What is an ISO 9001 surveillance audit?
During the early stages of implementing a Quality Management System (QMS) based on the requirements of the ISO 9001 standard, organisations need to understand the steps that management has to take to remain legally compliant. Compliance is measured through ISO quality audits which monitor the system’s operation, focusing on the planning, implementation, measurements and documentation. There are different types of ISO audits including the documentation audit, the certification audit, the cycle of surveillance audit and the recertification audit. In this article, we will understand how certification, and the certification audit cycle work, going on to discuss the specific details about the ISO 9001 audit surveillance and ISO 9001 procedures. Edara systems as a professional consultant can hive you useful information about ISO 9001 surveillance audit.
ISO 9001 audits and certification cycle; Scopes of qualities
The first step to acquiring an ISO 9001 certification is to examine all documents related to the quality management system. This is known as the documentation audit, where an auditor from the certification body reviews all quality manuals and documentations to verify if the documents meet the requirements of ISO 9001: 2015 standards. There are certain mandatory documents that the organisation needs to produce to become ISO 9001 certified and pass all of the ISO 9001 process. These consist of the scope of the quality management system, the quality policy, and the quality objectives with a written plan outlining how the organisation intends to achieve these objectives. The mandatory records include the monitoring and measuring resources, equipment calibration records, development input records, design of development changes, evaluation and selection of suppliers, product or service characteristics and traceability records.
ISO 9001 surveillance audit; Removing nonconformities
Once the documentation phase is completed, the organisation is scheduled for a certification audit. During the certification audit, the accreditation body performs an on-site audit of all processes related to the Quality Management Systems ISO 9000. The aim is to identify if all corrective and preventive actions have eliminated the nonconformities identified during the previous assessments. The organisation is awarded the certification if no nonconformities are found and the quality management system aligns with the standards outlined in ISO 9001.
The validity of the certification lasts for three years. However, to maintain the certificate’s validity, the organisation has to conduct on-site surveillance audits for the next two years. The majority of the certification bodies conduct a surveillance audit annually to ensure that no discrepancies arise and consistency in quality is maintained.
If the organisation is maintaining the current certification with the same certification body, they need not conduct a separate certification audit after the three-year cycle ends. However, if the organisation changes certification bodies or the version of ISO 9001 standards, it would require a transfer audit. In such cases, the organisation begins at the first step, i.e. the certification audit, where a full audit is performed to examine old certifications.
Surveillance audit report; ISO surveillance audit VS recertification audit
After understanding the certification cycle, one might wonder what is the difference between a certification audit and a surveillance audit. Both these audits are performed on sites by the certification body. Another similarity is that these audits issue corrective actions that organisations need to implement and produce reports at completion. The actual difference lies in the number of hours devoted to conducting the audit process.
For a certification or recertification audit, the certification body auditors look at the implementation of every process in the QMS to identify conformities and non-conformities with the ISO 9001 Australia standard. Additionally, the auditors also examine the organisation’s documentation, process effectiveness and steps committed to continual improvement. Hence, this audit may take auditors several days to complete, depending on the size of the organisation and the number of processes within the QMS.
ISO 9001 surveillance audit; Surveillance audit means
In contrast, the surveillance audit requires lesser time as the auditors only examine some portions of the QMS process instead of every aspect. In other words, surveillance audits do not necessarily have to be full system audits. The purpose of conducting surveillance audits is to supplement other surveillance activities that the certification body conducts. The goal is to maintain confidence that the certified organisation continues to fulfil the requirements between two recertification audits.
Here, it is necessary to not to underestimate the importance of a surveillance ISO 9001 audit. It becomes a matter of quality versus quantity. Even though the quantity of processes being examined is less, the quality of examination is superior. The surveillance audit focuses on a few processes as it is an adjunct, not a replacement to internal assessments. In order to maintain certification, companies must conduct their own internal assessments to identify any deficits. The advantage of a surveillance audit is that it provides a fresher perspective to the assessment, helping companies identify deficiencies that they may have overlooked. Hence, surveillance audits are critical to maintaining the validity of the certification during the three-year certification cycle.
Six obligatory ISO 9001 procedures; From corrective actions to conducting internal audits
After understanding the purpose of audits, it is also important to understand what practises a company must follow in order to achieve compliance. These best practises that were created by compiling national, international and industry standards are known as ISO procedures. With respect to ISO 9001, organisations must implement six mandatory procedures to acquire compliance. It incorporates controlling documents, records, conducting internal audits, controlling nonconforming products or services, taking corrective actions and implementing preventive actions.