FAQ

Can remote audits be used for ISO 9001 certification?

Remote techniques can be used as part of an ISO 9001 certification audit, but they do not automatically mean your certification audit will be fully remote. The decision on how much of the audit can be conducted remotely is made by your accredited certification body, under their own procedures and any applicable accreditation and regulatory constraints.

What ISO allows vs. what your cert body will accept

ISO 9001 does not prescribe how an audit must be performed. The conditions for remote auditing come from:

  • Accreditation rules (for example, ISO/IEC 17021-1 and related guidance on ICT use in audits).
  • Your certification body’s internal policies and risk criteria.
  • Any sector-specific or customer-imposed requirements that expect physical site visits (common in aerospace, defense, and medical device supply chains).

Most certification bodies now allow some use of remote techniques (document review, interviews, screen sharing, system demos). Whether a stage 1 or surveillance audit can be fully remote, and whether a stage 2 (initial certification) or recertification can be partly remote, is decided case by case.

When remote auditing is usually feasible

Remote methods are more likely to be used extensively when:

  • Your operations have lower safety and regulatory risk and limited special processes.
  • You already maintain well-organized digital records (QMS, DMS, MES/ERP integrations, electronic training and calibration records).
  • Evidence is easy to show via screen share (document control, CAPA, internal audits, management review, risk registers).
  • The certification body has already audited your site in person and has a current understanding of the context and layout.

In these cases, certification bodies often push as much document and records review as possible into a remote phase, then use a shorter targeted on-site visit for the physical and shop-floor elements.

Where on-site is still usually required

In industrial and aerospace-grade environments, a purely remote ISO 9001 certification audit is rare. On-site presence is typically expected for:

  • Initial certification stage 2, to verify the real implementation of processes, leadership engagement, and culture.
  • High-risk or regulated processes (special processes, critical flight hardware, pressure systems, sterile or cleanroom manufacturing).
  • Product realization on the floor: observing operators, work instructions usage, tooling controls, and how nonconforming product is physically segregated and identified.
  • OT and facility controls: calibration labels, storage conditions, ESD protection, foreign object controls, tooling management.
  • Complex, multi-building sites where cameras or static video feeds do not give reliable coverage.

Customers, primes, or regulatory bodies may also explicitly require periodic physical site visits for critical suppliers, regardless of what the certification rules permit.

Typical hybrid approach in regulated manufacturing

For most established plants, especially in aerospace, defense, and medical device supply chains, the realistic model is a hybrid audit:

  • Remote: management review, document control, risk and opportunity registers, internal audits, training records, CAPA, supplier evaluations, KPI trends, software-based controls and audit trails.
  • On site: process walkthroughs, operator interviews at the machine or cell, verification of physical controls, storage, labeling, and the “feel” of day-to-day execution.

This hybrid model reduces travel time and disruption but still gives auditors enough direct observation to have confidence in the QMS effectiveness.

Constraints and failure modes for remote ISO 9001 audits

If you are aiming to maximize the remote portion of an ISO 9001 audit, common failure modes include:

  • Disorganized digital evidence: scattered records across shared drives, email, MES, ERP, and point tools, making it slow to retrieve objective evidence during a live remote session.
  • Poor connectivity or tools: unstable video or VPN access, insufficient cameras on the shop floor, or IT policies that block screen sharing.
  • Validation and traceability gaps: electronic QMS/MES systems that are not properly validated or lack robust audit trails can erode auditor confidence, increasing the need for on-site checks.
  • Inability to “follow the thread”: if the auditor cannot trace a part or order from contract through planning, production, inspection, and shipping using digital records, they will generally fall back to in-person verification.
  • Security and export controls: if ITAR/controlled technical data or classified work is involved, remote viewing or transmission of certain information may be restricted, limiting what can be shown remotely.

In brownfield environments with mixed legacy systems, paper travelers, and partial digitization, auditors often insist on at least some on-site time to compensate for limited system interoperability and patchy evidence trails.

How to prepare if you want more of the audit to be remote

You cannot dictate that your ISO 9001 audit will be remote, but you can make remote auditing more viable by:

  • Discussing remote options with your certification body early (scope, sites, processes, customer constraints).
  • Ensuring core QMS records are digital, indexed, and traceable across systems (e.g., NCR/CAPA, training, calibration, supplier approvals, management review outputs).
  • Implementing clear document control and version governance so auditors see only current controlled documents during screen shares.
  • Designing simple evidence “threads” (e.g., choose a recent order and ensure you can show the contract, planning, traveler or MES routing, in-process records, inspection, and shipping documentation end to end).
  • Testing remote access and tools (VPN, video on the floor, secure file sharing) with IT and, if needed, your compliance team, especially where export controls apply.

These steps do not guarantee a remote certification audit, but they reduce friction and give the certification body more confidence to shift portions of the work off site.

Bottom line

Remote techniques can absolutely support ISO 9001 certification audits, but they do not replace your certification body’s judgment or any sector or customer requirements for physical site visits. In industrial, regulated, and long-lifecycle environments, expect a hybrid model: extensive remote review of records and systems, combined with targeted on-site verification of real-world execution.

Related Blog Articles

Get Started

Built for Speed, Trusted by Experts

Whether you're managing 1 site or 100, Connect 981 adapts to your environment and scales with your needs—without the complexity of traditional systems.

Get Started

Built for Speed, Trusted by Experts

Whether you're managing 1 site or 100, C-981 adapts to your environment and scales with your needs—without the complexity of traditional systems.