Here’s something I’ve seen again and again: after a company earns its ISO 22000 certificate, the team breathes a huge sigh of relief—and then quietly wonders, “How do we maintain this without slipping backward?”
The truth is, maintaining your certification is far easier than getting it. But only if you understand how surveillance audits work and what certification bodies look for during those annual visits.
In this guide, I’ll break down exactly what you can expect each year, what auditors check, the common issues that catch companies off guard, and the simple practices that keep you audit-ready without stress.
Now that we’ve set the stage, let’s look at what surveillance audits really are and why they matter.
What ISO 22000 Surveillance Audits Are and Why They Matter (Annual Compliance Requirements)
Surveillance audits are annual check-ins that ensure your Food Safety Management System is still working as intended. Think of them as health checks—not full system rebuilds, but essential for keeping everything functioning properly.
Most certification bodies follow a standard cycle:
Year 1 Surveillance after certification
Year 2 Surveillance the following year
Recertification in Year 3
Surveillance audits focus on whether your processes remain consistent, your HACCP plan is still valid, and your PRPs continue to operate effectively.
Common Mistake: Treating surveillance as “lighter” than the initial audit. Auditors still expect strong evidence and real implementation.
Surveillance isn’t something to fear—it’s your proof that the system is alive and maintained.
What Certification Bodies Check During an ISO 22000 Surveillance Audit (Key Focus Areas)
Surveillance auditors don’t recheck everything from scratch. Instead, they zoom in on areas that show whether your system is truly functioning.
Here’s what they typically focus on:
PRP effectiveness: Cleaning, maintenance, pest control, hygiene, allergen control.
HACCP performance: Monitoring results, deviations, corrections, and verification.
Corrective actions: Whether issues were solved completely, not just patched.
Internal audit results: Are you identifying and addressing your own gaps?
Management review decisions: Evidence that leadership remains engaged.
Regulatory updates: How you incorporate new legal requirements.
Changes in processes: New equipment, new products, new layouts.
Pro Tip: Surveillance audits rely heavily on records. Clean, complete records make the process smooth.
Auditors want to see proof—not promises.
Common Nonconformities Found During ISO 22000 Surveillance Audits (And How to Avoid Them)
Surveillance findings tend to cluster around a few predictable areas. Knowing them ahead of time saves you hours of stress later.
Here are the issues I see most often:
Missing or incomplete monitoring records for CCPs or OPRPs.
Weak corrective-action documentation with unclear root causes.
Outdated flow diagrams that don’t match the actual process.
Gaps in PRP implementation, especially cleaning or allergen controls.
Training lapses, where staff haven’t been refreshed on key procedures.
Calibration issues with thermometers, scales, or critical instruments.
A quick anecdote: I once supported a facility that had spotless documentation—but forgot to update its PRPs after rearranging equipment on the production floor. It resulted in a major nonconformity, even though the team was otherwise performing well. A simple update would have prevented it.
Most surveillance findings come from changes left undocumented.
How to Prepare for ISO 22000 Surveillance Audits Year-Round (Practical, Real-Life Strategies)
You don’t need a huge annual push to prepare for surveillance. Consistency wins.
A simple rhythm will keep you audit-ready every day of the year:
Monthly: Review key HACCP and PRP records.
Quarterly: Conduct internal spot-checks and walk-throughs.
Semi-annually: Validate controls and review changes.
Annually: Perform the full internal audit and management review.
This structure prevents last-minute stress and keeps your system aligned with how you actually operate.
Pro Tip: Maintain an “evidence binder”—digital folders work great. Every time you update a record, drop it in. Come audit time, everything is already in one place.
Audit readiness becomes effortless when you treat it as ongoing housekeeping rather than a major annual project.
Internal Audits & Management Review: Your Best Insurance Against Surveillance Findings
If there are two activities that strengthen your system more than anything else, it’s these:
Internal audits
Management review
Certification bodies expect both to be meaningful, not just ticked off a checklist.
A strong internal audit should:
Test your PRPs
Review HACCP performance
Sample records across shifts
Check staff awareness
Identify improvement opportunities
Management review, on the other hand, ensures leadership stays informed and engaged in the FSMS.
Common Mistake: Conducting internal audits just to satisfy the requirement. When done properly, internal audits prevent the majority of surveillance nonconformities.
These two activities signal the health of your entire system.
Managing Changes Effectively: How Modifications Trigger Surveillance Auditor Scrutiny
Any change in your facility or operations can affect food safety, which is why auditors pay close attention to how you manage them.
Common changes that require action:
New products or formulations
New equipment or layouts
Supplier changes
New staff roles
Updated regulations
Process modifications
Every change should trigger a review of your HACCP plan, PRPs, and documentation.
Pro Tip: Notify your certification body if a major change alters your scope. It prevents scope-related issues during surveillance.
Change isn’t the problem—unmanaged change is.
Corrective Actions After Surveillance Audits: Closing Findings Quickly and Cleanly
If the auditor identifies a nonconformity, don’t panic. Surveillance findings are normal. What matters is how effectively you address them.
A strong corrective action includes:
Root cause analysis: Why did it happen?
Correction: What you fixed immediately.
Corrective action: What prevents recurrence.
Verification: Proof that it worked.
Most certification bodies give 30–90 days for closure.
Common Mistake: Fixing the symptom but ignoring the root cause. When this happens, findings repeat the following year.
Clean corrective actions demonstrate maturity in your food safety system.
How to Work Smoothly With Your Certification Body (Communication, Evidence Sharing, Timelines)
Maintaining a good relationship with your certification body makes every audit easier.
Here’s what smooth communication looks like:
Responding promptly to pre-audit requests
Organizing evidence in advance
Clarifying any changes to your scope
Asking questions when something is unclear
Staying ahead of deadlines for corrective actions
Pro Tip: Keep a simple audit calendar with reminders for internal audits, management reviews, and record checks.
Your certification body becomes easier to work with when you’re predictable and well-prepared.
FAQs: Maintaining ISO 22000 Certification & Surveillance Audits
Are surveillance audits easier than initial certification audits?
They’re shorter, but not necessarily easier. Auditors focus on real records and day-to-day practice.
Do we need a full internal audit every year?
Yes. Certification bodies expect one complete cycle annually.
What happens if we fail a surveillance audit?
You may need follow-up audits or additional verifications. Severe or persistent issues can lead to suspension.
Conclusion: Staying Audit-Ready and Confident Throughout Your ISO 22000 Certification Cycle
Maintaining ISO 22000 certification doesn’t have to be stressful. When you stay consistent with records, internal audits, and updates to your HACCP plan and PRPs, surveillance audits become straightforward.
Over the years, I’ve seen that the organizations who treat food safety as part of daily operations—not an annual event—sail through surveillance with confidence.
If you want a year-round maintenance checklist or a simple monthly compliance schedule, I can help you build one tailored to your operations.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
