Remote (or virtual) ISO 9001 certification has become a popular and viable option for organizations worldwide. Benefits include cost savings, improved efficiency and greater flexibility. Environmental benefits are evident too, since there's no need for auditors to travel the organization's premises.
But how do remote ISO 9001 audits compare with traditional on-site audits? Are they right for you and your company? And what should you know in advance?
The number of organizations opting for remote ISO 9001audits grew considerably in 2020, and many CEOs and top management reported having had positive experiences.
For most organizations, a remote certification audit is much the same as one conducted on-site. External auditors will:
Review your company's documentation and make sure it complies with ISO 9001:2015 requirements.
Evaluate the effectiveness of your Quality Management System.
Report any noncompliances (also called nonconformities).
Formulate a schedule for future surveillance audits.
The key difference between remote and traditional audits, then, is that remote ISO 9001 audits are conducted with the help of video conferencing technology and without the auditors needing to visit your company's premises. This not only helps reduce the cost of the audit, it also minimizes the carbon footprint associated with car and air travel, as well as helping to make the audit process faster, less disruptive, and ultimately more satisfying and productive for those involved.
Terminology and costs
Auditors who conduct the remote ISO 9001 certification audit are employees or representatives of Accredited Registrars, who in turn are members of an Accreditation Board.
Accreditation Boards (also known as Accreditation Bodies) are often regulated by their national governments. Each member of the EU must appoint a national Accreditation Board (for example, UKAS in the United Kingdom). Australia and New Zealand have their own Joint Accreditation System of Australia and New Zealand (JAS-ANZ), while the United States has multiple Accreditation Boards (for example, ANAB, the ANSI-ASQ National Accreditation Board).
Costs vary from registrar to registrar, and from country to country. In the USA registrars charge approximately USD $1000 - $2000 for registration, and about USD $1000 - $2000 per auditor day. Small businesses may only require one audit day.
We encourage you to get started by locating a registrar who can offer remote certification audits. Most do, but it's best to select a registrar early in the implementation phase as this will help your organization to plan ahead and budget appropriately.
Advance planning – which is essential for both the organization and auditor – usually starts with a discussion about video conferencing software. Once a platform has been agreed on, the auditor will encourage a test run to ensure audit attendees have video access, working speakers and headsets, and to iron out any software or hardware issues.
The auditor will then request certain copies of your organization's documents and records, along with video evidence of your premises and production areas. Many smaller companies only keep hard copies of their records, so documents may need to be scanned or photographed. If your business operates in the forestry or agriculture sectors, or if your facilities are extensive and hard to visualize, the auditor might request drone footage.
In the interests of risk management, the auditor will probably suggest a back-up or recovery plan to counter any problems should an unforeseen event occur. Such events might include the video platform going awry, an internet connection breaking, or a power failure in the workplace. Planning typically concludes with the auditor drafting a schedule for the audit. Provision will be made for coffee breaks and possible time differences.
The hardware and software requirements for a remote audit are quite straightforward. All staff co-witnessing the audit will need a stable internet connection and a modern browser such as Chrome or Safari. You will also need video conferencing software. Popular platforms include Zoom, MS Teams, Skype and Google Meet. While some auditors may have a preference for a particular platform, they are usually quite flexible and willing to use your organization's preferred software. If you've not yet installed video conferencing software, it's easy to do.
During the audit itself, auditors may ask to remotely view your organization's premises or facilities, so you'll need someone at hand to perform live walkthroughs. These can be done with either a smartphone or smartglasses.
The audit will typically start with what's known as the opening meeting. This will be an opportunity for introductions and for the auditor to re-iterate what was discussed during pre-audit planning. When audit attendees have confirmed their understanding of what is expected of them and how the process will unfold, the audit begins.
A common question at this point is how long will it take, and will it be quicker than a conventional, on-site audit. For small companies, or for companies with only a few processes, the remote ISO 9001 audit could take as little as one day. In almost all cases, remote audits will be quicker due to the removal of the travel component.
Safe and secure, remote audits are easily accessible and offer a more environmentally friendly alternative to traditional onsite audits. They remove geographical boundaries, minimise disruption and allow for more people to be involved.
Lloyd's Register of Quality Assurance, London
Data protection and confidentiality are major considerations. ISO, the International Organization for Standardization, offers clear, concise, and well thought-out guidelines on how to address and manage these concerns. But there is one point we take issue with. ISO suggests that "measures to ensure confidentiality and security should be confirmed during the opening meeting".
We disagree with this. We feel that privacy concerns should be addressed during pre-audit planning. And in our experience, this is what typically happens. In almost all cases we are aware of, privacy issues (some of which were highly sensitive) were dealt with and resolved by competent auditors several weeks before the remote audit took place.
While remote ISO 9001 audits have been an option for a number of years, their benefits weren't universally understood and most registrars didn't offer them. But after 2020, they are now very much a "new norm" and have radically changed the way we look at ISO 9001 audits. Long gone are the days when on-site auditing was the preferred option. And to some extent, gone too is the perception that audits should be thought of as disruptive, exclusionary, time consuming and intrusive. The events of 2020 have profoundly altered our views about the way we work and the ways in which we can interact and collaborate remotely.
We hope this brief guide has helped shed light on one of the most interesting recent developments in the field of ISO 9001 Quality Management Systems.
Learn how to implement an ISO 9001 Quality Management System in our guide How to get ISO 9001 certification.