How is the ISO system audit time calculated? What is the minimum requirement?

Release Date:

2021-09-06 14:34

Source:

The audit time for various types of audits refers to the effective time required to carry out audit activities measured in auditor days. One auditor day is usually 8 hours (excluding travel time or lunch breaks).

Effective personnel includes all full-time staff involved within the scope of certification (including personnel for each shift). Non-fixed personnel present during the audit (seasonal staff, temporary staff, and subcontractors) and part-time personnel should also be included in the effective personnel count.

The audit time for all types of audits includes on-site time at the client's location, as well as time spent off-site on planning, document review, interactions with client personnel, and report writing. When allocating audit time for planning and report writing, the total on-site audit time should generally not be less than 80% of the time listed in QMS 1 Table and EMS 1 Table. The number of auditor days should not be reduced by increasing the working hours per day.

During the initial three-year certification cycle, the time for conducting surveillance audits for a specific organization should be proportional to the time of the initial certification audit (Stage 1 + Stage 2), with the total annual surveillance audit time being approximately one-third of the initial certification audit time.

When adjusting audit time, the following factors (but not limited to these) also need to be considered. Let's take a look at the details together.

01
Quality Management System

1. Relationship between Effective Personnel and Audit Time

1. The number of personnel in the above table should be considered as continuously changing rather than stepwise. That is, if plotted as a curve, the starting point of each line segment should come from the value in the previous column of the table, with each column value as the endpoint of each segment. The curve's starting point corresponds to 1.5 days when the number of personnel is 1.

2. The certification body's procedures may specify the calculation of audit time when the number of personnel exceeds 10,700. This audit time should follow the progressive pattern in Table QMS 1 and remain consistent with it.

2. Relationship between Complexity and Audit Time

The risk types here are not fixed and immutable; they are provided as examples for certification bodies to use when determining the risk type of an audit.

1. Business activities expected to be identified as low risk may require less audit time than calculated in Table QMS1; those identified as medium risk will use the audit time calculated in Table QMS1; those defined as high risk will use more audit time than calculated in Table QMS1.

2. If an enterprise includes mixed business activities (for example, a construction company building simple buildings - medium risk, and building bridges - high risk), the certification body will determine the appropriate audit time, considering the effective personnel involved in each activity.

02
Environmental Management System

1. Relationship between Effective Personnel, Complexity, and Audit Time

1. Audit time is shown according to high, medium, low, and limited environmental factor complexity levels.

2. The number of personnel in the above table should be considered as continuously changing rather than stepwise. That is, if plotted as a curve, the starting point of each line segment should come from the value in the previous column of the table, with each column value as the endpoint of each segment. The curve (taking medium complexity as an example) starts at 2.5 days when the number of personnel is 1.

3. The certification body's procedures may specify the calculation of audit time when the number of personnel exceeds 10,700. This audit time should follow the progressive pattern in Table EMS 1 and remain consistent with it.

2. Relationship between Business Category and Environmental Factor Complexity Type

Based on the nature and severity of organizational environmental factors, five main types of environmental factor complexity that fundamentally affect audit time can be defined. These five types are:

High — Environmental factors have significant nature and severity (typically production or processing organizations with multiple significant environmental factors);

Medium — Environmental factors have moderate nature and severity (typically production organizations with some significant environmental factors);

Low — Environmental factors have low nature and severity (typically assembly organizations with almost no significant environmental factors);

Limited — Environmental factors have limited nature and severity (typically organizations in office environments);

Special — Requires additional special consideration during audit planning.

Table EMS 1 covers four of the above five complexity types: high, medium, low, and limited.

Table EMS 2 correlates the above five complexity types with typical industries covered by each type. Certification bodies should recognize that not all organizations within a specific industry belong to the same complexity type. The certification body's application review procedures should have some flexibility to ensure that the organization's specific activities are considered when determining its complexity type.

For example: Although many organizations in the chemical industry should be classified as "high complexity," if an organization only performs mixing operations without chemical reactions or emissions, or only engages in trading activities, it may be classified as "medium complexity" or even "low complexity." Certification bodies should document all cases where organizations in a specific industry are classified into a lower complexity type.

Table EMS 1 does not cover "special complexity." In such cases, certification bodies should analyze the situation specifically and reasonably determine the management system audit time.

