ISO Certification Process
(inc: ISO 9001; 14001; 45001)

Auditor Tips: Preparing for ISO Certification

ISO Certification Process
(inc: ISO 9001; 14001; 45001)

ISO Certification Process for ISO 9001 ISO 14001 ISO 45001 ISO 27001



To assist you with understanding the ISO certification process we put together the above flow chart with an overview of what to expect when going through certification.

If you require any assistance with certification, CC-Connect is a free help-desk service. Think of it as your certification assistant.

Below we have provided an overview of each step - to reveal more information click the 'step'.

The audit process overview provided in this article is applicable* to a number of management system standards, these include (but are not limited to):

  • Quality - ISO 9001 : 2015
  • Safety - ISO 45001 : 2018 | AS/NZS 4801 : 2001
  • Environmental - ISO 14001 : 2015
  • Information Security - ISO 27001 : 2015





The question to ask:
"Have we determined our certification needs and is our management system ready?

Before applying for certification, it is highly recommended that your business reviews its current readiness to avoid potential time and monetary loss.

There are multiple ways of reviewing your readiness (all with varying costs) - here are 3 common examples:

  • Conduct a review internally using a check-list for the desired standard/s
  • Hire a consultant
  • Engage a certification body to conduct a GAP Analysis*
*A GAP Analysis is VERY similar to the next step (the Stage 1)

If you require assistance with the above or have any questions, CC-Connect is a free help-desk service provided by us.


STAGE 1 - "What you say you do"

The stage 1 assessment / audit is the beginning of certification - it is all about, 'What you say you do' and is primarily a 'document based review'

The purpose?

To assess your management system documentation (policies & procedures) to determine the level of conformance with the standard/s. Ensuring you meet the [minimum] requirements* set out by the applicable standard/s.

*Any non-conformance (unmet requirement/s) found during the stage 1, will need to be ruled-out (fixed) prior to beginning the next step (Stage 2).

STAGE 2 - "How you do it"

The stage 2 assessment / audit is the final step before certification is granted.

At stage 1 you provided documents to state, "what you say you do". Now you will be assessed on, "how you do it" by providing evidence of implementation.

The purpose?

To verify that you are doing what your system documentation says you do.
On-site visits are conducted by an auditor to collect evidence on how you maintain and improve your system (planning, internal audits and reviews).

Certification is granted after the successful completion of stage 2

SURVEILLANCE 1 - "1st Year Maintenance"

After achieving certification it is mandatory to have a 'surveillance audit' in order to maintain certification. This audit usually occurs within 12 months of being certified / re-certified.

The purpose?

To ensure your system is maintained and that your processes are relevant and functioning as intended. The auditor will cover 1/3~ of the elements that were assessed during the Stage 2 - requiring less time to assess.

Typically Surveillance audits occur annually, however biannual audits are a possibility.

SURVEILLANCE 2 - "2nd Year Maintenance"

Similar to the 1st Surveillance (covered in the previous step), this audit will occur in your second year of certification and is mandatory to maintain a valid certificate.

The purpose?

To cover the remaining elements that have not been re-assessed since the completion of Stage 2 and to prepare you for next year's Re-certification audit.



Recertification occurs every 3 years and is (again) mandatory to maintain certification.

The purpose?

Restarting the certification process, the auditor will reassess your management system covering all elements of the standard/s (essentially conducting a stage 2).

Post recertification, the next audit is the Surveillance 1.

Comments are closed.