Surveillance audits shall be conducted once a calendar year except in years where recertification is conducted.
The wording of the clause may give a challenge when e.g. a recertification is planned for 1st December in year X and then, due to unforeseen reasons, a need arises to change the date until 15th January year X+1.
In that case there will be no audit in year X, neither a surveillance audit nor a recertification audit.
- What measures should be expected by the CAB to handle such deviation from the requirements?
- Is it acceptable that the certification body plan the next surveillance audit to be conducted in year X+2 based on the fact that there has been conducted a recertification in year X+1?
March 2019
Requirement of ISO/IEC 17021-1 § 9.1.3.3 is explicit: in each calendar year, at least (the CB can have a stricter regime but not an “easier” one), there shall be an audit, whether surveillance or recertification.
In case an unforeseen event has induced some delay in performing an audit in year n, which puts the audit at the very beginning of year n+1, this situation shall be considered as exceptional and treated has such by the CB for allowing to delay audit of year n (depending on cases, measures might be, among others, suspension of the client certification or other mean of surveillance while waiting for the onsite audit…).
The reason or justification of this deviation or delay should be documented and kept to show AB when requested.
Once the problem with the audit in year n is handled, it shall not be a reason for postponing the audit originally planned at year n+1. The postponing of n+I year audit to n+2 year is not acceptable.