Blog
What is ISO? What ISO 9001, 14001, 45001 & 27001 Mean for Your Business
What is ISO? Demystifying 9001, 14001, 45001 and 27001 for Your Business If you’ve ever typed “what is ISO” into a search engine and been
ISO Audit Process: Inside the Audit – What Actually Happens During an ISO Audit
ISO audit process concerns trigger immediate anxiety for many organisations. Visions of intense questioning, endless documents, and the fear of “failing” are common — especially for first-time certification or newly appointed compliance leads.
The reality, however, is far less intimidating.
An ISO audit is a structured, professional review of your management system, not an interrogation or a test of individual performance. Once you understand the ISO audit process and what auditors are really looking for, much of the fear disappears.
This article walks you through exactly what happens during an ISO audit, what evidence auditors expect to see, and how to prepare and interact confidently — without overcomplicating things
What Is the ISO Audit Process – Really?
At its core, the ISO audit process is a conformity assessment. The auditor’s job is to verify that your management system:
- Meets the requirements of the relevant ISO standard
- Is implemented in practice (not just on paper)
- Is effective in achieving its intended outcomes
Importantly, auditors are not there to catch people out. They are assessing systems and processes, not judging individuals or trying to create failures.
There are several types of ISO audits within the wider ISO audit process:
- Certification audits (initial approval)
- Surveillance audits (ongoing annual checks)
- Recertification audits (typically every three years)
While the depth varies, the overall approach remains consistent and predictable.
The ISO Audit Process Explained Step by Step
ISO Audit Process: Before the Audit – Preparation and Planning
The ISO audit process begins well before the auditor arrives.
You’ll receive:
- Confirmation of audit scope and standard
- An audit plan outlining timing, areas to be reviewed, and key contacts
- Requests for key documents (often in advance)
At this stage, preparation should focus on readiness, not perfection. Auditors expect to see a system that works — not one that was frantically polished the night before.
Good preparation within the ISO audit process includes:
- Ensuring documents are approved and current
- Checking records are available and accessible
- Making sure staff understand their role in the system
What preparation is not:
- Writing brand-new procedures just for the audit
- Coaching staff with scripted answers
- Trying to hide weaknesses
ISO Audit Process: Stage 1 Audit – The Readiness Review
For certification audits, Stage 1 within the ISO audit process is a readiness assessment, not a pass-or-fail event.
The auditor will typically review:
- Your management system scope
- Key policies and objectives
- Risk assessments and planning processes
- Legal or regulatory awareness
- Internal audit and management review arrangements
The purpose of Stage 1 in the ISO audit process is to confirm that:
- Your system is designed in line with the standard
- You are ready to proceed to Stage 2
Any gaps identified at Stage 1 are there to help you prepare — not to penalise you.
ISO Audit Process: Stage 2 Audit – The Main Event
Stage 2 is what most people think of as “the audit” and represents the core of the ISO audit process.
It begins with an opening meeting, where the auditor:
- Confirms the scope and agenda
- Explains how findings are graded
- Reiterates that the audit is based on sampling
From there, the ISO audit process follows a process-based approach. Auditors don’t check everything — they sample evidence to build confidence that your system works consistently.
Typical activities include:
- Reviewing records and documents
- Interviewing staff at different levels
- Observing activities and site conditions
The auditor is constantly asking one key question:
“Can this organisation demonstrate that it does what it says it does?”
ISO Audit Process: What Evidence Do Auditors Really Look For?
One of the biggest sources of confusion in the ISO audit process is the idea of “evidence”.
ISO auditors look for objective evidence, which usually falls into three categories:
- Records – completed forms, logs, reports, meeting minutes
- Interviews – staff explaining what they do and why
- Observations – seeing processes carried out in practice
Crucially, evidence within the ISO audit process must show consistency, not perfection.
ISO Audit Process: How Auditors Ask Questions
Auditor questions during the ISO audit process are typically open and neutral, such as:
- “Can you show me how this process works?”
- “What happens if something goes wrong here?”
- “How do you know this is effective?”
The best approach for staff during the ISO audit process is:
- Answer honestly and calmly
- Explain what they actually do, not what the procedure says
- Show evidence where possible
ISO Audit Process: Understanding Non-conformities Without the Fear
A non-conformity within the ISO audit process simply means a requirement of the standard has not been fully met.
They are usually categorised as:
- Minor non-conformities – isolated or low-risk issues
- Major non-conformities – systemic or high-risk failures
Non-conformities are not a judgement of competence and do not automatically mean certification failure. In most cases, they require corrective action to address the root cause and prevent recurrence.
Auditors also raise:
- Observations
- Opportunities for improvement
These are valuable insights, not criticisms.
ISO Audit Process: Common Mistakes and How to Avoid Them
Many problems in the ISO audit process arise from behaviour rather than system gaps. Common mistakes include:
- Over-documenting processes that don’t add value
- Treating the audit like an exam
- Becoming defensive or argumentative
- Trying to control every conversation
The most successful audits happen when organisations are:
- Open and cooperative
- Prepared but relaxed
- Focused on showing real practices
ISO Audit Process: What Happens After the Audit?
The audit concludes with a closing meeting, a standard part of the ISO audit process, where the auditor:
- Summarises findings
- Explains any non-conformities
- Outlines next steps and timelines
You’ll then receive a formal audit report. If corrective actions are required, these are typically submitted with evidence within an agreed timeframe.
Certification decisions are based on:
- The effectiveness of your system
How issues are addressed — not whether they existed.
ISO Audit Process: How to Prepare Calmly and Confidently
The key to a successful ISO audit process is understanding that it is a review of your system, not a test of your people.
Preparation, clarity, and honesty go much further than last-minute fixes or excessive documentation.
Final Takeaway
When you understand the ISO audit process, know what evidence matters, and approach the audit professionally, it becomes a valuable tool for improvement — not something to fear.
Share
Book a Free Consultation
Get free advice and guidance tailored to your exact business needs
Related Resources
Blog
Beyond the Badge: How UKAS-Accredited and Non-Accredited ISO Both Build Trust – When Used Honestly
Beyond the Badge: How UKAS-Accredited and Non-Accredited ISO Both Build Trust – When Used Honestly. In B2B relationships, trust is not a “nice to have”
Book a Free Consultation Consultation Consultation Consultation
Get free advice and guidance tailored to your business needs