How to Prepare for an ISO Audit: A Practical Checklist
To prepare for an ISO audit, confirm your documentation is current, run an internal audit, close outstanding nonconformities, gather objective evidence against each clause, and brief your team. Good preparation turns the audit into a confirmation rather than a discovery.
What does an ISO auditor look for?
An auditor looks for objective evidence that your management system meets the standard and works in practice. They sample records, interview staff, and trace processes from start to finish.
They are not trying to catch you out — they are confirming that what your documents say is what actually happens.
Your ISO audit preparation checklist
- Confirm every required document is current, approved, and version-controlled.
- Run a full internal audit covering all clauses and close the findings.
- Hold a management review and record the outputs.
- Verify that open nonconformities have corrective actions and evidence of closure.
- Collect objective evidence — records, logs, and reports — mapped to each clause.
- Check that previous audit findings have been resolved.
- Brief everyone the auditor may speak with on their role and the relevant processes.
How to organize your audit evidence
The fastest audits happen when evidence is organized by clause and instantly retrievable. Scrambling through shared drives during an audit wastes time and undermines auditor confidence.
Keep policies, records, and evidence in one place, linked to the requirement each item supports, so you can answer any question in seconds.
Handling nonconformities during the audit
If the auditor raises a nonconformity, do not be defensive. Acknowledge it, agree the finding, and capture it clearly.
After the audit, identify the root cause, define a corrective action, assign an owner, and track it to verified closure within the agreed timeframe.
How SWC CRM makes audits painless
SWC CRM gives you a configurable, clause-by-clause checklist, an evidence library mapped to each requirement, and nonconformity tracking that runs from finding to closure. Every internal and external audit lives in one workspace.
When the certification body arrives, the evidence is already organized — so the audit confirms what you already know.
Frequently asked questions
How often are ISO surveillance audits?
Surveillance audits are usually annual. During the three-year certificate cycle, you have a surveillance audit in year one and year two, then a full recertification audit in year three.
What is the difference between an internal and external audit?
An internal audit is run by your own organization to find and fix issues. An external audit is run by an independent certification body to decide whether to grant or maintain your certificate.
How long does an ISO audit take?
Audit duration depends on the size and complexity of your organization and the scope of certification. A small company may need a day or two; larger, multi-site organizations need longer, set by the certification body.
See SWC CRM for yourself
Run leads, projects, audits, invoicing, and renewals in one customizable platform built for ISO certification teams.