Go to main content

Approach to certification

For organizations that have not been certified to a specific international standard or accredited scheme, the initial certification audit comprises two stages that assess for management system design and operating effectiveness prior to a decision on certificate issuance.

Stage 1: Design check

Often performed onsite at your central office, the policy and process review determines if your governance program is ready to undergo the full inspection in stage 2. This review evaluates the establishment of the management system and risk analysis to determine the scope.

Stage 2: Operating effectiveness and conformity audit

In-depth testing determines whether your management system has been implemented appropriately and establishes necessary safeguards for ongoing monitoring and improvement. The certification body will determine any nonconformities within the system and require correction. Once all negative findings are sufficiently corrected, the certification body may decide to issue certification for the scope.

Surveillance audit

Certification is valid for three years. Annual surveillance audits are required during the second and third years following initial certification or recertification. During these audits, broad-stroke reviews are conducted to determine if any significant or relevant changes have been made to the management system. Limited testing is done to confirm that your organization is continuing to maintain the requirements of the underlying audit criteria between audit periods.


To ensure continuity of management system certification, recertification audits are performed by the certification body before the three-year term expires. Audit scope builds upon improvements and audit trails established during the previous certification cycle and includes more in-depth inspections than surveillance assessments.

Learn more about the requirements and process for certification.

Contact a specialist