Obtaining your ISO 9001 certificate is a big deal. You have spent the past few months diligently working to build your Quality Management System (QMS), aligning your quality policy with the strategic direction of your organisation, arranging your documents and undergoing a gruelling certification audit. We know that you want to celebrate your success, and we do not want to dampen your enthusiasm, but we just want to tell you that obtaining your ISO 9001 certification is not the end of your certification journey. It would be best if you began planning how to maintain your ISO 9001 certificate the minute you receive the soft copy. Let us begin by exploring this topic.
What is the validity of the ISO 9001 certification?
Once an organisation receives the certification, they enter a three-year validity cycle. During this period, the certificate remains valid only if they conduct annual surveillance audits. Failure to do this leads to suspension of the certificate. Other reasons for suspension include changes in business structure or unforeseen circumstances. After the end of the three years, companies have to repeat the entire process by initiating a recertification audit.
Why should you maintain your ISO 9001 certificate?
The answer is simple; you need to maintain your certificate to enjoy the benefits that ISO 9001 brings. Any organisation that acquires the certificate does so because it wants to enjoy the lucrative benefits of the standard. Common examples include a boost in operational capabilities, massive reduction in waste production, removal of all redundancies, enhancement of employee productivity, big push to brand reputation and access to international markets. However, these benefits are only available if the certificate is valid and suspension or expiry of the certificate curtails them. If you are attempting to work with an investor or a potential partner or even apply for a tender, the first thing that these entities will do is check the validity of your certificate. Sometimes, even customers can request a copy of your certificate. It is a prevalent practice for larger organisations to ask for certificates down the supply chain to protect their validity.
What is a surveillance audit, and why is it important?
At this point in the article, you may wonder what the difference between surveillance and recertification audits is. Well, a surveillance audit, certification audit, and recertification audit are all conducted by the same certification body that issues corrective actions during your journey to getting the ISO 9001 certificate. The difference between these three audits is the number of hours dedicated to the audit process.
Let us begin by explaining what a certification or a recertification audit is. During these audits, the auditors from the certification body will look at the implementation of every single process within your QMS to check the conformance of your QMS to the ISO 9001 standard. Additionally, the auditor with ISO 9001 documentation will also be evaluating your company documentation to see if it is in alignment, going on to check the process effectiveness, to match it with the industry standards and how you or attempting to continually improve the efficiency of your processes and your QMS. Often, this audit takes auditors a few days to complete. The duration becomes longer if your company and the number of processes within your QMS are more prominent.
In contrast, the surveillance audit is less stringent. Auditors from the certification body will spend less time as they are only examining some portions of your QMS processes. They will begin by assessing your critical processes, such as the corrective actions, the management review, or the internal audit. After they are satisfied with the compliance of your critical processes, they will only view the remaining processes of your QMS. Additionally, they may evaluate several other processes within your organisation, such as specific sites or production lines. The certification body aims to evaluate all your processes and business sites at least once during the two-year surveillance cycle, and therefore, they follow the recommended rule of evaluating the square root of all possible locations. So, if you have 16 retail stores, at least four will be audited in one surveillance audit.
How can I prepare for a surveillance audit?
Thankfully, the majority of the work is done by the certification body. They will provide you with an audit plan and schedule, telling you what they plan to evaluate during these audits. However, this does not mean that you should solely rely on the certification body. Maintaining your ISO 9001 certificate is much more than clearing the surveillance audit. Remember, ISO 9001 certification aside; you implemented the standard because you wanted all the benefits that a QMS brings. Hence, evaluate your processes, engage with your employees to see how things can improve, listen to your customers, and implement the data you have uncovered from these discussions.
Conclusion
To maintain your ISO 9001 certificate, you must conduct yearly surveillance ISO 9001 audits, which are similar to a certification audit, but the only difference is that specific portions of the QMS are reviewed instead of reviewing it all at once.