top of page
AAA's logo
  • Facebook
  • Twitter
  • Linkedin
Search

What Happens at a Stage 1 and Stage 2 ISO Audit (and What Companies Get Wrong)

  • 7 days ago
  • 3 min read
Business meeting in a bright office with six people discussing documents on a table. Serious mood, charts on papers, window view.

“We’ve got our ISO audit coming up… what actually happens?”


It’s a question most companies ask once they’ve started the process - especially if they’re working towards certification for the first time.


You’ll often hear about Stage 1 and Stage 2 audits, but what these actually involve (and what auditors are really looking for) isn’t always clear.


Understanding this properly can make the difference between a smooth certification and a stressful experience.


The short answer


ISO certification happens in two main steps:


  • Stage 1 - a review of your system and readiness

  • Stage 2 - an assessment of how your system actually operates


Both stages are important, and both serve different purposes.


What happens at Stage 1 ISO audit


Stage 1 is often described as a “documentation review”, but that doesn’t fully explain it.


At this stage, the auditor is looking to confirm that:


  • your management system is in place

  • your documentation aligns with the standard

  • you understand your own processes

  • you are ready to move to Stage 2


This usually involves reviewing key documents such as your policies, procedures, scope, risk assessments and internal audit records.


It’s also common for the auditor to ask questions about how your business operates, how processes link together, and how you monitor performance.


Stage 1 is not about catching you out - it’s about identifying any gaps before the full audit.


What happens at Stage 2 ISO audit


Stage 2 is where the real assessment takes place.


This is where the auditor checks whether your system is actually being followed in practice.


Rather than just reviewing documents, they will typically:


  • speak to staff across different roles

  • look at live records and evidence

  • follow processes from start to finish

  • check how decisions are made and recorded


For example, they may trace a job from enquiry through to delivery, or review how a nonconformity was handled and closed out.


The focus is on consistency.


Does the system described in your documentation match what actually happens day to day?


What companies often get wrong


One of the most common misunderstandings is treating Stage 1 and Stage 2 as a formality.


In reality, issues at either stage can delay certification.


Typical problems include:


  • documentation that doesn’t reflect real processes

  • staff who are unaware of procedures

  • records that are incomplete or inconsistent

  • internal audits not carried out properly

  • management reviews treated as a tick-box exercise


These are not unusual - but they are avoidable with the right preparation.


The biggest mistake: preparing for the audit, not running the system


A pattern we see regularly is companies preparing specifically for the audit, rather than focusing on how the system works day to day.


This often leads to:


  • last-minute document updates

  • rushed internal audits

  • processes that only exist on paper


Auditors are usually quick to spot this.


ISO works best when the system is embedded into normal operations, not switched on just before the audit.


How to approach the audit properly


The most effective approach is to treat the audit as a validation of what you already do, not something separate.


If your system is:


  • understood by your team

  • used consistently

  • supported by real records

  • reviewed regularly


...then the audit process tends to be straightforward.


Preparation becomes about clarity, not firefighting.


Not sure if you’re ready for certification?


If you’re approaching Stage 1 or Stage 2 and aren’t sure whether your system is ready, it’s worth stepping back and getting a clearer picture.


Our free ISO readiness check helps you understand:


  • whether your system is likely to meet audit expectations

  • where gaps typically appear

  • what you should focus on before certification



Final thought


Stage 1 and Stage 2 audits are not there to catch businesses out.


They are there to confirm that your management system is structured, consistent and working as intended.


The more your system reflects how your business actually operates, the easier the audit becomes - and the more value you get from certification.

 
 
 

Comments

bottom of page