Understanding your ISO Certification Auditor’s Thinking
Even for the experienced ISO Systems manager, audits can be a nervous time. The second guessing of what you have created in your systems and what your ISO certification auditor is going to be looking for can lead to over thinking things and even on extremes the odd restless night.
It does not matter if you are certifying to ISO9001 for quality management, ISO14001 for environmental management, ISO27001 for information security management, ISO45001 for occupational health and safety systems management or even ISO13485 for medical devices quality management systems, the auditor is looking for the same key things across all the standards. We have put together this helpful run down of exactly what you need to know.
What will the ISO Certification Auditor really look for?
Your auditor is looking to assess only three things at the end of the day, and they are not going to be a surprise:
- Do you have all of the mandatory documented information that particular standard you are working to requires.
- Does your documented information that you do have, comply with the standard?
- Do your activities, the things you say you are doing, comply with both the standard and your own documentation. i.e. are you actually doing what you say you are doing in order to meet the standard.
That's it, it's just those 3 things, it's not a lot really.
Do not overwrite things, don't create procedures you really don't need and will never use and don't write for the auditor or the customer, write it for the users. Once you do release a procedure then you need to make sure everyone knows about it who needs to know and that they actually follow it. If they do not, your auditor will absolutely find them and then you have a challenge.
What will annoy your ISO Certification Auditor?
Auditors are human, it may not seem like it sometimes, but they are. That means that they can get a little annoyed with you at times. Especially if you:
- Try to prevent them from doing the audit correctly by attempting to stage manage it and guide them to people and areas you know are perfect.
- Avoid their questions and give a politician type answer.
- Outright lie, this is the fastest way for an auditor to lose trust when they find out, and they will and then they will leave your company, without awarding a certification.
Pro Tip
It is simple, be up front, do not waste theirs or your time. Allow the auditor to run the audit and do not try to cover things up. The aim of the audit is to help you as an organisation and help identify opportunities for improvement.
What will make your ISO Certification Auditor Happy?
Pro Tip
While your auditor is not allowed to consult or explain in detail about how to fix an issue it is absolutely fine to ask for the audit for their opinion when something comes up that either of you are not satisfied with. They are likely to give you some guidance without stepping over the mark of no consulting.
What will your ISO Certification Auditor Expect?
Auditor expects you to be ready for them, their arrival is not a surprise. You need to have an area set aside for them to work privately, to be able to interview staff and that the company has planned for people to be available, after all they have already sent you an audit plan in advance.
The auditor expects that you are going to have a system that is ready and is being used and looked after.
Pro Tip
Remember that you are going to have a long-term relationship with this auditor as auditing companies tend to send the same person for all your ISO certification and surveillance audits. That means you will see them again each year over your certification window. Build a relationship with them.
What can the ISO Certification Auditor can do?
Pro tip
Keeping in mind the ISO auditor can go anywhere, speak to anyone, and look at anything you have it is important to ensure everyone else in your organisation knows this. Make it clear that they are to be helpful and open with the auditor.
What can the ISO Certification Auditor not do?
As we mentioned before they cannot consult on an issue, they can offer hints and pointers but no detail consulting. They also cannot raise a Non-conformance on something which is not in the standard so if you are doing something over and above the standard and they do not like it that is not enough to raise a non-conformance. Technically they also cannot raise a non-conformance where they cannot prove you do not comply with the standard.
Pro Tip
It is ok to argue and debate with your auditor, you should be ready to do this where it makes sense. If you believe that a non-conformance has been raised for something that cannot be tied back to the ISO standard you are being audited for then you absolutely need to challenge it before they leave and again if it comes through on the report.
Copyright
© Many Caps Consulting | All Rights Reserved
By accepting you will be accessing a service provided by a third-party external to https://www.test.manycaps.com/
Comments