{"id":6842,"date":"2017-01-31T16:38:27","date_gmt":"2017-01-31T16:38:27","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/20000academy\/?p=6842"},"modified":"2024-12-12T16:56:42","modified_gmt":"2024-12-12T16:56:42","slug":"which-questions-will-the-iso-20000-certification-auditor-ask","status":"publish","type":"post","link":"https:\/\/staging.advisera.com\/20000academy\/blog\/2017\/01\/31\/which-questions-will-the-iso-20000-certification-auditor-ask\/","title":{"rendered":"Which questions will the ISO 20000 certification auditor ask?"},"content":{"rendered":"

Starting an ISO 20000<\/a>\u00a0implementation, and the implementation itself, usually require a lot of effort and resources inside the company. I would add \u2013 a lot of hassle and stress, too. And, once you are finished, a new issue is in front of you \u2013 the certification audit.<\/p>\n

Eyes wide open, questions coming from all sides: \u201cWhat does the certification audit look like? Who is coming? What will they ask?…\u201d Well, the certification audit process is pretty much the same for all (audited) companies, so there are no secrets; i.e., it\u2019s easy to find out what to expect. But, when we get to the auditor\u2026 well, that\u2019s a different story. The human factor plays a significant role here, but there are some common elements in auditors\u2019 questions that repeat at every audit.<\/p>\n

Read the article Infographic: The brain of an ISO auditor \u2013 What to expect at a certification audit<\/a> to understand how auditors think.<\/p>\n

Documentation and records<\/h2>\n

This is the \u201ceasiest\u201d part of the certification audit. If you consider how much effort you needed to invest to prepare all required documentation and records<\/a> (remember \u2013 ISO 20000-1, a set of requirements, has 256 \u201cshalls,\u201d with many of them requiring a record or a document), maybe it doesn\u2019t sound so easy. But, at least it is pretty much straightforward. The standard requires mandatory documents (e.g., process descriptions for all processes, plans, etc.) and records (generated as a result of certain processes, i.e., activities) and there are no \u201cpitfalls\u201d; i.e., you know what needs to be implemented. OK, if you are using an ITSM (IT Service Management) tool, then particular care should be taken not to forget some of the requirements or not to duplicate records (e.g., say you have the record inside the tool, but you have a template as well).<\/p>\n

So, the questions related to documents and records will tend to move toward checking that you fulfilled the standard\u2019s requirements and didn\u2019t exclude anything that is mandatory (these are the questions typically starting with \u201cDo you have \u2026 procedure,\u201d or \u201cMay I see the \u2026 process description?\u201d). Besides the mandatory documents, the auditor will also ask for any other document that you developed in order to support the SMS (e.g., Incident Catalogue, or Major Incident Report, etc.).
\n

<\/div>