While trying to find out how to get certified, you must have come across various types of audits – internal audits, certification audits, surveillance audits and supplier audits. You might be be wondering if all of these are required to get certified, or you may just be confused with the purpose of each of them and their differences.
This article will help you understand what these audits are all about, when are these performed and who is supposed to conduct these audits.
What is an Audit?
ISO 9001 audits are one of the key components to get ISO 9001 certification and are also required to maintain the certification.
An audit is an evidence-based verification of processes implemented in the organization as per the policies and procedures defined in the Quality Management System, to check if these fulfill the requirement of ISO 9001. This is a systematic and documented process that is carried out by a trained person who is independent of the process being audited.
The main purpose of an audit is to check the compliance of QMS with the ISO 9001 standard. It helps you identify and address any issues with the Quality Management System, and helps you identify potential improvements in your system.
Types of Audit Performed
Audits under ISO 9001 can be categorized into 4 categories:
- Internal Audit
- Certification Audit
- Surveillance Audit
- Re-certification audit
- Supplier Audit
Internal Audit
Internal Audit is conducted internally by the organization. That means the organization initiates and plans this audit either with personnel from its own organization or by hiring a qualified internal auditor. This is a self-assessment of the processes implemented in the organization. The person conducting the internal audit should be independent of the function/area being audited. Internal audit is a mandatory requirement of ISO 9001, and the audit results should be documented to obtain an ISO 9001 certification. This should be done at least once a year or as per the frequency defined by the organization.
Doing an internal audit before you go for a certification audit is mandatory. The purpose of the internal audit is to assess the compliance of the QMS with ISO 9001 requirements and address any non-conformities before you go for the certification. This will ensure that an internal mechanism to check your QMS for non-conformities, assess the effectiveness of processes and identify process improvements is established within the organization. This will allow you to correct any issues and ensure that your organization meets the requirements before an external auditor audits your organization, and will help you to identify process improvement opportunities that are at the core of the ISO 9001 standard. This may in turn help you to streamline your processes to move faster and more efficiently.
Certification Audit
The certification audit is conducted by the certification body or the registrar that you select for providing the certification. The main purpose of these audits is to verify your compliance with ISO 9001 and to finally get the certification.
Certification audits are conducted in 2 stages, stage 1 and stage 2. Stage 1 is conducted to verify that the policies and procedures that you have documented in your Quality Management System’s comply with the ISO 9001 requirements. The stage 1 audit also checks your readiness for Stage 2. Stage 1 may be conducted remotely by an external auditor, but Stage 2 is usually done onsite. During Stage 2 audit, the external auditor will visit your site and verify through your documented information and interviews if you are meeting all the requirements of ISO 9001 or not. The external auditors may raise non-conformities during these audits, and upon successful closure of these non-conformities, you get your certification.
Surveillance Audit
Apart from the certification audit, the certification body also conducts surveillance audits to check that you are still maintaining the Quality Management System after a successful certification. These are typically conducted annually. The difference between certification and surveillance is that surveillance will be typically done on-site in one go, and they will not issue any certificate after the audit. They may raise non-conformities that you need to resolve within the time frame they provide.
Re-Certification Audits
Re-Certification audits are typically conducted every three years. They are similar to a certification audit. Follwing the re-certification audit the certification body will re-issues your certificate.
Supplier Audit
Supplier Audits are an important part of the supplier approval process that an organization conducts when taking on new suppliers. These audits also help a customer to continually review their suppliers to ensure they are maintaining the processes as required by the regulations and standards. Supplier audits give manufacturers or retailers insight into supplier performance and help them proactively identify issues with the supplier’s products and processes. These audits are typically conducted during the supplier selection process when the supplier is new and there is not enough performance data available, or the product supplied is critical for the supply chain management. These may also be done when a supplier performs poorly or is not delivering the products of the required quality. Some organizations also conduct these audits on a periodic basis to check any non-compliances proactively.
For your quick reference, here is a table that gives you some important information on each type of audit:
Type of Audit | When is it done? | Who conducts it? | Is it mandatory for the certification? |
Internal audit | At least once annually or as per frequency defined by the organization | Any employee/s of the organization who is trained and independent of the function being audited or an independent internal auditor hired from a consulting firm. | Yes |
Re-Certification Audit | Once in 3 Years | Certification body | Yes |
Surveillance Audit | Typically annually | Certification body | Yes |
Supplier Audit | As part of new supplier approval or when supplier performance issues are identified or as per the frequency defined by the organization | Any organization can perform this audit on their supplier or can hire an external agency to conduct the audit. | May be done depending upon the criticality of the supplier selection process and the supplier’s performance. |
Audits provide management with important insights into process compliance issues and help them take pro-active measures, whether they are done internally or by external agencies. When efficient mechanisms are established to do an audit, these can help organizations identify process improvement opportunities, and help achieve the objectives of the Quality Management System.
Author: Avital Koren
Avital Koren
Avital is passionate about small business and working with entrepreneurs. She was the first to identify and address the needs of small businesses in management systems.
100% success – Certification is guaranteed!
Improved operational control
We are ISO 9001 certified
User friendly systems trusted by certification bodies and auditors.
Get a system within 6-8 weeks
What our Clients Say
“ISO Global proved that the process doesn’t have to be difficult, lengthy or stressful”
“Our certification auditor described the system as “excellently done”
“Thank you and your team for the hard work and for holding our hand along the way”