Stage 1 and Stage 2 ISO Audits – What is the Difference?

Following on from our recent article “Top Tips for Passing an ISO Audit”, today we explain the difference between Stage 1 and 2 Audits. Firstly though, by way of background, we’d best reiterate what exactly an ISO Audit is and why it’s so important in the path to ISO certification.

What is an ISO Audit? 

An ISO Audit, or ISO Certification Audit to give it its correct title, is a documented, independent, and systematic fact-gathering process for gathering the aim of which is to highlight key areas for improvement, thereby enduing best-practice processes are in place. It is a form of inspection by which the relevant Management System, and therefore your organisation, is compliant with the associated standard.

An ISO Certification Audit is the first step in the assessment element of the certification process. Once your organization decides to proceed with the assessment, it must then choose which route to take – 1) assessment via an approved Certification Body, or 2) assessment via a Registrar. Whichever route you take, the ‘assessor’ will determine whether the Management System is compliant with the requirements of the relevant standard(s). (ISO 9001, ISO 14001, ISO 27001, etc.).

This Certification Audit is a two-stage process. Both audits differ in duration, information reviewed, location and objective. Here’s what you need to know.

What is a Stage 1 ISO Audit?

Basically, the Stage 1 ISO Audit is the mechanism by which your organisation proves it is ready for the full ISO audit.

The aim of the Stage 1 Audit is to determine your organisation’s readiness to proceed to Stage 2 of the Certification Audit process. Stripping it down to basics, it is simply a high-level document analysis activity whereby the auditor reviews the documented information of the Management System.

What Happens at Stage 1 Audit?

Completed on-site, the Stage 1 Audit will determine if your Management System has met the minimum requirements of the pertinent ISO standard and is, therefore, ready for a certification audit.

They will verify that the MS is implemented and documented, that the organisation meets the minimum requirements to be certified, and that the required processes are in place to proceed to the next stage. Having reviewed your management system’s documented information, the auditor will then evaluate site-specific conditions before having informal meetings with relevant personnel.

Upon completion, the auditor will point out any areas of nonconformity and potential improvements to the management system.

In Detail,

Typically carried out over 1-2 days, the Stage 1 Audit is carried out on-site. In the case of multi-site organisations, it is usually based at the head office. During this time, the auditor will:

  • Review Key Performance Indicators & Objectives – confirming they are in place and understood
  • Review the scope of the Management System
  • Review Operations & Processes
  • Review Equipment
  • Review Controls, Regulatory and Statutory Requirements
  • Evaluate Internal Audits & Management Reviews, Performance & Planning
  • Assess the level of Implementation of the Management System

They will then determine if your organisation is ready to move on to Stage 2.

What Happens if I fail the Stage 1 Audit?

Keep calm and carry on!

You cannot fail a Stage 1 Audit. However, the auditor can recommend that your organisation is not yet ready to proceed to Stage 2. Once you receive their recommendations for improvement and/or failures of compliance, your must then take such remedial actions as are necessary and prepare the necessary documents for presentation to the auditor at Stage 2.

As the Stage 2 Audit must be scheduled within 90 days of Stage 1, this provides for a large window of opportunity to make the relevant changes and draft documentation.

If however, you do not present these documents to the auditor within the 90-day timeframe, your organisation will receive a major non-compliance and will not be recommended for certification.

In Summary,

The Certification Body will use the Stage 1 Audit to complete Stage 2 Audit planning, including a review of Resource allocation and details for the next steps. Documented conclusions will be given to your organisation that will detail your level of readiness, highlighting areas of concern that could be deemed non-compliant during the Stage 2 Audit.

The Stage 2 Audit assesses the implementation and success of the Management System.

What is a Stage 1 ISO Audit?

In Stage 2, the auditor evaluates the effectiveness and implementation of the Management System(s). 

What Happens at Stage 2 Audit?

During this second phase, the auditor will determine compliance against the requirements of the relevant ISO standard, reporting any breaches or failures in compliance that must be addressed before certification can be approved.

However, if your organisation’s Management System is deemed compliant at Stage 2, your organisation will achieve certification.

In Detail,

During the Stage 2 ISO Audit, the auditor will:

  • Analyse all documentation relevant to the Management System for conformity with requirements
  • Evaluate KPIs, objectives, and targets, with a deep dive analysis of performance monitoring, measuring, and reporting
  • Evaluate outputs from Internal Audits, Management Reviews; Perform Leadership Reviews
  • Review the robustness and suitability of all processes, operations, and resources (including operational controls, training programs, etc.)

Stage 2 Audits typically take several days, depending on the size and nature of the organisation. During this time, the auditor will conduct interviews with relevant staff members to evaluate the functioning of the management system. The documentation reviewed and checked-off at Stage 1, is now thoroughly reviewed by the auditor, and objectives are compared with the processes put in place. As the auditor can question any member of the organisation they deem relevant to the function of the MS, it is common sense that all personnel is briefed on its workings, policies, codes of conduct, reporting, etc.

What Happens if I fail the Stage 2 Audit?

It depends.  If the auditor issues minor non-conformities, making further recommendations for improvement, a deadline will be set against which a detailed plan must be presented and actions are taken, thereby resulting in certification.

If however, your organisation is hit with a major non-conformity, a deadline will be set against which corrective actions must be taken, which will then be subject to a follow-on audit, and should this be deemed non-compliant, the MS will not be recommended for certification.

How can CB Business Consulting Help me with ISO Audit?

CG Business Consulting provides its clients with invaluable assistance with audit readiness planning, preparation, and pre-Audit reviews to ensure your MS is reflected in its best light.

Working with proven audit methodologies and employing best-in-class auditing tools, our team continuously provides our clients with constructive, high-quality audit-related consultancy.

Because they understand that to achieve their potential our clients need a tailored service shored up by robust methodology each one of our consultants is a highly experienced, accredited, and proficient subject matter expert. 

For more information on ISO Certification Audits and CG Business Consulting Audit Services, contact Caroline at [email protected] or by phone on 01 620 4121.

Find Out more about CGBC Auditing Services 

Top Tips of ISO Audits by Caroline Geoghegan

David Whelan, Logistics / QEHS Manager Grundfos Ireland "We found the level of competency from the team to be of a very high level compared with other consultants. CGBC worked to get a very thorough understanding of our business, this made life easier for us and meant they could give us some very helpful advice."