Understand the Difference Between Certification Audits and Surveillance Audits
Published on: December 3, 2025
Whether you’re an independent ISO professional supporting multiple clients or part of an organisation preparing for or maintaining ISO certification, understanding the different types of audits can be confusing. One of these types, the audits conducted for Certification to ISO Standards, is broken down into initial certification audits and surveillance audits.
Both certification audits and surveillance audits are conducted by independent accredited Conformity Assessment Bodies (CABs), meaning they are both classified as external audits. These audits provide an objective, third-party assessment of whether your management system meets the requirements of the applicable ISO standard in order to achieve or maintain Certification.
In this article, we’ll explore the differences between the initial certification and the surveillance audits, as well as why internal audits are essential, and show how ICExperts Academy’s Management System Internal Auditor online course equips you with the skills to conduct audits confidently and professionally.
Keep reading as we will cover:
What is a Certification Audit?
A certification audit is the first formal evaluation conducted by an accredited, independent Conformity Assessment Body (CAB), for an organisation wishing to become Certified. Its purpose is to verify that the management system meets the requirements of the relevant ISO standard, and a successful outcome results in the ISO Certification to the relevant standard being issued. Common standards include:
The initial certification audit is typically structured in two stages:
- Stage 1 – Documentation Review: The auditor examines the organisation’s policies, procedures, and system design. This stage identifies gaps, evaluates readiness, and determines if the organisation is prepared for a full implementation audit.
- Stage 2 – Implementation Review: The auditor assesses the actual operation of the management system. They review evidence, interview staff, and verify that processes are implemented effectively.
Upon successful completion, the organisation is awarded with the desired ISO certification, which is generally valid for three years. Once a year the CAB auditor returns for a surveillance audit. Upon completion of the third year of Certification, a Re-Certification audit is conducted to renew the 3 year Certification cycle. The re-Certification audit is similar to the initial certification audit, but is shorter, and not broken down into Stage 1 and Stage 2.
What is a Surveillance Audit?
After the initial certification, surveillance audits typically occur annually. Surveillance audits are not as extensive as the initial certification audit, but they serve a critical role in maintaining conformance and facilitating continual improvement.
Key points about surveillance audits:
Unlike the certification audit, which is more comprehensive, surveillance audits are more targeted. They may include sampling certain processes, reviewing a subset of documentation, or focusing on areas identified as high risk.
The Limitations of External Audits
While certification and surveillance audits are essential to achieve and maintain Certification, relying solely on external audits carries risks:
This is why organisations and independent professionals must focus on internal auditing capability. Internal audits provide continuous monitoring, enabling proactive detection and correction of issues before they impact external audits.
Why Internal Audits Are Essential – and Required!
Internal audits are a fundamental part of effective management systems, and are a direct requirement of the Management System Standards. They serve multiple purposes:
- Early Detection of Nonconformities – Internal audits help identify process weaknesses, incomplete documentation, or misaligned procedures before they escalate into major issues or go to external audits.
- Maintaining ISO Readiness – Regular internal audits ensure your organisation is always prepared for external certification or surveillance audits.
- Supporting Continual Improvement – Findings from internal audits feed into management reviews and improvement initiatives.
- Building a Conformance Culture – Conducting audits internally encourages staff to understand and follow the organisation’s own requirements and ISO requirements consistently, fostering accountability across the organisation.
- Reducing External Dependence – Organisations with strong internal audit capabilities rely less on costly consultancy services for audit preparation or remediation.
- Meeting ISO Standards requirements – Not conducting Internal Audits may result in a major non-conformance to organisations, jeopardising the Certification.
ICExperts Academy’s Management System Internal Auditor Course
Whether you are an internal staff member or an independent ISO consultant, ICExperts Academy’s Management System Internal Auditor online course provides the practical skills, resources and knowledge required to conduct effective internal audits.
Course Highlights:
Who Benefits from the Internal Auditor Course?
How Internal Audits Complement External Audits
Internal audits are not optional, but a mandatory requirement of ISO management system standards such as ISO 9001, ISO 14001, ISO 45001 and ISO 27001. Their purpose goes far beyond simply “checking the system”. Internal audits provide assurance that the management system is functioning as intended, identify areas for improvement, and help maintain readiness for external audits.
The internal audits are essential for maintaining the integrity, accuracy, and improvement of the management system, making them a valuable process in preparation for the external audits. Well-conducted internal audits will minimise the risks at external audits, improve the business, and help organisations be confident for the external audits.
Whether you’re a professional working across multiple organisations or an internal staff member responsible for conformance, the Management System Internal Auditor course from ICExperts Academy equips you with the skills, knowledge, and tools to conduct effective internal audits, maintain ISO readiness, and support continual improvement.
Invest in your skills today and build a strong foundation for long-term ISO conformance and business excellence.
Enrol here in the Management System Internal Auditor Course
Sarah is a seasoned Business Development Manager at ISO Certification Experts, specialising in providing tailored certification solutions for ISO 9001, ISO 14001, ISO 45001, and ISO 27001 to our clients. In addition to her strong background in quality management systems, Sarah also has a proven track record of driving revenue growth and building strategic partnerships, while her collaborative approach fosters a culture of continuous improvement. Dedicated to delivering exceptional customer service, she helps organisations with the right solutions to their certification needs.
- Sarah Kammigan
All information on this blog site is for informational purposes only. As this information is based on our professional experience, opinion, and knowledge, we make no representations as to the suitability of this information for your individual business circumstances. Especiality Pty Ltd trading as ICExperts Academy and all related businesses and brands will not be liable for any errors, omissions, legal disputes or any damage arising from its display or use. All information is provided as is, with no warranties and confers no rights.
We will not be responsible for any material that is found at the end of links that we may post on this blog site. The advice, ideas, and strategies should never be used without first assessing your own personal business situation or seeking professional and/or legal advice. Information may also change from time to time to suit industry and business needs, requirements and trends.
