What are you looking for?

ISO 9001 Certification AuditsWhat to Expect & How to Pass without Stress

27 April 2026

The certification audit is the moment every organization working toward ISO 9001 thinks about. It's normal to feel anxious. But here's what we tell every client: a well-prepared QMS does not fail certification audits. The process is predictable, structured, and – with the right preparation – entirely manageable.

The ISO assessment is conducted in two parts, the Stage 1 and Stage 2 Certification Audits, and followed by Surveillance Audits. In this article we'll walk you through exactly what happens at each stage, what auditors are really looking for, and the practical steps that ensure you walk into your audit with confidence.

The Stage-2 Audit is part of the Certification Audit

The Audit Process:  A Clear Roadmap

The Certification Audit – and the subsequent issuance of the certificate – is done by an ISO 9001 registrar, also called a certification body. Here is the complete process, step by step.

Hire a Registrar

The process starts with you selecting a registrar. Not any registrar but one that fits your company's circumstances because your choice of registrar will have wide-ranging consequences and affect the success of your quality management.

You'll typically enter into a 3-year contract with your registrar. The contract includes the initial certification and subsequent Surveillance Audits. Depending on your preference and the registrar's capabilities, you can choose to have the audit conducted remotely or on-site. No matter if you opt for a virtual or physical audit, the effectiveness and results will be the same.

Prerequisites

Before your registrar can commence your Certification Audit, your organization needs to meet the following prerequisites:

Your ISO system needs to be fully implemented

You need to have completed an internal audit

There need to be sufficient records available to verify compliance

Some certification bodies stipulate additional requirements or a minimum number of months (often two) for the acquisition of records but this should be discussed directly with your registrar.

Pass the Stage 1 Certification Audit

The ISO assessment is conducted in two phases. The first is the Stage 1 Certification Audit. It is used by your registrar to verify your company's readiness for the full assessment, to check your quality management system documentation, and to get an understanding of your organization. During the Stage 1 Certification Audit, your registrar examines documents such as the quality policy, the scope of your quality management system, and your procedures, as well as certain records such as internal audit reports and minutes of management reviews. This audit, which is always conducted remotely, is also referred to as Documentation Audit.

What auditors focus on: They want to see that your documentation is complete, consistent, and aligned with ISO 9001:2015 requirements. They are not looking for perfection. They are looking for evidence that you have a functioning system in place.

Your Stage 1 Audit concludes with an audit report that lists any problems that your registrar identified with your documentation or your quality management system.

A Note on Pre-Certification Assessments

Some registrars expand the scope of the Stage 1 Certification Audit beyond the review of documentation to include an assessment of your operations. This is called a Pre-Certification Assessment. It's similar in scope and cost to the main assessment audit and may be conducted on-site or remotely.

Many registrars don't make the Pre-Certification Assessment mandatory but rather sell it as an optional add-on. If you require the peace of mind that this assessment brings, you will be better served by our ISO 9001 Internal Audit Service. Our service is as objective but more rigorous mirroring the certification audit, which allows us to offer our certification guarantee.

Undergo the Stage 2 Certification Audit

Upon satisfactory correction of any identified issues, your registrar will conduct the Stage 2 Certification Audit either on-site or remotely. It's the main part of the assessment and it comprises an extensive evaluation of your operations to verify that your ISO system is both effective and in compliance with ISO 9001:2015 requirements. The duration of the Stage 2 Certification Audit is calculated based on your employee count in accordance with the IAF MD5:2023 regulation mandated by the International Accreditation Forum. Small companies with 10 employees, for example, require 2 audit days.

The Stage 2 Audit is performed as a process audit meaning that the auditor follows a sequence of your work activities. Audit activities include the observation of work processes, interviews of workers, managers and executives, and a review of records. The findings are then presented at the closing meeting and formalized in a written audit report.

