Retransform has officially completed its First Surveillance Act for Consulting, Development of Software Application and Business Process Outsourcing. The focus of an ISO (International Organization for Standardization) surveillance audit is to ensure an organization is continuing to comply with ISO standards.
For example, after a certification body certifies that a company is compliant with the ISO 9001 standard that defines the requirements for a quality management system (QMS), the ISO examines the organization’s operations every three years to ensure it is continuing to keep up with ISO fundamentals.
This also applies to ISO 27001 audits and ISO 27002 audits. ISO 27001 is the international standard that describes the best practices for an information security management system. ISO 27001 provides a full list of compliance requirements, while the supplementary standard, ISO 27002 focuses on the information security controls that organizations may decide to implement.
A certificate of compliance for a period of three years guarantees that the management system will be in place as long as the certificate is valid. The certification body periodically sends an auditor to the company to determine if the management system really works. The auditor has to perform a surveillance audit at least once a year. The auditor’s goal is to determine whether a company’s management system actually works in its day-to-day operations. The auditor will also focus on minor nonconformities, areas of concern identified in the certification audit or previous surveillance audits. An organization should take corrective action to fix all non-conformities.
Here are our opportunities for improvement (OFI) mentioned during the audit:
- Strengthen Documenting of internal audit; conducting QMS, ISMS audits in separate dates.
- In Post project Closure checklist; reviewed by and approved date has to be added/done by senior person.
One minor non-conformity (MiNC) is as follows:-
- ISMS Re-fresher training and assessment has to be done with TAG all employees every year.
Our QMG team will plan a training calendar for the same as a corrective action. Records will be verified in next audit in 2023 by auditor.
To read more visit: What is a Surveillance Audit? - American Quality Management (aqmauditing.com)