The Three-Year Certification Cycle Explained

  • Guides

ISO certification is not a single event, but rather an ongoing process that ensures your business complies with the requirements of its chosen standard. In this article we explain the system of audits that are used for assessment:

Gaining your initial certification: stage one audit

When you are trying to achieve ISO certification, the first significant milestone is the stage one audit. Your auditor investigates whether or not you have successfully managed to comply with the proposed scope and the targets you have set for your company. While this may show up some weaknesses and areas for improvement, this process is designed to be constructive, preparing you for the stage two audit.

Often these weaknesses do not appear as problems in the overall production process, but more commonly occur within documentation and communication. It is often the formalisation of these processes and responsibilities within the business that need clarification.

All of the audit findings are presented in a summarised report that allows you to focus on the important areas and processes that need strengthening to achieve certification. These are usually classed as non-conformities and are an expected part of the overall procedure for certification.

There are two classes of nonconformities. Minor nonconformities can be resolved with internal action plans whilst more serious major nonconformities need to be resolved with an agreed plan with your auditor.  

A closer look: stage two audit

The stage 2 audit is necessary 30 days after the initial audit to confirm that your processes and systems are free from nonconformities. Again, your auditor will evaluate your performance and efficiency and make the recommendations for certification. There may still be a need to address nonconformities following this audit.

However, if you only have minor nonconformities these will not hold up your certification, while major nonconformities will require another check 30 days after the stage two audit.

Ongoing checks: surveillance audits

One of the central pillars of the ISO methodology is a deliberate focus on continual improvement. One way of verifying that companies are adhering to the standards set out by certification is through annual surveillance audits. With larger organisations, the audit may need to be completed through a multi-stage approach to ensure that all the individual units meet the required standards.

During the surveillance audit, all the elements covered in the stage two audit are re-assessed with a view to ensuring that all the original systems and processes are operating as specified and producing the correct outcomes.

The surveillance audit will always review these areas:

  • Systems performance and maintenance
  • Preventative and corrective actions and processes
  • The effectiveness of your own internal auditing process
  • The implementation of recommendations following your internal audits
  • Regular management reviews of ISO implementation
  • Customer satisfaction rates
  • Updates to the documentation systems

The surveillance audit will be conducted by your auditor who will check any previous nonconformities from previous inspections, the effectiveness of your systems within the context of your audits, new activities and previous results. Whilst these surveillance audits are essential for ensuring that your company stays on track, they have a deeper benefit.

Surveillance audits are an essential step in preparing your company for recertification which is planned at the end of each three-year cycle as an important step in the overall certification process.

Recertification audits

Your ISO certificate is valid for three years after your initial issue. Recertification requires you to undergo an audit similar to the initial auditing process without the need for a stage one audit.  

This audit explores the same areas as surveillance audits, only looking more deeply into the holistic and global implications of your implementation strategy. It reviews the whole of your processes and systems from beginning to end alongside investigating your continued commitment to continual improvement.

Your performance targets will come under the microscope and your company’s objectives will be the main criteria for assessment. This review includes looking at patterns of non-performance and customer satisfaction, documentation and management reviews.

In short, the auditor will perform a thorough examination of every aspect of implementation before issuing certification with a strategic assessment plan that underlines the next certification cycle.

Our approach

We understand that implementing ISO standards effectively can seem daunting for new clients. This is why our in-house policy is to always produce a gap analysis, giving you clear direction in what’s needed to achieve your chosen standard. In order to help clients achieve certification within 10-12 weeks, we give you proven process templates and unlimited access to your auditor.

Additionally, we do not charge more for your recertification audit, offering our clients a value service that is based around our ongoing commitment to your certification.  

ISO 9001 is ISO’s most popular standard, being implemented by more than one million companies in over 175 countries.

profile image of Mark Nutburn
Written by Mark Nutburn

CTO - technology professional with over 20 years of IT experience building bespoke CRM systems and designing customised software solutions. A key part of the management team at The British Assessment Bureau for many years and a part of AMTIVO’s management team.