+31 (0)73 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Français
  • België
  • Dutch
  • English
  • Français
  • België
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Discuss your situation
  • Information security
    • ISO 27001
    • NEN 7510
    • CyFun
      • CyFun verification
      • Request CyFun verification
    • ISO 27799
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 19770-1
  • Privacy
    • BC 5701
    • ISO 27701
    • GDPR standard BC 5701:2024 EN
  • IT assurance
    • SOC 2
    • ISAE 3402
    • ISAE 3000
  • Quality & continuity
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge & news
    • Knowledge articles
    • News
  • Academy
    • All training courses
    • NIS2 & CyFun
    • ISO 27001
  • About us
    • Accreditations
    • Careers
    • Compliment, complaint or tip
    • Locations
    • Privacy Statement
    • Contact

Preparing for certification

6
  • Certification checklist: how to prepare for certification
  • Do you have your first certification audit soon?
  • The certification process step by step
  • How long does ISO certification take?
  • How to conduct an internal audit
  • Describing the scope of certification: tips and examples

Audit process & certification cycle

7
  • Initial audit Stage 1
  • Initial audit Stage 2
  • What is a certification cycle?
  • Nonconformities within the management system
  • What should you know about certificate suspension or revocation?
  • Transfer of certification
  • The use of certification logos

Management systems & key concepts

6
  • Whitepaper management system audits
  • Quality Management: best practices for success
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Accreditation versus certification

Information security

3
  • Excelling in information security: best practices
  • Operational Capabilities: The Backbone of Information Security
  • The Traffic Light Protocol (TLP): what does it mean for you?

NEN 7510 & healthcare

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 & CyberFundamentals

5
  • ISO 27001 in a NIS2 context in Belgium
  • CyberFundamentals 2025: transition from CyFun 2023 to 2025
  • Self-assessment & CyFun verification: best chance of success
  • NIS2 liability for board members
  • CyberFundamentals Framework in Belgium: what is the relationship with NIS2?

Privacy & data protection

8
  • Transition to ISO/IEC 27701:2025
  • GDPR compliance best practices
  • Data breach: What is it and how do you prevent it?
  • Your Data Protection Officer and the GDPR
  • Your record of processing activities and the GDPR
  • Checklist for your BC 5701 certification
  • BC 5701 certification: where do you start?

Assurance audits

1
  • ISAE 3402 vs SOC 2: what is the difference?
View Categories

Initial audit Stage 2

In this article we would like to share our experiences with the Initial audit stage 2 audit, the second part of the audit of the certification process for a management system audit.

Looking back #

During Stage 1, it was assessed whether your organization is prepared for audit stage 2. In the closing meeting any areas of concerns within your management system were explained by the auditor. You have been given the opportunity to resolve the areas of concern in the period between the stage 1 and stage 2 audit. It is important that these are resolved in order to start stage 2 well prepared.

Initial Audit Stage 2

Ready for Stage 2 #

The stage 2 audit takes more time than the stage 1 audit. This is because the auditor assesses the implementation and effectiveness of the management system during stage 2. Are all processes performed as described? Is the policy complied with? Are employees aware of their contribution to the management system? Do you actively check the operation of the management system, and do you know to what extent the management system works effectively?

Focal points in preparation for a stage 2 audit #

Several components are essential during the initial audit stage 2. They are explained below.

  1. Ensure that you can substantiate compliance with the requirements of the standard with supporting documents;
  2. Ensure that you can inform the auditor about your performance control, measurement, reporting and assessment of the established performance objectives and targets. Ensure that you can substantiate this with supporting documents;
  3. Ensure that you can demonstrate that the management system is capable of fulfilling the requirements of legislation and regulations and contractual demands;
  4. Ensure that you can prove that you are in control of operational processes;
  5. Ensure that your internal audits and management reviews demonstrably contribute to the requirements and effectiveness of the management system;
  6. Finally, it is important that you can demonstrate that management takes responsibility for the adopted policy.

The methods used during the audit to obtain information include interviews with staff members, observations of processes and activities, and assessing documents, records and systems.

Completion of Stage 2 #

After completing the initial audit stage 2, the auditor and your organization will start with the follow-up process.

What will the auditor do? #

After the audit, the auditor prepares a report. An internal review is performed on the audit report before it is sent to you. In case nonconformities have been identified, so-called ‘nonconformity forms’ are prepared for you to complete.

What can you do? #

The good news is, in the meantime, you do not have to wait to resolve the identified nonconformities. During the closing meeting, nonconformities and possibilities for improvement are explained to you by the auditor. It is wise to immediately start formulating and implementing corrections and corrective measures. This way the process runs as smoothly as possible.

Certificate #

The auditor will nominate you for certification when you have resolved any nonconformities satisfactorily. The nomination will be presented to a Certification Committee that independently assesses your file. In case the Certification Committee comes to the same conclusion as the auditor, the file is transferred to the certification decision-maker for a final decision. After this, a certificate will be made based on the information from the audit report submitted to you. It is therefore advisable to check all the data on the report carefully, to ensure correct information on your certificate.

Finally #

This article intends to explain the process during and after the initial audit stage 2. You can use this article to prepare your organization for the audit. If you have any questions about the process, the audit cycle or further preparations to the audit, please get in contact with one of Brand Compliance’s Customer and Project Coordinators.

Share This Article :

  • Facebook
  • X
  • LinkedIn
Updated on 17 June 2025
Initial audit Stage 1What is a certification cycle?
Contents
  • Looking back
  • Ready for Stage 2
  • Focal points in preparation for a stage 2 audit
  • Completion of Stage 2
    • What will the auditor do?
    • What can you do?
    • Certificate
  • Finally

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 technical area 33 information technology and 35 other services.

View our accreditations

Contact

Have a question about certification, verification or assurance?

info@brandcompliance.com
+31 (0)73 220 2000

Prefer local contact details?
View our locations

Our locations

‘s-Hertogenbosch, The Netherlands

Antwerp, Belgium

Ottignies-Louvain-la-Neuve, Belgium

Stockholm, Sweden

Dublin, Ireland

Luxembourg, coming soon

Practical information

Privacy statement

Terms and conditions

Company details

Feedback and complaints

 

© Copyright 2026 Brand Compliance