Audit Day
A practical, standard-by-standard, stage-by-stage series on what actually happens during each certification audit event Axlio supports. What the auditor is doing, what to have ready, and where organisations most often trip.
Certification audits are their own events, with their own objectives, and each stage tests something different. Stage 1 tests whether your management system is ready to be audited. Stage 2 tests whether the controls actually work. Surveillance audits test whether the system is still alive between certifications. Recertification tests all of it again from the ground up.
This series walks through each event, standard by standard. What the auditor is doing on the day. What documentation to have ready. Where the common mistakes are. What “passing” looks like in practical terms.
The pieces are written for the people who will be in the room during the audit. Not for a certification body. Not for a marketing audience. For the manager, DPO, quality lead, information security lead, or virtual CISO who needs the audit to go well.
What is coming
The series covers the five ISO management-system standards Axlio supports, at every stage of the certification lifecycle. Each cell in the grid below will be a dedicated article when published.
| Standard | Stage 1 | Stage 2 | Surveillance | Recertification |
|---|---|---|---|---|
| ISO 27001 — information security | Published | Published | Coming | Coming |
| ISO 22301 — business continuity | Published | Coming | Coming | Coming |
| ISO 27701 — privacy | Published | Coming | Coming | Coming |
| ISO 42001 — AI management | Published | Coming | Coming | Coming |
| ISO 9001 — quality | Published | Coming | Coming | Coming |
As related standards join Axlio’s service map, we will extend the series to cover them.
If you are preparing for a specific audit event that has not yet been published, our audit preparation service walks through the same material with clients directly. Series pieces will follow the same discipline we use in the engagements.
Published so far
Articles in the series, most recent first.
ISO 42001 Stage 1: what happens on the day, and what to have ready
The first ISO 42001 audits are landing in Europe. Where certification bodies have accredited schemes, and where organisations have been …
ISO 22301 Stage 1: what happens on the day, and what to have ready
Stage 1 of an ISO 22301 audit tests whether the Business Continuity Management System (BCMS) is ready to be evaluated in Stage 2. The event …
ISO 27001 Stage 2: what happens on the day, and what to have ready
Stage 1 tested whether the ISMS was designed. Stage 2 tests whether it works. The gap in effort between the two is larger than most …
ISO 27701 Stage 1: what happens on the day, and what to have ready
ISO 27701 is an extension of ISO 27001, not a standalone privacy standard. That single fact shapes the entire Stage 1 audit. The auditor is …
ISO 27001 Stage 1: what happens on the day, and what to have ready
Stage 1 is the audit event that reveals whether the ISMS is real or theoretical. Stage 2 will test whether the controls actually work. Stage …
ISO 9001 Stage 1: what happens on the day, and what to have ready
ISO 9001 is the oldest ISO management-system standard still in wide use. First published in 1987, updated most recently in 2015, it is the …
Preparing for a specific audit?
Our audit preparation service walks through the same material with clients directly, ahead of the event.
Audit preparation service