Phase 1 initial audit

Published on 21 May 2024

During the first part of the initial audit, the DigiTrust auditor tests whether your organisation is ready for the actual on-site audit. This is because during that physical Phase 2 audit, the auditor checks the extent to which your management system has been properly implemented and is operating effectively, in line with ISO standards. To make sure your organisation is ready for this intensive audit, Phase 1 initial audit takes place first.

In this phase, the auditor tests whether there is a working system at all and whether all processes and practices have been implemented. Here, the auditor also assesses whether specific circumstances, such as locations, type of business operations and deviating processes, have been addressed. Naturally, your knowledge of the ISO standard is also tested.

At the conclusion of Phase 1, a wrap-up interview follows. In it, the auditor clearly explains whether your organisation is ready to enter Phase 2 of the initial audit. If there are areas for improvement or deviations, the auditor shares these with you. After which you get the chance to resolve them before the Phase 2 audit starts.

Tip: Therefore, plan enough time between Phase 1 and Phase 2 of the audit. This will give you an opportunity to resolve any areas of improvement.

What should you look out for in the phase 1 initial audit?

There are a number of guiding principles to consider while preparing for this audit.

Make sure you have all required documentation in order.

Do you have evidence that policy/procedure and instructions are actually used in practice?

Did you conduct a risk analysis and was it done correctly in the right context of the organisation and processes in scope?

Have you already carried out the internal audit, or will you do so for the phase 2 audit? And was it conducted impartially and objectively?

Both you and your staff know the key elements of the ISO standard, they are aware of the added value of your management system, protocols and objectives.

Tip: In the run-up to the phase 1 initial audit, it is advisable to conduct an internal audit first. This way, you can test yourself how ready your organisation is for the certification cycle and know what to expect during an audit.

Share this message

Other messages

NIS2 guideline: Are you a supplier to an NIS2 organisation?

NIS2 Directive - Quality Mark NIS2 legislation describes that essential and important companies, also known as NIS2 companies, are responsible for the cyber security of their

Anyone can issue ISO certificates, including you

With or without accreditation? It may sound a bit strange, but: anyone can perform ISO27001, NEN7510 and ISO9001 audits themselves ánd even issue actual certificates. The

Provinces, municipalities and water boards BIO 2.0 is coming and so is the NIS2/CBW!

From BIO 1.04 to BIO 2.0 For the government, since 1 January 2019, there is the Baseline Information Security Government (BIO), which includes for the government

IEC 62443 standard - DigiTrust

DigiTrust audits and certifies against IEC 62443 standard

DigiTrust audits and certifies your Operational Engineering (OT) against IEC 62443 In a world where digital security is becoming increasingly important, it is increasingly vital for organisations