What are you looking for?
ISO 9001 Certification Audits
23 March 2021
The ISO Certification Audit is conducted in two parts, the Stage 1 and Stage 2 Audits, and followed by Surveillance Audits. In this article we'll explain why, and what it means for your business. We'll also take a look at Pre-assessment Audits and discuss whether they're necessary. Equipped with this information, you'll make a better decision when arranging your Certification Audit.
Hire a Registrar
The Certification Audit – and the subsequent issuance of the certificate – is done by an ISO 9001 registrar, also called a certification body. The process starts with you selecting a registrar. Not any registrar but one that fits your company's circumstances because your choice of registrar will have wide-ranging consequences and affect the success of your quality management.
You'll typically enter into a 3-year contract with your registrar. The contract includes the initial certification and subsequent Surveillance Audits. Depending on your preference and the registrar's capabilities, you can choose to have the audit conducted remotely or on-site. No matter if you opt for a virtual or physical audit, the effectiveness and results will be the same.
Pass the Stage 1 Audit
The Certification Audit is conducted in two phases. The first is the Stage 1 Audit. It is used by your registrar to verify your company's readiness for the full Certification Audit, to check your quality management system documentation, and to get an understanding of your organization. During the Stage 1 Audit, your registrar examines documents such as the quality policy, the scope of your quality management system, and your procedures, as well as certain records such as internal audit reports and minutes of management reviews. This audit, which is always conducted remotely, is also referred to as Documentation Audit.
Some certification bodies expand the scope of the Stage 1 Audit past the review of documentation to include a full audit of your operations. As it comes prior to the second phase of your Certification Audit and is meant to evaluate your readiness for the main asssessment, it's called a Pre-assessment Audit. It's similar in scope and cost to the main assessment audit and may be conducted on-site or remotely.
Many registrars don't make the Pre-assessment Audit mandatory but rather sell it as an optional add-on. If you require the peace of mind that this assessment brings, you will be better served by our ISO 9001 Internal Audit Service. It covers the same as the pre-assessment but costs less and includes improvement suggestions and ideas for best practices. Last but not least, it includes our certification guarantee.
Your Stage 1 Audit concludes with an audit report that lists any problems that your registrar identified with your documentation or your quality management system.
Undergo the Stage 2 Audit
Upon satisfactory correction of any identified issues, your registrar will conduct the Stage 2 Audit either on-site or remotely. It's the main part of your Certification Audit and it comprises an extensive assessment of your operations to verify that your ISO system is both effective and in compliance with ISO 9001:2015 requirements. The duration of the Stage 2 Audit is calculated based on your employee count in accordance with the IAF MD5:2019 regulation mandated by the International Accreditation Forum. Small companies with 10 employees, for example, require 2 audit days.
The Stage 2 Audit is performed as a process audit meaning that the auditor follows a sequence of your work activities. Audit activities include the observation of work processes, interviews of workers, managers and executives, and a review of records. The findings are then presented at the closing meeting and formalized in a written audit report.
Virtually every audit results in audit findings. Possible findings are minor and major nonconformities as well as observations. A nonconformity is an issue where your organization fails to comply with an ISO 9001:2015 requirement or with one of its own, internal procedures. A nonconformity could also indicate an issue where your quality management system isn't effective. Observations, on the other hand, don't refer to current problems but may warrant attention in the future.
A few minor nonconformities are normal, and you only need to show an acceptable plan for correcting them. Complete breakdowns of your quality management system in one or more areas result in major nonconformities. Due to their severity, your registrar will conduct a follow-up audit to verify correction before recommending your company for certification.
Receive Your Certificate
Once all nonconformities have been addressed to the satisfaction of the registrar, you successfully passed the two-stage Certification Audit and you'll be issued your certificate. This process takes about 1-2 weeks. Your certificate will list any limitations of scope (for example, if you excluded departments or products), show the marks of the registrar and accreditation board, and the expiration date.
Though your successful passing of the two-stage Certification Audit concludes your initial certification, it is not the last time your certification body audits your organization. To retain certification your company needs to undergo a so-called Surveillance Audit every 6-12 months. Surveillance Audits are similar to the Stage 2 Audit but require only one third of the time. While minor nonconformities are normal during Surveillance Audits, major nonconformities could lead to decertification.
The various phases of the Certification Audit often cause confusion. Particularly when comparing different registrars and their proposals it's helpful to understand the two-stage Certification Audit and the role the Pre-assessment Audit plays. After reading this article, you'll be in a better position to make the right decisions when hiring your registrar. And to make the Stage 2 Audit a success, take a look at our audit preparation tips.
If you enjoyed this article, subscribe for updates
Stay in touch with our free resources on ISO 9001
We won't send you spam. Unsubscribe at any time.
Thanks. Your message has been sent. We'll get back to you as soon as possible.
We'll reply ASAP