USA / USD
23 March 2021
The ISO assessment is conducted in two parts, the Stage 1 and Stage 2 Certification Audits, and followed by Surveillance Audits. In this article we'll explain why, and what it means for your business. We'll also take a look at Pre-assessment Audits and discuss whether they're necessary. Equipped with this information, you'll make a better decision when arranging your Certification Audit.
The Certification Audit – and the subsequent issuance of the certificate – is done by an ISO 9001 registrar, also called a certification body. The process starts with you selecting a registrar. Not any registrar but one that fits your company's circumstances because your choice of registrar will have wide-ranging consequences and affect the success of your quality management.
You'll typically enter into a 3-year contract with your registrar. The contract includes the initial certification and subsequent Surveillance Audits. Depending on your preference and the registrar's capabilities, you can choose to have the audit conducted remotely or on-site. No matter if you opt for a virtual or physical audit, the effectiveness and results will be the same.
The ISO assessment is conducted in two phases. The first is the Stage 1 Certification Audit. It is used by your registrar to verify your company's readiness for the full assessment, to check your quality management system documentation, and to get an understanding of your organization. During the Stage 1 Certification Audit, your registrar examines documents such as the quality policy, the scope of your quality management system, and your procedures, as well as certain records such as internal audit reports and minutes of management reviews. This audit, which is always conducted remotely, is also referred to as Documentation Audit.
Some certification bodies expand the scope of the Stage 1 Certification Audit beyond the review of documentation to include a full audit of your operations. As it comes prior to the second phase of your assessment and is meant to evaluate your readiness, it's called a Pre-assessment Audit. It's similar in scope and cost to the main assessment audit and may be conducted on-site or remotely.
Many registrars don't make the Pre-assessment Audit mandatory but rather sell it as an optional add-on. If you require the peace of mind that this assessment brings, you will be better served by our ISO 9001 Internal Audit Service. It covers the same as the pre-assessment but costs less and includes improvement suggestions and ideas for best practices. Last but not least, it includes our certification guarantee.
Your Stage 1 Audit concludes with an audit report that lists any problems that your registrar identified with your documentation or your quality management system.
Upon satisfactory correction of any identified issues, your registrar will conduct the Stage 2 Certification Audit either on-site or remotely. It's the main part of the assessment and it comprises an extensive evaluation of your operations to verify that your ISO system is both effective and in compliance with ISO 9001:2015 requirements. The duration of the Stage 2 Certification Audit is calculated based on your employee count in accordance with the IAF MD5:2019 regulation mandated by the International Accreditation Forum. Small companies with 10 employees, for example, require 2 audit days.
The Stage 2 Audit is performed as a process audit meaning that the auditor follows a sequence of your work activities. Audit activities include the observation of work processes, interviews of workers, managers and executives, and a review of records. The findings are then presented at the closing meeting and formalized in a written audit report.
Virtually every audit results in audit findings. Possible findings are minor and major nonconformities as well as observations. A nonconformity is an issue where your organization fails to comply with an ISO 9001:2015 requirement or with one of its own, internal procedures. A nonconformity could also indicate an issue where your quality management system isn't effective. Observations, on the other hand, don't refer to current problems but may warrant attention in the future.
A few minor nonconformities are normal, and you only need to show an acceptable plan for correcting them. Complete breakdowns of your quality management system in one or more areas result in major nonconformities. Due to their severity, your registrar will conduct a follow-up audit to verify correction before recommending your company for certification.
Once all nonconformities have been addressed to the satisfaction of the registrar, you successfully passed the two-stage certification assessment and you'll be issued your certificate. This process takes about 1-2 weeks. Your certificate will list any limitations of scope (for example, if you excluded departments or products), show the marks of the registrar and accreditation board, and the expiration date.
Though your successful passing of the two-stage assessment concludes your initial certification, it is not the last time your certification body audits your organization. To retain certification your company needs to undergo a so-called Surveillance Audit every 6-12 months. Surveillance Audits are similar to the Stage 2 Certification Audit but require only one third of the time. While minor nonconformities are normal during Surveillance Audits, major nonconformities could lead to decertification.
The various phases of the Certification Audit often cause confusion. Particularly when comparing different registrars and their proposals it's helpful to understand the two-stage Certification Audit and the role the Pre-assessment Audit plays. After reading this article, you'll be in a better position to make the right decisions when hiring your registrar. And to make the Stage 2 Certification Audit a success, take a look at our audit preparation tips.
If you enjoyed this article, subscribe for updates
Stay in touch with our free resources on ISO 9001
We won't send you spam. Unsubscribe at any time.
Thanks. Your message has been sent. We'll get back to you as soon as possible.
We'll reply ASAP