What to Expect During a HACCP Surveillance Audit

Key Takeaways

• Surveillance audits ensure ongoing compliance with HACCP standards after initial certification.

• They are typically annual and may be scheduled or unannounced.

• Auditors focus on whether your food safety system is active, consistent, and continuously improving.

• Common targets include monitoring logs, training records, internal audits, and corrective actions.

• Being audit-ready every day is the best defense against surprises or non-conformances.

  
  

Surveillance audits are a critical part of maintaining your HACCP certification. Unlike the initial certification audit, which examines every aspect of your food safety system from scratch, a surveillance audit is a follow-up check to ensure your facility continues to meet the same high standards.

These audits can be scheduled or unannounced, and while they’re typically narrower in scope, they still carry significant weight. Failing to perform well on a surveillance audit can result in warnings, required corrective actions, or even certification suspension.

Understanding what to expect helps reduce stress, sharpen preparation, and ultimately strengthen your food safety program.

The Purpose of a Surveillance Audit

A surveillance audit verifies that your HACCP system isn’t just a one-time project—it’s a living, active process. Auditors want to see:

• Routine execution of food safety protocols
  
  

• Evidence that CCPs are monitored consistently
  
  

• Updated documentation, especially after changes in operations
  
  

• A culture of continuous improvement
  
  

Surveillance audits also reassure customers and stakeholders that your food safety standards don’t lapse between certifications. This is especially critical in an industry where consumer trust is fragile and regulatory scrutiny is high.

Frequency and Notification

Most certification schemes (like GFSI-recognized programs) require surveillance audits annually. Depending on the certification body, you might:

• Receive notice several weeks in advance
  
  

• Get a short-notice alert (1–5 days)
  
  

• Be surprised with a completely unannounced audit, especially if you’ve had past non-conformances
  
  

Unannounced audits are becoming more common, particularly among high-risk product categories or facilities with prior audit concerns. Planning for these as if they were guaranteed helps eliminate last-minute scrambling and builds a stronger compliance culture.

What Auditors Will Review

Auditors tend to focus on critical areas that reflect system health over time. Expect them to review:

1. Monitoring Records

They’ll pull recent logs for your critical control points (CCPs):

• Are they filled out completely and correctly?
  
  

• Are readings within spec?
  
  

• Were deviations handled and logged properly?
  
  

They may also compare your monitoring data with production trends or maintenance logs to assess whether reported values are realistic and consistent.

2. Corrective Action History

If you’ve logged any food safety incidents, auditors will look for:

• Root cause analysis
  
  

• Timely corrective and preventive actions (CAPAs)
  
  

• Follow-up verification
  
  

Facilities with recurring issues but no systemic changes will be flagged for weak preventative systems.

3. Internal Audit Reports

Your internal audits should be:

• Conducted on a documented schedule
  
  

• Thorough and specific in findings
  
  

• Followed by appropriate corrective action
  
  

Auditors may also evaluate how objective your internal reviews are, and whether they include all operational areas or skip repeat problem zones.

4. Training Records

Auditors may ask:

• Have all relevant staff received recent food safety training?
  
  

• Is there documentation to prove it?
  
  

• How do you ensure new hires understand your HACCP system?
  
  

They may also test your training matrix against actual roles and responsibilities on the floor.

5. Changes Since the Last Audit

Any significant changes (e.g., new equipment, new product lines, layout adjustments) should be reflected in your:

• Flow diagrams
  
  

• Hazard analysis
  
  

• SOPs
  
  

• Training and documentation
  
  

Failure to update the HACCP plan or revalidate procedures after changes can be seen as a lapse in system control.

On-the-Floor Observations

Just like a full audit, surveillance audits often include a walk-through. During this time, auditors may:

• Observe hygiene and sanitation practices
  
  

• Check temperature logs and holding equipment
  
  

• Speak with line staff about procedures
  
  

• Examine equipment maintenance logs
  
  

• Spot-check allergen controls or pest prevention
  
  

They’ll also assess whether your physical practices align with what’s documented—an area where many facilities fall short.

Interviewing Staff

Auditors may ask employees to explain:

• What the CCPs are on their line
  
  

• What they do if a reading is out of spec
  
  

• How to fill out monitoring forms
  
  

• Who they report food safety concerns to
  
  

They may also test knowledge on facility-specific SOPs, sanitation schedules, and allergen handling protocols. Inconsistent answers from multiple employees can indicate inadequate training or a breakdown in communication.

What Happens After the Audit

Following a surveillance audit, you’ll receive a report outlining:

• Any non-conformances (major or minor)
  
  

• Opportunities for improvement (OFIs)
  
  

• Timelines for submitting a corrective action plan (if needed)
  
  

• Status of your certification
  
  

You’ll typically have 15–30 days to respond with documented corrective actions. Certification bodies may follow up to verify completion. Failing to meet deadlines can affect your standing or trigger escalation.

How to Be Ready—Always

Because surveillance audits are periodic and can be unannounced, the best strategy is ongoing readiness. Here’s how to maintain that:

• Conduct monthly internal checks using the same audit criteria
  
  

• Keep training records up to date and easy to access
  
  

• Review and update SOPs and flow diagrams as operations evolve
  
  

• Use digital systems to track and store records in real time
  
  

• Build audit prep into your routine—not just special occasions
  
  

• Rotate internal audit responsibilities to increase team awareness
  
  

Platforms like Protocol Foods help maintain readiness by flagging missed tasks, providing version-controlled documentation, and enabling audit trails you can trust.

Learning From Each Audit

Each surveillance audit is an opportunity to:

• Validate that your team’s daily work aligns with your food safety goals
  
  

• Catch small issues before they become big ones
  
  

• Celebrate what’s working and double down on strengths
  
  

Turn your post-audit reports into strategic planning tools. Identify recurring OFIs and use root cause analysis to drive deeper change.

You can also run mock surveillance audits every 6–12 months. These internal simulations prepare your team to respond confidently and identify readiness gaps in a low-stakes setting.

FAQs

Is a surveillance audit the same as a full recertification audit?

No. A full recertification audit is more comprehensive and occurs every 3 years (typically). Surveillance audits are lighter but still rigorous.

Can we request to reschedule a surveillance audit?

Sometimes, but not always. Too many postponements can hurt your audit credibility. It’s better to stay prepared year-round.

What’s the biggest red flag during a surveillance audit?

Lack of consistent documentation or untrained staff. These indicate systemic weaknesses.

Are surveillance audits always unannounced?

Not always. Many are scheduled, but unannounced audits are becoming more common to test real-world readiness.

How long does a typical surveillance audit take?

Usually 1–2 days, depending on the size and complexity of your operation.