What auditors focus on: They want to see that your documented procedures reflect reality. They will ask employees if they understand their role in the QMS, if they know where to find the current version of documents, and if they can explain how their work contributes to quality objectives. The most common finding is a disconnect between what the procedure says and what people actually do.

The ISO 9001 Certification Audit Process

Address Nonconformities

Virtually every audit results in audit findings. Possible findings are minor and major nonconformities as well as observations. A nonconformity is an issue where your organization fails to comply with an ISO 9001:2015 requirement or with one of its own, internal procedures. A nonconformity could also indicate an issue where your quality management system isn't effective. Observations, on the other hand, don't refer to current problems but may warrant attention in the future.

A few minor nonconformities are normal, and you only need to show an acceptable plan for correcting them. Complete breakdowns of your quality management system in one or more areas result in major nonconformities. Due to their severity, your registrar will conduct a follow-up audit to verify correction before recommending your company for certification.

The key reassurance: In over two decades of preparing clients for certification, we have never seen a well-prepared QMS fail due to nonconformities. Minor findings are expected. They are a normal part of the process, not a sign of failure.

Receive Your Certificate

Once all nonconformities have been addressed to the satisfaction of the registrar, you successfully passed the two-stage certification assessment and you'll be issued your certificate. This process takes about 1–2 weeks. Your certificate will list any limitations of scope (for example, if you excluded departments or products), show the marks of the registrar and accreditation board, and the expiration date.

Surveillance Audits

Though your successful passing of the two-stage assessment concludes your initial certification, it is not the last time your certification body audits your organization. To retain certification your company needs to undergo a so-called Surveillance Audit every 6–12 months. Surveillance Audits are similar to the Stage 2 Certification Audit but require only one third of the time. While minor nonconformities are normal during Surveillance Audits, major nonconformities could lead to decertification.

The key to smooth surveillance audits: Maintain your QMS as a living system. Conduct regular internal audits. Hold management reviews. Update your documentation. A QMS that is used daily passes surveillance audits effortlessly. A QMS that sits on a shelf will accumulate problems.

Conclusion

The various phases of the Certification Audit often cause confusion. Particularly when comparing different registrars and their proposals it's helpful to understand the two-stage Certification Audit and the role the Pre-Certification Assessment plays. After reading this article, you'll be in a better position to make the right decisions when hiring your registrar.

And to make the Stage 2 Certification Audit a success, take a look at our audit preparation tips.

Frequently Asked Questions

Naomi Sato

Naomi Sato

Consultant and Product Manager

Naomi Sato excels at making complex topics simple and practical. In her dual role as Consultant and Product Manager, she uses her firsthand client insights and experience as a management consultant to develop tools and strategies that streamline ISO 9001 implementation.

We've Got You Covered!

You now know exactly how the audit process works. Go in with confidence. Our core resources include the audit preparation tools and expert-backed internal audit service that guarantees you'll pass:

ISO 9001 Consulting Service

ISO 9001 Consulting Service

Hired Experts to Solve Any Issue. Tap into the expertise and experience of our senior consultants. We can help with your ISO 9001 implementation or improve your current quality management system.

USD 750

5.0

Reviewer rating 5 stars

(90 ratings)

 ISO 9001 Internal Audit Service

ISO 9001 Internal Audit Service

Outsourced Audits Done Right – Ensure Compliance and Uncover Improvements. Whether you are preparing for your initial certification audit or maintaining an existing system, our outsourced internal audits deliver the rigorous, objective assessment you need. Our IRCA-registered lead auditors not only ensure compliance but also provide the consulting and actionable recommendations to strengthen your processes and business performance.

USD 1,440

5.0

Reviewer rating 5 stars

(141 ratings)

Think your associates and colleagues might enjoy this article too? Share it!

How can we help?

Please enter your full name

Please enter a valid email

Please enter a valid phone number

Please enter a message

Send Inquiry

Thanks. Your message has been sent. We'll get back to you as soon as possible.

Looking for information or advice?
Ask us anything

We'll reply ASAP

YES

NO