Certification Audits: What to Expect During Your Stage 2 Certification Audit
In part 1 of this blog post we discussed how to prepare for your stage 1 certification / registration audit. Just to reiterate was covered in the prior blog post: How to Prepare for your Stage 1 Certification Audit. Just a quick note that the term certification audit is synonymous with the term registration audit. These are conducted by a registrar or certification body ideally that is accredited to a recognized accreditation body such as the American National Accreditation Board (ANAB).
As discussed in part 1, a certification or registration audit is typically conducted in two stages. Stage 1 again is largely a review of the documentation portions the management system (ISO 9001 Quality Management System, and/or ISO 14001, ISO 45001 or similar). See part 1 for more details on this.
What to expect during your Stage 2 Audit
Once the stage 1 is completed it is best to review the stage 1 report and any concerns noted. The management representative and top management should review the report for concerns and generate an action plan to ensure that any noted concerns are addressed and closed prior to the stage 2 audit.
Typical stage 1 concerns include issues around the accuracy of the scope of certification with organization interaction of processes, the quality objectives and target programs, the organizations internal audit. Any concerns noted at the stage 1 will automatically become major findings / non-conformities at the stage 2 if not fully addressed and corrected. Once your organization has addressed all stage 1 issues it will be important to review your organizations records to ensure all are ready and easily accessible.
The stage 2 audit is primarily focused on the implementation of your quality management system. At this point, the organization’s operational processes are audited and assessed to determine if the risk to quality has been appropriately mitigate. During this stage the auditor will be actively asking to see if the organization is utilizing standard operating procedures and/or work instructions. If so, then the auditor will be reviewing if what is documented in the procedures or work instructions is actually being carried out accurately. Auditors are required to sample records and interview staff to collect evidence of conformity. To be clear they are not just looking for gaps or nonconformities. Interviews with staff will generally include topics of how staff performs their tasks and questions about controlling quality. An auditor may ask to see an activity or process be carried out to determine if the process is adequate controlled. They will ask how nonconformities are handled. If the process produces parts they would need to demonstrate the process for containing bad or nonconforming parts.
In summary, the stage 2 auditor is assessing the organization against three types of criteria. The first is the requirements of the ISO 9001:2015 Quality Management Standard. These take the form of shall statements within the ISO 9001 standard. The organization shall act against non-conformities and prevent their reoccurrence.
The second set of requirements are legal or contractual requirements of the customer. Auditors will assess customer requirements through review of contracts and purchase orders to ensure those requirements are being fulfilled. If your organization agrees to wrap all products with pink bowties upon a customer request, then you must follow through.
Lastly, any additional self-imposed requirements are also on the table as audit items. These items would be any organization specific standard operating procedure or requirements generated internally by the organization.
Hyperlink: Internal Audit Hyper Link: https://www.wilkshireconsulting.com/single-post/diving-deeper-into-iso-9001-2015