Surveillance Audits -
What is a Surveillance Audit ?
- The initial audit to get an organisation’s system certified, is called the Registration Audit. Subsequent audits by the registrar are referred to as Surveillance Audits.
- Surveillance Audits are the ongoing periodic review of an organisation’s quality management system, by a third party registrar (i.e. Certification Body). They generally occur every six months. This period may be changed to every 12 months, if the organisation shows a high standard of compliance.
- With a system, the size of RMIT, these audits are generally 2-4 days in duration
What is the purpose of the Surveillance Audit ?
- The focus of Surveillance Audits, is to ensure continued compliance with the ISO standard and the policies and processes of RMIT. Auditors look for evidence that the quality system is being maintained in its entirety and improved and corrected as needed.
- The Certification Body Surveillance Audit also examines our use of the ISO logos, in our stationery and advertising materials.
- The outcome of the Surveillance Audit determines if we continue to hold certification and acts as a vehicle for improvement ideas from an independent body.
- The successful completion of a Surveillance Audit demonstrates to our customers, that we are capable of maintaining and improving our level of quality.
- Surveillance Audits supplement the two activities that we conduct internally, to ensure continued conformance to ISO 27001 requirements - Information Security Auditing and Management Review.
what will the auditors be looking for ?
- The auditors will be looking for three main things when they review our system:
- Whether our entire system conforms to the requirements of the ISO standard - they judge this by reviewing the adequacy of our documentation.
- Whether we follow the procedures as they are written and if not why - they judge this by finding concrete evidence that events are occurring or procedures are being followed. For example, forms, records, registers, memos, meeting minutes, manuals, documents, logs, calibration stickers and certificates, computer databases etc.
- Whether we are actively reviewing and improving our quality management system - they judge this by looking into Internal Audit and Management Review results, correction of non-conformances, review of procedures and the quality plans and objectives we are setting (in our case Strategic Directions).
- An auditor should outline to you what topic/process they are going to ask you about, so it should not be a surprise.
- They will probably ask you to explain to them how you do the task. Try to answer in a logical step by step manner. If it helps, “walk” them through the process/task.
- Show them any up-to-date records/forms/minutes etc. that you keep in conjunction with the task. (remember they are looking for evidence to satisfy themselves that an event is occurring and in the correct way)
- If you have a procedure for the task, refer to it and be prepared to know where to find a copy of it. That is, with your area Quality Coordinator. Do not show them a photocopy you have taken of the procedure, always go to the original, controlled copy or webpage.
- The auditor will look to see that you know how to address various issues if something goes wrong in the process.
- The auditor will want to be satisfied that important information and documents are controlled and always kept up to date.
- The auditor’s aim is always to ensure that the quality of the service we deliver, matches our customer’s needs and that we act on non-conformances and improve as necessary.
what to do if you do not know the answer to a question.
- If you do not understand the question that the auditor is asking, ask them to rephrase or clarify the question. They should be happy to do this. Rephrasing questions and assisting people to understand them, is part of an auditor’s training.
- If you do not know the answer to a question, DO NOT MAKE IT UP. When people make up answers that “sound good”, you inevitably end up with a non- conformance, as there will be no concrete evidence to back the answer up.
- Instead, simply say that you do not know the answer and then try to direct the auditor to someone who will be able to help them. If you don’t know who to direct the auditor to, inform the Quality Unit Representative of the question, so that they can chase it up during the course of the audit.
- The auditor may ask you a question that you don’t know, because they do not fully understand who is responsible for what functions/tasks. In this case, it is good if you can clarify the person or area responsible for a task, for the auditor’s future reference.
What happens if Certification Body find a non conformance during a Surveillance Audit?
- The auditor issues a report listing any opportunities for improvement and non- conformances such as Something that needs fixing but does not directly or strongly affect the quality of the service. Or an issue that has strong implications on the quality of the service delivered or the effectiveness of the quality management system
- Certification Body may ask us to fix it during the course of the day or if this is not possible, they will ask us to outline our proposed actions. They will then review this activity at the next surveillance audit to ensure that it has occurred.