Surveillance Audit
The annual check-up between certification and recertification. Shorter than the initial audit, it verifies the system is still operating, still improving, and still meeting the standard — and it is where badly built systems are exposed.
What gets checked every year vs sampled
Certain elements are verified at every surveillance: internal audits and management review, action on findings from the previous audit, complaint handling, effectiveness of corrective actions, use of certification marks, and any changes to your organization or scope. The rest of the standard is sampled on a plan that covers everything across the three-year cycle.
A surveillance audit is typically a third to half the duration of the initial Stage 2 — one auditor, one day, for many small organizations.
What can go wrong
Findings work exactly as at certification, with sharper teeth: a major nonconformity at surveillance — or minors left unresolved from last time — can suspend the certificate, and suspension is publicly visible to anyone who verifies your certification status. Withdrawal follows if the major isn't cleared in the allowed window. This is why the 'binder built for the audit' strategy fails economically: you don't pass once, you pass every year.
The healthy pattern instead: keep internal audits and management review on a natural annual rhythm timed ahead of surveillance, and treat the auditor's visit as a free system health check.
Go deeper, free.
Every standard this term appears in has a free clause-by-clause guide on ReadSafety.com — and when you're ready for certification, USQC provides accredited third-party audits.
Browse the guidesCertify with USQC