Audits are an important part of a company’s application for ISO certification. These tests and inspections can verify if the processes and systems comply with standards and follow best practices. They can identify areas that need improvement or provide proof that the company has met the ISO requirements.
ISO certification requires both internal audits and external audits. In this article, we’ll look at the latter—including the types of audits you will need, what the auditor will look for, the steps and time involved, and tips on preparing for them.
External audits will examine your business from different perspectives and points of view and are conducted in stages.
An external audit is done by a third-party auditor who is licensed by the Certification Body. Usually, the auditors are selected based on their experience, qualifications, as well as their understanding of your specific industry.
During the three-year cycle of ISO certification, you can expect least one day initial audit of all your processes, and another one audit during the surveillance cycle to check whether the recommendations have been effective.
The first step is the Customer Audit, where a potential or existing customer reviews your processes from the lens of whether you are able to meet their needs, expectations and requirements. For some businesses, this can be replaced or augmented by a supplier audit. The schedule of auditing varies from customer to customer.
This is a critical step in the ISO process. Your registrar will do a thorough check of your business processes and practices to check if they conform to the ISO standard. You can expect to have this done every three years.
Stage 1 is a preliminary audit that determines your company’s level of readiness for ISO. This allows you to spot areas where you need to improve, or understand the documents and reports that you need to provide. This is sometimes done remotely.
Stage 2 is a more thorough, on-site inspection where the auditor will review procedures, interview your employees, and check if you meet the criteria for an official ISO certificate.
Even after your company gets ISO certification, your registrar will do annual surveillance audits. Much like a car tune-up or the annual doctor check-up, this external audit determines if you are still meeting the ISO requirements or if there are areas that need to be improved or revised. Should you have received any non-conformities or areas for improvement on your stage 2 audit. The Surveillance Audit will be focused on what you have done to correct the issues.
You will not be given a new certificate, but this is required so you can keep your ISO certification.
Audits can be performed in different ways, depending on your company’s needs and what is being checked. This can include remote audits which include teleconferences or online consultations, on-site audits, and self-audits.
The self-audits can help you prepare for the official external audits. You can select employees to join the audit team, but they shouldn’t audit their department or area of responsibilities. You can also hire professional auditors who can train or guide this team, or completely outsource the internal audit to them.
While the external audit is clearly the most critical part of getting ISO certification, an internal audit is what helps you meet the criteria. Conduct one at least three months before you do a certification audit, and make sure that you document the process.
The internal audit will help you find out your “non-conformities” or where you do not meet criteria and create an action plan. These records will actually be reviewed during the external audit and can make or break your company’s ability to proceed to the next step.
For that reason, it’s worth utilising professional auditors from respected ISO 9001 consultants even during the internal audit stage in order to lay the proper groundwork for the rest of the process.
These are just some of the things you can expect during an external audit, and what you can do to prepare for it. Your auditor can help answer your questions, or provide more specific plans and checklists.
At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?
ADIPS and RKMS announce partnership for IB audits ADIPS and RKMS today announced a partnership to deliver a comprehensive auditing programme for inspection bodies in
Find Out More: How Much Does An ISO 27001 Information Security Management System Cost In The UK? The Cost of ISO 27001 Certification UK Typically,
At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?
At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?
Would You Like To Start A Project With Us?
Get In Touch
Useful Links
