ISO Certification

Is an annual assessment mandatory?
Yes, under ISO 17021 (the standard to which all Certification Bodies are assessed against), it is a requirement to have a surveillance assessment at least every 12 months.

This is in order to ensure that the organisation is continuing to maintain their standards.

What is the difference between a stage 1 and stage 2 audit?

The different types of initial certification audits can be described as follows:

  • Stage 1 audit – this audit is conducted on-site and consists of a documentation review to establish the appropriateness of the management system, the audit scope, your readiness for the Stage 2 audit and an audit plan for the Stage 2 audit.
  • Stage 2 audit – this audit is conducted on-site and consists of a review of the entire management system to ensure that the system has been fully implemented, is effective and is in conformance to the requirements of the standards.


What is a reassessment?

A re-assessment of the entire management system is generally required every three years.  The time needed for re-assessment will depend on how many assessment days have been carried out during the assessment cycle, the level of control over the system demonstrated throughout the cycle, the number of sites visited etc. Generally, a re-assessment will require approximately two-thirds of the audit days undertaken for the initial assessment.  However, if the surveillance audits have been carried out in excess of the guidance number of days, and if compliance with the standard has been good, a shorter review will be carried out. In other cases, the number of days could be equal to the initial assessment. Depending on past performance over the audit cycle it may be necessary to apply a stage 1 and stage 2 assessment. 

Reassessment Audit Objectives

Determination of the extent of conformity of the Clients management system and evaluation of the capability of the management system to ensure compliance with statutory, regulatory, and contractual requirements.  Evaluation of the effectiveness of the management system in meeting its specified objectives and the identification of areas of potential improvement of the management system.

Reassessment Audit Criteria

To evaluate the continued fulfilment of all requirements of the management system standard and shall include a review of the effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification.  An evaluation of the commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance and whether the operation of the certified management system contributes to the achievement of the client’s policy and objectives.

What is a pre-audit / gap analysis?

The pre-audit/Gap Analysis is optional. It will be no longer than half the duration of the initial audit. It will be carried out in the same way as an initial audit and provides practice for the Auditee being audited. The objective is to find any major areas of weakness or aspects of the standards which are not addressed (either adequately or at all). The Auditee can request what elements are audited.

How much time do you need to leave between a stage 1 and stage 2 assessment?

Our accreditation guidelines specify that stage 2 audit must be completed with 3 months of the stage 1 audit. This can be done sooner, and it will depend on a lot of things such as your experience, the complexity of the system, the non-conformance situation, availability of personnel and auditors and the maturity of the system. 

Some organisations will have the stage 1 and stage 2 within a week of each other, this happens when the system is really simple, the client has experience of running and implementing management systems or we know the consultant who has helped with the implementation as this gives us confidence that you will be ready. 

Generally, most people will leave a month gap which is enough time for them to fix any errors to enable the stage 2 to run smoothly.

I have a technical query about my audit

Any technical queries regarding a recent or upcoming audit should be directed to our head office client services team. Please call 1300 971 044 to speak to a client service representative, who will be able to provide you with these details.

NOTE: Certifii and our auditors are not permitted to provide any advice or assistance regarding your management system that may be interpreted as consulting. This is part of our accreditation obligations to ensure our impartiality as a certification body providing third party auditing services.

Is remote auditing an option?

In order to maintain business continuity as much as possible for us and our clients, during the Covid-19 virus outbreak, Certifii is offering remote auditing as an option for clients. 

Each audit will need to be reviewed on a case by case basis and we will be happy to discuss this further with you. 

Going forward (after COVID-19 has cleared), remote auditing is only possible for a proportion of your assessment in line with IAF rules. 

If you would like to discuss this in more detail you can send us a message.



How do I become a registered NDIS Provider?

To become a registered NDIS Provider complete an online Self-Assessment application (https://www.ndiscommission.gov.au/resources/application-portal). After this has been completed you will receive an Initial Scope of Audit PDF Document, this can be emailed to us to receive your audit quotation and will outline your requirements. Every person who wants to apply will need to have a PRODA Account, for help with this please contact the NDIS Commission (https://www.ndiscommission.gov.au/).

Once this has been completed you will need to complete either a Verification or Certification audit against the relevant assessment Modules as outlined in the Scope. Once the full audit process has been completed a submission is made to the NDIS Commission who make the final decision on registration.

What is an Initial Scope of Audit?

An Initial Scope of Audit is a 2- or 3-page document outlining the details of your application. Legal Name, Business / Trading name, ABN, Head Office / Business Address, Registration Groups, Audit type required, Modules for assessment, age groups, participant groups and other details related to your organisation.

Auditors are required to sight this document prior to providing a quotation as it is the NDIS Commission who set the assessment requirements.

What is the difference between a Verification and Certification Audit?

A Certification audit is broken down into 2 stages, a documentation review, stage 1, and an onsite implementation review, Stage 2. It is for providers providing, or wanting to provide, high and / or highest risk classes in their registration.

It is then followed by a mid-term surveillance audit to be completed at or before 18 months. A Certification audit can also be a Provisional Certification if a provider is not currently providing services to any NDIS Participants.

