A Structured Path to Global Quality Certification

Detailed Audit Stage 1 & Stage 2 Timeline Flow

The auditing process comprises two main stages: Stage 1 (Document Review) and Stage 2 (On-Site Conformity Audit). Our lead auditing desk coordinates all scheduling, document reviews, and corrective action submissions to secure certificates within 14-30 business days. This structured timeline is designed to ensure that the organization's management system is not only aligned with standard clauses but also fully functional and capable of generating the operational evidence necessary to clear third-party registrar assessments.

Phase 01: Pre-Audit Gap Analysis & Context Determination

Our lead assessors conduct a thorough physical and document review of your existing operations against standard clauses. We evaluate your organizational context (Clause 4.1), identify the expectations of interested parties (Clause 4.2), and determine the appropriate scope of certification. The resulting Gap Matrix identifies specific deficiencies in your current procedures, records, and controls, providing your management team with a step-by-step remediation roadmap to ensure no standard requirement is overlooked.

Phase 02: Document Architecture Design & Policy Formulation

We assist in drafting the required documentation framework. This includes compiling the high-level Corporate Quality Manual, designing the Environmental Management Plan or Statement of Applicability (SoA), and writing detailed Standard Operating Procedures (SOPs) for all key business divisions. Every document is structured to satisfy Clause 7.5 requirements, establishing version control, authorization protocols, distribution rules, and document identification schemes to prevent the use of obsolete procedures on the operating floor.

Phase 03: Operational Controls Deployment & Daily Logging

With documentation approved, we support the operational deployment of compliance controls. This involves configuring risk registers, environmental aspect-impact logs, and occupational hazard controls (HIRA). We establish daily record sheets, machinery calibration logs, IT access logs, and safety walkthrough records. Maintaining active, signed daily logs is essential to prove to third-party registrar assessors that your processes are operated under controlled conditions.

Phase 04: Competency Assessment & Employee Awareness Training

We conduct formal training workshops across all organizational levels. Under Clause 7.2 and 7.3, employees must be aware of the Quality Policy, standard objectives, and their specific responsibilities in maintaining standard status. We compile employee competency matrices, document training session attendance records, and conduct brief evaluations. This ensures your staff is fully prepared to answer questions from the registrar assessor during physical floor reviews.

Phase 05: Internal Auditor Development & Mock Audits

We develop your internal audit capabilities by training selected personnel on audit methodologies. The trained internal audit team performs a complete, independent mock audit across all operating departments, using custom audit checklists. We record all findings, raise internal non-conformities (NCs) where necessary, and compile the final internal audit report (Clause 9.2). This simulation prepares your team for the registrar's visit and tests system effectiveness.

Phase 06: Management Review Meeting (MRM) Execution

We coordinate and facilitate the mandatory Management Review Meeting (Clause 9.3). Top management and process owners review the suitability, adequacy, and effectiveness of the management system. The agenda includes reviewing internal audit results, process performance, customer feedback, status of corrective actions, objectives status, and risk assessment updates. The meeting outcomes, resource allocations, and strategic decisions are documented in signed MRM minutes.

Phase 07: Stage 1 Registrar Documentation Audit

The chosen third-party registrar assessor performs the Stage 1 review. This is primarily a documentation audit to verify that your system architecture satisfies standard requirements. The assessor inspects your Quality Manual, scope statement, risk register, internal audit report, and MRM minutes. Any documentation gaps identified during Stage 1 must be addressed before the assessor schedules the on-site Stage 2 conformity audit.

Phase 08: Stage 2 Registrar Physical/Logical Assessment

The registrar assessor conducts the Stage 2 audit on-site (or remotely for specific IT/digital environments). They verify process conformity, inspect physical facilities, review logs, verify calibration certificates, check safety practices, and interview employees. The auditor's goal is to verify that the procedures documented in your manual are actively followed in daily practice and that your records support compliance claims.

Phase 09: CAPA Resolution & Certificate Recommendation

If the registrar assessor identifies any non-conformities (NCs) during Stage 2, the organization is given a specific timeline (typically 30-60 days) to address them. We guide your team in preparing and submitting the CAPA evidence files. Once resolved, the certifying body approves your listing and issues the official ISO certificate, registering it in the global IAF directory.

Phase 10: Registry Listing, Certificate Release, & Verification

The registrar's certification committee performs the final review and issues the official accredited ISO certificate. The certificate details, scope, and status are registered in the global IAF CertSearch directory. MSR's team verifies the listing and helps you implement our certificate lookup widget, allowing clients, government tender boards, and corporate buyers to verify your accredited status instantly.

Phase 11: Annual Surveillance Audits (Year 1 & 2)

ISO certificates are valid for a three-year cycle, subject to annual surveillance audits. In Year 1 and Year 2, the certifying registrar schedules mandatory periodic reviews. MSR's advisory desk provides continuous support, helping you update risk registers, record internal audits, conduct MRMs, and verify calibration records. These surveillance runs ensure that compliance controls remain active and prevent suspension.

Phase 12: Comprehensive Recertification Audit Planning (Year 3)

Before the certificate's third-year expiration, the organization must undergo a complete recertification assessment. We plan and schedule this review six months in advance. We perform a complete baseline audit, update your quality manual, verify that all operational records are locked, and manage the recertification process with the registrar to ensure seamless compliance renewal.

Accreditation vs. Certification

Accreditation is the formal recognition granted to an auditing body (the Registrar) by an authorized body (like NABCB or IAS) confirming their competence to audit. Certification is the third-party validation issued to an organization confirming compliance with a specific standard.

Stage 1 vs. Stage 2 Audit

Stage 1 is a documentation audit to review the readiness of the system (e.g. QMS scope, context analysis, internal audits). Stage 2 is the formal on-site audit evaluating actual process compliance, records, calibrations, and interviewing shop floor staff.

CAPA (Corrective and Preventive Action)

A systematic method for identifying non-conformities, conducting root-cause analysis (e.g., Fishbone or 5-Whys), implementing actions to eliminate the cause, and verifying the effectiveness of those actions to prevent recurrence.

Integrated Management System (IMS)

An operational framework that combines multiple ISO standards (e.g. ISO 9001, 14001, 45001) into a single, unified management system, reducing audit overhead and duplicate documentation.

Stage 01: Diagnosis & SOP Formulation (Weeks 1-3)

The consulting team conducts physical walkthroughs and interviews to identify compliance gaps. Standard Operating Procedures (SOPs), Quality Policies, and HIRA matrices are designed and distributed to all process owners.

Stage 02: System Training & Internal Audits (Weeks 4-6)

Employees receive training on the new controls. A mock internal audit is performed across all departments to test the operational registers, followed by a formal Management Review Meeting to review system performance.

Stage 03: Registrar Assessment & Listing (Weeks 7-8)

The chosen registrar assessor conducts a Stage 1 documentation review, followed by the Stage 2 physical floor inspection. Gaps are addressed through a CAPA plan, triggering the certificate release and IAF CertSearch registration.