Certification, recertification, and surveillance audits — What’s the difference?

By Kelly Huckabone

October 2020

A certification audit occurs when a company undergoes an audit by an ISO Registrar to ensure compliance of all elements of a specific standard. An ISO certificate references the scope of the registration issued to the company and includes a three-year expiration date. Certification audits are most often broken into two stages. A stage one audit is typically conducted remotely to determine if the organization is ready for a stage two audit. If the auditor determines the company has met the minimum criteria for the stage one audit, the company will proceed with an onsite stage 2 audit, which is much more in-depth and includes a document review, interviews, and work observances covering all elements of the standard.

Every year, a surveillance audit is conducted by the ISO Registrar. A surveillance audit is less intensive than the certification audit. It is a “snapshot” in time of the auditor’s review to ensure the company is still meeting the key elements of the ISO standard. However, sometimes not every element will be reviewed during a surveillance audit. If there are any gaps, a nonconformance finding is documented and the company is responsible for addressing it to ensure ongoing certification.

A recertification audit occurs every three years from when the original certification audit was completed. During a three-year period, there are typically numerous organizational changes that happen within a company. Part of the recertification audit is to ensure that the Quality Management System (QMS) has assessed and documented these changes appropriately and implemented any necessary training. Another reason for a recertification audit is to ensure companies incorporate changes to their QMS when ISO standards are updated.

Whether your company is undergoing a certification, recertification, or surveillance audit, it is good practice and a company’s responsibility to always be “audit ready.” Next month’s article will offer some important tips for ensuring audit readiness.

Download a PDF of this article



About the author

Kelly Huckabone is the North American Audit Program Manager who oversees the Unity™ Lab Services internal and external customer and supplier audit programs. Kelly is a certified risk manager, lead auditor with the American Society for Quality (ASQ), and has been conducting audits for over 25 years for different quality systems, including ISO 9001, 13485, and 17025, as well as Health Canada and the FDA.

Contact me at kelly.huckabone@thermofisher.com if you have any questions.