Skip to main content
v2026.1714 entries · CC-BY 4.0
CiteLicenceEN-GB
CASRAI

Definition · Plain-language

Surveillance audit

A surveillance audit is a periodic audit carried out by a certification body, between certification and recertification, to confirm continued conformity.

CASRAI research-methods explainer — Surveillance audit

The step most authors miss

Doing CRediT right? Don’t stop at the statement.

A CRediT statement credits you inside one paper. The recognition CRediT was built for happens when those roles are tied to you, persistently. Sign in with your ORCID — free — and claim your CRediT contributions on casrai.org, the home of the standard. They become a verified, portable part of your identity, not a line that disappears into one PDF.

Free: claim your contributions, then export a journal-ready CRediT statement, schema.org structured data, JATS XML, CSV or BibTeX — and preview your public profile. A membership publishes that profile publicly and verifies the journals you serve.

Sign in with ORCID — free Why this matters →

Where it fits in the certification cycle

Management-system certification typically runs on a three-year cycle. It begins with an initial certification audit, after which a certificate is granted. Surveillance audits then take place periodically during the certificate’s validity — commonly once a year — to confirm the organisation is still meeting the standard. At the end of the cycle a fuller recertification audit is conducted before a new certificate is issued. Surveillance audits are therefore the checkpoints that keep certification meaningful between the larger initial and recertification assessments.

What a surveillance audit examines

A surveillance audit is generally narrower in scope than the initial or recertification audit. Rather than re-examining the whole management system, it samples selected processes and areas, while always covering certain core elements such as internal audits, management review, handling of complaints, progress on previous findings, and use of the certification mark. The auditor looks for evidence that the system remains effective and that any nonconformities raised earlier have been addressed. If serious problems are found, the certification body can take action up to suspending or withdrawing the certificate.

Why surveillance audits matter

Surveillance audits exist because conformity is not a one-off achievement. An organisation that met a standard at certification could drift away from it as people, processes and circumstances change. Periodic surveillance gives ongoing assurance — to customers, regulators and the organisation itself — that the management system is being maintained and improved, not allowed to lapse after the certificate was won. This is why ISO management-system standards expect continual improvement, internal audit and management review to operate continuously, all of which a surveillance audit will sample.

Key facts

At a glance

  • Definition: periodic audit confirming continued conformity between certification and recertification
  • Conducted by: the certification body
  • Frequency: usually annual within a three-year cycle
  • Scope: samples the system; always covers core elements such as audits and management review
  • Outcome: confirms conformity, or can lead to suspension/withdrawal if serious issues arise
  • Purpose: assure ongoing, not one-off, conformity

Common misconceptions

What people often get wrong

Often heard: A surveillance audit re-audits the entire management system each time.

Actually: A surveillance audit is usually narrower than the initial or recertification audit. It samples selected areas while always covering certain core elements, rather than re-examining the whole system in full every year.

Often heard: Once you are certified, no further audits happen until the certificate expires.

Actually: Certification bodies carry out periodic surveillance audits during the certificate’s validity — typically annually — to confirm continued conformity. Certification is maintained through these checks, not left untouched until renewal.

Often heard: A surveillance audit cannot affect an existing certificate.

Actually: If a surveillance audit finds serious nonconformities, the certification body can require corrective action and, in serious cases, suspend or withdraw the certificate. Surveillance is a genuine check, not a formality.

Going deeper

Related CASRAI guidance

Certification bodyManagement reviewISO 45001Accreditation vs certificationStandards dictionaryPlain-language explainers
LAC

Partner Deal

LAC Health Supplies Mobile App

Referenced across the research world

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo
  • ORCID logo
  • Crossref logo

View CASRAI adoption →