What is a Delta Audit? DQS I Learn more now

델타 심사는 현상 유지와 (새로운) 표준 요구 사항 간의 차이에 대해 관리 시스템을 심사할 의도로 수행됩니다.

목적은 예를 들어 새로운 표준으로의 전환 심사 또는 인증 심사가 수행되기 전에 가능한 조치의 필요성을 식별하는 것입니다. 델타 심사는 정기적으로 예정된 심사와 별도로 언제든지 수행할 수 있습니다.

델타 심사는 그리스 알파벳 "델타"(∆)의 네 번째 글자에서 따온 것입니다. 동의어로 자주 사용되는 용어는 갭 분석입니다.

CONTENTS

When does a delta audit make sense?
When is it worth the effort?
When should a delta audit be performed?
How does a delta audit work?
Conclusion

When does a delta audit make sense?

Delta audits are offered by certification bodies as an optional service. It makes sense, for example, when revisions of ISO management system standards are available and companies want to switch to the new version. As was the case at the time with the well-known quality management standard, the transition from ISO 9001:2008 to ISO 9001:2015. The delta audit was a welcome opportunity for many companies to identify any need for action based on the final standard in order to ensure a successful transition to the new version.

A delta audit is also useful when switching from a management system standard whose publisher is not ISO to an ISO standard. It creates transparency and identifies possible need for action. An example of this comes from the field of occupational safety and health (OHS): the move from BS OHSAS 18001 to ISO 45001:2018.

Another situation where delta audits can be used is the lack of a formal basis for certification. Take the example of the European General Data Protection Regulation (GDPR): although the new GDPR finally took effect in May 2018, there is as yet no way to certify against it. In such cases, the data protection audit uses a gap analysis to determine whether the company complies with the key data protection aspects. This does not produce an official certificate. However, it offers the company the security of knowing the status quo, the delta to the requirements of the General Data Protection Regulation and the need for action.

When is the effort worthwhile?

A delta audit can be a sensible measure in the case of a standard revision, for example, since companies are rarely 100 percent up to date with a revised or newly issued management system standard at the time of the planned changeover.

In terms of effort, the delta audit is roughly comparable to a (likewise optional) pre-audit, which is carried out before the stage 1 audit in the case of initial certification. Both procedures are independent of the actual certification audit and therefore involve additional effort. Nevertheless, in most cases, such an audit saves time and costs compared to an insufficiently prepared certification audit, in which significant non-conformities (deviations) are found.

When should a delta audit be performed?

Anyone commissioning a delta audit should think about the right time to conduct it. If the new requirements of a standard have been established, there is no such thing as too early a date. Conversely, a company must expect that a gap analysis will reveal a need for action. Sufficient time must therefore be allowed, for example until the planned changeover audit, in order to be able to implement any necessary measures.

How does a delta audit work?

A gap analysis is always performed individually for each company. Existing company structures are analyzed in order to determine, for example, the effort and costs required for certification. Depending on the requirements, the analysis can relate only to individual parts of a company or take into account all areas of the company. Among other things, the analysis includes the company's action plans, risk assessments or target definitions.

The audit is usually carried out in the following steps:

Self-assessment by your company based on a list of questions
Determination of the audit focal points in close consultation with the certification company
On-site assessment of the current status by the auditor
Evaluation of the self-assessment by the auditor with a view to the actual state determined on site
Documentation of weak points and potential for improvement by the auditor.

However, it must be noted that there is no additional assessment by the auditor after the delta audit and a possible upcoming transition or certification audit. This means that it is not possible to show whether the potential for improvement that has been identified has also been implemented.

The procedure and approach clearly show that such a gap analysis is not a service in the sense of a consulting activity. It is a useful preparation for the certification audit with a view to possible need for action. It can precede certification, but is not part of ISO certification.

Conclusion

A delta audit (synonymously a gap analysis) is usually used when a standard is revised or completely reissued. Certification companies thus offer their customers a determination of the current status and a review of their self-assessment. These are compared with the new requirements in the company on site. The weaknesses (deltas / gaps) identified are documented and must be closed by the company before the actual system audit. However, the latter is not audited.

The main benefit is that no more significant deviations (non-conformities) are to be expected in the actual certification audit. This saves time and money.