The work doesn’t stop once you get ISO certified, there is a requirement to complete an annual surveillance audit to ensure your Management System continues to meet the requirements of the standard(s).
Surveillance audits must be carried out by a Certification Body, during which they will typically look at your Management Review, your preventative and corrective actions process, Internal auditing process and the implementation of any recommendations that have come out of an Internal audit.
Today, Mel explains how you can prepare for a Surveillance audit and gives examples of some key considerations ahead of the Auditor arriving on site.
- What is a Surveillance Audit?
- Why there is a requirement for an annual surveillance audit
- What you need to prepare ahead of a surveillance audit
In this episode, we talk about:
[00:59] A description of a Surveillance Audit
[01:30] The purpose of a Surveillance Audit – Ensuring your Management System meets ISO Standard requirements and as an opportunity to demonstrate continual improvement
[02:40] There is no right or wrong way to prepare for a Surveillance Audit – but the following tips will be applicable regardless of the standard your certified to
[03:30] Tip 1: Check that you have an Agenda for the visit – This should be provided at the end of your last report from the Certification Body
[04:25] A brief overview of how the certification cycle works – A 3 year plan is usually provided to you by your Certification Body
[05:50] Ensure that you go ahead with a UKAS accredited Certification Body
[06:18] Tip 2: Confirm locations – make sure you know where the auditor is being sent and to prepare staff on site about the impending visit. This can also allow you to book out time for specific people that may be required during the audit
[07:10] Tip 3: Ensure you book out time for any required key members of staff – it is also advised that you book out a meeting room for the day
[08:45] Be prepared for the Auditor to walk around your site – Especially if they’re assessing ISO 45001 (Health and Safety) and ISO 27001 (Information Security)
[09:40] Double check if the auditor visit is on-site or remote
[10:30] Tip 4 – Check that you have all the relevant Management System records in place – and that they’re up-to-date
[10:50] Examples of what documentation the Auditor will typically look at
[13:00] Tip 5 – Make sure you’ve closed out any opportunities for improvement and non-conformities from your last internal audit
[14:30] Tip 6 – Check if there have been any changes to your business that may effect the scope of certification i.e. New products or services with no controls in place yet or a new site
[16:00] Tip 6: Confirm the auditor’s visit and check if they have any accessibility or dietary needs.
[16:30] Tip 7: Warn any relevant reception / security staff about the visit so they know to expect the auditor. Ensure they go through any of your typical security procedures i.e. getting an access card, signing visitor book ect
[17:42] Tip 8: Send an email to all staff to remind them about the surveillance visit – good to do this a day or two ahead of the visit
[19:45] Tip 9: Do a floor walk – Ensure that any of the physical controls you have in place are working as intended
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes: