If you are going for certification, or currently manage a certified ISO Management System, then you should also be aware of ISO 17021 ahead of any Assessments or Surveillance audits conducted by an accredited Certification Body.
ISO 17021 sets out requirements for bodies providing audit and certification of management systems. It ensures that Certification Bodies provide a reliable assessment of compliance with the applicable requirements, carried out by a competent impartial audit team, to achieve a consistent result for all clients.
So, why should you be aware of this Standard in particular? ISO 17021 also establishes what you as a client should expect from your Certification Body.
Steve Mason, Managing Consultant at Blackmores, joins Mel to discuss what ISO 17021 is, why you should be aware of it and the requirements related to expected service delivery from Certification Bodies.
You’ll learn
- What is ISO 17021
- The difference between accredited and non-accredited certification bodies
- A brief overview of the Standard and client related requirements
Resources
In this episode, we talk about:
[01:40] Why are we talking about ISO 17021 now? In our internal Team Meetings, Certification Bodies are an established talking point. Highlighting the good and the bad, but in recent months it’s been more on the negative side. Steve had highlighted ISO 17021 as the Standard to look at in regard to expected service delivery requirements from Certification Bodies – so here we are!
[03:00] What is ISO 17021? The reason for the standard is that it ensures that all certification bodies are delivering the same level of service to all customers. Certification Bodies don’t need to be certified to other standards such as ISO 9001, as ISO 17021 was specifically designed for the purpose of delivering certifications.
It’s also the standard where you can find out what’s expected of Certification Bodies – like a Terms and Conditions or service level agreement.
[05:00] The difference between accredited and non-accredited Certification Bodies – Go back and watch episode 19 to learn more.
[06:10] Why is it important that the Certification Body is accredited? – Accreditation proves that the Certification Body is being checked by another body. Accreditation is also recognised worldwide – it’s trusted as a gold standard of performance. There are many different accreditation bodies around the world, here in the UK it’s UKAS, but there are others such as ANAB in the US. Check out the International Accreditation Forum website to confirm the accreditation body for your country.
[08:10] Ultimately, a Certification Body can’t offer accredited certification services unless they’ve actually been assessed by the applicable accreditation body to ISO 17021, and they need to do that on an ongoing basis like any other certification.
They also may not be accredited to deliver every standard they offer – so make sure you verify with the certification body that they are in fact accredited to ISO 9001, ISO 27001 ect.
[09:15] A brief overview of what’s included in ISO 17021 – A lot of the clauses before this are really about the management of certification body, but when it comes to clause 9, this is where the customer becomes a lot more involved in the requirements. It covers topics such as planning audits, conducting audits, certification decision making, maintaining certification, the appeals process, the complaints process and then keeping client records.
Clause 9 in particular is where you, as a client, should focus.
[11:00] What core principles are described in ISO 17021? – Impartiality, competence, responsibility, openness, confidentiality, responsiveness to complaints, risk based approach and legal responsibilities.
[12:20] What personal behaviors should you expect from your assessor? – In Steve’s experience, he’s seen more and more assessors not living up to the requirements of ISO 17021. This could be for a number of reasons, i.e. they could have an uncooperative client, they may not have had adequate training, perhaps there’s a break down between clients and client managers. Either way, these are a few of the qualities that Assessors should embody: ethical, fair, truthful, sincere, honest, discrete and open-minded.
[14:00] A lack of open mindedness – Steve had encountered an Assessor that stated ‘This must be wrong because I’ve never seen it done that way’ – which is not open minded in the least. This resulted in a non-conformity which should have never been raised.
ISO 17021, clause 9.4.5 states that any non-conformity raised shall be recorded against a specific requirement in the Standard being audited. Assessors need to take heed not to assess to their preference.
[15:15] Top Tip – If you get asked a question, then give an answer and they raise that as a non-conformity that you’re unsure as to why it’s being raised – it’s always worth asking the Assessor to show you where in the standard they’re raising the non-conformity against.
It’s a case of clarifying the question and verifying what they’re raising a non-conformity against, and if there’s a justification for it. If there is, then great, they’re doing a great job! If not, it may be the Assessor’s personal bias, and there’s a chance you can get that non-conformity down to an opportunity for improvement.
[17:05] Other expected traits for Assessors to be aware of – Collaborative: It should be a partnership between the client and Assessor – they want what’s best for you.
Tenacious: This can sometimes be taken too far. For example, if your Assessor it still assessing past 5pm, tell them to go home. If they need more time, then it’s up to the certification body to work that one out.
Other basic traits include: Observational, being perceptive and versatile.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes’
Stitcher | Spotify | YouTube | iTunes | Soundcloud
The work doesn’t stop once you get ISO certified, there is a requirement to complete an annual surveillance audit to ensure your Management System continues to meet the requirements of the standard(s).
Last week Mel covered some basic preparation you can do ahead of a surveillance audit, but what should you expect on the actual audit day?
Today, Mel shares 10 top tips to help you prepare and ensure your next surveillance audit runs as smoothly as possible.
You’ll learn
- What is a surveillance audit?
- What to expect during the surveillance audit
- Considerations for remote vs on-site audits
- What evidence do you need to have prepared?
Resources
In this episode, we talk about:
[00:36] A description of a surveillance audit
[02:00] A summary of the 10 top tips
[02:40] There is no right or wrong way to prepare for a surveillance audit – but the following tips will be applicable regardless of the standard your certified to
[03:30] Tip 1: Be Prepared – A summary of what Mel covered in the previous episode
[05:40] Tip 2 – The opening Meeting – Be sure to have all people involved in the audit present at the meeting. It’s advised to have a member of the leadership team present. Here the Auditor will explain the different types of audit findings.
