What an ISO/IEC 17021-1 Audit Programme Record Really Means
If you manage or support a certification body, you already know how complex audit scheduling can get. Between Stage 1, Stage 2, surveillance, and recertification audits, it’s easy for things to slip. That’s where your audit-programme record becomes essential.
In my experience helping certification bodies prepare for accreditation, this single record often separates an organized CB from one constantly firefighting deadlines. It’s not just a log. It’s a roadmap showing exactly how each client’s certification cycle is planned, tracked, and maintained.
In this guide, we’ll walk through what the audit-programme record must include under ISO/IEC 17021-1, how to build a simple yet compliant template, and what assessors expect to see during accreditation audits.
By the end, you’ll have a clear blueprint for designing a record that’s both compliant and genuinely useful to your team.
Purpose of the Audit-Programme Record (Clause 9.1 Overview)
The audit-programme record does one main thing — it connects all certification activities for each client into a single, traceable cycle.
It’s your evidence that every audit has been properly planned, reviewed, and delivered according to ISO/IEC 17021-1 Clause 9.1. Without it, assessors can’t confirm that your certification decisions are based on a complete cycle of audits.
Here’s what I’ve noticed: too many CBs treat this record like a one-time checklist. But it’s meant to evolve. Each time a scope changes, a site is added, or an audit gets postponed, your record should reflect that immediately.
Pro Tip: Make it a living document. When you review audit schedules each quarter, update the record — not a side spreadsheet.
Common pitfall: Using an outdated version. I once saw a CB get a major non-conformity because their audit-programme record still listed clients who’d been suspended two years earlier.
Example: One CB I worked with linked its audit-programme sheet directly to its client database. Whenever a certification status changed, the record updated automatically — no missed cycles, no surprises during accreditation.
Core Elements Required in an Audit-Programme Record
A strong audit-programme record isn’t complicated. It’s just complete. Here are the must-have elements:
Client identification: legal name, address, and contact
Pro Tip: Always show how audit duration was determined — especially for management-system standards. Assessors cross-check this against IAF MD 5 or equivalent duration rules.
Common pitfall: Leaving out multi-site logic. Each site’s audit activity needs to appear in the same record, even if sampled.
Example: One CB built its record in Excel with drop-down menus for “Audit Type” and “Status.” Assessors loved the traceability and simplicity — it looked professional without being overengineered.
Building the Template – Design and Structure Tips
The best templates are the ones your team actually uses. You don’t need fancy software. A well-designed table can do the job perfectly.
Here’s a simple structure that works for most certification bodies:
One master table for all clients
Columns for client details, standard, audit type, date, duration, auditor, and status
Color coding (green = done, yellow = upcoming, red = overdue)
Automatic man-day calculation formulas
Version number and approval signature line at the top
Pro Tip: Keep filters for year, scheme, and auditor. That way, you can instantly show assessors a subset like “all ISO 9001 audits scheduled for 2025.”
Common pitfall: Managing separate sheets per scheme or per auditor. Integration saves you time and avoids inconsistent data.
Example: A small CB I helped built one unified tracker with tabs for each accreditation body. When JAS-ANZ visited, they could filter the record by scheme — no duplicate files, no confusion.
Linking the Audit-Programme Record to Other ISO/IEC 17021-1 Processes
Your audit-programme record doesn’t stand alone. It links directly to several other clauses:
Clause 9.1.1: Audit programme planning per certification cycle
Clause 9.1.2: Setting objectives, scope, and criteria for each audit
Clause 9.4: Maintaining audit reports and non-conformity records
Clause 9.5: Supporting certification decisions and ongoing maintenance
When assessors check your records, they trace the line from audit planning to audit report to certification decision. If one of those is missing or disconnected, you risk a non-conformity.
Pro Tip: Add hyperlinks from each audit entry to its report file or certification decision note. It shows continuity and makes navigation effortless.
Common pitfall: Treating the record as a standalone form. It’s part of your bigger certification-process chain — not just a planning tool.
Example: One CB used SharePoint so that clicking a client name opened the Stage 2 audit report directly. Their accreditation auditor called it “one of the cleanest linkages” they’d seen.
Common Audit-Programme Record Non-Conformities (and How to Avoid Them)
Accreditation assessors see the same issues repeatedly. Here are the most common — and how to fix them before they appear in your report:
Outdated or incomplete records – Always show current audit status and planned dates.
No rationale for man-days – Document the IAF MD 5 calculation or reference file.
Missing adjustments after scope changes – Update the record immediately when a client adds or removes processes.
No revision control – Add version numbers and approval signatures.
Untraceable auditor assignments – Include auditor codes or initials for every entry.
Pro Tip: Review your audit-programme record quarterly as part of your management-review inputs. It keeps everything clean and defensible.
Example: A CB once discovered during a pre-assessment that three clients had expired certificates due to missed recertification audits. After implementing a quarterly record review, they never missed another deadline.
Sample Audit-Programme Record Template Layout (Practical Example)
Here’s what a simple, compliant layout can look like:
Client Name
Standard
Sites
Audit Type
Planned Date
Duration (Man-days)
Auditor(s)
Status
Findings/Notes
Decision Ref
This layout keeps everything visible and scannable. Add filters, version control, and a revision history section at the bottom.
Pro Tip: Keep a “Last Updated” field. It signals control and accountability.
Example: One accredited CB used this format across all its schemes. During assessment, the lead assessor said, “I can see every client’s cycle in one view.” That’s exactly what you want.
FAQs – ISO/IEC 17021-1 Audit-Programme Record Explained
Q1: Can we keep our audit-programme record in Excel? Yes, absolutely. What matters is control, accuracy, and accessibility — not the software. Many CBs run perfectly on well-managed spreadsheets.
Q2: How long should we retain these records? At least one full certification cycle plus the current one — typically six years — unless your accreditation body specifies longer.
Q3: Do we need a separate record per standard? Not necessarily. A single record can manage multiple standards; just include a column to identify each one.
Making the Audit-Programme Record Work for You
Your audit-programme record isn’t just a requirement — it’s your certification heartbeat. When designed and maintained properly, it helps you stay compliant, avoid late audits, and impress accreditation assessors with your control and transparency.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
