Telephone: 01772 681597
Aequalis offer ISO certification to your chosen standard/s. For ISO Consultants please head over to Compassrose website.
WHAT IS AN ISO 27001 AUDIT
This is the ISO 45001 audit you are subjected to in order to determine whether you should be awarded your certificate for the first time. It’s also known as an external audit, a third party audit or a registration audit and is conducted by a Certification Body. The Certification Body (CB) will appoint an Auditor or possibly a team of Auditors, depending on the size of your organisation, the number of sites and the scope of your Occupational Health and Safety Management System.
Initial ISO 45001 certification audit
This is the ISO 45001 audit you are subjected to in order to determine whether you should be awarded your certificate for the first time. It’s also known as an external audit, a third party audit or a registration audit and is conducted by Aequalis. Aequalis will appoint an Auditor or possibly a team of Auditors, depending on the size of your organisation, the number of sites and the scope of your Occupational Health and Safety Management System.
An ISO 45001 Occupational Health and Safety Management System Initial Audit is split into two stages, with an optional pre-assessment.
Pre-Assessment (Optional) Sometimes called a gap analysis
This is an optional stage that Aequalis offers. A qualified Auditor will do this informal pre-assessment, like a dummy run of an audit. It helps you identify your strengths and weaknesses in preparation for the real thing.
Stage 1 ISO 45001 audit
The Stage 1 Audit is also referred to as the Document Review (or Document Audit) or sometimes as the Readiness Review. The basic objective of the Stage 1 Audit is to determine if you’re ready for the Stage 2 ISO 45001 Audit.
When is the Stage 1 Audit performed?
The Stage 1 ISO 45001 Audit should be performed when you’ve developed and implemented your Management System. This is so that you’ve had time to generate some evidence about the effectiveness of your system, such as having conducted Internal Audits and Management Reviews, and produced records for the Auditor to examine.
How long does the Stage 1 Audit take?
The length of the audit is determined by a formula set by Aequalis. Factors such as the size of your organisation, risk and complexity are taken into account. It is measured in whole days. For most small or medium businesses, the Stage 1 Audit will be completed on-site within one day. The Stage 2 ISO 45001 Audit is usually longer.
Where does the Stage 1 Audit take place?
If you have more than one site, it will normally be conducted at your head office. Being on-site allows the Auditor to get an impression of the organisation and the site, but it can also be done remotely depending on the complexity of the Occupational Health and Safety Management System (as well as other considerations such as COVID-19).
What happens in the Stage 1 Audit?
The audit will typically focus on written words. You could describe it as a reconnaissance exercise, where the Auditor gets a flavour of what your organisation and Management System is all about. It may involve discussions with employees.
The main objectives of the Stage 1 ISO 45001 Audit are:
If possible and if sufficient records are available, the following will also be audited:
All of the above will help the Auditor plan for the Stage 2 Audit.
What happens after the Stage 1 Audit?
You will receive verbal feedback from the Auditor at the end of the Stage 1 ISO 45001 Audit. You will also receive a written Audit Report normally within 5 days after the audit. Technically speaking, the Stage 1 Audit will not end in nonconformities, because you’re not yet at a stage where you’re claiming to conform to the requirements of the standard. Nevertheless, if there are any issues identified during the audit, the Auditor will issue Improvement Requests in the Audit Report. These need to be addressed before moving to the ISO 45001 Stage 2 Audit or they will be considered to be nonconformities at the Stage 2 Audit and could harm your chances of being awarded certification.
The report will include:
Top Tip for the Stage 1 Audit
This might be the first meeting with your Auditor, and you should use this time wisely. Be open and honest and don’t try to hide issues, because they will just pop up during the Stage 2 Audit and create issues with your certification. Although the Auditor isn’t allowed to help you with developing your ISO 45001 Occupational Health and Safety Management System, you can use the opportunity to air your ideas to hear if they conform to the requirements of the ISO standard. Your Auditor will also have visited many other organisations in similar a situation and can tell you about how they managed.
Stage 2 ISO 45001 audit
The Stage 2 ISO 45001 Audit is the last stage before certification. It normally takes place on-site and is longer and more in-depth than the Stage 1 Audit.
The overall purpose is to determine if your ISO 45001 Occupational Health and Safety Management System is compliant with the standard and whether you can be awarded certification.
When is the Stage 2 Audit performed?
When you booked your Stage 1 ISO 45001 Audit, you probably also agreed dates for your Stage 2 Audit about 6 to 8 weeks later. Normally, your system should have been running for at least three months - ideally longer - before the Auditor comes in for Stage 2. You also need to leave yourself enough time to address any Improvement Requests from the Stage 1 Audit. The date of your Stage 2 Audit should have been confirmed with the Auditor at the end of the Stage 1 Audit.
Stage 1 and Stage 2 ISO 45001 audits should be performed no more than six months apart, otherwise the Stage 1 Audit may have to be repeated.
If you have total confidence in your Occupational Health and Safety Management System and you’re in a hurry for your certificate, it’s theoretically possible to have the Stage 2 Audit commence the day after your Stage 1 Audit, but this is not ideal.
How long does the Stage 2 Audit take?
As with the Stage 1 ISO 45001 Audit, the length of the audit is determined by the formula set by UKAS. The duration will be calculated before the Stage 1 Audit takes place. In exceptional cases, depending on the findings of the Stage 1 Audit, the length of the Stage 2 Audit may be adjusted but you will be told this in advance.
Where does the Stage 2 Audit take place?
A Stage 2 ISO 45001 Audit is usually conducted on-site at your head office and across a sample of sites. However, audits may be done remotely due to exceptional circumstances such as COVID-19. If you have multiple sites, the sites to be audited will be agreed at the Stage 1 Audit. The Certification Body uses the ‘square root’ rule to determine how many sites will be audited on the Stage 2 Audit. So, for example, if you have 25 sites in the scope of your certification, then at least five should be audited in an Initial Audit.
