FAQ

What happens if we change our scope after certification?

Changing the scope after certification is common, but it is not an administrative detail. It usually triggers formal review and, in many cases, additional audit activity from your certification body. How disruptive this is depends on how large the scope change is and how well your change control, validation, and documentation are managed.

What “scope change” usually means

Scope changes that matter to a certification body typically include:

  • Adding or removing product families or services covered by the certificate.
  • Adding, closing, or relocating manufacturing sites or key process areas.
  • Introducing new regulated processes (e.g., special processes, cleanroom steps, sterilization, complex software control of production).
  • Major changes to supporting systems that are part of the certified system (e.g., new MES, QMS, ERP modules that affect quality records or release decisions).

Typical consequences with the certification body

In most schemes (ISO 9001, 13485, AS9100, IATF 16949, etc.), you should expect:

  • Mandatory notification: You are generally required by your contract with the certification body to inform them about significant scope changes.
  • Scope review: The certification body will assess whether the existing scope statement still reflects reality and whether the current audit program is adequate.
  • Audit adjustment: They may require a special audit, an extension audit, or increased time during the next surveillance/recertification audit.
  • Updated certificate: If they accept the new scope, they will reissue the certificate with an updated scope statement and possibly different site listings.
  • Risk of limitations or suspension: If the change is implemented without adequate controls, validation, or documentation, they can limit the scope, issue nonconformities, or in serious cases suspend or withdraw the certificate.

Internal work you should expect to do

Beyond the external audit aspects, a scope change normally requires disciplined internal work:

  • Change control: Raise and approve formal change requests covering processes, equipment, IT systems, and documentation affected by the new scope.
  • Risk assessment: Update risk analyses (e.g., FMEA, process risk reviews) to reflect new products, processes, or sites.
  • Process & documentation updates: Update procedures, work instructions, forms, control plans, and training materials. Ensure obsolete versions are properly controlled.
  • Validation & qualification: Plan and document process validation, software validation, equipment qualification, and data migration checks where relevant.
  • Training & competency: Train operators, engineers, and support functions and retain training and competency records.
  • KPIs & management review: Update metrics and include the scope change, associated risks, and performance impacts in management review.

Brownfield and system coexistence implications

In existing plants with mixed legacy and new systems, scope expansion often means:

  • More interfaces: Adding a new line, site, or product may force new integrations between MES, ERP, QMS, PLM, and data historians. These integrations must be controlled and, where applicable, validated.
  • Partial coverage: You may end up with some products or lines under the certified scope and others outside it. You must keep this boundary clear in documentation, routing, and system configuration.
  • Lifecycle constraints: Fully replacing legacy systems purely to align with a new scope is rarely practical in regulated or aerospace-grade environments due to qualification, downtime, and integration risks. Incremental extension and coexistence tend to be more realistic.
  • Traceability challenges: Expanded scope often demands consistent traceability and records across old and new systems. Evidence gaps between systems are a common audit finding if not planned carefully.

Tradeoffs and risks

Before changing scope, leadership should understand the tradeoffs:

  • Business benefit vs. audit exposure: Expanded scope can win business or align certificates with actual operations, but it increases what auditors can examine and where they can raise findings.
  • Speed vs. robustness: Fast expansion without mature change control, validation, and training creates a high risk of nonconformities and potentially scope limitations.
  • Uniformity vs. flexibility: Keeping one broad scope across multiple plants and product families simplifies messaging but can hide local weaknesses and increase system complexity. A narrower or staged scope may be safer for immature sites.

What happens if you do nothing

If you change your real operational scope but do not update your certification:

  • Your certificate may no longer accurately describe what you do, which auditors and customers can treat as a serious issue.
  • Auditors can raise nonconformities for misalignment between the certificate scope, documented scope, and actual operations.
  • In the worst case, if misrepresentation is seen as deliberate, the certification body can suspend or withdraw the certificate.

Practical steps when planning a scope change

To reduce risk:

  • Engage your certification body early, describe the planned change, and ask what level of audit activity they expect.
  • Map which processes, sites, IT systems, and records are newly in-scope and verify that they meet your existing system standards.
  • Ensure validation, qualification, and data integrity activities are complete before presenting the new scope to auditors.
  • Keep clear evidence: change records, risk assessments, validation reports, training records, and updated process maps.

Net result: you can change your scope after certification, but it should be treated as a controlled change with audit implications, not as a simple wording update.

Related Blog Articles

Get Started

Built for Speed, Trusted by Experts

Whether you're managing 1 site or 100, Connect 981 adapts to your environment and scales with your needs—without the complexity of traditional systems.

Get Started

Built for Speed, Trusted by Experts

Whether you're managing 1 site or 100, C-981 adapts to your environment and scales with your needs—without the complexity of traditional systems.