How to Prepare for an ISO/IEC 17025 Surveillance Audit
ISO/IEC 17025:2017 surveillance audits are predictable in structure but unforgiving in detail. The assessor's job is to verify that the laboratory's quality system is operating as designed and that the work being produced is consistent with the scope of accreditation. Common surveillance findings include four predictable areas: scope drift, traceability documentation, decision rule consistency, and corrective action closure. This article walks a quality manager through preparing the calibration portion of the program before the assessor arrives.
What surveillance assessors review in the calibration program
Surveillance audits are narrower than initial assessments but no less rigorous. The assessor's review typically follows four stages.
First, scope verification. The assessor confirms that the work being performed matches the documented scope of accreditation. Calibrations outside the scope must be identified and handled appropriately.
Second, traceability evidence review. The assessor traces a sample of calibration certificates back through the laboratory's records to verify that reference standards, uncertainty calculations, and traceability statements are complete and consistent.
Third, decision rule and uncertainty review. The assessor verifies that decision rules are applied consistently and that measurement uncertainty calculations meet ILAC P14 requirements.
Fourth, corrective action closure. The assessor reviews open corrective actions from prior assessments, verifies that root cause analysis was performed, and confirms that effectiveness checks were completed.
Surveillance audits target depth on a sampled set of calibrations rather than breadth across the full scope. The findings tend to surface in the same four areas, which makes pre-audit preparation tractable.
Common findings against ISO/IEC 17025:2017 clauses 6 and 7
The recurring findings cluster in patterns that experienced assessors will recognize immediately:
Scope drift. Calibrations are performed outside the documented scope of accreditation and the certificate does not flag the scope status. This is a finding against clause 7.8 reporting of results.
Traceability gaps. A reference standard's calibration record is missing the measurement uncertainty needed for the laboratory's standards used downstream. Without that uncertainty, the laboratory's own uncertainty calculations are incomplete, which is a finding against clause 6.5 metrological traceability.
Decision rule inconsistencies. Two certificates issued for similar work apply different decision rules without documented justification. Under clause 7.8.6, the decision rule must be applied consistently or the variation must be defended.
Corrective action backlog. A nonconformity from the prior surveillance audit was closed administratively without verifiable evidence that the root cause was addressed. The same condition is found again, which becomes a repeat finding under clause 8.7 corrective action.
The patterns are predictable. The defenses are also predictable, which is why pre-audit checklists are valuable.
Pre-audit checklist for the calibration function
The following items can be reviewed and closed in the weeks before an assessor arrives.
Reference standard recall status. Every reference standard within the scope of accreditation should be within its calibration interval, with a current calibration certificate from a traceable source. Any standards approaching their recall date during the audit window should be calibrated before the assessor arrives.
Calibration certificate sample pull. Pull a representative sample of calibration certificates issued since the last surveillance audit. Review each for scope alignment, traceability statement completeness, decision rule disclosure, and uncertainty reporting. Identify any inconsistencies and document corrective actions.
Personnel training records. Confirm that every technician performing accredited calibrations has current training records, qualification authorization, and proficiency testing results where applicable. Clause 6.2 personnel competence is a frequent surveillance focus area.
Internal audit completion. Internal audits are required under clause 8.8. Confirm that the planned internal audit schedule has been completed, findings documented, and corrective actions closed before the surveillance audit.
Management review record. Clause 8.9 requires a management review with specific inputs and outputs. Confirm that the most recent management review covered all required topics and that action items from it have been addressed.
This is not an exhaustive list. It is the set of items that, if cleared, removes the most common surveillance finding categories.
Verifying traceability and scope of accreditation evidence
The single most efficient pre-audit exercise is the construction of a traceability matrix. The matrix lists every parameter on the scope of accreditation, the reference standard used to calibrate it, the standard's calibration source, the standard's calibration date and recall date, and the standard's uncertainty contribution.
