Skip to main content

Certification audits are their own events, with their own objectives, and each stage tests something different. Stage 1 tests whether your management system is ready to be audited. Stage 2 tests whether the controls actually work. Surveillance audits test whether the system is still alive between certifications. Recertification tests all of it again from the ground up.

This series walks through each event, standard by standard. What the auditor is doing on the day. What documentation to have ready. Where the common mistakes are. What “passing” looks like in practical terms.

The pieces are written for the people who will be in the room during the audit. Not for a certification body. Not for a marketing audience. For the manager, DPO, quality lead, information security lead, or virtual CISO who needs the audit to go well.

What is coming

The series covers the five ISO management-system standards Axlio supports, at every stage of the certification lifecycle. Each cell in the grid below will be a dedicated article when published.

StandardStage 1Stage 2SurveillanceRecertification
ISO 27001 — information securityPublishedPublishedComingComing
ISO 22301 — business continuityPublishedComingComingComing
ISO 27701 — privacyPublishedComingComingComing
ISO 42001 — AI managementPublishedComingComingComing
ISO 9001 — qualityPublishedComingComingComing

As related standards join Axlio’s service map, we will extend the series to cover them.

If you are preparing for a specific audit event that has not yet been published, our audit preparation service walks through the same material with clients directly. Series pieces will follow the same discipline we use in the engagements.

Preparing for a specific audit?

Our audit preparation service walks through the same material with clients directly, ahead of the event.

Audit preparation service