A Verification audit is a desktop documentation review for providers with only low risk registration groups. The audit is done once every 3 years for renewal of registration and there is stage 2 or mid-term surveillance requirement. It is generally completed against the Verification Module however Core Module 4.3 (management of medication) and Core Module 4.4 (management of waste) can also be included in this assessment in special circumstances.

What is a Mid-Term surveillance?

A mid-term surveillance is a mandatory requirement for certification audits to be completed within 18 months from the date of approval. This audit is to ensure the systems and processes reviewed at the initial audit are being maintained and continued by providers.

How long does the process take?

The process timeframes are variable depending on the type of audit required and the compliance of your system. Certifii can normally initiate any type of audit 2 to 4 weeks from receiving initial payment. After an audit stage is completed, if any major non-conformities are found it is legislation to allow 3-months for the close out or downgrade of these findings. The sooner major nonconformities are closed out or downgraded the sooner we can move forward whether that is submitting to the NDIS Commission or continuing the process to Stage 2 of a Certification audit.


Do I need to grant the auditor access to all my records?

During Management System audits, Certifii will require access to organisational records in order to verify and validate compliance against the relevant standard being assessed.  If there are any records which cannot be made available for review by the audit team for reasons of confidentiality or sensitive information Certifii will need to be informed prior to any certification activity taking place. 

Certifii shall undertake a review of the information given to us and determine whether the Management System can be adequately audited in the absence of these records.  If conclusion is made that it is not possible to adequately audit the Management System without reviewing the identified confidential or sensitive records, the organisation shall be informed that the certification audit cannot take place until appropriate access arrangements have been granted. 

How do you maintain impartiality?

To obtain and maintain confidence, it is essential that Certifii’s decisions be based on objective evidence of conformity (or nonconformity) obtained by Certifii, and that its decisions are not influenced by other interests or by other parties.

An Impartiality Committee is in place to help ensure that Certifii’s activities remain impartial and that we are not influenced by outside pressures.

The Impartiality Committee provides oversight for all certification processes and practices and ensures that appropriate controls are in place to mitigate against breaches of impartiality and objectivity.

How do you maintain confidentiality?
Any information obtained by Certifii or any of its subsidiaries in the course of its assessment and certification activities will not be disclosed to any third party without the written consent of the client, or where required by law. Where the law requires information to be disclosed to a third party, the client will be informed of the information provided, as permitted by the law.

The policy and practices of Certifii relating to confidentiality are summarised here. Certifii may disclose information to a third party without further reference to the customer (namely where required by law, for the purposes of Certifii Certifications Accreditation, and for inclusion on the Certifii register of certified firms. All customers of Certifii sign agreement to the Terms and Conditions by signing the quotation, and this acts as written permission for third party disclosure for these instances.

All personnel employed or contracted by Certifii are required to sign a confidentiality agreement. The Confidentiality Agreement is to be signed by all employed staff and members of the Impartiality Committee. The Contractor Agreement is to be signed by all Contractor organisations and the Confidentiality Agreement is to be signed by any person employed by that contractor. These documents shall be signed before gaining access to information pertaining to Certifii and its customers. Each signed agreement is maintained within that individuals staff file.

Remote Auditing

What is a remote audit?

An audit that will cover the same as a ‘regular’ audit but will be carried out fully or partially off site or ‘remotely’ using technology as opposed to a physical ‘on site’ visit to your organisation.

How will it differ from an onsite audit?

The duration will typically be the same, and as with any audit you, or relevant workers, will need to be available at all times as required. In this sense it is similar to an onsite audit – we will plan times to speak to relevant people so as to minimise disruption.

The audit itself will take a similar format to an onsite visit – consisting of interview of personnel and review of documents. There may also be use of video  ‘streaming’ as necessary. The obvious main difference is that we will not be in the room with you – all other key aspects e.g. timings, findings, reporting, opening/closing meetings, and audit criteria remain the same.

The remote audit utilises mutually convenient ICT (Information and communications technology) such as Skype, Teams, Zoom, WhatsApp, Google Meet and of course email / phone calls. We will communicate with you to establish the most suitable platform for all parties.

As a remote audit relies on technology, your auditor will confirm with you, certain details, and suitability prior to agreeing a remote audit – e.g. which ICT will be used, connectivity and familiarity with the process.

Screen share platforms are effective and minimise data transfer, however any information that is shared will be managed in accordance with data protection policies.


How do I transfer my certification?

For Management Systems the transfer process is straightforward. Certifii can transfer the certification of any client that has a valid certification issued by a JAS-ANZ accredited certification body. You simply need to request a quote from us and once that has been agreed, we can begin the process. 

We just need the agreement from you to communicate with your current provider and we do the rest! In all but very rare cases (e.g. if there have been significant changes to your organisation or processes, or if there have been major findings raised) we simply issue you with an Certifii certificate and pick up and maintain your current certificate validity and audit visit cycle. The transfer process is free and certification continuous. 

To find out more about transferring certification or if you have any specific questions you can send us a message.

Any Other Questions?


This Area is Widget-Ready

You can place here any widget you want!

You can also display any layout saved in Divi Library.

Let’s try with contact form: