Certification audits consist of two stages
STAGE ONE audit is used to determine if your company is ready for stage two. A certification body will detail the minimum requirements your organization must meet to ensure you’re ready for a stage 2 audit, going through your documentation and comparing it to the requirements of the standard to assess compliance and readiness for an audit. It is best to be sure your organization is ready because, during a stage 2 audit, your certification body can raise non-conformities and other issues with your system that may require the auditor to return to audit your system, resulting in additional costs.
STAGE TWO is an on-site audit where a third-party auditor will review your documents, your processes, interview your employees and review your operations to determine compliance with the ISO 9001 standard. Your Certification Body will submit an audit plan ahead of the arrival of your auditor to allow you to prepare your documents, schedule the availability of relevant employees and allow for any necessary preparations. If your organization has more than one shift, the audit will be planned accordingly to sample as much evidence from each shift as needed to prove compliance. During the audit, you can expect the auditor or audit team (depending on the size of your organization) to hold an opening meeting which will detail their audit plan and schedule, after which the audit will begin. The scope and timeframe of the audit are dictated by ISO 17021. Certification Bodies cannot change the number of days the audit needs to be on-site, that is a predetermined guideline which is based on the number of employees at your organization and the level of risk associated with your QMS. Be upfront about how many employees you have, full-time, part-time and contract employees. If this number changes, inform your certification body as this may change your audit schedule.
In the 3-year cycle of an ISO Certificate, you will receive 2 surveillance audits, once each calendar year after your certification audit the first year of your cycle. Once you receive your ISO certification, the next 2 years will include smaller surveillance audits, with the auditor only auditing select processes and departments. The length and duration of these audits are again dictated by ISO 17021. Between the time of your certification audit and your surveillance audit, you will need to ensure you are continuing to meet the requirements of ISO 9001, for example holding internal audits, management review meetings, etc. within the timeframes dictated by the standard. You will also need to continue upholding the internal requirements your organization has documented as part of your QMS, i.e., hiring processes, performance reviews, etc. Failure to meet the requirements of your own system or the standard will result in non-conformances being raised during your external audit.
As mentioned in this article, failure to meet the requirements of ISO 9001 will result in a non-conformity which must be addressed and resolved via corrective action within a certain timeframe before your organization can be granted certification. The timeframe given for resolution is dependent on the severity of the non-conformance. Non-conformances can be Major, Minor, or an Opportunity for Improvement.
The road to Certification for ISO 9001 can seem long and daunting, but the payoff is well worth it. Setting your business up for long term success by utilizing ISO 9001 and the world’s leading quality management system to effectively and efficiently run your business is just good business. Ensuring your organization has rules and processes in place that ensure you produce exactly what you say you will make good business sense. Having a third-party come in to verify this once a year holds you and your staff accountable to your rules and processes as well as the standard. Holding an accredited ISO 9001 certificate is outward proof to your customers that you hold their values and hopes for the quality of your products and services to the highest standard, the ISO Standard. Being ISO 9001 certified proves to your customers, your suppliers and your stakeholders that you care about the quality and consistency of your work above anything else, and you care about the longevity of your business practices. It may seem like a long road when you first embark on it, but the hardest step is always the first step. Once you have created momentum and movement within your organization of quality first, your organization will see the rewards that certification brings.