When you have implemented your Health and Safety Management System and achieved certification, it needs consistent reviews to ensure you are still compliant with the ISO 45001 Standard. After the initial audit, you then have an annual audit and a recertification audit every third year.

The audits – put simply – are used to ensure that you are doing what you say you are. You are using the management system as promised to ensure compliance and maintaining the expectations of the standard.

The Initial Audit

This is the first audit you will have after implementing your health and safety management system with an ISO consultant. Swift Certification will assign you an auditor who will then check your new standard and providing you meet all of the requirements and are compliant, you will achieve your certification.

The audits are split into two stages:

Stage One

This is the document review. Your auditor will look at the management system you have in place to assess whether if you are ready to proceed to stage 2 where it will be determined if you can be awarded certification. Before your auditor visits, they will be in touch to let you know the things they will want to see, this is typically a broad range of evidence to prove that your new system is effective. When the auditor has reviewed your documents they will give you feedback on your management system and highlight the improvement requests they have identified. These improvements will need to be made before the Stage 2 Audit to ensure you are compliant and can keep your certification. When the auditor has completed the stage 1 audit they will likely give you a date for the second stage allowing you to work on any issues before they visit again.

Stage Two

Stage 2 is typically more thorough and takes longer than stage one. At this point, your auditor is checking your compliance and any major non-conformances will be documented and could affect your certification. When your auditor visits they will begin the session with an opening meeting to discuss the itinerary for the day and explain the tasks for the day, this includes:

  • A review of the improvement requests communicated after the Stage 1 audit and confirmation that the issues have been resolved.
  • Thorough inspections of your documented processes and procedures to ensure you are compliant with the standard.
  • A review of the internal audits you have conducted.
  • The effectiveness of your risk management procedures.
  • How 45001 has helped you to achieve your health and safety targets.

Once the auditor is satisfied they have thoroughly inspected your health and safety management system they will hold a closing meeting and disclose the non-conformities they found (if any) and suggest actions you could take to improve. They will then produce an in-depth report to specify if you are ready to achieve your certification (they will also tell you this in the meeting so don’t worry, you don’t have to wait!). If you have any non-conformances you will not be allowed to achieve certification until they have been resolved – you will have a couple of months to work on this, you won’t need another visit from the auditor if this is the case but you will need to provide clear and sufficient evidence to show you have taken corrective action.

When you’ve achieved certification it’s time for your Annual Surveillance Audits. 

All ISO Standards focus on the model of continual improvement and an annual surveillance audit is in place to moderate the development of your standard each year. The Plan, Do, Check, Act cycle is vital to the success of continual improvement as it gives you and your team a simple yet effective model to follow to ensure you are getting the most out of your health and safety system.

During the surveillance audits your auditor will look for:

  • Successful revisions of non-conformities and corrective actions being taken from the previous audits.
  • Your internal audits – when they are done, how effective they are and any issues.
  • How frequently you are updating your documents and logging new information in the relevant places.
  • How the health and safety management system is being maintained and upheld.

Again, the auditor will produce a written report of their findings and highlight any non-conformities they have discovered and you will have up to 3 months to amend the issues and provide evidence.

Recertification Audit

Your ISO 45001 certificate is valid for three years from the date of issue. We recommend booking your recertification audit at least 3 months before your certificate expires to give yourself time to address any non-conformances that may be found and avoid a gap in your certification.

The recertification audit is more thorough than the annual surveillance audit and is more like the initial stage two audit you will have done to initially achieve your certification. The recertification audit is done to ensure you are compliant and still meeting all the requirements of your standard to keep your certification.

The recertification audit looks at

  • Any previous issues and non-conformances to ensure they have been addressed and resolved.
  • How effective your health and safety management system is overall.
  • Your goals, have you met them? If not, why not?
  • Any growth to your business and if this has affected the scope of your certification.
  • Your internal audits and their effectiveness.

Once again, you will receive a full, written report from your auditor explaining their findings and be allowed three months to address any issues that they spotted. Once the auditor is satisfied that you are compliant and have met the requirements, you will achieve certification and the three-year cycle will begin again.

If you have any more questions about your audit cycle, don't hesitate to get in touch, our friendly auditors are happy to help!