How harmful is it to a company if an ISO certificate is not subject to surveillance audits?

Why are some companies unwilling to conduct surveillance audits during the initial review? Some companies still view ISO certification as merely paying for a certificate. They are indifferent to surveillance audits, but this goes against the original intention of ISO certification. Let's explore the potential harms together!

First, let's do an economic calculation. The demand for ISO certification comes from the company's own bidding needs, which is why many companies decide to pay for certification or even expedite the process. However, after receiving the certificate, the company feels it is useless and does not apply for surveillance audits the following year if there is no bidding. This seems beneficial to the company as it saves money by not doing surveillance audits, but if needed later, it increases the company's burden with additional costs, which is not cost-effective. Moreover, it indicates that the company has not seriously implemented the system, and leadership does not value the system work, resulting in poor continuity and maintenance of the system.

Suddenly, when a client wants to check the certificate or when bidding requires an ISO certificate, the company becomes anxious. According to the relevant regulations of the Certification and Accreditation Administration, surveillance audits must be conducted within three months after the certificate expires. Companies that do not conduct surveillance audits will have their certificates suspended. If the suspension lasts for three months, the certificate will be revoked. If the certificate is revoked, the company must start over, and the initial audit costs much more than the surveillance audit. So, from this perspective, it is actually not cost-effective for the company!

Secondly, obtaining the certificate is not the goal but a means. Companies need to establish the system and integrate its operation into the company to improve problems that arise. Continuously developing and strengthening the company within the system is the fundamental purpose of ISO9001 certification. If after obtaining the certificate, nothing changes and the person in charge does not supervise, enforce, or maintain the system, then such certification is pointless!