Stage 1 vs Stage 2 Audit
The two-part structure of every initial ISO certification audit. Stage 1 checks readiness — documentation, scope, and whether Stage 2 makes sense yet. Stage 2 is the full audit of the system in operation, on which certification is decided.
Stage 1: the readiness review
The auditor (on-site or remote) reviews your documented system: scope, policies, risk/aspect/hazard assessments as applicable, internal audit and management review evidence, and legal/compliance registers. The outputs are practical: confirmation of scope and audit plan for Stage 2, identification of 'areas of concern' that would become nonconformities if unaddressed, and a judgment on whether you're ready.
Treat areas of concern as a gift — they are the auditor telling you exactly what to fix in the weeks before Stage 2. Proceeding to Stage 2 with known gaps wastes everyone's audit days.
Stage 2: the certification audit
Weeks later, the full evaluation: process by process, the auditor interviews the people doing the work, observes it, and traces records to verify the system operates as documented and meets every requirement of the standard. Findings are graded (major/minor); the audit team recommends certification (or not), and an independent decision-maker at the certification body confirms it — the auditor never issues the certificate personally, a separation required by ISO/IEC 17021.
Certificates typically issue two to six weeks after a clean Stage 2 or after minor findings' action plans are accepted. From there the three-year cycle begins: surveillance audits annually, recertification in year three.
How to prepare for each
For Stage 1: have the mandatory documents complete and at least one internal audit and management review done. For Stage 2: run your own trace first — pick an order, an incident, a hire, and follow each through your system the way an auditor will. Where the trail breaks, so will the audit. Our Integrated Audit Game simulates exactly this five-station experience.
Go deeper, free.
Every standard this term appears in has a free clause-by-clause guide on ReadSafety.com — and when you're ready for certification, USQC provides accredited third-party audits.
Browse the guidesCertify with USQC