[Certification Class] Differences Between Initial Audit, Surveillance Audit, and Recertification Audit

In the complete operation of quality management systems, environmental management systems, and occupational health and safety management systems, there are three key audit points: initial audit, surveillance audit, and recertification audit. So, what are the differences among these three types of external audits?

Initial Audit

This refers to the first external audit when an enterprise begins to establish the system, divided into Stage One and Stage Two, which is an audit of the entire system.

The first stage audits the system documents and evaluates the specific conditions of the enterprise's operation sites and on-site situations to determine the readiness for the second stage audit; the second stage evaluates the implementation of the customer's management system, including its effectiveness. The second stage audit should be conducted on the customer's site; the audit team should analyze all information and evidence collected during the first and second stage audits to review audit findings and reach consensus on the audit conclusion.

Surveillance Audit

This refers to the certification body's regular monitoring of representative areas and functions within the scope of the certified customer's management system, taking into account changes in the certified customer and their management system.

Surveillance audits are on-site audits but do not necessarily cover the entire system and should be planned together with other surveillance activities so that the certification body can maintain confidence that the certified management system continues to meet requirements throughout the certification cycle. During the certificate validity period, secondary surveillance audits are conducted regularly. The first surveillance audit date is calculated from the completion date of the initial audit, generally conducted within 9-12 months; the second surveillance audit is also completed 9-12 months after the previous one. It must be ensured that each surveillance audit interval does not exceed 12 months; otherwise, suspension actions will be taken.

Recertification Audit

This confirms the ongoing conformity and effectiveness of the management system as a whole, as well as its continued relevance and suitability to the scope of certification, to evaluate whether the certified customer continues to meet all requirements of the relevant management system standards or other normative documents.

The initial certification for the management system is valid for three years. Within three months before the expiration, the certified organization should apply for recertification (certificate renewal). All recertification activities and certificate reissuance should be completed within the previous three-year validity period. If the certified organization has special circumstances, upon written application and negotiation with UICC, the recertification audit date may be appropriately postponed but must still be completed within the certificate validity period; otherwise, it will be treated as an initial audit.