03
Occupational Health and Safety Management System

1. Relationship between OHSMS Effective Personnel, OHS Risk Complexity, and Audit Time

1. Audit time is shown according to high, medium, and low OHS risk complexity levels.

2. Relationship between Business Category and OHS Risk Complexity Type

The three main OHS risk complexity types are determined based on the nature and severity of OHS risks that fundamentally affect the organization's audit time. These three types are:

High Risk — OHS risks have significant degree and severity (usually construction, heavy manufacturing, or processing organizations);

Medium Risk — OHS risks have moderate degree and severity (usually light manufacturing organizations with some significant risks); and

Low Risk — OHS risks have low degree and severity (usually office-based organizations).

Certification bodies should recognize that not all organizations in a specific industry will fall into the same OHS risk type. Certification bodies should allow flexibility in their contract review procedures to ensure that the organization's specific activities are considered when determining the OHS risk complexity type.

For example, although many enterprises in the shipbuilding industry should be classified as "high risk," small carbon fiber boat manufacturing organizations with only low complexity activities can be classified as "medium risk."

Certification bodies should record all cases that reduce the complexity level of OHS risks for organizations in specific industries. The complexity level of an organization's OHS risks may also be related to the consequences of OHSMS control risk failures:

High — risk management failure may endanger life or cause serious injury or illness;

Medium — risk management failure may cause injury or illness; and

Low — risk management failure may cause minor injury or illness.

All quality issues solved in seven steps!

How to Become an Auditor Welcomed by Enterprises?

The national zero-carbon factory policy is now in effect! United Zhiye provides precise support to help clients seize the initiative in their transformation.

Based on the strategic plan proposed by the headquarters, United Zhiye takes the upgrade of its product system as a key driver to build a three-tiered business structure—comprising “zero-carbon factory solutions + carbon-related products + integrated comprehensive services”—and thereby develop end-to-end service capabilities. The original enterprise’s integrated approach to low-carbon development has been upgraded to an integrated approach to zero-carbon development, which we regard as a milestone event. While the zero-carbon factory business focuses on deepening engagement in the manufacturing sector, the integrated approach to zero-carbon enterprise development transcends industry boundaries, extending its reach to the service sector and thus covering a broader scope of services.

For the first time, technology-based small and medium-sized enterprises have been included in the scope of tiered cultivation for high-quality SMEs.

Recently, the Ministry of Industry and Information Technology issued the latest revised "Administrative Measures for the Tiered Cultivation of High-Quality Small and Medium-Sized Enterprises" (hereinafter referred to as the "Measures"), which have expanded the scope of cultivation by including technology-based SMEs in the tiered cultivation system for the first time. In the future, the tiered system for high-quality SMEs will encompass technology- and innovation-driven SMEs, specialized, refined, distinctive, and innovative SMEs, and "Little Giant" enterprises that are specialized, refined, distinctive, and innovative. The "Measures" will take effect from April 1, 2026.

Five departments jointly issued the "Guiding Opinions on Carrying Out the Construction of Zero-Carbon Factories."

Recently, five departments—the Ministry of Industry and Information Technology, the National Development and Reform Commission, the Ministry of Ecology and Environment, the State-owned Assets Supervision and Administration Commission of the State Council, and the National Energy Administration—jointly issued the "Guiding Opinions on Promoting the Construction of Zero-Carbon Factories" (MIIT Joint [2026] No. 13, hereinafter referred to as the "Guiding Opinions"). These opinions aim to tap deeply into the potential for energy conservation and carbon reduction in the industrial and information technology sectors, drive carbon reduction and efficiency improvements in key industries, promote a green and low-carbon transformation, and foster the development of new-quality productive forces.

Notice on Certification Risk Management and Standard Implementation Services | Top Management of Certified Organizations Must Complete Training on the New Version of Quality Management System Certification Rules

This standardization effort will provide an in-depth interpretation of the new version of the rules and systematically analyze the significant changes and implementation requirements of the new rules in areas such as audit procedures, responsibilities of top management, evidence management, and risk control.

Understand at a Glance | Guangdong Province’s Zero-Carbon Park Development Plan

Recently, the Guangdong Provincial Development and Reform Commission, the Guangdong Provincial Department of Industry and Information Technology, the Guangdong Provincial Department of Ecology and Environment, and the Guangdong Provincial Energy Administration jointly issued the "Guangdong Province Zero-Carbon Park Construction Plan."

Related Downloads