Return to ISO Registrar/AS Certification > Steps For Certification - Audit Process

Audit Process

Now that you have read through the Steps For Certification - the below information details the purpose of each phase of the audit process.


Stage 1

The purpose of the Stage 1 audit is to confirm that your organization is ready for the Stage 2 certification audit.  The auditor will:

  1. verify that the management system conforms to the requirements of the standard
  2. verify implementation status
  3. verify the scope of certification
  4. verify any legislative/regulatory compliance requirements
  5. produce a report that identifies areas of concern
  6. produce an assessment report and confirm a date for the Stage 2 audit visit
Stage 2

The purpose of this audit is to confirm that the management system has been fully implemented and conforms to the requirements of the chosen Standard in practice. The auditor will:
  1. undertake random samples of the processes and activities defined in the scope of certification
  2. verify system compliance with the standard by using objective evidence
  3. report any non-conformities or opportunities for improvement
  4. forward to ASACB the completed audit package (the auditor does not make the certification decision)
  5. adjust as needed the surveillance plan and agree to a date for the first annual surveillance audit
If the auditor identifies any major non-conformances, certification cannot be issued until correction and corrective action is taken and verified.  Accreditation requirements stipulate that if the non-conformances are not completed within 6 months, then certification may not be recommended without a further stage 2 audit.


Surveillance audits are undertaken periodically (typical annually) to verify that conformance to the chosen Standard is maintained throughout the three-year certification cycle. The frequency and duration of surveillance audits are dependent on factors including but not limited to:

  • size and structure of organization
  • complexity and risk of activities
  • number of management systems standards included in the scope of certification
  • number of previous non-conformities issued


ASACB makes decisions on renewing certification based on the results of the recertification audit, as well as the results of the review of the system over the period of certification and complaints received from users of certification. The recertification activity includes the review of previous surveillance audit reports and consider the performance of the management system over the most recent certification cycle.

The recertification audit shall include an on-site audit that addresses the following:

  • the effectiveness of the quality management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification;
  • demonstrated commitment to maintain the effectiveness and improvement of the quality management system in order to enhance overall performance;
  • the effectiveness of the quality management system with regard to achieving the certified client’s objectives and the intended results of the quality management system.


Information on ASACB's processes for granting, refusing, maintaining, renewing, suspending, restoring, or withdrawing certification or expanding or reducing the scope of certification is defined below.

  • Granting of certification: Upon completion of the initial certification, recertification (renewing) or transfer audit process, ASACB will perform a technical review of the submitted audit package and client corrective action with related objective evidence. The review will verify that all certification criteria have been achieved and non-conformances closed as appropriate so approval of certification may be granted.
  • Refusing of certification process: Should ASACB's technical review of the submitted audit package result in identification of open issues where closure cannot be achieved ASACB shall refuse the granting of certification until such time that the client can prove all criteria for certification has been achieved. If the time period to do so goes beyond the allowed timeframe a new initial certification audit process may have to be completed in order to grant certification.
  • Maintaining certification process: ASACB requires over the three-year certification cycle that annual surveillance audits be completed in year one/two and in a recertification audit in year three for all approved certifications. ASACB may suspend or withdraw an organization's certification if the required audits are not performed or open issues are not closed such as NCR's.
  • Suspension of certification process: ASACB will initiate its suspension process if the certified organization cannot re-establish conformance of its quality management system with the requirements of the chosen standard. ASACB will initiate its suspension process if the certified organization fails to abide by the contract terms and agreements or the client fails to perform the required audits.
  • Restoring of certification process: ASACB shall restore a certification that has been placed on suspension once all outstanding issues have been closed and verified as such through off-site or on-site review.
  • Withdrawal of certification process: ASACB may withdraw a certification as a direct result of but not limited to, non-performance of audits, miss-representation, non-closure of open corrective action, failure of the appeals process to close an open corrective action or at the request of the certified organization.
  • Expansion of certification process: ASACB will consider the expansion of a client's scope of certification by requesting information, data, and documentation for review. This may require the generation of a new quote/contract. Upon completion of the review an on-site audit will be confirmed. At this point the expansion of certification process will be followed.
  • Reduction of certification process: ASACB may require that an organization's scope of certification be reduced should evidence be identified that the scope of certification is no longer appropriate. ASACB will approve a request for scope reduction upon valid and verifiable objective evidence that the scope is no longer applicable to the organization's business. ASACB will refuse scope reduction as a means to avoid an audit non-conformance.