Preparing for ISO certification is a major milestone for any organization, but success depends heavily on how you approach the Stage 1 audit. While often viewed as a simple document check, Stage 1 plays a critical role in determining whether your management system is mature enough to move forward.
On this page
For certification bodies, this is more than a checkbox exercise. It’s where they assess whether your system is sufficiently planned, documented, and partially implemented to justify proceeding to the full audit (Stage 2). Gaps discovered here can lead to delays, additional costs, or even withdrawal from the certification process.
At CertBetter, we believe the difference between a smooth certification journey and a painful one often comes down to how well Stage 1 is managed. In this guide, we outline eight essential steps every organization should take before facing its Stage 1 audit.
Understand the Role of the Stage 1 Audit
The ISO certification process typically consists of two audit stages. The Stage 1 audit is a critical checkpoint that determines whether your management system is sufficiently developed to proceed to Stage 2, the full certification audit.
During Stage 1, the certification body will:
- Review your documented management system
- Evaluate your organization’s understanding of ISO requirements
- Assess whether your system is implemented enough for Stage 2
- Identify any significant gaps or risks that need to be addressed beforehand
Contrary to common belief, Stage 1 is not a formality. Findings here can delay your certification timeline if preparation is insufficient.
Get 3 ISO Quotes. 24 Hours Response
Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.
Trusted by 400+ businesses like yours
1. Define and Validate Your Scope and Context (Clauses 4.1 to 4.3)
One of the first areas an auditor will examine is whether your organization has clearly defined its foundational elements like context, interested parties, and scope under Clause 4 of most ISO management system standards (e.g., ISO 9001, ISO 14001, ISO 27001).
Key activities:
- Analyze internal and external issues (Clause 4.1):
Consider factors such as regulatory environment, market competition, supply chain risks, and emerging technologies.
- Identify interested parties (Clause 4.2):
Document key stakeholders and their relevant requirements including customers, regulators, partners, and internal staff.
- Define your scope (Clause 4.3):
Clearly articulate the boundaries of your management system. Specify the sites, departments, products, or services included. Avoid vague or overly broad descriptions.
Document this information clearly and ensure leadership and key personnel can explain the rationale behind your scope during the audit.
2. Ensure Required Documentation Is Complete and Accessible
The management system documentation forms the core evidence set for Stage 1. Auditors will evaluate whether your documents meet the standard’s requirements and reflect actual operations.
Required documentation typically includes:
- Management system policy (e.g., quality, environmental, information security)
- Documented procedures or process descriptions
- Risk and opportunity assessment records
- Defined objectives and performance measures
- Evidence of implementation planning (e.g., audit schedules, training plans)
Ensure your documentation is current, version-controlled, and internally approved. Auditors often raise findings when organizations rely on outdated or generic templates that do not align with their actual practices.
Best practice: Organize documentation by clause or process. Use a central repository with controlled access. Include a document matrix or index for quick reference during the audit.
3. Conduct an Internal Audit Before Stage 1
Even though Stage 1 is often called a “readiness review,” auditors still expect evidence that your system has moved beyond the planning stage. One of the most important indicators of this is the completion of at least one internal audit.
An internal audit demonstrates that:
- Your management system has been implemented to a basic operational level
- You have a mechanism to check conformance against ISO requirements
- Issues are being identified, and corrective actions are being initiated
Your internal audit should be risk-based and aligned with your documented procedures. It doesn’t have to cover every process in depth, but it must show that critical functions (e.g., operations, compliance, document control, leadership) have been reviewed.
4. Hold and Document a Management Review Meeting
Clause 9.3 of most ISO standards requires top management to periodically review the management system’s performance and alignment with strategic goals. For Stage 1, auditors expect to see that a formal management review has been held, even if the system is still early in its lifecycle.
Your management review must address:
- Changes in internal/external issues (context)
- Results of internal audits
- Nonconformities and corrective actions
- Performance against objectives
- Resource needs
- Opportunities for improvement
5. Train Key Personnel and Build ISO Awareness Internally
Stage 1 auditors will often speak with department leads, process owners, and support staff to assess awareness and competence. It’s not enough for your ISO consultant or quality manager to carry the system alone; staff must understand their roles within it.
At a minimum, ensure that key individuals can:
- Explain the policy and objectives in their own words
- Describe how ISO processes apply to their daily work
- Show familiarity with relevant procedures or records
- Identify risks or compliance obligations relevant to their area
Training doesn’t need to be complex. Short, focused sessions are often more effective than large formal workshops. Consider including ISO awareness as part of onboarding, toolbox talks, or team meetings.
6. Organize and Label Documentation Clearly for Audit Access
Stage 1 audits are heavily document-driven. Even if your system is functional, auditors can’t assess it unless they can access the right evidence efficiently.
Key preparation steps:
- Create a clear, logical folder structure (physical or digital)
- Group documents by clause, process, or department
- Use standardized file naming conventions (e.g., "QMS_Procedure_Training_v2.0")
- Include a document control matrix showing version history, ownership, and review dates
Pro tip: Conduct a mock audit walkthrough. Sit with someone unfamiliar with your structure and ask them to locate 5–10 key documents. If they struggle, reorganize before audit day.
7. Confirm Legal, Regulatory, and Contractual Obligations Are Documented
One of the more overlooked areas in Stage 1 is Clause 6.1.3 (compliance obligations). Every ISO management system requires the organization to identify and evaluate applicable laws, regulations, and other requirements relevant to its operations.
This includes:
- Health and safety laws
- Environmental permits or licenses
- Industry-specific regulations (e.g., FDA, GDPR, ISO/TS standards)
- Customer-specific contract clauses
You don’t need to show 100% compliance at Stage 1, but you must show that obligations are known, documented, and monitored.
What auditors expect:
- A list or register of relevant legal and regulatory requirements
- Evidence of periodic review (at least annually)
- Assignment of responsibility for compliance tracking
- References in your risk register or procedures
8. Confirm Audit-Day Logistics and Conduct a Readiness Review
Finally, audit success depends on logistics and planning. Before Stage 1, confirm that everything is in place to ensure a smooth audit experience.
Key tasks:
- Confirm the audit agenda and scope with the certification body
- Ensure availability of key personnel (especially process owners)
- Assign an audit facilitator to assist the auditor during interviews
- Test access to remote files, screen sharing tools, or conference rooms (if remote)
Also, consider doing a final readiness review. This can be a mini internal audit, a gap analysis, or even a mock audit conducted by a consultant.
Best practice: Schedule this review 1–2 weeks before the Stage 1 date. Use the actual audit agenda as your checklist.
Conclusion: Treat Stage 1 as a Strategic Advantage
The Stage 1 audit is not a test to be feared; it’s a strategic opportunity. A well-prepared Stage 1 can lead to fewer surprises in Stage 2. A customized audit plan from your certification body and stronger engagement from leadership and frontline teams help in the early identification of process improvement opportunities
Whether you’re pursuing ISO 9001, ISO 27001, ISO 14001, or another standard, every successful journey begins with solid groundwork. And if you're not confident in where you stand, CertBetter can help.
Use our platform to connect with verified ISO consultants and training providers who specialize in audit readiness. Preparation today leads to certification tomorrow.
