Font size: +
7 minutes reading time (1418 words)

ISO9001 and the Certifying Audits – Stage 2

Congratulations, you have got to the point where it is time for the stage 2 audit of your new ISO9001:2015 certification audit of your Quality Management System. You have spent many hours training all of your team on what the requirements are for running the organisation within your new system, people know where to find things, they are updating and controlling things properly and your management team are completely invested in it. You had your stage 1 audit and while there were a few area's that you needed to improve by and large it was a good session, you are ready, so what happens now?


The first thing to understand is that the length of time of an audit is going to be entirely based on how large your organisation is and how much of the system you are being audited against. If for example you are not looking for certification around design the entire auditing to show compliance for section 8.3 Design & developments of products is off the table, equally you may have outsourced your IT so this would be excluded as well (although there would need to be something in your supplier section for your chosen IT provider). As a rule of thumb expect at least 2 days for your audit, this means the senior management team should expect to be fully involved over the duration of these 2 days.

The Plan 

Once you agree some dates with your auditor, they are going to come on site and carry out the audit, before they do that however, typically 2-3 weeks before they should send you an audit plan. The aim of this is to firstly make clear where they are going to audit, it gives you time to ask clarification questions if you feel they are looking to audit an area you weren't expecting. It also allows you to ensure that team members in the area are aware of their slots and the management team can book themselves out. It's also a good idea at this point to book a meeting room to ensure the auditor has a base of operations to work from.

The Audit 

It's Audit time and she is standing in your reception ready to go, remember they are here to help and are not actually looking to fail you, but equally they aren't here as a consultant, they aren't allowed to offer advice, let them in get them settled, give them the wifi password and ask when will they want the kick-off meeting. Here's what to expect for the audit:

The kick-off meeting is about setting the scene and asking a few initial questions just to get the lay of the land and put you at ease, this isn't about getting to the meat of your system. At this meeting you want all the key players in your ISO9001:2015 Quality Management System, so your leadership team are normally here, and others as required. The audit is going to consist of a series of interviews with people within your organisation, the vast majority of these will be more of a chat than a sit down across the table interview, in fact, I would be surprised if you had any of those at all. Expect the audit to ask lots of open questions, they are looking for an understanding of the system and evidence that it's getting used. So questions will normally be of the form, can you show me…, how do you…., where would you… tell me about how you handle... the people being interviewed don't need to be able to parrot back exactly what is written in the QMS but they do need to be able to get across the meaning of what you have and prove that they are actively engaged with it.

There may be a lot of walking around, this will depend on a few things, obviously how large and widespread your organisation is but also where the documentation lives. If it's on paper and spread around the audit will need to go to it, if it's online then they can see it anywhere and it's faster. They will, however, look for evidence it's getting used so expect them to follow the process.

As you are walking through your processes and organisation a good auditor will be talking to you about what they are seeing, pointing out areas that will passable really need to be improved, these are classed as Opportunities to Improve (OFI) and also those areas where it's just not going to fly and will be a non-conformance, don't get disheartened these are all useful. 

The Wrap Up Meeting

At the end of the audit, it's time to get the full-blown feedback from the auditor, they will need a little time to get things ready for the discussion so don't panic when they tell you they need half an hour to write things up. The wrap-up meeting is the auditor's chance to properly feedback to your team (the same one that kicked off the audit!) on what they have seen and in some cases what they haven't but expected too. They will provide you with a rundown of the Opportunities for Improvement and the non-conformances that have been found and what needs to be fixed before you gain certification can be given, again they can't consult here they can only tell you want they would expect to see to meet the standard, make sure you write these down for your records including your understanding.

Remember that this is your opportunity to ask questions as well and make sure you fully understand any issues that have been brought up. Don't let the auditor leave with you still unclear of where you need to fix things.

The Report 

The last part of the stage 2 process is the report. This is the formal record of the audit and the findings giving you a formal record of any non-conformances and any Opportunities for Improvement (OFI's). Read these carefully and again ensure that you understand them, it's also important that you make sure that you don't find anything on the report that wasn't mentioned in the audit wrap up, if there is it's time to get on the phone and complain about it, there should be zero surprises on the report.

You shouldn't wait for the report to start fixing things that have been found in the audit, you should feedback to everyone involved what was found and coming up with the fixes. When you have the report, you can re-verify these things and make sure you are on the right track. Typically, you will have already agreed on a timeframe to fix these things and have a re-audit if required.

You may, of course, have zero issues to be fixed, in which case, congratulations, you are an ISO9001:2015 certified organisation! Celebrate with your team as you have put in an incredible amount of work to get here, next we'll talk about what you have to do next!


The ISO9001:2015 stage 2 certification audit is going to be 1-2 days depending on what is being covered. Expect the auditor to want to talk with a lot of people and see all your paperwork. Ensure the right team of people are involved at the start and all the way through, make sure you are prepared. Be 100% open and honest throughout the audit and be open for improvements. Make sure the same team is available for the wrap-up and that you are clear about any issues that have been raised as Non-Conformances or opportunities to improve. Fix what you need to fix and have those things rechecked to gain certification.

Get In Touch

If you need any support in developing or improving your ISO or Quality Systems we'd love to hear from you, just click here to make an appointment and find out how we can help you Make Things, Better

You can also call John on 0211649739 to set up a meeting 

Virtual Quality Management


Virtual Quality Management Support - Virtual Quality Management

Our Virtual Quality Management Support is designed to help your company achieve improved results plus meet the requirements of ISO but at a fraction of the cost. To Do this, we have partnered with the outstanding team at Mango and use their cloud based QHSE Management system to be able to deliver the best compliance support service available. Find out more about it here.


© Many Caps Consulting | All Rights Reserved

ISO9001 and the Post Certification Journey
ISO9001 and the Certifying Audits – Stage 1

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 20 May 2019

Captcha Image