🌍 Direct offices in 6 countries · Associates in 14+ more
🇮🇳 🇲🇾 🇸🇬 🇮🇩 🇦🇪 🇺🇸 🇦🇺 📞 +91 99625 90571 ✓ Verify Certificate
Get Instant Quote →
HomeISO CertificationISO Audit Procedure
🔎 ISO Audit Procedure

ISO Audit Procedure

How an ISO management-system audit works, stage by stage.
ISO Audit Procedure process diagram

The Four Critical Phases

Obtaining system certification involves four critical phases: the Offer & Contract phase, Audit Preparation, Performance of the Audit (Stage 1 and Stage 2), and Issuance of the Certificate.

Offer & Contract Phase

The application submitted consists of:

Basic requirementsproduct/service rendered, specifications and ranges, process of manufacture/delivery, country of operation, address of registration, number of units and their addresses, shift timings, and number of employees per department.
Legal requirementscompany registration and product/service-related compliances in the country of operation.

Upon receipt of the completed application, our techno-commercial team contacts you to guide the certification process and identify the right applicable standards, forwarding a questionnaire to prepare your quotation. On approval of the quotation/contract, our technical team analyses the data to plan auditor selection for the Stage 1 and Stage 2 audits.

Audit Preparation

An auditor team is deputed up to the Stage 2 audit. The team may comprise a Team Leader, Auditors and a Technical Expert as per ISO/IEC 17021. Audit methods strictly adhere to ISO 19011 — a mandatory requirement of our accreditation. Auditors are given your organisation's details to prepare in advance. During preparation, the organisation must inform the certification body of any changes to its structure or procedures.

Conducting the Audit

For the initial certification, the audit is conducted in two stages — Stage 1 and Stage 2.

Stage 1 Audit

The auditors review the documentation prepared by the organisation to determine the readiness of the management system. It may involve:

  • Reviewing your documentation and evaluating your sites and specific conditions to ensure readiness for Stage 2.
  • Your overall understanding of significant aspects, processes, objectives and operations.
  • Confirming the scope, processes, locations and any statutory and regulatory requirements.
  • The resources required for the Stage 2 audit.

Observations Closure

The auditor raises points of observation that need to be closed; closing them prepares the organisation for an effective Stage 2 audit.

Stage 2 Audit

The auditors evaluate the conformity of the management system against the applicable standard. It may involve:

  • Evaluating implementation against all requirements of the standard and its effectiveness.
  • Evaluating performance monitoring, measuring, reporting and reviewing against key objectives, targets and policies.
  • Checking the operational control of the processes.
  • Ensuring internal auditing and management review are effectively performed.
  • Links between normative requirements, policy, performance objectives and targets.
  • Applicable legal requirements, responsibilities, competence of personnel, operations and procedures.

Surveillance & Re-certification

Surveillance evaluates changes in scope, processes, locations and statutory/regulatory requirements, documentation and implementation against all standards — their effectiveness and improvements — plus the requirements stated in Stage 2.

Re-certification reviews your documentation, evaluates your sites and specific conditions, and your overall understanding of significant aspects, processes, objectives and operations, plus the requirements stated in Stage 2.

Multi-Site Organisations

An organisation is categorised as multi-site when it carries out similar activity under the same management system. In such cases the certification body audits all sites within the three-year certification cycle; the locations audited are determined by a random sampling procedure.

Non-Conformance & Closure

A finding is declared a non-conformity after evaluation against the applicable standard, internal procedure, or the statutory and regulatory requirements applicable to the product/service. Non-conformities are classified as Major or Minor according to their impact. A Major non-conformity is given 60 days for closure and a Minor non-conformity 90 days.

Issuance of Certificate

After evaluating the closure evidence, the certification body issues the certificate if the evidence is accepted by the technical committee. Contact IAS today to learn more about the ISO audit procedure.

Accredited third-party certification body delivering ISO certification, FDA services, product compliance, cybersecurity and training across 20+ countries since 2007.

Services

Company

Global Headquarters

© 2026 Integrated Assessment Services Pvt Ltd. All rights reserved. Privacy · Cookies · Refund Policy · Logo Usage