Obtaining an ISO certificate for an entrepreneur or your company is not always an easy task. Anyone who has already gone through this process can confirm that this process can be very laborious and time consuming. If you are unfamiliar with ISO standards and the certification process, this process may require a degree of willingness to learn new things, but the effort will have the desired effect.
However, we must not forget that when you achieve certification, you usually feel that the task is basically completed and you can start working on your next project. But is it really so? Can we forget about the certification and wait for the next surveillance audit? The answer is a clear "No!" - If you want to take full advantage of the certification and implementation of the management system, this is always just the beginning.
After obtaining ISO certification, people tend to take a break from the project and then willy-nilly forget the management system and leave it uninterrupted for several months, approaching the time of the first surveillance audit, which tends to surprise, and the requirements of the so-called standard are then slop-built. A number of disagreements, complaints and other issues often remain unidentified or open without resolving them, and the documented information does not keep pace with the operational changes and improvements that have been implemented in the company in the meantime.
Insufficient information on ongoing activities required by ISO standards can ultimately lead to the certificate withdrawal during the first surveillance audit within 12 months after the initial certification, which is likely to cause great confusion in your organization as well as additional costs (direct and indirect) to restoration, not to mention the dissatisfaction of the parties involved.
How can you prevent this scenario in your business?
Let's imagine what you have to do when your company achieves ISO certification.
Maintaining ISO certification is the subject of successful annual surveillance audits. The most common certificates of ISO management systems (i.e. ISO 9001, ISO 45001, ISO 14001, ISO 27001, etc.) are issued by the certification body for a period of three years. Certification is achieved by successfully passing an initial certification audit (external audit), which is performed by a certification body such as. CeMS s.r.o. This audit consists of two phases:
To achieve certification, you will need to address adverse findings from these audits. After performing this verification, the auditor assesses whether the issues have been properly resolved. If there are no additional requirements, the certification body will issue an ISO certificate (s) to your organization.
12 months after your initial certification audit, the certification body will carry out the first surveillance audit. The same process is repeated for two consecutive years after the first certification.
Surveillance audits are less demanding than certification audits. They are essentially a picture of the processes at the time of the auditor's audit to ensure that the management system still meets the main elements and objectives of the ISO standard (s). This means that not all elements are checked during surveillance audits. If any gaps or findings occur, the audited organization is responsible for eliminating these deficiencies to ensure continued compliance with the requirements of the standard.
At the end of the three-year cycle, your company will have to undergo a recertification audit of the ending management system of the relevant standards. This process is similar to the initial certification audit (but usually shorter). The goal is to verify that your management system continues to fully meet all ISO requirements. Upon successful completion of the audit, the certification body will provide you with the newly issued certificate(s) and the cycle above will be resumed.