Stage 2 Audit

A Stage 2 Audit is the second, formal phase of a management system certification audit. It is typically performed by an accredited third-party certification body to determine whether an organization’s management system has been fully implemented and is effective in meeting the requirements of a chosen standard, such as ISO 9001, ISO 13485, or ISO 27001.

What a Stage 2 Audit Includes

The Stage 2 Audit builds on the Stage 1 Audit (readiness and documentation review) and focuses on how the system works in practice. In industrial and manufacturing environments, it commonly includes:

• Review of implemented processes on the shop floor, in quality, maintenance, and supporting functions
• Verification that procedures, work instructions, and records are used as defined in the management system
• Interviews with operators, engineers, supervisors, and management to confirm understanding of roles and processes
• Sampling of records and data in MES, QMS, ERP, LIMS, and other OT/IT systems for traceability, change control, and deviation/CAPA handling
• Evaluation of compliance with regulatory or customer requirements that are referenced in the management system
• Assessment of monitoring, measurement, internal audits, and management review activities

The outcome of a Stage 2 Audit typically includes documented findings such as conformities, nonconformities, and opportunities for improvement. These findings are used by the certification body to decide whether to recommend initial certification of the management system.

Where It Fits in the Certification Cycle

A Stage 2 Audit is part of the initial certification process and normally follows this sequence:

1. Stage 1 Audit: Review of documented information, scope, and readiness.
2. Stage 2 Audit: Evaluation of implementation and effectiveness across relevant sites and processes.
3. Surveillance Audits: Periodic follow-up audits to confirm ongoing conformity.
4. Recertification Audit: Broader review before the certification cycle renews.

Operational Meaning in Manufacturing

In manufacturing, a Stage 2 Audit commonly involves:

• Walking production lines to see how standard work, digital work instructions, and change controls are applied
• Checking batch records, device history records, or lot genealogy for completeness and traceability
• Reviewing how nonconforming product, deviations, and CAPAs are identified, investigated, and documented
• Confirming calibration and maintenance controls for production and test equipment
• Validating that data in MES, QMS, and ERP systems is controlled, retrievable, and linked to the management system requirements

Common Confusion

• Stage 2 Audit vs. Stage 1 Audit: Stage 1 focuses on readiness and high-level design of the management system. Stage 2 focuses on actual operation and evidence of effectiveness.
• Stage 2 Audit vs. internal audit: An internal audit is performed by or on behalf of the organization itself to assess its own system. A Stage 2 Audit is performed by an external certification body as part of initial certification.
• Stage 2 Audit vs. regulatory inspection: A Stage 2 Audit assesses conformity to a voluntary or contractual standard. A regulatory inspection is performed by a regulator to assess compliance with laws or regulations.

Use in Regulated and High-Risk Industries

In regulated environments, such as pharmaceuticals, medical devices, aerospace, or food and beverage, Stage 2 Audits often place particular emphasis on:

• Document control and version management of procedures, specifications, and electronic records
• Data integrity and access control for OT and IT systems used as quality or production records
• Risk management processes that connect design, process control, and production monitoring
• Evidence that the organization identifies, investigates, and corrects systemic issues

While Stage 2 Audits are frequently associated with ISO-based certifications, the general concept applies to other formal certification schemes that use a staged audit model.