After Certification: Surveillance and Recertification

Many teams breathe a sigh of relief after the certification audit: "Done." But a certificate is not a trophy for the cabinet. It is a promise that has to be confirmed continuously. It lives on a three-year cycle.

The three-year cycle

• Year 0: certification audit (Stage 1 + Stage 2), the certificate is granted.
• Year 1: first surveillance audit.
• Year 2: second surveillance audit.
• Year 3: recertification audit, the certificate is renewed for the next cycle.

The surveillance audit

Surveillance audits are shorter than the certification audit, but they look specifically at whether the management system is still being lived and improved. A few elements are almost always on the list:

• The internal audit and management review carried out since the last visit
• How complaints, incidents and changes have been handled
• The status of the agreed corrective actions
• Correct use of the certificate and the certification mark

Recertification

At the end of the cycle comes a more comprehensive reassessment of the entire system, similar to the first certification audit, but with an eye on how the system has developed over the three years. After that, the cycle starts again.

A management system is never "finished." That is exactly the point of the cycle: continual improvement instead of a one-off heroic effort.

What happens if the system goes to sleep?

If a surveillance audit finds that the system is no longer being lived, the certification body can suspend the certificate and, in serious cases, withdraw it. Anyone who treats the cycle as routine from day one, internal audit, management review, well-maintained actions, never runs into that problem.