It’s not easy for an organization to implement the International Organization for Standardization (ISO) 9001 and obtain an ISO certification for the standard. But just because you’ve achieved ISO 9001:2015 (the latest version) certification, doesn’t mean your work is done.
That’s because your company has to be continually audited to ensure it still meets the requirements of the ISO 9001 standard.
ISO 9001 is the international standard that details the requirements necessary to create a quality management system (QMS). A quality management system focuses around providing products and services that meet customer needs, along with industry and government regulations. ISO 9001 is the most popular of the ISO 9000 series of ISO standards and the only ISO standard in the 9000 series that offers a certification.
To be certified in ISO 9001, you have to prepare your organization. First, perform an internal audit to provide information about your level of compliance and the condition of the entire system. Top management can use this information and other pertinent data about the QMS to make decisions that result in the continual improvement of the system.
Then, you have to submit to a series of audits performed by an independent organization called a certification body. These third-party auditors perform certification audits to determine if your organization’s processes, products, services, and customer satisfaction levels meet the ISO criteria.
If everything checks out, the certification body will certify you for three years. However, an essential requirement of ISO 9001 is continual improvement, which means continually ensuring that your company is adhering to the ISO standards set out by the certification. So your certification body has to continue to reassess your QMS for continual improvement and recertification.
The Surveillance Audit
The way to do this is through an annual—or biannual—surveillance audit between certifications. These surveillance audits don’t really have to be as extensive as the initial audit. Two years of surveillance audits are then followed by the recertification audit.
During the surveillance audit, your auditor will focus on making sure that your company is maintaining a level of care over your QMS. For instance, if the auditor who performed your initial certification uncovered a weakness or a nonconformity, the surveillance auditor will review to ensure that top management took corrective actions to address those issues. The auditor who conducts the surveillance audit focuses on the implementation of the QMS, meaning your company has to show compliance by its actions.
During the surveillance audit, the auditor will always review:
- The performance and maintenance of the QMS
- Preventive and corrective actions and processes
- How effective your internal auditing process is
- If you implemented the recommendations made during your internal audits
- Regular management review of the ISO 9001 standard
- Customer feedback to determine what customers think about your organization and its products or services
- Documentation systems updates.
These surveillance audits get your company ready for recertification, which takes place at the end of each three-year cycle. For these surveillance audits to be successful, you need continued buy-in from your top management and your employees, along with effective internal audits and management reviews to make sure everyone is in sync.
The Recertification Audit
The last piece of the certification cycle is the more extensive recertification audit that happens at the end of the third surveillance year. The recertification process requires that you to undergo an audit that’s very similar to the initial certification audit.
The auditors look at the same areas as they do during the surveillance audits. But they also examine the effects of your implementation strategy on all your systems and processes to determine how committed you are to continual improvement.
Based on the recertification audit, the auditors will make a recommendation as to whether your certification should be renewed for another three-year cycle. They will also recommend any necessary adjustments to your ongoing surveillance plan based on their observations throughout your recertification cycle.
You shouldn’t have a problem obtaining an ISO recertification as long as you’re continuously making changes during the three-year period. But you have to continue to educate yourself and your staff members about new technologies, market changes, and the latest developments in the world of standardization, particularly as they pertain to ISO 9001.
It’s best to be proactive and continue to remain up-to-date with your renewals. If not, you’ll lose your certification and lag behind your competitors.