The point of the internal audits is to help the organization as a whole improve well before the certification audit takes place. The external audit process will work similarly to your internal audits; the only difference will be who will be performing the audit. In order to achieve certification, you will need to demonstrate your ISO compliance to an external or third-party auditor. The third-party auditor or auditor team will be assigned to your organization by an ISO registrar also referred to as a Certification Body or CB , an independent entity who also issues the ISO certificate once approved by the auditor.
The external audit can take place after you have completed a successful internal audit and have at least two to three months of documentation and records from your ISO procedures. The official auditing process takes place in three steps: the opening meeting, the auditing process, and the closing meeting. During the meeting, the auditor s will also discuss their role and the auditing schedule. The auditing process may take up to a week, depending on the size of the organization.
After the opening meeting, the auditor s go over your quality management system processes using their audit schedule as a guide. Note that some process reviews may take more or less time than scheduled. The auditor s will visit a few or all of your departments to check if the ISO requirements noted in your documentation is implemented and being followed by staff. The auditor s will interview staff members, asking questions, and taking note of what they discover; depending on the findings, auditors may make a note for further evaluation.
This will be when most of the auditing process takes place; during this step, you and your team will gain insight into what you are doing well and what could use improvements for better compliance.
If the auditor s find any problems in compliance with ISO , they will bring those concerns up for you to take corrective action before receiving ISO accreditation. Some auditors may offer recommendations based on those findings. All this and more will be in an audit results report for senior management and employees to review. However, if the auditor s do not find any major issues with your QMS, you will be awarded an ISO certificate following the audit.
Having a successful ISO system requires on-going maintenance and takes a while to implement. It is most certainly not a one-time, one-hour ordeal. Create a schedule that outlines how you plan to implement your new ISO system. Create a time-line with milestones to make sure you stay on track. The last thing you want your organization to do is to rush to meet the ISO requirements weeks before your official certification audit.
Your employees and management should also be prepared for the audit. Make sure they are up-to-date on the following quality management system features:. Your team should be very familiar with relevant documentation to their role and area, but it's also important that your documentation is accurate in the first place. First, you should have the following documents on-hand:.
All procedures that your organization has implemented under ISO standards whether they are documented or not should be followed. Make sure your employees are aware of any updated quality management system procedures that apply to their role and department and that they are following the new systems accordingly. Take steps to resolve recurring problems as soon as they appear during internal audits.
By starting early, you can find quick, foolproof solutions to the flaws in your quality management system. If an auditor finds a problem during your official auditing process, they allow you enough time to repair those issues, and if you are able to resolve those conflicts, then you can still be certified. For that reason, it is important that you have addressed any findings from your internal audits before your certification audit. Also make sure that for corrective actions that have been executed that you have verified them for effectiveness, and have documentation that supports that.
Regular internal audits allow you to see any concerns regarding ISO requirements. By assessing your company routinely, you can correct anything that needs fixing long before your official certification audit. In addition, internal audits will allow management and employees to be more prepared for the real deal, especially the interview process. Just like your internal audits, it's important to be positive and professional. Make sure you make a good impression with the auditor--treat them professionally and with respect.
A good management review assesses the quality management system you have established for your organization at least once a year. Senior managers should review the following:. Routine management reviews should be documented according to ISO requirements. Each review should be followed by an actionable plan that is meant to resolve any concerns identified during the meeting. Such concerns should be resolved before the next internal audit so suggested changes have enough time to be implemented.
The auditor who visits your facility will want to see documentation or records that have tracked your progress during the implementation of your ISO system.
They will be looking for evidence that shows that you have been following your plan and meeting objectives. Note that it is perfectly okay to change future goals if the business environment has changed since you have set the objectives; for example, perhaps the economic climate has fluctuated so you may increase or decrease your sales goals.
The ISO certification audit is very important: to your organization, your employees, and your customers. Make sure you put your best foot forward! It can be difficult for an audit to take place in an unorganized or dirty workplace. ISO Knowledge base. Strahinja Stojanovic. What is an ISO audit? An ISO audit is a documented, systematic, and objective process for gathering facts.
He participated in implementation of these standards in more than SMEs, through creation of documentation and performing in-house trainings for maintaining management system, internal audit and management review.
Upcoming free webinar. Presenter Carlos Pereira da Cruz. Measurement, analysis, and improvement according to ISO Thursday — January 13, Suggested reading. One of the first things to do when implementing a Quality Management System There is a lot of talk going around about how documented information is You have successfully subscribed! Below is a graphic of how this works, with the link back to the surveillance audit after the re-certification.
As long as you are maintaining your current certification with the same certification body, you will not need to go back to the certification audit. However, if you change certification bodies or your version of the ISO standard as companies are now changing from ISO to ISO , you will then have a transfer audit. This is much like starting back at the certification audit step, where a full audit is performed and then old certificates are withdrawn and new certificates are issued. For some guidance on choosing a certification body, you can read this article on How should you pick an ISO certification body?
All three are on-site audits done by the certification body, will have corrective actions issued that need to be addressed, and will have an audit report issued to your company as a record of the audit. The difference is the number of hours devoted to processes in the audit. This audit will often take several auditors many days to complete, depending on the size of your company and the number of processes within your QMS.
By comparison, the surveillance audit will spend less time on only some portions of your QMS processes, rather than everything. They will start each time by looking at your key processes such as management review, internal audit, and corrective actions , and will then only look at some of the remaining processes within your QMS. They may also only look at a portion of the whole organization, such as only one out of two production lines, or even only certain sites chosen by the auditors, rather than multiple sites.
There is a recommended rule to use a square root of all possible locations; for example, if there were a total of 16 retail stores in the scope of the certification, then at least four should be audited in a surveillance audit. Since the auditors will be spending less time on fewer of your QMS processes, these surveillance audits will take less time to perform than the original certification audit.
The goal for the certification body is to audit all of the processes and business sites at least once within the QMS during the two-year surveillance cycle. For some help on preparing for your initial certification audit, check out this blog post on What questions to expect on the ISO certification audit.
Since the surveillance audit does not look at all processes, some people start to think that these audits are less important than the certification audit, but this is not the case. You still need to perform your internal audits for all processes as per your audit schedule, and make any corrections or improvements that you find necessary.
It is also important to remember that if a major non-conformance found during a certification audit is not addressed, you can still lose your certification.
0コメント