The process of auditing to get an ISO 9001 certificate can be confusing if you haven’t been through it before. To help you navigate the process, we’ve laid out the steps and what they mean.
To gain an ISO 9001 certificate that is recognised worldwide, you will need to have your systems audited by an independent organisation (a Certification Body) against the requirements of your chosen Standard.
When you select your Certification Body, they will allocate an auditor to visit your company. The auditor will complete two visits before the Certificate is awarded; the first time to make sure the ‘documented’ system is in place, and the second time to audit your ‘operational’ processes. On completion, the auditor will make a recommendation to the CB and if there are no issues, they will award the certificate.
When the ISO 9001 certificate is awarded, it is valid for three years as long as you have 2 surveillance audits at 12 month intervals. These surveillance audits ensure that you are maintaining your systems. At the end of the three year period, you will have a Recertification’ audit that reviews the whole system and results the certificate being extended.
While you are implementing your quality management system, you should select from the many Certification Bodies that operate. Read our handy tips on choosing an ISO 9001 Certification Body, and also see what it costs. Once you have been through the quoting process, you will be in a position to book a date for the Stage 1 audit.
The first step of the ISO 9001 audit process is a ‘Stage 1’ audit. This audit has two main purposes; firstly, it ensures that you have the quality management system is in place and is ready to audit. Secondly, it helps the audit body confirm the scope of activity and plan the Stage 2 audit. Typically, the Stage 1 ISO 9001 audit is a desktop review of the quality management system documentation that is in place.
As a result of the Stage 1 audit, if all goes well, you will be recommended to proceed to Stage 2. If not all the requirements are met, your report will detail the issues to be resolved prior to the next audit, or you may need to repeat the Stage 1 process.
The second step of the ISO 9001 audit process is the ‘Stage 2’ audit. This expands on the Stage 1 audit. You will have a short repeat of auditing the documentation, but the main focus of the audit will be on the ‘operational’ aspects of the organisation. At this Stage, the auditor will be asking questions of the team and what roles they have, as well as seeing what they do close-up, and whether they understand the policies of your ISO 9001 quality management system.
You will need to show evidence that the system has been running for a reasonable period of time. This will be done by showing examples of your day-to-day work. You will need to have completed a full round of audits (that’s at least 1 full audit from planning to review).
The third step in the ISO 9001 audit process is to receive the Certificate. At Stage 2, if there are no issues, you will be recommended for Certification to ISO 9001. The auditor does not award the Certificate, but instead makes a recommendation in the report. The report is sent back to the Certification Body, and the CB Technical Committee will check that the correct auditor was used, that appropriate evidence was reviewed and that the audit was of suitable duration. Depending on the Certification Body, you may wait between 2 and 12 weeks for your Certificate.
Following on from the third step in the ISO 9001 audit process is the ‘Surveillance’ phase. The Surveillance audits look at the updates on the quality management system, such as Internal Audits and any Management Reviews that have been completed. These audits will be carried out after 9 or 12 months depending on the Certification Body.
As well as the quality management system documentation, the audit will cover a sample of the operational processes. If your scope covers activities such as installation, then site visits will take place. Over the two surveillance periods, they will cover all the operational processes you operate.
The final step in the ISO 9001 audit process is ‘Recertification’. The audit will take a longer view on the system and review what the Organisation has learnt and how it has progressed during the three years of operating the ISO 9001 Quality Management System.
The Recertification audit will look forward as well, at the quality objectives and planning that the organisation has made for the forthcoming trading period. The recertification audit will set the forthcoming audit plan for the next three years.
As a result of a successful audit, the Certificate will be re-issued for a further three years and the Surveillance programme will begin again.
Related Articles6 easy steps to better ISO 9001 internal audits