An ISO audit can feel like a daunting task but one that’s well-worth the challenge as gaining ISO9001 or ISO13485 certification is a significant achievement. The certification demonstrates that you have successfully established processes consistently meeting the minimum standards for quality manufacturing and service. The value of the certification goes beyond earning access to markets; it’s the foundation of engrained year-after-year continuous improvement. This endless journey of continuous improvement starts with the preparation for the initial certification.
No matter which specific ISO standard applies to your business, that standard will require that you have in place certain prerequisite systems and organize them in your quality management system (QMS). As your system develops and matures it should begin to emphasize integration and a risk-based approach.
The certification auditor often tests by taking documented decisions or events and tracing them back through the system to check for compliance to documented procedures and to verify execution. Another frequent ISO audit technique is to challenge your system through study of an actual event by evaluating the complaints managements system, related design controls, any applicable supplier controls, and resulting CAPA effectiveness.
Every certification process is a multi-step journey, one that is made easier when surrounded by the right subject matter expertise. At a high level, an organization can expect:
- Stage 1: an assessment is performed to determine if procedures are compliant and if the mandatory requirements of the standard are being met
- Stage 2: a second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational
- Readiness Checkpoint: corrective actions are reviewed to address any findings raised at Stages 1 & 2. If readiness is confirmed, submission for certification is recommended.
- Certification Review: the organization’s files are reviewed by an impartial panel and the certification decision is made; certificates are then issued
If your organization is preparing for ISO certification, preparations should begin well before the 2-stage registration ISO audit with a thorough assessment of your Quality Plan and QMS to expose any gaps in meeting the regulation or any blind spots that could impede the process. Given that the registering body is not allowed to contribute to your preparation activities, it is important to find an independent partner to assess readiness.