A certification audit is done by a certification body against a chosen standard. As per businessdictionary.com, certification is a “formal procedure which an accredited or authorized person or agency assesses and verifies (and attests in writing by issuing a certificate) the attributes, characteristics, quality, qualification, or status of individuals or organizations, goods or services, procedures or processes, or events or situations, in accordance with established requirements or standards”.
What is iso 9001 Certification Audit?
To get certified to a standard, such as ISO 9001, a company needs to go through a certification audit and clear the audit. Once company passes the certification audit, it is issued a certificate which signifies that the company is compliant to the requirements of the selected standard. The certificates are valid for a 3-year period; after which the company needs to be re-certified. The certification audits are carried out by certification bodies. The certification bodies are usually accredited to forums like ANAB (US), UKAS(UK), JAS-ANZ (Australia), etc. Accreditation is the formal recognition that a certification body operates according to international standards, through it is not mandatory that the certification body should be accredited. Reputation of a certification body is an important criterion in choosing a certification body.
Stages of ISO Certification Audit
The certification audit is carried out in 2 stages, Stage 1 and Stage 2. Once company achieves certificate after clearing Stage 1 and Stage 2 audits, surveillance audits are conducted at a fixed frequency, typically annually, to ensure that the systems are maintained by the certified organization.
Stage 1 Audit
The purpose of the Stage 1 is to determine if the company meets the requirements of the standard and also to evaluate the company’s readiness to face the Stage 2 audit. The review is usually conducted on-site and is done to determine the following:
- The management system conforms to the requirements of the standard
- The status of implementation of the management system
- The scope of certification and company’s compliance to it
- Determine if Statutory and regulatory requirements are met
- Any non-compliance or opportunities for improvement and the corrective action plan if required
- Plan for Stage 2 audit and confirmation on the date
What can you expect during Stage 1 Audit?
Some of the key activities that the auditor will carry out during Stage 1 audit are:
- Review Documented Information: The auditor reviews documentation of the company to determine if the documented information meets the requirements of the standard. These may include review of Quality Manual, Procedures, Records, Work Instructions, Purchase Orders, Drawings, etc.
- Evaluate Site Conditions: The auditor will evaluate company’s site-specific conditions. This include review of the resources, number of employees, equipment, number of sites, etc.
- Personnel interviews: The auditor will interview company personnel to evaluate the conformity to the documented procedures/work instructions and to determine their effectiveness. The intent of the interview is also to determine if the employees understand the standard requirements and determine their readiness for the Stage 2 audit.
- Audit Reporting: At the end of the audit, the auditor will conclude if the company is ready for stage 2, and communicate any non-conformances noted during the interviews or documentation review. The auditor will prepare a report which will contain list of nonconformities and improvements. The audit report will be submitted to the company and this gives an opportunity to the company to correct the identified insufficiencies prior to the Stage 2 audit.
- Stage 2 Audit planning: After going through the management system and company’s operations, the auditor is in a better position to plan for the stage 2 audit. This helps the auditor to decide what resources are needed, number of gaps that need to be filled and confirm the date of the Stage 2 audit.
Stage 2 Audit
The purpose of the Stage 2 audit, also referred as the certification audit, is to check that the management system is applied as per documented procedures and meets the requirements of the Standard. The auditor will determine the compliance to the standard by:
- picking samples of the processes and activities as defined in the scope
- evaluating the compliance of the implemented systems with the standard using evidence
- identifying any non-compliance or potential improvement
What can you expect during Stage 2 Audit?
The auditor usually sends an audit plan prior to the audit or discusses it during the site visit. Audit plan will typically list all the departments/functions to be audited, the date and time of the audit, auditor’s and auditee’s names and ISO clauses that would be covered under each department being audited. You can expect the following activities during the audit:
- Opening Meeting: An opening meeting is conducted by the auditor/s to confirm the audit plan; explain how the audit activities will take place; and provide clarification to any issues that the auditees may have.
- Conduct of Audit – The audit is carried out by the auditor or audit team members as per the audit plan. The auditor may request for a guide who is familiar with the activities of the function/department, the auditor is auditing.
- Handling of Nonconformities – The nonconformities observed, if any during the audit are described to the auditee and their acceptance is taken. A detailed audit report is sent to the auditees after the audit.
- Closing Meeting: The auditor presents its findings to the auditees in the closing meeting. The auditor may also plan for surveillance audit and indicate a tentative date for the first annual surveillance audit during the audit
The ISO 9001 Audit Report
The audit report will typically have findings reported as:
- Major Non-Conformance: A Major Non-conformance indicates absence of or deficiency of a required practice defined in the standard.
- Minor Non- Conformance: A minor non-conformance indicates deviation from the requirements of the standard but does not indicate complete breakdown of the system.
- Opportunity for Improvement (OFIs): An OFI indicates a finding which is not a deficiency in the system but the organization can use the suggestion for process improvement
The company shall carry out root cause analysis on all the nonconformities found by the auditor and take corrective actions. The company need to respond to the auditor with corrections/corrective actions taken in a fixed time frame in the audit report. The reports submitted by the company is verified by the auditor and certificate issued upon approval by the auditor.
Author: Avital Koren
Avital is passionate about small business and working with entrepreneurs. She was the first to identify and address the needs of small businesses in management systems.
100% success – Certification is guaranteed!
Improved operational control
We are ISO 9001 certified
User friendly systems trusted by certification bodies and auditors.
Get a system within 6-8 weeks
What our Clients Say
“ISO Global proved that the process doesn’t have to be difficult, lengthy or stressful”
“Our certification auditor described the system as “excellently done”
“Thank you and your team for the hard work and for holding our hand along the way”