The audit programme for the initial certification shall include a two-stage initial audit, surveillance audits in the first and second years following the certification decision, and a recertification audit in the third year prior to expiration of certification. The first three-year certification cycle begins with the certification decision.
Surveillance audits shall be conducted at least once a calendar year, except in recertification
years. The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date.
It can be necessary to adjust the frequency of surveillance audits to accommodate factors such as
seasons or management systems certification of a limited duration (e.g. temporary construction site).
Recertification audit activities may need to have a stage 1 in situations where there have been significant changes to the management system, the organization, or the context in which the management system is operating (e.g. changes to legislation)
When recertification activities are successfully completed prior to the expiry date of the existing certification, the expiry date of the new certification can be based on the expiry date of the existing certification.
It may be necessary for the certification body to conduct audits of certified clients at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended clients.>