Once your company is certified ISO 9001 compliant, the International Organization for Standardization (ISO) will examine your operation every three years to ensure you have kept with up ISO fundamentals after receiving your certification. ISO registrars or approved third-party companies will conduct surveillance audits to review certain required and select elements as defined in your quality manual, as well as any actions concerning issues discussed during your last surveillance.

Preparing for Your Audit

Entire programs and training courses exist for companies looking to ensure their ISO compliance before an audit. According to ISO 9000 Checklist, a pre-assessment audit includes consultation—often provided by experienced ISO 9001 auditors—on how to correct any nonconformities before the actual audit. Some companies also specialize in documentable internal audits—a major ISO 9001 compliance issue. You have the option of either scheduling a one-time internal audit or all of your internal audits for a given period. ISO 9001 Checklist also recommends a training audit, wherein a pre-assessment auditor coaches members of your audit team in audit techniques.

Compliance Requirements

According to QC Inspect, a company that conducts ISO 9001 compliance audits, the required elements of an audit include a management review, a discussion of any changes to your quality-assurance system, an internal quality audit and a discussion of any corrective action necessary for ISO 9001 compliance. The management review may determine that those in charge of the companyare not working in the same direction. QC Inspect recommends documenting each management meeting and recording all reviews and certification requirements in meeting minutes. When evaluating changes to your quality-assurance system, the ISO registrar will help you confirm that none of the changes strays from ISO policy. Like an inadequate management review, an ineffective internal audit process is a major nonconformance; keep good records of internal audits, as well as proof that you took all necessary corrective action.

Selected Requirements and Corrective Action

The ISO registrar will audit some processes defined in your quality manual as well as the inputs, outputs and interactions to each process; the auditor will decide which process will comprise the select audit. According to QC Inspect, the auditor will normally notify you of the audit date and schedule in advance. In addition to required and specialized certification elements, the ISO registrar will also review any findings discussed and recommendations made during your last surveillance. You will review corrective actions and recommendations with your auditor with a special emphasis on customer complaints. Each corrective action should focus on the root cause of the problem as well as the effectiveness of the proposed solution.