Over the course of your three year certification cycle, all sites included in the scope of your certification will normally be visited at least once.
What happens in the Stage 2 Audit?
This is the most thorough audit of your ISO 45001 Occupational Health and Safety Management System.
The Stage 2 Audit will start with an Opening Meeting where the Auditor will explain what is going to happen. Some of the issues covered include:
What happens after the Stage 2 Audit?
At the end of the audit, the Auditor will hold a closing meeting with you to review the audit and talk about any nonconformities and potential corrective action. At the meeting, you will be told whether you have been recommended for ISO 45001 certification or not.
You will also receive a written report after the meeting which will include observations made by the Auditor and a summary of the findings. The report will identify minor nonconformities, major nonconformities and opportunities for improvement.
If there are any nonconformities - whether they are minor or major - you will not receive certification until corrective action has been taken. You will normally be allowed up to three months to do this.
Failure to be recommended for ISO 45001 certification on the day does not necessarily mean that the Auditor will have to visit and audit you again. You will probably just need to provide evidence that you have taken corrective action.
Annual surveillance ISO 45001 audits
One of the main objectives of ISO 45001 Occupational Health and Safety Management System is to ensure continual improvement. The principle of Plan - Do - Check - Act supported by audits and reviews will help achieve this aim.
The Annual Surveillance Audits are a major component of this. This is a mandatory requirement to maintain
certificate under Aequalis.
When is the Annual Surveillance Audit performed?
In most circumstances, your organisation will undergo an Annual Surveillance Audit at the end of Year 1 and Year 2. The first of these will actually be performed a little before the end of the first year with Aequalis. This is so that the three year cycle is set to allow your Recertification Audit to take place before the end of Year 3. This is important because if any nonconformities are discovered at the end of the third year, there could be a lapse in your certification while you take corrective action.
Some larger organisations like to have their Annual Surveillance Audits performed more frequently, spread out over the calendar. The schedule can be agreed with the Auditor.
How long does the Annual Surveillance Audit take?
As with other audits in the cycle, how much time is dedicated to an Annual Surveillance Audit is determined by the formula set by UKAS. It is normally shorter than a Stage 2 ISO 45001 Audit.
Where does the Annual Surveillance Audit take place?
The Annual Surveillance Audit is usually conducted on-site. However, audits may be done remotely in exceptional circumstances such as COVID-19. If you have multiple sites, then your head office will always be audited plus different sites than those chosen for the Initial ISO 45001 Certification Audit. Different sites again will be selected for the second Annual Surveillance Audit and Recertification Audit although the head office will be included on every audit.
What happens in the Annual Surveillance Audit?
On an Annual Surveillance Audit, the Auditor will take a similar approach to that of the Stage 2 ISO 45001 Audit. However, less time will be spent on some areas of your Management System and probably only parts of your organisation will be audited.
Much of what happens will be driven by what the Auditor discovered on previous audits, for example, examining areas of weakness. The following will be covered as a minimum:
The second Annual Surveillance Audit in the three year certification cycle will likely examine different aspects and operations in your organisation. The aim is to audit all processes within the cycle.
What happens after the Annual Surveillance Audit?
As with other audits, the Auditor will summarise the findings at the end of the visit. A written report will also be submitted outlining any nonconformities.
If there are any major nonconformities, you will have up to three months to take corrective action and provide evidence that you have done so. Failure to do so could mean that your ISO 45001 certificate will be withdrawn.
For minor nonconformities the Auditor will agree a plan with you. Depending on the risk and severity, the Auditor will use their discretion to establish how the nonconformity can be ‘closed’. It can potentially be closed at the next audit, or through evidence being sent to the Auditor, or maybe even another audit.
Recertification ISO 45001 audit
Your ISO 45001 certificate is valid for three years from the date of issue. In order to maintain your ISO 45001 certification, in year three, you get a thorough Recertification Audit similar to the original Stage 2 Audit.
When is the Recertification Audit performed?
It’s best to have your Recertification Audit done at least three months before the end of Year 3. This is because if you want to avoid any break in your certification, you need to allow time to take corrective action on any nonconformities (either minor or major) identified in the audit.
How long does the Recertification Audit take?
As with other audits in the cycle, the duration is determined by a formula set by UKAS. A Recertification Audit is typically about two-thirds the time allocated to the Initial Audit.
Where does the Recertification Audit take place?
The Recertification Audit is usually conducted on-site. If you have multiple sites, it will always include your head office plus sites not included in your Initial Audit and Surveillance Audits.
Audits may be done remotely due to exceptional circumstances such as COVID-19.
What happens in the Recertification Audit?
The Recertification Audit is more comprehensive than the Surveillance Audits and similar to the Stage 2 ISO 45001 Audit.
The audit will cover items including:
What happens after the Recertification Audit?
The same applies here as to what happens after the Stage 2 Audit. There will be a closing meeting followed by a written report from the Auditor.
It’s essential that you address any nonconformities identified by the Auditor before the third anniversary of the date your certificate was issued. If you fail to do this, then your certificate could be withdrawn.
Assuming everything goes well, you will be issued with a new ISO 45001 certificate and the three year cycle begins again.
Get Quote
e-mail our consultant
Click to Get Quote
British Made
We are British business helping other businesses in the UK. I started out running from a small rented room in Blackpool with an entrepreneurial spirit, and a desire to help. Today, we help hundreds of businesses achieve certification and improve their processes every year.
We want to help you meet and exceed customer expectations.
E-mail:enquiries@ams-iso.com
Copyright 2022