What happens if you fail an ISO Audit?
The International Organization for Standardization (ISO) has no interest in failing certification seekers. On the contrary, its objective is to help organisations improve. It is extremely uncommon for certification to be denied, but on the rare occasions where that might happen, the auditee will be notified of the reasons in writing and will be given an opportunity to respond.
The way it works 99% of the time is that an organisation either passes their ISO certification, or they are given an opportunity to improve as a result of not meeting all the requirements for compliance with the standard being sought. There are several different reasons that may lead to not passing an ISO audit on the first attempt, these include but are not limited to:
Errors and nonconformances
Documenting errors and nonconformances is fundamental to the continual improvement process which is at the core of ISO certification. Failing to produce evidence that demonstrates that your organisation has processes in place to ensure these errors and nonconformances are identified, reviewed, and addressed will most likely prevent you from passing on the first attempt.
Targets and objectives
Failure to produce evidence that demonstrates established targets and objectives for your organisation that can be measured, monitored, and reviewed on a regular basis to ensure they are being met will also work against you when the time comes for the auditor to make their decision about your application for certification.
As part of your audit, you will need to demonstrate your commitment to maintaining a skilled workforce. Staff competency can be demonstrated by showing that you have the right processes in place to continually measure and develop employee proficiencies in their respective skills. Such evidence may include role descriptions, training procedures, induction checklists etc.
If your application for ISO certification doesn’t get approved on the first attempt due to these or any other reasons, do not panic. All is not lost. It just means that there is more work to be done before your organisation is deemed compliant with the ISO standard you are applying for. So, what happens next?
Corrective Action Plan
When you were given your audit results, there should have been an auditor’s report included which contains information on the various elements that need to be addressed. That is the best place to start. Thoroughly review each point to ensure you understand the auditor’s recommendations correctly. Based on that, you need to put together a Corrective Action Plan (CAP).
ISO defines corrective action as “Realising and defining problems, determining their causes, and taking appropriate measures to prevent their recurrence.” The CAP is therefore an action plan that outlines the issue, its root cause and resolution. The CAP must address each of the elements outlined in the non-conformance report (NCR) and must include due dates and persons responsible for every corrective action.
In the auditor’s report, you will notice that nonconformances were classified by order of severity. It is important to address them in order. There are two types of nonconformances:
Major nonconformances indicate a full deviation from a standard clause. They are issues that have the potential to directly impact your business objectives and operations in a negative way. Major nonconformances are serious in nature and must be treated as such. They must be prioritised and addressed appropriately as they are directly linked to a key requirement of the standard and therefore have a direct effect on the outcome of your audit.
A major nonconformance can be anything from the absence of a required documented procedure to failing repetitively to take corrective action on a root cause of an issue. Examples of potential consequences of a major nonconformance left unaddressed include major safety incidents, deterioration of the quality of your products/services etc.
Minor nonconformances are items of lower priority which typically do not impact the outcome of your audit. However, they still need to be addressed before the next audit to ensure that they do not end up contributing to larger issues if left unaddressed. Do not underestimate them. Examples of minor nonconformances may include falling behind on instrument calibration, misplaced training records, missing equipment inspection paperwork, an employee not following a process etc.
Once the CAP is ready, it must be submitted to the auditor who will review it by going through each Corrective Action evidence during the follow up audit. Follow up audits are not free, and their cost is based on the amount of hours they require. So, the longer your list of nonconformances, the longer your follow up audit will be and the more money it will cost you. Once the auditor has finished reviewing the evidence and they deem that it meets the criteria they will mark the actions as closed out and the status of your audit will be changed to compliant. This means that you have passed your audit and that you will be granted certification.