Our company recently completed the ISO 9001 certification process, and I thought the most challenging part was behind us. However, during a follow-up discussion, our certification body mentioned upcoming surveillance audits, and I realized I don't fully understand how they differ from the original certification audit.
I've read a few brief explanations online, but most of them simply say that surveillance audits are conducted to ensure the management system is being maintained. That sounds straightforward, but it doesn't really explain what the experience is like in practice.
What I'm trying to understand is how detailed these audits tend to be and what areas auditors usually focus on. Do they review the entire quality management system again, or do they concentrate on specific processes, records, and changes that have occurred since certification? I'm also curious whether companies typically spend weeks preparing for surveillance audits or if they become relatively routine once the system is established.
One concern I have is that our business has changed quite a bit since the certification audit. We've added new staff, updated a few procedures, and taken on different types of projects. I'm wondering how much attention auditors pay to operational changes and whether those changes commonly create issues during surveillance visits.
I'd appreciate hearing from anyone who has been through multiple surveillance audits. Were they significantly easier than the initial certification audit, or did they require just as much preparation? Any practical insight would be helpful because most of the information I find focuses on getting certified, not on what comes afterward.
I've read a few brief explanations online, but most of them simply say that surveillance audits are conducted to ensure the management system is being maintained. That sounds straightforward, but it doesn't really explain what the experience is like in practice.
What I'm trying to understand is how detailed these audits tend to be and what areas auditors usually focus on. Do they review the entire quality management system again, or do they concentrate on specific processes, records, and changes that have occurred since certification? I'm also curious whether companies typically spend weeks preparing for surveillance audits or if they become relatively routine once the system is established.
One concern I have is that our business has changed quite a bit since the certification audit. We've added new staff, updated a few procedures, and taken on different types of projects. I'm wondering how much attention auditors pay to operational changes and whether those changes commonly create issues during surveillance visits.
I'd appreciate hearing from anyone who has been through multiple surveillance audits. Were they significantly easier than the initial certification audit, or did they require just as much preparation? Any practical insight would be helpful because most of the information I find focuses on getting certified, not on what comes afterward.