corrective actions. Afterward, it will check some of the remaining processes within your organization’s QMS.
Additionally, surveillance auditors may look at a portion of the whole organization. For instance, an auditor may only assess selected sites or certain production lines.
Typically, auditors use the square root rule. In this way, an organization with 25 branches will only have 5 sites included in the audit.
Thus, surveillance audits will take less time to finish.
Lastly, certification bodies aim to audit all of the processes and business sites at least once within the QMS during the two-year surveillance cycle.
Importance of Certification Body Audits
Surveillance audits and certification audits have the same amount of significance.
Both audits require your organization to execute internal audits for all processes as per your audit schedule. You will also make necessary improvements or corrections.
Remember that your organization can lose certification if a major non-conformance found during a certification audit is not addressed.
Therefore, certification body audits can provide different improvement opportunities. Similarly, information from surveillance audit reports can be used to improve your organization.
- Documentation audit
- Certification audit
- Year one surveillance audit
- Year two surveillance audit
- Re-certification audit
Browse through our packages and you’ll see various ways to assist your journey towards ISO 9001:2015 surveillance audits.