Certification Audits vs. Surveillance Audits: Key Differences & Preparation Tips
There are many different types of audits you may expect to come across in the business landscape. From financial and tax audits to operational and systems audits, all of these processes ultimately aim to support the efficiency and longevity of an organisation.
When it comes to achieving Certification to ISO Standards, there are mainly two types of audits:
Whilst we’ve spoken extensively in previous articles about the benefits of internal audits and how they facilitate continual improvement, it’s also important to understand the external audit process, which includes the Certification Audits and Surveillance Audits.
Together, Certification Audits and Surveillance Audits provide third party Certification Auditors with the information they need to determine whether your organisation has adequately met the requirements, and continues to meet the requirements, of all relevant ISO Standards.
But what is the difference between Certification Audits and Surveillance Audits? Here’s what you can expect from each of these audit types, and how you can prepare for these audits in your organisation.
What is a Certification Audit?
A Certification Audit is an independent evaluation of your organisation that’s conducted by a third party Certification Auditor from a Conformity Assessment Body (CAB). A CAB is also commonly referred to as a Certification Body. This accredited third party Certification Body is tasked with verifying that an organisation’s Management System meets all the requirements of the organisation’s chosen ISO Management System Standard(s). The Certification Audit is the first external audit conducted in the Certification cycle, which when successful, results in the Certification being issued to the organisation.
Upon selecting your Certification Body, a third party Certification Auditor will be assigned to your organisation to check whether all requirements and documentation (i.e. policies, monitoring processes, process workflows and other records) of a Management System are in place.
Once Certification is achieved, the Certification to the ISO Management System standard lasts three (3) years. At the end of the 3 year cycle, a Re-Certification audit is required to renew the Certification, and the cycle starts again.
The Certification Audits are broken into 2 stages:
What is the purpose of a Certification Audit?
As Certification to ISO Standards can aid organisations in meeting operational goals, Certification Audits are often seen as a crucial step towards business growth strategy. Upon completing your Certification Audit and attaining Certification to all relevant ISO Standards, your organisation can then enjoy a range of benefits accompanying Certification, including qualifying for high-profile tender contracts and attaining commercial opportunities that you may not have been eligible for prior to Certification.
Who carries out Certification Audits?
As Certification Audits are conducted with the express purpose of providing Certification to ISO Standards, these audits should always be conducted by accredited third party certifiers and are never internal, second party, or compliance audits.
This is why we don’t offer Certification Audits as part of our auditing services here at ISO Certification Experts. Whilst we cannot carry out Certification Audits for your organisation, we can recommend Accredited Conformity Assessment Bodies to conduct your third party Certification Audit, alongside supporting you to achieve Certification Readiness and throughout your Certification Audits.
Expert Tip
No single organisation is allowed to provide both consulting and certification, as this is a conflict of interest and does not meet the ISO governing rules requirements. That’s why we, as consultants, can’t also provide Certification. Be aware of organisations that offer a “full package” or consulting and certification, as this is a red flag to indicate that they are not accredited. To learn more:
How to prepare for a Certification Audit
There are five key steps to follow when preparing for a Certification Audit, these being:
1. Determine the ISO Certification(s) you need for your business
This preliminary step will include conducting your own independent research into the relevant ISO Standards, as well as engaging with industry resources to determine which ISO Standards may be most valuable within your industry or sector.
For example, if you own a construction business and wish to provide services to the public sector, or apply for Government tenders, you will want to research which Certifications they require. As another example, a law firm could be considering achieving ISO 9001 certification to obtain a significant discount on professional indemnity insurance annual premiums.
Working with consultants like our team at ISO Certification Experts can also help shed light on the ISO Standards that will be most beneficial to your organisation over the long term and in accordance with your organisation’s industry, goals and objectives.
Expert Tip
Want a free consultation with our team at ISO Certification Experts? Book a free strategy session so you can discuss your business goals with our consultants, identify the best standards for your organisation, and receive a no-obligation quote on our services to support you on your journey to certification readiness.
2. Familiarise yourself with the relevant ISO Standard(s)
This involves purchasing the relevant licensed Standards and familiarising yourself with the frameworks and Certification requirements outlined across the Standard(s). Here, a consultant can also help you by simplifying the process of understanding the requirements outlined in the Standard(s) to develop a Certification readiness and implementation strategy for your organisation.
3. Implement your Management Systems
Once your implementation strategy has been developed, the next step is to implement the Management Systems relating to your organisation’s operational processes and the selected ISO Standard(s). Developing and implementing Management Systems can take several weeks, or even months, to complete, so maintaining leadership commitment and external support from experienced consultants can aid in keeping this exhaustive stage of the preparation process on track.
As part of our Certification Readiness services, our team of consultants can develop a customised Management System for your organisation.
