The ISO 9001 audit is an independent process conducted for gathering facts to determine compliance with the standard. The aim of this objective-oriented, systematic, and documented procedure is to detect areas of improvement in compliance and activity and help management to implement the most relevant corrective actions.
An ISO 9001 audit is a very effective tool for evaluating compliance with your current quality management system and with the standard itself. Auditing is a crucial part of the checking process in the PDCA (Plan, Do, Check, Act) cycle that is embedded into all ISO management system standards. Audits are not the only form of checking, there are also many other versions such as inspections where relevant, management, supervisors, examinations, etc. Amongst the other forms of checking, auditing has a special role in that it is planned, performed by competent individuals, and is effective at meeting its purpose which is to get a snapshot of compliance from a records point of view.
ISO 9001 does not require organizations to determine the financial viability of ISO 9001, therefore internal audits do not include an assessment of financial benefit.
Conducting the audit can be tricky for those who lack industry experience and knowledge of quality management systems. The following post discusses the essential elements and steps for performing a great ISO 9001 system audit.
ISO 9001 is the international and industry generic standard for quality management systems. The aim of the certification is to support companies in ensuring their product/services meet the industry guidelines and customer expectations. The standard can be a most effective marketing tool that adds competitive advantage by strengthening brand loyalty. With consistent performance, ISO 9001 compliance helps organizations to retain their customers. Therefore, it acts as a powerful tool for business sustainability and establishment as well.
Internal audit – The internal audit, or in other words a “first party audit” is a requirement within ISO 9001. Therefore, you cannot comply with ISO 9001 unless you perform internal audits. Internal audits can be performed by a competent individual within the organization or external to the organization. The internal auditor will need to be trained and competent, but does not need to have lead auditor training, as lead auditor training is only a requirement for certification audits. Internal audits will have to be planned and executed according to ISO 9001. Internal audits will be performed regularly at frequencies determined by your organization, usually annually at least.
2nd party audits – 2nd party audits are usually performed by your customer or a representative of the customer. The customer will normally pay for the 2nd party audit, unless agreed otherwise. 2nd party audits are not a requirement of ISO 9001; however, some customers will insist on 2nd party audits as part of their own purchasing requirements, or when you are not ISO 9001 certified.
Precertification audits – Precertification audits are performed by a certification body if requested by your organization. Precertification audits are not a requirement of ISO 9001. Precertification audits are more like a readiness review for management that are not confident they are ready for certification. Precertification audits can be offered by the certification body at a price and there are no particular rules that must be followed for these audits in ISO 9001 or ISO 17021. Normally the auditor will provide an audit report at the end of their audit.
Stage 1 Audit – The stage 1 audit is the primary process that prepares an organization for the final round of evaluation which is the stage 2 audit. Through stage 1, management and the certification body confirm the scope of the activity, and whether the management review and internal audit have been effectively performed. Through the process, the certification body checks if the quality management system has been documented, and if there will be a high likelihood of a major corrective action in the stage 2 audit. The auditor will provide a report at the end of the stage 1 audit that emphasizes non-compliances and opportunities for improvement if there are any.
Stage 2 Audit – At stage 2, the auditor checks any corrections or changes from the stage 1 audit. The focus of this audit is whether you have implemented the quality management system. A checklist and questionnaire are prepared for the audit. During the audit, selected personnel in your organization will be asked about their understanding of the quality management system and performance. Records will also be checked. At this stage, management needs to show evidence of compliance. Inability to prove compliance through records and discussions can lead to major or minor corrective actions. Major corrective actions must be corrected before the ISO 9001 certificate is issued. Minor corrective actions must have a plan in place before the certificate is issued. Implementation of the plan for minor corrective actions will be checked at the next annual audit. The auditor will provide a report at the end of the stage 2 audit.
Certification – If both stages 1 and 2 show an adequate level of compliance to the standards and your company’s quality management system, your company will be recommended for certification, and the certification body will therefore issue your ISO 9001 certificate. Congratulations!! Typically, the certification body will also add your organization name and certification details to their own list of clients on their website, and potentially also to the accreditation body and to the International Accreditation Forum (IAF) website. Typically, your organization will also receive certification logos or marks for use within your organization such as on marketing materials.
Surveillance Audit – This is done to check the progress and performance of the implemented or modified quality management system. Certification is valid for three years, and within this time period, the audit is performed at least twice to ensure that your organization continues to comply with ISO 9001. It also helps to identify possible areas of improvement. These audits also help companies prepare for future audits.
Recertification audit – Like most other ISO management system certifications, ISO 9001 lasts for three consecutive years. While the surveillance audit determines consistent performance, the recertification audit is performed to recertify your organization for an additional three years. Alongside the basic audit process, the recertification audit concentrates on new quality objectives and plans for upcoming years. If the recertification audit is successful, a brand-new ISO 9001 certificate is issued by the certification body.
The entire process can be exhausting and difficult. To streamline the process, you might consider engaging support from expert ISO consultants.
Blue Wolf Certifications is a business partner to various accredited certification bodies. To put it another way, we are one of their auditors, a regional office.
Our auditors have been described as transparent, open, fair and supportive. And even easy to talk to and helpful.
Our audits have been described as nonthreatening, relaxing, straightforward, orderly, professional and painless.
Take the advice of our clients, we will make your ISO certification journey easier and less stressful.
We can audit and provide accredited certifications for ISO 9001, ISO 14001, ISO 27001, ISO 37001, ISO 45001 and other certifications.