ISO audits and surveillance are essential parts of maintaining ISO certification. After a company is certified, regular surveillance audits ensure it continues to follow ISO standards.
An ISO surveillance audit happens after a company achieves ISO certification. The purpose is to check if the organization is still following the required standards. These audits are less intensive than the initial certification audit, but they are necessary to maintain compliance.
During a surveillance audit, an auditor from the certification body reviews key areas of the business. This includes checking the management system, how previous issues were corrected, and whether the organization is still meeting the ISO requirements. For example, under ISO 27001, the auditor checks if the company's information security practices are up to date and effective.
Surveillance audits are usually conducted annually or semi-annually, depending on the specific ISO standard. For instance, under ISO 9001, a surveillance audit occurs yearly to ensure the quality management system is still functioning properly.