recertification audit

A recertification audit is a formal, scheduled assessment performed by an independent certification body to determine whether an organization continues to meet the requirements of a specific standard or regulation after the initial certification period has ended. It typically occurs at the end of a defined certification cycle and is required to renew or reissue the certificate.

In industrial and regulated manufacturing environments, recertification audits commonly apply to management system standards (for example, quality, environmental, or information security) and to site or product certifications. The audit reviews how the system has been maintained and improved over the full certification cycle, rather than only checking recent changes.

What a recertification audit includes

While the exact scope depends on the standard and certification body, a recertification audit commonly includes:

• A review of the full management system or certified scope, not only selected areas
• Verification that processes, controls, and records still conform to the applicable standard
• Review of performance trends, internal audit results, nonconformities, and corrective actions over the certification period
• Confirmation that any changes in products, processes, sites, or systems are covered by documented change control and, where required, validation
• Interviews with personnel and sampling of operational records, including production, quality, and maintenance data

If the organization continues to meet the requirements, the certification body typically issues a renewed certificate for a new cycle, subject to any conditions defined by that body.

Operational context in manufacturing

In manufacturing, recertification audits interact closely with OT/IT systems, MES, ERP, and quality systems because:

• Evidence of ongoing conformity is often stored in electronic systems, such as batch records, device history records, deviation/CAPA logs, and audit trails.
• Changes to equipment, automation, software, or data flows may need to be documented, risk assessed, and validated before recertification.
• Updates to the certified scope (for example, new production lines, new product families, or additional sites) are typically reviewed for inclusion during or before the recertification audit.

Common confusion

• Recertification audit vs. surveillance audit: A surveillance audit is an interim, usually annual or periodic, check during the certification cycle to confirm ongoing conformity. A recertification audit occurs at the end of the cycle and reassesses the system more comprehensively to renew the certificate.
• Recertification audit vs. re-audit after nonconformity: A re-audit (or follow-up audit) may be performed to verify correction of significant nonconformities. It does not by itself reset the certification cycle, while a recertification audit is tied to renewing the certificate’s validity period.

Relation to scope changes

When an organization changes its certified scope during the certification cycle (for example, adding new products, processes, or sites), the certification body may conduct additional reviews or special audits. These scope changes are typically confirmed and fully integrated into the certificate during the next recertification audit, provided the supporting processes and records demonstrate conformity for the expanded scope.