Think of ISO certification not as a lifetime achievement award, but as a subscription service. Getting certified is the initial sign-up; surveillance is the recurring check to make sure you're still following the rules and providing value.

In short, a surveillance audit is a periodic review conducted by an external certification body to ensure an organization continues to comply with the requirements of a specific ISO standard.

Key Features of Surveillance

ISO certificates are typically valid for three years. However, the auditors don't just disappear during that time.

• Frequency: Usually occurs once a year (though sometimes every six months depending on the contract).

• Scope: Unlike the initial "Full Assessment," a surveillance audit is a "partial" check. The auditor looks at specific key processes and follows up on any issues found during the last visit.

• Mandatory Status: If you skip a surveillance audit, your certification will be suspended or withdrawn.

The Certification Cycle

To visualize where surveillance fits in, look at the standard 3-year cycle:

Year 0: Initial Certification Audit (Stage 1 & Stage 2).

Year 1: Surveillance Audit 1 (The first "check-up").

Year 2: Surveillance Audit 2 (The second "check-up").

Year 3: Recertification Audit (A full-scale re-evaluation to start a new 3-year cycle).

Why Does It Matter?

Surveillance keeps the organization "audit-ready" at all times. Without these annual check-ins, it's very common for processes to drift or for employees to revert to old habits. It ensures that the Return on Investment (ROI) of the ISO system remains high by forcing the company to stay disciplined.