Purpose of compliance assessment
Ongoing assessment of your policies and programs helps you maintain a strong level of compliance with the ISO standards that you are following Compliance assessment has three main objectives:
Ongoing assessment of your policies and programs helps you maintain a strong level of compliance with the ISO standards that you have adopted. Compliance assessment has three main objectives:
Identify compliance gaps
Mitigate risks
Seek continuous improvement
- Identify compliance gaps
- Mitigate risks
- Seek continuous improvement
Compliance is different from certification.
- ISO certification: Formal assessment to obtain recognition for meeting an ISO standard (in year 1).
- ISO compliance: On-going activities that demonstrate your compliance with the mandatory and non-mandatory requirements of an ISO standard (necessary to pass the surveillance audits in years 2-3 and the re-certification audit in year 4).
Compliance assessment approach
CCS can help you put in place a compliance assessment program for your organization.
We typically conduct a compliance assessment along five key steps:
Multi-day course designed for employees who will be responsible for conducting internal audits (also called “First Party Audits”) within an organization. Upon successful completion, internal auditors will help ensure that your organization complies with the requirements of a management system standard.
1. Assessment planning:
- Develop assessment criteria that will be used to conduct the assessment.
2. Compliance review:
- Collect relevant data and documents (such as policies, procedures and forms).
- Conduct interviews/surveys to assess the level of compliance, identify risks and characterize areas of non-compliance.
3. Evaluation and gap analysis:
- Evaluate compliance findings against the assessment criteria.
- Conduct a gap analysis to dentify discrepancies between current practices and compliance requirements.
- Prepare a gap analysis report.
4. Key stakeholder consultations:
- Meet with your senior leadership to review assessment findings and recommended mitigation strategy for each identified risk.
5. Compliance improvement plan:
- Communicate compliance improvement plan to your departments and employees.
- Distribute critical policy and procedures to employees.
- Propose training programs for employees.
- Conduct competency checks and scenario-based evaluations to test employee knowledge.
Compliance assessment approach
