Getting your ISO 22716 certificate is a big win — but keeping it is where the real work begins.
In my experience, many cosmetic manufacturers breathe a sigh of relief after certification, then slowly slip back into old habits. The problem? Surveillance audits don’t go away. Every year, your certification body will come back to make sure you’re still meeting the standard.
This article walks you through what surveillance audits are, what auditors check, and how to stay ready year-round without turning every audit into a fire drill.
Understanding Surveillance Audits in ISO 22716
A surveillance audit is like your annual health check — a way to confirm your Good Manufacturing Practices (GMP) are still alive and well. Certification bodies typically schedule these audits once a year during your three-year certification cycle.
These follow-ups are shorter than your original certification audit, but make no mistake — they’re just as detailed. Auditors focus on consistency: are you still following the procedures you documented during certification?
Pro Tip: Don’t think of surveillance audits as something to “get through.” Use them to identify small issues before they become costly problems.
Common Pitfall: Some companies relax after certification and stop updating records or training logs. When the auditor returns, they find gaps that could have been avoided with simple monthly reviews.
What Certification Bodies Look for During Surveillance Audits
Surveillance audits are less about paperwork and more about proof of practice. Here’s what auditors focus on most:
Implementation Consistency: Are you actually following your documented procedures?
Changes in Scope or Operations: Have you added new products, processes, or locations since your last audit?
Effectiveness of Corrective Actions: Did you close out previous non-conformities properly?
Staff Training & Competence: Are your people still trained and aware of GMP requirements?
Internal Audits & Management Reviews: Have you completed your yearly internal audit and management review?
Pro Tip: Keep an “Audit Readiness Folder” — a single place (physical or digital) for your latest procedures, CAPA logs, training records, and equipment maintenance reports.
Common Pitfall: Leaving documentation scattered across departments. When auditors ask for records, nothing slows the audit down like five people searching for one file.
Annual Surveillance Audit Timeline & Process
Most certification bodies give you a few weeks’ notice before a surveillance audit, but staying ready all year is far easier than rushing once you get that email. Here’s what typically happens:
Before the Audit: You’ll receive a notification 6–8 weeks in advance. Use this time to review your last audit report, ensure corrective actions are verified, and update any SOPs that changed.
During the Audit: Auditors will spend 1–2 days on-site. They’ll observe operations, interview staff, and check random records. Expect focused sampling rather than a full system review.
After the Audit: You’ll get a report outlining findings and any new non-conformities. You’ll usually have 30–60 days to submit corrective actions with evidence.
Pro Tip: Maintain a rolling action log. It makes pre-audit prep effortless because you’re always up to date.
Common Pitfall: Waiting until the notification arrives to start preparing. It’s stressful, reactive, and often leads to avoidable non-conformities.
How to Prepare for ISO 22716 Surveillance Audits
Keeping your certification shouldn’t feel like starting from scratch every year. Here’s what a proactive approach looks like:
Update SOPs annually, even if it’s just a version review.
Conduct one internal audit per year — ideally six months before your surveillance audit.
Hold a management review meeting to discuss audit results, CAPAs, and process improvements.
Verify all records — cleaning logs, calibration reports, and batch records should be current and signed.
Refresh staff training regularly, especially for new hires or role changes.
Track operational changes (new lines, suppliers, or formulations). Auditors will ask about them.
Pro Tip: Keep a shared folder labeled “Surveillance Audit Ready.” Drop in your latest records and reports throughout the year — not just before the audit.
Common Pitfall: Ignoring new team members. Auditors will often question them, and gaps in GMP awareness can easily lead to minor findings.
Common Findings During Surveillance Audits
Even well-prepared companies can get caught by recurring issues. Here are the usual suspects:
Procedures updated on paper but not in practice.
Missing or unsigned training records.
Outdated maintenance and calibration logs.
CAPAs that weren’t fully implemented.
Weak traceability for raw materials or packaging batches.
Pro Tip: Revisit your previous audit report before every internal audit. It’s the simplest way to ensure you’re not repeating old mistakes.
Common Pitfall: Assuming “no complaints” means full compliance. Auditors expect documented monitoring — not just verbal assurance.
Why Surveillance Audits Strengthen Your GMP System
A lot of companies dread surveillance audits — but the best ones use them as performance reviews.
Regular follow-up audits push your team to stay sharp and maintain clean, traceable, well-documented processes. They also demonstrate to clients and regulators that your system is more than a certificate — it’s part of your company culture.
Real Example: One cosmetics brand I worked with used feedback from their surveillance audit to overhaul supplier management. Within six months, they reduced supplier-related deviations by 30%. That’s continuous improvement in action.
FAQs: Maintaining ISO 22716 Certification
How often are surveillance audits conducted? Once per year during your three-year certification cycle. After that, a full re-certification audit is required.
Do surveillance audits cover everything? Not always. Auditors sample high-risk areas, key processes, and previous findings — but they can expand scope if major changes occurred.
Can we lose certification if we fail a surveillance audit? Yes, but it’s rare. Certification can be suspended or withdrawn if major non-conformities go unresolved or corrective actions aren’t effective.
Conclusion: Stay Audit-Ready, All Year Round
Maintaining ISO 22716 certification isn’t about scrambling before an audit — it’s about consistency. When you treat GMP as part of daily operations, surveillance audits become just another day at work.
The key is staying organized, training regularly, and keeping records fresh. That way, when your auditor walks in, you’re not preparing — you’re simply proving what you already do.
If you’d like help setting up a Surveillance Audit Calendar or need a Readiness Checklist, we can help you create one tailored to your business. [Download Checklist] or [Book a Consultation] to keep your ISO 22716 certification running smoothly year after year.
👋 Hi, I’m HAFSA, and for the past 12 years, I’ve been on a journey to make ISO standards less intimidating and more approachable for everyone.
Whether it’s ISO 9001, ISO 22000, or the cosmetics-focused ISO 22716, I’ve spent my career turning complex jargon into clear, actionable steps that businesses can actually use.
I’m not here to call myself an expert—I prefer “enthusiast” because I truly love what I do.
There’s something incredibly rewarding about helping people navigate food safety and quality management systems
in a way that feels simple, practical, and even enjoyable.
When I’m not writing about standards, you’ll probably find me playing Piano 🎹, connecting with people, or diving into my next big project💫.
I’m an engineer specialized in the food and agricultural industry
I have a Master’s in QHSE management and over 12 years of experience as a Quality Manager
I’ve helped more than 15 companies implement ISO 9001, ISO 22000, ISO 22716, GMP, and other standards
My clients include food producers, cosmetics manufacturers, laboratories, and service companies
I believe quality systems should be simple, useful, and efficient.
