After obtaining ISO certification, is an annual review really necessary? What are the consequences of not having an annual review?

Certification is a "hard threshold" for many project bids, but obtaining ISO certification does not mean you can rest easy. Companies that fail to conduct timely annual reviews risk losing valuable bidding opportunities due to certificate expiration, a situation that is all too common. It is better to prepare in advance than to scramble at the last minute. This applies not only to the initial certification but also to the annual reviews.

Next, let's use an example to specifically explain the dangers of an expired annual review.

A friend started a property management company. Last year, due to bidding requirements, the company specifically entrusted the head of the administrative department and hired a coach to develop a set of system documents, preparing for a long time. An external auditor came to review, everyone was busy for two days, some issues were pointed out, and after rectification, the certificate was issued in about two months.

Due to the pandemic, the company had a large workload for disinfection, and everyone was extremely busy. Time flew by, and a year passed in a flash.

Recently, preparing to bid for another project, they found the certificate had expired. It turned out everyone forgot about the annual review amid the busyness. Additionally, the certification company was also busy and missed contacting them. As a result, the certificate became invalid and expired.

It is easy to imagine how the company's bid will turn out this time!

Now let's specifically share what companies should do about the annual review and where the audit points are:

01

Regarding the annual review, the Certification and Accreditation Administration stipulates the following:

The certificate requires an annual surveillance audit between the 8th and 12th month after the last audit. Companies that do not conduct the annual review and exceed 12 months after the last audit will have their certificates suspended. During the suspension period, companies can apply to restore the valid audit; if the suspension lasts for 3 months, the certificate will be automatically revoked and invalidated.

Once the certificate is revoked and invalid, if it needs to be used again, a reapplication must be made following the initial audit process. Compared to surveillance audits, this approach results in losses for the company in terms of time, manpower, and economic costs.

Since the annual review is so important, where exactly should one start? Many companies may be confused, so here are some suggestions:

02

What companies should do about the annual review

1. Request the certification company to submit the current surveillance audit plan.

2. Review the departments and clauses involved in this audit according to the plan.

3. Analyze the specific work procedures and quality records of each department under audit.

4. Review the minutes of the last external audit meeting.

5. Conduct a self-inspection and improve any deficiencies.

Preparing well for the annual review is not enough; mutual cooperation among departments is also essential. Here we have organized some common audit points for various functional departments:

03

Common audit points for the annual review

Supply Department: Qualified supplier list, records of qualified supplier evaluation process, supplier performance assessment records, etc.

Production Department: Equipment management such as equipment ledger, maintenance cycle calibration plans and records, equipment purchase and acceptance process records, monitoring records of special processes (including equipment and personnel qualification certification).

Technical Department: Design and development process records, technical document management records, special process confirmation records.

Quality Department: Management review records, internal audit records, nonconforming product control records, monitoring and measuring device management records, inspection and test records, establishment, decomposition, implementation, and diagnostic records of quality policy objectives.

Human Resources: Personnel training, qualification implementation, and verification records.

Marketing: Customer-related processes. Key audits will focus on customer requirement confirmation, internal review processes and records, such as contract review forms, customer satisfaction measurement records, etc.

Summary: Obtaining the certificate is not an end but a means. Companies need to establish the system, operate it within the company to improve problems that arise, and continuously develop and grow within the system. This is the fundamental purpose of ISO system certification!