Skip to main content
Have a Question?
Table of Contents
< All Topics
Print

Pre-Certification activities

Posted
Updated
Byadmin

This article explains the steps Assurco takes before your certification audit begins, so you understand how we review your application, plan your audit programme, and ensure the audit is fair, competent and proportionate.

1. Submitting Your Application

To begin the certification process, we ask you to complete an online application form.
These web‑based forms allow us to capture the key information needed to understand your organisation and the scope of certification you are seeking.

This includes details such as:

  • Your organisation and sites
  • The management system standard(s) you wish to be certified against
  • Your activities, services and processes
  • Language, safety or access considerations

This structured approach ensures we collect consistent and accurate information from the outset and forms the basis for effective audit planning.

2. Application Review

Once your application has been submitted, Assurco conducts a formal application review.

The purpose of this review is to confirm that:

  • We have sufficient information to develop an effective audit programme
  • Any differences in understanding between Assurco and your organisation are identified and resolved early
  • We have the competence, resources and impartiality required to carry out the certification activities
  • All relevant factors influencing the audit are considered, including:
    • Scope of certification
    • Sites and locations
    • Estimated audit duration
    • Language requirements
    • Safety conditions
    • Potential threats to impartiality

This step ensures transparency and prevents misunderstandings later in the certification process.

3. Developing the Audit Programme

Following the application review, we develop an audit programme covering the full certification cycle.

The audit programme is designed to demonstrate that your management system meets all applicable requirements of the standard(s) and is proportionate to your organisation’s size, scope and complexity.

The initial certification cycle

For new certifications, the audit programme includes:

  • A two‑stage initial certification audit (Stage 1 and Stage 2)
  • Surveillance audits in the first and second years after certification
  • A recertification audit in the third year, before the certificate expires

The three‑year certification cycle formally begins with the certification decision. Each subsequent cycle begins with the recertification decision.

Ongoing review

When developing and adjusting the audit programme, we consider:

  • The size and structure of your organisation
  • The scope and complexity of your management system
  • Your products, services and processes
  • Evidence of management system effectiveness
  • Results of previous audits (where applicable)

This risk‑based approach ensures audits remain appropriate and effective throughout the certification cycle.

4. Determining Audit Time

Assurco applies a documented and standard‑based process to determine the audit time required for your certification activities.

Audit time includes planning, audit delivery, reporting, and — where applicable — time involving technical expertise.

To ensure consistency and international acceptance, we use recognised mandatory and normative documents, including:

  • IAF MD5 – Determination of Audit Time for management systems
  • ISO/IEC 27006‑1 – Additional requirements for Information Security Management Systems (where applicable)

This ensures that audit duration is neither excessive nor insufficient, and that audit objectives can be achieved effectively.

5. Multi‑Site Organisations and Sampling

If your organisation operates the same activities across multiple sites, Assurco applies a documented multi‑site auditing approach.

Where permitted by the applicable standard, we may use sampling to ensure a thorough but proportionate audit. Sampling is always justified and documented.

However, we recognise that sampling is not permitted for certain activities or standards, and in these cases all sites must be audited.

Our approach is based on:

  • IAF MD1 – Audit and certification of multi‑site organisations
  • Assurco’s documented Multiple Site Auditing Procedure

This ensures confidence in the management system across all sites included in the certification scope.

6. Audits Against Multiple Standards

If you are seeking certification to more than one management system standard (for example, ISO 9001 and ISO 27001), we ensure that:

  • Adequate audit time is allocated
  • Competent auditors are assigned for each standard
  • Any integrated audit approach complies with international requirements

Audit time for integrated or combined audits is determined in line with:

  • IAF MD11 – Application of ISO/IEC 17021‑1 for audits of integrated management systems

This ensures that each standard is audited thoroughly, even when efficiencies are applied.

Further guidance on audit time calculation is available in our Knowledge Base:
https://www.assurco.com/knowledge-base/calculating-audit-time/