[08:00] Tip 3 – Audit questions – Similar to your Stage 1 and 2 Assessment, you will be asked a lot of questions. Try to be specific with your answers, and don’t be afraid to ask for clarification. Don’t worry if you don’t know the answers to certain questions outside of your area of expertise, simply direct them to the correct individual who can answer. You are within your rights to seek clarification on findings – Do not argue with the auditor, simply ask for justification on findings if you’re confused as to why they’re being raised.
[13:05] Tip 4: Keep on track – It’s in everyone’s best interest to stick to the Agenda.
[13:35] Tip 5: On-site Surveillance audits – Do a floor walk before the auditor arrives to check that you’re following your procedures. Make sure reception knows that the Auditor is arriving, and follows any of your standard visitor procedures. Try to book a room to base the audit in to avoid them overhearing any unnecessary chatter and to allow the auditor and auditees some privacy.
[16:05] Tip 6: Remote Surveillance Audits – Ensure that you follow any company remote working procedures. Ensure you have a good wi-fi connection, all attendees should be visible on camera but be muted when not speaking. Make sure everyone has access to the necessary documents while off-site.
[17:15] Tip 7: The Auditor – They are human, and they are here to support you to ensure you are doing what you say you’re doing. They are experts on their Standards and it’s advised to foster a friendly relationship with them. But please be aware that they shouldn’t be sending you reports from personal email addresses, be left unattended on-site and shouldn’t be taking any information off-site – show evidence on screen / in-person during the audit.
[20:20] Tip 8: The closing Meeting – Held at the end of the day. Listen to the feedback and findings from the auditor – they are there to help you improve. Feel free to ask for further clarification if needed. It’s advised to have everyone at the opening meeting present at the closing meeting.
[22:38] Tip 9: Evidence needed – You will typically need access to your audit schedule, audit reports and Management Review Minutes. You may also need various policies and procedures. Ensure that all documents are version controlled and any applicable branding is consistent.
[24:10] Tip 10: Enjoy it! – If you’re doing everything you say you’re doing, then you should enjoy showing off your Management System. The resulting report should be seen as an opportunity to continually improve – the auditor only wants the best for your business.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episode’s:
Stitcher | Spotify | YouTube | iTunes | Soundcloud
The work doesn’t stop once you get ISO certified, there is a requirement to complete an annual surveillance audit to ensure your Management System continues to meet the requirements of the standard(s).
Surveillance audits must be carried out by a Certification Body, during which they will typically look at your Management Review, your preventative and corrective actions process, Internal auditing process and the implementation of any recommendations that have come out of an Internal audit.
Today, Mel explains how you can prepare for a Surveillance audit and gives examples of some key considerations ahead of the Auditor arriving on site.
You’ll learn
- What is a Surveillance Audit?
- Why there is a requirement for an annual surveillance audit
- What you need to prepare ahead of a surveillance audit
Resources
In this episode, we talk about:
[00:59] A description of a Surveillance Audit
[01:30] The purpose of a Surveillance Audit – Ensuring your Management System meets ISO Standard requirements and as an opportunity to demonstrate continual improvement
[02:40] There is no right or wrong way to prepare for a Surveillance Audit – but the following tips will be applicable regardless of the standard your certified to
[03:30] Tip 1: Check that you have an Agenda for the visit – This should be provided at the end of your last report from the Certification Body
[04:25] A brief overview of how the certification cycle works – A 3 year plan is usually provided to you by your Certification Body
[05:50] Ensure that you go ahead with a UKAS accredited Certification Body
[06:18] Tip 2: Confirm locations – make sure you know where the auditor is being sent and to prepare staff on site about the impending visit. This can also allow you to book out time for specific people that may be required during the audit
[07:10] Tip 3: Ensure you book out time for any required key members of staff – it is also advised that you book out a meeting room for the day
[08:45] Be prepared for the Auditor to walk around your site – Especially if they’re assessing ISO 45001 (Health and Safety) and ISO 27001 (Information Security)
[09:40] Double check if the auditor visit is on-site or remote
[10:30] Tip 4 – Check that you have all the relevant Management System records in place – and that they’re up-to-date
[10:50] Examples of what documentation the Auditor will typically look at
[13:00] Tip 5 – Make sure you’ve closed out any opportunities for improvement and non-conformities from your last internal audit
[14:30] Tip 6 – Check if there have been any changes to your business that may effect the scope of certification i.e. New products or services with no controls in place yet or a new site
[16:00] Tip 6: Confirm the auditor’s visit and check if they have any accessibility or dietary needs.
[16:30] Tip 7: Warn any relevant reception / security staff about the visit so they know to expect the auditor. Ensure they go through any of your typical security procedures i.e. getting an access card, signing visitor book ect
[17:42] Tip 8: Send an email to all staff to remind them about the surveillance visit – good to do this a day or two ahead of the visit
[19:45] Tip 9: Do a floor walk – Ensure that any of the physical controls you have in place are working as intended
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube |iTunes | Soundcloud


Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our ISO Consultants, our isologists®, or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
We have a proven step by step process that our ISO Consultants implement as soon as our working relationship begins. We use our specialist skills and industry knowledge to determine what is already on track and where improvements can be made. We live and breathe ISO standards, we know the standards inside out so you don’t have to.
Our ISO Consultants can help you implement systems for any ISO Standard. See the full list for specialised standards here.
What our clients have to say
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.

Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.