Building the matrix surfaces problems that are hard to see from the certificate level alone. A reference standard whose calibration uncertainty is not documented affects every downstream calibration that uses it. A reference standard calibrated by a non-accredited source raises a clause 6.5 traceability concern. A standard approaching recall date during the audit window needs to be calibrated or removed from the active fleet before the surveillance.
The matrix is also the most efficient artifact to provide to the assessor on day one. Assessors are generally faster at finding problems than at building context. Providing the context up front shortens the audit and reduces the likelihood that an exploratory question turns into a finding. For mature programs, the matrix is updated continuously rather than reconstructed before each audit. Programs that maintain a continuous matrix find that surveillance audits become a verification exercise rather than a discovery exercise.
Closing corrective actions before the assessment
Open corrective actions from prior surveillance audits are the highest-probability source of repeat findings. Before the assessor arrives, review every open corrective action from prior assessments, confirm that root cause analysis was performed and documented, verify that effectiveness checks were completed and that the corrective action prevented recurrence, and document any recurring issues alongside the systemic action taken to address the underlying cause.
Corrective action closure is the area most directly under the laboratory's own control. A clean corrective action register entering the audit signals to the assessor that the quality system is functioning as designed.
Building documentation discipline into routine work
For laboratories operating in support of regulated industries, the surveillance audit is the moment when the calibration program's documentation is reviewed against assessor expectations. Programs that produce audit-ready calibration documentation as part of routine work are easier to maintain than programs that prepare specifically for the audit. Building documentation discipline into routine work is the most reliable way to keep surveillance audits low-impact.
Frequently Asked Questions
How do you prepare for an ISO/IEC 17025:2017 surveillance audit?
Surveillance audit preparation focuses on four areas: scope verification, traceability evidence, decision rule consistency, and corrective action closure. Pre-audit work includes confirming reference standard recall status, sampling calibration certificates for review, verifying personnel training records, completing planned internal audits, and closing all open corrective actions from prior assessments. A current traceability matrix is the single most efficient artifact to provide to the assessor.
What do ISO/IEC 17025 assessors look for during a surveillance audit?
Assessors verify that work matches the documented scope of accreditation, that calibration certificates trace back through reference standards with complete uncertainty calculations, that decision rules are applied consistently in accordance with clause 7.8.6, and that prior corrective actions were closed with documented root cause analysis and effectiveness verification. Surveillance audits target depth on a sampled set of calibrations rather than breadth across the full scope.
What are common ISO/IEC 17025 audit findings on calibration programs?
Common findings cluster in four areas: scope drift, where calibrations are performed outside the documented scope; traceability gaps, where uncertainty is missing from a reference standard's calibration record; decision rule inconsistencies, where similar work uses different rules without documented justification; and corrective action backlog, where prior nonconformities are closed administratively without verifiable root cause analysis. The patterns are predictable, which is why pre-audit checklists are valuable.
What is a calibration traceability matrix?
A traceability matrix is a structured record listing every parameter on the scope of accreditation, the reference standard used to calibrate it, the standard's calibration source, calibration date and recall date, and uncertainty contribution. Building the matrix surfaces traceability gaps that are difficult to see at the certificate level. Mature programs maintain the matrix continuously rather than reconstructing it before each surveillance audit.
What is the difference between an initial assessment and a surveillance audit?
An initial assessment is the comprehensive evaluation that establishes accreditation. It covers the full scope of work the laboratory is applying for, typically across multiple days, and tests the management system, technical methods, personnel competence, and equipment. A surveillance audit is narrower. It samples a subset of the scope, focuses on continued conformance with ISO/IEC 17025:2017, and verifies that corrective actions from prior assessments have been closed.
Tra-Cal Laboratories maintains ISO/IEC 17025:2017 accreditation for the regulated industries it serves. The audit-ready documentation discipline described in this article is reflected in every certificate Tra-Cal issues. Request a capability review to discuss surveillance audit support for your calibration program.