An ISO (International Standards Organization) Stage 2 audit evaluates the implementation and effectiveness of a company’s management system. It is often referred to as the certification audit.
The process for achieving ISO certification follows a consistent approach for all management systems standards, including ISO 9001, ISO 14001, ISO 45001, and ISO 27001.
The purpose of the ISO Stage 2 audit process is to confirm that the organization has fully implemented the management system and that it conforms to the requirements of the chosen standard in practice.
What to expect during a Stage 2 audit
During the ISO Stage 2 audit, the certification body, also known as a registrar, will determine the degree of compliance with the requirements of the applicable standard. It will also report any non-conformances or potential non-conformances that the company has to correct before it can issue the certification.
If the Stage 2 audit is successful, the certification body will certify the company’s management system.
ISO 9001 is the international standard for a quality management system (QMS), and it requires an organization to conduct a two-stage registration audit to become certified.
The two-stage registration audit is an external audit performed by a third party. If both Stage 1 and Stage 2 audits are successful, then an organization will be certified to ISO 9001. The goal of a Stage 1 audit is to determine whether an organization is prepared for the ISO Stage 2 Certification Audit.
One to two months after the Stage 1 audit, auditors from the certification body will return to audit the organization’s entire quality management system. The Stage 2 audit assesses the implementation and success of the organization’s ISO 9001 management system.
During the ISO 9001 Stage 2 audit, the auditor will:
- evaluate the documented information to ensure that the management system conforms with all the requirements of the selected standard.
- report how well the quality management system complies with the company’s quality manual and procedures.
- report any nonconformities so that they can be further evaluated.
- create the organization’s surveillance plan and select dates for the first surveillance visit in the following months.
If the auditor identifies any major non-conformances, the certification body cannot issue an ISO certification until organizations complete corrective action on those areas of concern.
Accreditation requirements stipulate that if the non-conformances aren’t completed within six months, then an additional Stage 2 audit is necessary before the organization can be certified.
Thank you for subscribing to the Risk Insiders newsletter!
Why sign up for the Risk Insiders newsletter?
To stay in the know! Get new blogs, resources, CPE opportunities, industry research & more — direct to your inbox.