An ISO 9001 audit is a process that measures whether an organisation has the basic qualifications required to be certified under ISO’s quality management standards (QMS).
As the name suggests, the ISO 9001 audit process primarily focuses on examining an organisation’s management-related records. This might include:
- Policy memoranda
- Official communications
- Processes
- Protocols
- Monitoring and evaluation records
- Customer interaction records and procedures for addressing customer concerns.
Read on to learn more about the various stages of the ISO 9001 audit process and what they involve.
In this post:
What is the ISO 9001 audit process?
The ISO 9001 audit process is designed to determine whether your organisation will qualify for ISO certification. It can help you to improve your business’s QMS by identifying any weaknesses and deficiencies. Addressing these issues will eventually help your organisation to comply with the QMS requirements as set by ISO.
Internal and external audits
The ISO 9001 audit process can involve both internal and external audits. Internal audits are carried out by a team of ISO-trained auditors or inspectors who are part of your organisation. Although performed in-house, the audit must still be conducted in an objective, impartial, and formal manner. With the help of an ISO 9001 checklist, the main goal of an internal audit is to self-assess the company’s current QMS standards.
Alternatively, if your company doesn’t have qualified personnel who can conduct the audit, you may choose to hire a consulting firm to carry out the process on your behalf. The main advantage of external auditing is that it reduces the burden on your employees. It may also be considered more credible because there’s no risk of internal bias.
Room for improvement
The initial audit, whether internal or external, is conducted to establish whether or not your organisation is ready for the stage 2 audit.
During the first stage, the auditor will make recommendations for improvements if there are criteria your organisation failed to meet. You’ll then have time to improve and prepare for the second stage of the audit.
If, on completion of stage 2, your organisation satisfies all of the requirements then you’ll be awarded ISO 9001 certification.
Scoring classifications
After the auditing process has been completed, your organisation will be rated based on the checklist of compliance. It will receive one of the following four scoring classifications:
- Compliant
- Opportunity for Improvement
- Minor Non-Conformance
- Major Non-Conformance
ISO 9001 process audit checklist
The ISO 9001 process audit checklist contains seven main categories that need to be examined, audited and scored:
- Context of the organisation – this includes the organisation’s mission-vision and objectives regarding policy direction and interaction with stakeholders. The QMS must be clear and align with the organisation’s operations.
- Leadership – the top management must demonstrate a commitment to the QMS and accept full responsibility for its implementation.
- Planning – the internal and external risks must be carefully considered when planning for QMS.
- Support – this refers to the resources, manpower, and infrastructure needed for ensuring a high standard of QMS.
- Operation – this relates to the implementation of the plan and achievement of the objectives, both in the short and long term.
- Performance evaluation – a set of criteria and monitoring mechanisms must be put in place to measure the organisation’s performance based on the QMS.
- Improvement – continuous improvement is key to sustainable performance and efficiency, as well as how effective your organisation is.
1. Stage 1 audit
In stage 1 of the audit, an internal or third-party auditor(s) will conduct a preliminary examination of your organisation’s compliance with the ISO 9001 standards. They’ll then make some recommendations but you’ll be given plenty of time to make the necessary improvements.
2. Stage 2 audit
In the second stage of the audit, the accredited auditors and qualified inspectors will assess whether the recommended improvements have been implemented. The management system will once again be evaluated to determine whether it complies with the ISO 9001 QMS standards. The auditor may make further recommendations or, if the QMS meets the qualifying criteria, your organisation will be endorsed for certification.
3. Receive certificate
Once your organisation passes the auditing process, you can apply for ISO certification from an accredited ISO standards registrar. Assuming all the fees are paid and the relevant documents are in order, your organisation will then receive its ISO 9001 certificate.
4. Surveillance audits
Surveillance audits are conducted for two years after certification has been awarded. During this time your QMS and processes will continue to be monitored, albeit to a lesser extent than in the first and second auditing stages. This stage of the process is necessary for recertification audits.
5. Recertification audits 
ISO 9001 certification is an ongoing process that involves a cycle of recertification audits based on the improvements made by the certified organisation. A recertification audit is performed every three years from the date the original certification was issued.
6. Review
The review process is based on revisions or changes to the ISO 9001 standards. It takes account of the fact that some provisions may no longer be applicable for certain industries following innovations in technology and updates to regulations.
Why the ISO audit process is so important
The ISO audit is very important because it ensures top-quality management standards are maintained and updated. It also ensures organisations are meeting the requirements set by international bodies of standards, which can benefit both your business and its customers. Whatever the size of your organisation, there’s always room for improvement.
Summary
The ISO 9001 audit process can be time-consuming, but it’s necessary to ensure quality management standards remain high.
Auditors will assess your organisation in seven key areas before making recommendations to help you improve your quality management system. You may need to complete a series of auditing stages before you can achieve ISO 9001 certification.
ReAgent’s ISO certifications
ReAgent currently holds four ISO accreditations: ISO 9001 for quality management, the ISO 14001 environmental certification, ISO 13485 for quality management systems relating to medical devices, and ISO 45001 for occupational health and safety.
If you’d like more information about our ISO certifications, please feel free to contact our friendly team.