Thoughts and musings all things people and process
Your first ISO audit. Understandably you are nervous. You don't know what to expect.
Of course, you'll be as prepared as you can be. Your documents are up to date and readily available to view. All attendees are fully briefed, and you've kept your diary completely clear to ensure no distractions.
You're hoping for a nice auditor. Fingers crossed.
I've met a fair few and have certainly found them to be a wide ranging bunch. The assessors that'll aim to put you at ease. Those that seem to enjoy your sense of apprehension. Ones that will dig, dig, dig, until they find something to award a non-conformity for. Others that will readily acknowledge when something has been done well.
One thing's for sure, clearly it's worth making a good first impression. The obvious:
Generally make them feel welcome and comfortable. You'd think the above goes without saying, but I've been told by auditors that the level of hospitality can vary widely. Why risk putting the auditor in a bad mood, when your certification lies in their hands?
Before the first audit, when you are finalizing the visit itself, ask if there is any specific information they would like to see in advance. Some basic company credentials can really help the auditor form a picture of your business -- remember one day they'll be auditing a manufacturing company, maybe the next day it'll be pharmaceuticals or advertising. So any help you can give them in understanding your business before they meet you is likely to be useful. At the point when you've been presented with an agenda of the day(s) assessment visit, it may also be useful to send it back to them with names and job titles of the people they will be meeting for each section added in. It'll make life easier when they come to write up the report if they have the correct spellings and roles to hand.
If you've used consultants along the way, you might want them to also be in attendance at the first few ISO assessment visits. As well as knowing you and your business, and therefore able to provide both moral and practical support, they are more likely to be familiar with auditor phrasings and questions and help you interpret the questions correctly if you aren't sure.
Also, with their expertise in the Standard and experience in attending other ISO audits (across hopefully a multitude of assessors and accreditation bodies), they may be able to diplomatically raise a challenge to a point the auditor may be making, that they do not agree with. Arguing is a definite no-no. But where an ISO standard needs to be interpreted and applied to many type of business, you will find different interpretations amongst auditors.
The unfortunate truth really is that some auditors will raise a non-conformity where others may not. That's even if they do work for the same accrediting body. It's much down to personal style and personal interpretation. The level of detail required in response along with the volume of supporting evidence that they look for can also vary. And some auditors have particular areas of interest that may lead the questions in one way rather than another.
So who you get really can make a difference to the findings raised. It's just a simple fact.
During the audit itself, aim to be concise -- it's a long enough visit as it is without slipping off planned timing due to long winded answers. If you don't understand the question, then ask for further clarification, it's no bad thing. Better than answering a question that they didn't ask, just to respond! Don't make things up or blatantly lie -- it'll only come back to haunt you -- and if you don't know the answer, it's perfectly acceptable to say so, but that you'll find someone who does.
Now if this is your stage 2 visit, or any other follow up visit, without doubt ensure that you have dealt with any non conformities raised previously. Not to have done so, is clearly taking this audit outcome in the wrong direction.
Observations? They could become a non-conformity in time, so I'd act upon them. But recommendations or opportunities for improvement? These are lower priority and optional. If you do follow up on recommendations, it'll make the auditor feel pleased. You've listened to their advice which will somewhat flatter their ego and it embodies the concept of continual improvement! But if you actually don't feel that the suggested action provides any real benefit, don't feel obliged; just have your reasons why not. If it was a requirement of the standard then you'd have been given a non-conformity. No need to worry.
Over time, building a positive professional relationship with your ISO assessor can be a rewarding experience. The more they get to know your company, the better they will interpret your business against the requirements of the standard. As such, the more value they can add in terms of the quality of their recommendations, and the more you can get out of their visits in addition to maintenance of your certification.
You'll come across auditors that you never want to see again, or ones that 'get' your business quickly who you immediately connect with. So if you like your auditor, get them booked again for your next visit. Rebook them again after every visit for the subsequent one, because they can get pretty booked up, but the timings of your ongoing visits have minimal flexibility.
Alas at some point, if you found one, you will have to change your nice auditor. Either because the rules dictate or because they leave the company.
Who will you get next? Let's hope it's a good one. Fingers crossed!
Cloud pricing starts from just $10 per user per month.
Self-host perpetual pricing starts from just $850 for 10 users.