4. Conduct an Internal Audit
Once your Management System has been implemented, the next step is to conduct an Internal Audit to ensure all requirements are in place and also to identify any potential operational issues prior to your Certification Audit.
Internal Audits can be conducted by a trained and qualified consultant, and we highly advise engaging a professional consultant to not only ensure your organisation is ready for the Certification Audit, but also bring an experienced and fresh perspective into your Management Systems for continual improvement.
5. Conduct a Management Review
The final stage of the preparation process for Certification Audits is to conduct a Management Review. This includes facilitating leaders and other organisational stakeholders and process owners to evaluate data from your Internal Audit, customer feedback, performance against targets and other areas, to make decisions about any areas of concern or potential improvement that must be addressed prior to your Certification Audit, and beyond.
By providing an opportunity for all decisionmakers to identify trends in the business, voice concerns or share strategies to improve the management systems, Management Reviews play an essential role in meeting a Certification requirement.
What is a Surveillance Audit?
While Certification Audits are the beginning of the 3-year Certification cycle, Surveillance Audits happen yearly, with the first one being one year after the initial Certification Audit, and the second the year after.
Surveillance Audits are less intensive than the Certification Audits, and shorter (not broken down into 2 stages like the initial audit), focusing less on whole systems analyses and more on assessing the ongoing efficacy of operations and processes, or any changes since the Certification Audit.
What is the purpose of a Surveillance Audit?
As their name suggests, Surveillance Audits ensure continued conformance to ISO Standards following the Certification Audit and the attainment of Certification to those ISO Standards.
Surveillance Audits are also used to identify any areas of improvement or concern across all types of Management Systems, including ISO 14001:2015 Environmental Management Systems, ISO 9001:2015 Quality Management Systems, ISO 45001:2018 Occupational Health & Safety Management Systems and ISO 27001:2022 Information Security Management Systems.
By pinpointing areas of concern within implemented Management Systems, findings from Surveillance Audits are valuable for continual improvement and record-keeping purposes, helping organisations keep track of the evolution and rectification of non-conformities over time.
Who carries out Surveillance Audits?
Surveillance Audits are conducted periodically (typically annually) after achieving Certification by your selected Certification Body. This means that like Certification Audits, Surveillance Audits are entirely carried out by third parties and cannot be conducted by Internal Auditors or by our consultants at ISO Certification Experts. They are usually part of the same contract with your chosen Certification Body over 3 years, including the initial Certification Audit, and the following 2 yearly Surveillance Audits.
How to prepare for a Surveillance Audit
Whilst preparing for Certification Audits requires meeting all the requirements across your intended ISO Standard(s) for the first time, preparing for Surveillance Audits requires a more independent and detail-oriented approach for ongoing management of your Certification. This ensures that your Management System is continually improving and still maintaining conformance to the ISO Standard requirements.
Here are some key measures you can take to make sure your organisation is always prepared for its next Surveillance Audit:
Our specialists at ISO Certification Experts offer services designed to get to the heart of your organisational goals, both relating to Certification as well as to general operational and performance management. Whether you need to get ready for Certification, or are already Certified but need help to maintain your management systems in preparation for your Surveillance audits, our consultants can offer support and guidance to ensure you’re ready for your next External Audit.
Get in touch with our team at ISO Certification Experts or book a Free Strategy Session for more information on preparing for Certification or Surveillance Audits, or to learn how we can offer certification ongoing support for your organisation.
About the author
Sarah is a seasoned Business Development Manager at ISO Certification Experts, specialising in providing tailored certification solutions for ISO 9001, ISO 14001, ISO 45001, and ISO 27001 to our clients. In addition to her strong background in quality management systems, Sarah also has a proven track record of driving revenue growth and building strategic partnerships, while her collaborative approach fosters a culture of continuous improvement. Dedicated to delivering exceptional customer service, she helps organisations with the right solutions to their certification needs.
- Sarah Kammiganhttps://isocertificationexperts.com.au/blog/author/sarah/
- Sarah Kammiganhttps://isocertificationexperts.com.au/blog/author/sarah/
- Sarah Kammiganhttps://isocertificationexperts.com.au/blog/author/sarah/
- Sarah Kammiganhttps://isocertificationexperts.com.au/blog/author/sarah/
All information on this blog site is for informational purposes only. As this information is based on our professional experience, opinion, and knowledge, we make no representations as to the suitability of this information for your individual business circumstances. Especiality Pty Ltd trading as ISO Certification Experts and all related businesses and brands will not be liable for any errors, omissions, legal disputes or any damage arising from its display or use. All information is provided as is, with no warranties and confers no rights.
We will not be responsible for any material that is found at the end of links that we may post on this blog site. The advice, ideas, and strategies should never be used without first assessing your own personal business situation or seeking professional and/or legal advice. Information may also change from time to time to suit industry and business needs, requirements and trends.
