ZenGRC

Simply Powerful GRC

What is an ISO Stage 1 Audit?

· ·

An International Standards Organization (ISO) Stage 1 audit determines whether a company is ready for its ISO Stage 2 Certification Audit. It is the first stage in the certification audit process.

The certification audit determines if an organization’s management system complies with the standard’s requirements, e.g., ISO 9001, ISO 14001, ISO 45001, and can be certified in the standard. The certification body’s auditor conducts the certification audit.

During the Stage 1 ISO audit, the auditor reviews the organization’s documented information about its management system, evaluates the conditions at the site, and has discussions with personnel.

As part of the ISO Stage 1 audit, the auditor evaluates the company’s internal audits and management reviews to ensure they are planned and performed. The auditor also assesses the overall level of implementation of the company’s management system to determine if it’s ready to move forward with the ISO Stage 2 Certification Audit.

What is a Stage 1 ISO 9001 audit?

The Stage 1 ISO 9001 audit is the preliminary assessment to evaluate an organization’s readiness for the ISO Stage 2 Certification Audit within the ISO 9001 Quality Management Systems (QMS) standard. It is a precursor to Stage 2, concentrating on assessing the company’s preparedness and adherence to the standard’s prerequisites.

In this stage, the certification body and top management review documented information concerning the organization’s processes, inputs, and outputs. The audit emphasizes continual improvement and assesses how the company addresses regulatory requirements while aligning with customer satisfaction goals and objectives.

Companies certified in ISO 9001 are committed to continually improving their quality performance. This certification reflects the ongoing dedication to quality, customer satisfaction, and process excellence.

How long does an ISO Stage 1 audit take?

Typically, an ISO Stage 1 audit is conducted within a concise timeframe of one to two days. During this period, the certification body, often called the registrar, performs a comprehensive review and lays the groundwork for the subsequent ISO Stage 2 audit. The audit is instrumental in finalizing plans, including resource allocation, for the upcoming audit phase.

ISO Stage 1 and Stage 2 audit

The auditor will give the organization documented conclusions outlining whether the company is ready to move to the ISO Stage 2 audit. The auditor will also outline areas of concern that could be classified as non-conformances during the ISO Stage 2 audit.

During the ISO Stage 2 audit, the certification body, also known as a registrar, will determine the degree of compliance with the requirements of the applicable standard. The audit report will also identify non-conformances or potential non-conformances the company must correct before issuing the certification. If the Stage 2 audit is successful, the certification body will certify the company’s management system.

For example, ISO 9001, the standard for QMS, requires that organizations complete this two-stage registration audit to become certified. If both the ISO Stage 1 and the ISO Stage 2 audits are successful, an organization will be certified to ISO 9001.

Suppose the auditor identifies any significant non-conformances in the ISO Stage 2 audit. In that case, the certification body can only issue the certification once the company takes corrective action and that action is verified.

Preparing for your ISO Stage 1 Audit

Efficiently preparing for the ISO Stage 1 audit is vital to ensure a smooth assessment process. This involves meticulous attention to detail in aligning the organization’s operations with the requirements outlined by ISO 9001:2015, providing comprehensive documentation, and fostering a thorough understanding among staff members about objectives and key performance indicators.

During this phase, it’s imperative to consider the needs of interested parties involved in the organization’s processes, aligning business processes with customer requirements and regulatory needs. This alignment is crucial for practical performance evaluation and continual improvement.

An essential step involves developing templates that aid in demonstrating the organization’s adherence to the standard’s requirements. These templates facilitate operational planning and assist in conducting a gap analysis to address risks and enhance the organization’s approach toward achieving ISO 9001 certification.

The focus should be on implementing a robust quality policy that reflects a customer-focused approach and caters to stakeholders’ expectations. This approach involves thorough internal audits to ensure conformity, address nonconformities, and align the documented information with the organization’s outputs.

Preparing for the certification process entails meticulous planning, setting an effective audit plan, and collaborating closely with the certification body. Emphasizing the execution of an audit checklist tailored to meet ISO 9001 requirements assists in capturing areas of concern for effective resolution before progressing to the Stage 2 audit.

This strategic approach, continual improvement, and a focus on addressing nonconformities primes the organization for successful certification through a well-executed Stage 1 audit process.

ISO Stage 1 Audit Checklist

Creating an audit checklist need not be arduous; it can be developed from scratch or based on a template. Below is an illustrative example of what a typical ISO 9001 audit checklist might encompass, including sample questions for comprehensive ISO compliance assessment:

Clause 4: Context of the Organization

  • Understanding the organization’s context and its impact
  • Identifying the needs and expectations of interested parties
  • Determining the scope of the Quality Management System (QMS)
  • Assessing the QMS processes

Example Questions:

  • Are all external and internal issues impacting the organization’s purpose and customer satisfaction regularly reviewed?
  • Have the needs of interested parties relevant to the QMS been identified and addressed?
  • Is the QMS description detailed, including the required processes and their interaction?
  • Have responsibilities, methods, measurements, and related performance indicators been established for effective operation and control?

Clause 5: Leadership

  • Demonstrating leadership commitment
  • Defining the Quality Policy
  • Assigning organizational roles, responsibilities, and authorities

Example Questions:

  • Has top management demonstrated accountability for QMS effectiveness?
  • Are the policy and objectives for the QMS aligned with the organizational strategy?
  • Have individual and departmental objectives regarding the QMS been established and communicated?

Clause 6: Planning

  • Addressing risks and opportunities
  • Setting quality objectives
  • Planning changes within the QMS

Example Questions:

  • Have risks and opportunities impacting the QMS effectiveness been identified?
  • Are there actionable plans in place to address identified risks and opportunities?
  • Is there a defined process for managing changes within the QMS?

Clause 7: Support

  • Allocating resources for the QMS
  • Ensuring competence and awareness
  • Effectively managing documented information

Example Questions:

  • Have adequate resources been allocated for QMS establishment, implementation, and improvement?
  • Is there a process for ensuring competence related to QMS performance?
  • Is documented information necessary for QMS operation readily available and managed effectively?

Clause 8: Operation

  • Controlling operational processes
  • Meeting product and service requirements
  • Managing design, production, and service provision

Example Questions

  • Is there a defined process to ensure products and services meet customer requirements?
  • Are outsourced processes effectively managed and controlled?
  • Do you have a mechanism to address nonconformities in process outputs, products, or services?

Clause 9: Performance Evaluation

  • Monitoring, measuring, analyzing, and evaluating QMS performance
  • Conducting internal audits
  • Performing management reviews

Example Questions:

  • Are monitoring and measurement methods established for valid results?
  • Has the need for QMS improvements been determined and integrated into management reviews?
  • Is there a structured process for conducting internal audits?

By utilizing this checklist, organizations can systematically evaluate their QMS components, identify areas for improvement, and ensure alignment with the ISO 9001 standard’s principles. 

Stay Prepared for Your Next ISO Audit with ZenGRC

ZenGRC simplifies comprehensive management system compliance, enabling organizations to sustain readiness for ISO audits and effectively address potential non-conformances identified during the audit process.

Achieving and upholding ISO compliance demands a comprehensive approach. ZenGRC provides a powerful solution that streamlines compliance management, automates critical processes, and offers real-time insights.

Ensure a seamless ISO certification journey with ZenGRC as your partner. Schedule a demo to witness how ZenGRC can empower your organization’s compliance efforts and prepare you for successful ISO audits!