Definition

Third-party audit

A third-party audit is conducted by an independent, accredited certification body to evaluate conformity with an ISO standard.

A third-party audit is the formal process by which an accredited certification body evaluates whether an organization's management system meets the requirements of a specific ISO standard. It is the only audit that can result in issuing, maintaining or withdrawing an ISO certificate.

Key aspects

Accredited body

Only bodies accredited under ISO/IEC 17021-1 can issue internationally recognized ISO certificates.

Stage 1 and Stage 2

The initial certification audit is divided into two stages: document review (Stage 1) and on-site implementation assessment (Stage 2).

Certification cycle

The certificate is valid for three years with annual surveillance audits and a recertification audit at the end of the cycle.

Frequently asked questions

The certificate is not issued until the organization demonstrates effective corrective actions. The certification body grants a defined period to resolve them.

It can choose among bodies accredited for the scope of the required standard. Accreditation must be granted by an IAF (International Accreditation Forum) member body.

Comparison

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

Third-party audit

Key aspects

Accredited body

Stage 1 and Stage 2

Certification cycle

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Third-party audit

Key aspects

Accredited body

Stage 1 and Stage 2

Certification cycle

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Third-party audit

Key aspects

Accredited body

Stage 1 and Stage 2

Certification cycle

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Third-party audit

Key aspects

Accredited body

Stage 1 and Stage 2

Certification cycle

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?