Surveillance Audit
Navigate
â–· Surveillance Audit
ISO/IEC 17021
The audit program for initial certification includes a two-stage initial audit, surveillance audits during the first and second years following the certification decision, and a recertification audit in the third year before the certification expires. The first three-year certification cycle begins with the certification decision.
Surveillance Audits
Surveillance audits must be conducted at least once per calendar year, except in recertification years. The first surveillance audit after initial certification must occur no later than 12 months from the certification decision date.
The frequency of surveillance audits may be adjusted based on factors such as seasons or management systems with limited durations (e.g., a temporary construction site).
Recertification Audit
Recertification audit activities may require a stage 1 audit if there have been significant changes to the management system, the organization, or the context in which the management system is operating (e.g., changes in legislation).
If recertification activities are completed before the expiration date of the existing certification, the new certification’s expiry date may align with the original certification’s expiry date.
Short-Notice Audits
The certification body may need to conduct audits of certified clients with short notice or unannounced to investigate complaints, respond to changes, or follow up on clients with suspended certification.