Most manufacturers dread ISO audits because they do not know what to expect. As an active 3rd party auditor who conducts certification, surveillance, and recertification audits across 9+ standards, we pull back the curtain on exactly what happens from the moment the auditor walks in the door. We cover the complete audit lifecycle: Stage 1 documentation review (what auditors look for in your quality manual, procedures, and records), Stage 2 on-site assessment (how auditors select processes to audit, what questions they ask operators, how they evaluate competence), the closing meeting (how findings are categorized as major nonconformities, minor nonconformities, or opportunities for improvement), and the post-audit corrective action process. We share the 10 most common audit findings we write across all standards, the 5 things that impress auditors most, and a practical pre-audit checklist your team can use to prepare. This is the insider perspective you cannot get from someone who has never held a clipboard on the other side of the audit table.
Before the Audit
Preparation for an ISO certification audit starts weeks before the auditor arrives. Verify that all internal audits are complete and findings are closed. Confirm that management review has been conducted with all required inputs and outputs documented. Ensure all calibration is current, training records are up to date, and documented procedures reflect actual practice.
Designate a guide — typically your quality manager — who will accompany the auditor throughout the facility. Prepare a clean, organized audit room with access to all quality system documents, records, and data the auditor may request. Brief all employees who may be interviewed on the audit process and their role in the quality system.
Stage 1: Documentation Review
The Stage 1 audit evaluates your management system documentation for conformance with the standard requirements. The auditor reviews your quality manual, procedures, work instructions, and supporting documents. They verify that every clause of the standard is addressed by your documented system.
Stage 1 also includes a brief site visit to understand your operations and assess readiness for Stage 2. The auditor identifies any gaps in your documentation that must be resolved before Stage 2 can proceed. Typical gaps include missing procedures, incomplete management review records, or insufficient internal audit coverage. Stage 1 findings must be resolved before Stage 2 is scheduled.
Stage 2: Implementation Audit
Stage 2 is the implementation audit where the auditor verifies that your documented system is actually implemented and effective. This is the substantive audit — the auditor observes processes, interviews employees, reviews records, and traces product through your operation.
The auditor uses a process-based approach, following your products from customer inquiry through delivery and post-delivery support. They interview operators, inspectors, supervisors, and managers. They compare what your procedures say should happen against what actually happens. They review data to verify that your monitoring and measurement produces meaningful results and drives improvement.
Findings and Certification Decision
Audit findings fall into categories: major nonconformances indicate significant system failures that prevent certification until resolved; minor nonconformances indicate specific compliance gaps that must be corrected within a defined timeline; and observations or opportunities for improvement suggest areas for enhancement without requiring formal corrective action.
A major nonconformance prevents certification until resolved and verified. Minor nonconformances allow certification to proceed but require corrective action evidence within 90 days. The certification decision is made by the registrar based on the audit report — not by the auditor on-site. Once certified, you receive a certificate valid for three years with annual surveillance audits to verify ongoing compliance.
