ISO 9001 Quality Management System Audit Process
The audits associated with the ISO 9001 certification process can prove to be rather confusing. Especially if it is your first time. To make things a bit easier, we have broken it down for you and explained each step, in detail. To obtain the internationally recognized ISO 9001 certification, your systems must go through two audits, conducted by a third-party entity, also known as the certification body, who checks your systems against the requirements of the ISO 9001 standard.
5 Steps of the ISO 9001 audit process
Once you’ve chosen your certification body, an auditor will be dispatched to your organization twice before deciding on whether you will be awarded the certification for the standard you have applied for. The first audit is where the auditor ensures that you have a documented system in place, and the second is where your operational processes are reviewed. Once these two steps are complete, the auditor will make their decision and inform the certification body on whether they recommend that your organization be issued with a certificate or not.
Once you have been awarded the certificate, it has a validity of 3 years providing you undergo 2 surveillance audits throughout that period and within 12 months of each other. The purpose of the surveillance audits is to keep track of whether or not your systems are being maintained. When the 3-year period is over, a recertification audit will take place to review your entire system, and providing you pass, your certificate will be extended for another 3 years. Now, let us take a closer look at the 5 steps involved in the ISO 9001 audit process.
Stage 1, Confirm the scope of activity and verifies your QMS
Stage 1 is the first step of the ISO 9001 certification audit process. This step serves 2 key purposes. First, it verifies that your quality management system (QMS) is properly implemented and prepared to be audited. Then, it allows the auditor to confirm the scope of activity and prepare for the 2nd stage audit. Generally, the stage 1 audit is conducted on the computer, and it consists of reviewing the QMS documentation in place.
At the end of the stage 1 audit, if everything went well, the auditor would recommend you move on to stage 2. If on the other hand things did not go well, and the auditor determines that your systems do not meet all the requirements, they will document the issues that need to be resolved in a report, and you will have to correct them before moving on to the next audit. Otherwise, you might be asked to repeat stage 1.
Stage 2, Focusing on the organizational operating aspects
The second and decisive phase of the ISO 9001 certification audit procedure is what is referred to as stage 2. It is based on stage 1 but more in-depth. The auditor will go over the documentation, again, focusing this time on the organizational operating aspects. During this phase, the auditor will engage with employees and ask them questions about their roles and responsibilities while taking a closer look at what they do and testing their understanding of the ISO 9001 QMS policies.
You are required to produce evidence that your system has been in operation for a reasonably long time. This can be achieved by illustrating your day-to-day activities. You are also required to demonstrate that you’ve done a full round of audits.
Stage 3, Obtain your Certificate
The next step is to receive your ISO 9001 certification certificate. During the stage 2 audit, if all goes well, the auditor will recommend the certification body for you to be granted the ISO 9001 certificate. Contrary to what many people think, the auditor is not the one who grants you the certificate.
Instead, they include a recommendation in their final report for the certification body to award you the certificate. Once the report is forwarded to the certification body, their technical committee will conduct a final review to ensure that everything went according to their standards. How long it will take for them to issue your certificate varies based on the certification body’s internal process, and can take anywhere between 1 to 10 weeks.
Stage 4, Surveillance Audits
The ISO certification process does not end when you obtain your certificate, because that is when the surveillance phase starts. The surveillance audits focus on the updates applied to your QMS, internal audits conducted, and management reviews that have taken place. The surveillance audits will take place 10 to 12 months after certification. In addition to reviewing QMS documentation, the auditor will go over a portion of the operational process.
Stage 5, Recertification Audits
Finally, before your three-year cycle is set to expire, you will have to go through recertification. The recertification audit consists of a deep dive into what your organization has taken away from the last 3 years and the progress it has made while using the QMS.
The recertification audit does not only look back, it also looks ahead, and examines the quality objectives and plans you’ve set for your organization for the next 3 years. If you pass this audit successfully, you will be issued a three-year extension on your certification and the perpetual cycle begins once again with your surveillance audit.