Surveillance Visits vs. Certification Audits
- Home
- Blog
Categories
Latest Post
ISO 14001 Lead Auditor Course
ISO 14001 Foundations Course
ISO 14001 Internal Auditor Course
ISO 14001 Lead Implementer Course
Surveillance visits and certification audits often differ significantly. This explanation covers why and highlights the differences. These points apply not only to ISO 27001 and ISO 22301 but also to standards like ISO 9001, ISO 14001, and ISO 20000.
Certification Audit and Its Limitations
The certification audit is part of the ISO 27001 certification process. During the initial audit, the auditor checks if all the main elements of the management system are in place. This includes all documentation, required records, and processes. The auditor also verifies if the main processes work as described in the documentation. However, this check is limited since the management system might have been in place for only a few months or weeks.
The certificate is issued for three years. For example, if the initial certification audit was in November 2012, the certificate is valid until November 2015. To ensure the management system is maintained, the certification body performs periodic checks called surveillance visits.
Surveillance Visits
Surveillance visits occur at least once a year, sometimes twice. Using the previous example, if the initial audit was in November 2012, the first surveillance visit would be in November 2013, and the second in November 2014. In November 2015, the certificate would expire, and the company could go for a recertification audit.
The main purpose of surveillance visits is to ensure the management system works in everyday operations. These visits focus on areas the certification audit couldn’t fully check. They verify if all incidents are recorded, measurements are made, and corrective and preventive actions are properly recorded and implemented. They also check if top management supports the system.
Surveillance visits also focus on issues identified as weak in the certification audit or previous visits. This includes minor nonconformities and auditor observations.
During surveillance visits, the auditor pays less attention to documents and more to how key processes are performed, measured, and improved.
Conclusion
Don’t relax after your certification audit. The certification body is highly interested in ensuring your management system functions effectively. Surveillance visits focus on the system’s real-world performance, not just its documentation. This is why implementing the standard should be more than just for certification. The procedures and policies should genuinely be used in everyday operations.
