The ISO 9001 Certification Process
Audits are a key requirement of ISO 9001 certification.
Achieving ISO 9001 certification is a step by step process with the certification audit being the final stage.
Once awarded, in order to maintain the accreditation, a series of audits will be undertaken at regular intervals.
The certification audit is undertaken by a third party certification body (CB) and should be UKAS accredited.
In advance of the certification audit, the QMS must be operational within the company and to ensure efficacy, internal auditing is recommended to iron out any potential problems.
Key elements of the process are outlined in the following sections.
Internal Audit
Internal audits are effectively practice runs and are, as the name suggests, conducted in-house by company personnel.
In effect, the internal audit is a tool used to compare the QMS with the ISO 9001 standard.
Those selected for the role of internal auditor must therefore be thoroughly trained on the ISO 9001 standard as well as having a comprehensive understanding of the company’s QMS.
Internal audits must be formally structured and be undertaken professionally and in great detail in order to identify any potential problems and non-conformances.
Following each audit, a review should take place to discuss any necessary improvements and corrective actions required.
Internal audit findings play an important role in refining the QMS and smoothing the way for the certification audit.
Certification Audit Process
The certification audit process is carried out by a third party certification body.
There are two main stages involved:
• Stage 1 – Document Review and
• Stage 2 – ISO 9001 Audit
Stage 1 – Document Review
This initial stage is largely a familiarisation exercise, which allows the auditor to become acquainted with the quality management system in place and examine the relevant documentation.
The findings from internal audits and management reviews may also be requested for inspection.
Effectively, this stage is mainly desk research and serves to satisfy the auditor that the company is prepared for the next stage of the audit.
Feedback will be given at the end of this audit stage, followed by a written report which will include:
-
an assessment of your ISO 9001 quality management system
-
a view on your readiness for a stage 2 audit
-
an assessment of your understanding of the requirements of the standard
-
an agreement of the scope of your ISO 9001 quality management system and scope of certification
-
an outline plan for stage 2 of the audit, including timings and locations (if multiple sites are involved)
-
an overview of areas for potential improvement of the management system together with improvement requests
Stage 2 – ISO 9001 Audit
This second stage is when the actual QMS is thoroughly tested.
Prior to commencement, a short documentation audit will be carried out and any amendments as a result of the stage 1 audit will be reviewed.
The audit will include a range of aspects including:
-
a review of the QMS documentation
-
interaction with members of staff to check their understanding and compliance with the policies and processes
-
inspection of samples of day to day documentation to ensure adherence to procedures
-
an assessment of the QMS to determine if it is assisting to achieve company objectives and KPIs
At the conclusion of the audit, the auditor will discuss their findings and outline any non-conformance issues and required corrective action.
A formal report will follow to summarise the findings as well as identify non-conformances (both major and minor) and outline any opportunities for improvement (OFI).
Corrective action must be taken to remedy the non-conformances prior to the issue of your certificate.
Certification
Following satisfactory performance at both stage 1 and 2 of the audit, and completion of any necessary corrective action, the auditor will make the recommendation to issue the ISO 9001 certificate to the certification body.
Once issued, the certificate is valid for a period of three years.
Annual Surveillance Audits
A main focus of ISO 9001 is to maintain quality by means of continual improvement.
Therefore achieving certification is not an end result in itself.
Certification is, in effect, the beginning of a regular auditing process to ensure standards are maintained and improved upon.
Annual surveillance audits are undertaken at the end of years 1 and 2.
Each of these audits will be broadly similar in format to the initial stage 2 – ISO 9001 audit process but will be less in-depth.
They will concentrate on areas of weakness identified in the run up to certification and examine updates and amendments made to the QMS.
At the end of year 3, a recertification audit process will be carried out.
Recertification Audit
The recertification audit should be undertaken some three months prior to the expiry date of the existing ISO 9001 certificate as a contingency measure.
This audit will be more comprehensive than the two previous annual surveillance audits but in format and content will also be similar to the initial stage 2 – ISO 9001 audit process.
A review of the three years of operating to the ISO 9001 standard will be included to examine what the company has learned during the process and how this has informed future plans.
As part of the process, a plan will be prepared for the next three years of of auditing.
Following a successful recertification audit, the ISO 9001 certificate is issued for a further three years and the annual audit cycle will recommence.