ISO Annual Audit: How to be prepared and what records are required?

Achieving ISO certification is not the end of the journey but just the beginning. Once your organisation becomes ISO certified, more responsibilities and accountability come with it.

The idea of ISO certification is to make your business more responsible, to identify the pitfalls and incidents, and to ensure the right and effective corrective actions were taken in place to address it. So, operating an ISO-certified company requires more accurate and on-time record keeping and making sure everyone is on board with these requirements. 

ISO certifications are valid for 3 years after the first registration date, but they are subject to an annual surveillance audit every year within those 3 years to be checked and audited. So, basically, you have the first audit, 2 annual audits, and re-certification after 3 years.

To be prepared for the ISO annual audit, you must have a good ongoing plan to update, create, and modify processes and procedures and also keep the required records. It is strongly recommended to start doing these right after you get ISO certified for the first time; otherwise, the lack of sufficient record keeping or updates may result in major non-conformities, and your ISO certifications may get suspended or even cancelled.

Here we look at some of the documents and records you must have for the day of annual audit:

- Any updates on the procedures or policies

Easy to do; think if any procedure needs updating or has been updated.

- Any new business operation processes

Has any of your business operations changed since last year? Do you have any new processes?

- Records of incidents and their corrective actions

As mentioned above, this is a core requirement of the ISO standards. Keeping records of any incidents, including quality, environment and OH&S incidents, are necessary

- Records of trainings and inductions

This is your organisation responsibility to identify the needs and provide training to staff to ensure consistent and safe products and services

- Updated risks register including the opportunities

ISO standards are Risk-based approach. Updating your risks and opportunities are essential part of this requirements.

- Emergency preparedness (including drills etc.) records

This is for OH&S management system if you’re certified 

- NEW: Climate change requirement (new requirement applicable since Feb 2025)

This added to the ISO standard requirements and it is auditable

- Customer feedback records

Customer satisfaction is an important part of quality management system and you must be able to provide evidence that you collect and address customer feedback

- Internal Audit and Management Review Meeting records

Mandatory items for annual audits and recertifications.

- Non-conformities and corrective actions

Based on internal audit finding, you must demonstrate what corrective actions have been taken 

- Records of continual improvement

And, yes you must show that you have done some improvement since last year!

To make this list even more comprehensive, you might need the following:

1. Supplier/vendor management records and evaluations

2. Equipment calibration and maintenance records

3. Compliance with applicable legal and regulatory requirements

4. Performance metrics and KPIs against objectives

5. Resource allocation and management

6. Changes to the organization's context (internal/external factors)

7. Communication records (internal and external)

Don't lose your track!

To ensure compliance for your annual ISO audit, perform these all year rather than last-minute preparation.

Maintaining continuous documentation as part of daily operations is absolutely necessary to stay ISO compliant, and additionally, you must be assigning clear compliance responsibilities to specific team members, creating a compliance calendar for all deadlines and reviews, addressing root causes when implementing corrective actions, investing in regular staff training, tracking performance metrics that demonstrate continuous improvement, and fostering a culture where compliance is everyone's responsibility rather than just the quality team's concern.

If you need further support to prepare for your annual audit contact us and we will help you stay compliant.