Remote ISO 9001 Certification: How It Works

In an era of digital transformation, organisations are increasingly turning to remote ISO 9001 certification audits as a viable alternative to traditional on-site assessments. The COVID-19 pandemic greatly accelerated this trend  travel restrictions and safety concerns forced certification bodies to conduct audits virtually, and many found that remote audits can be effective when done well.…

In an era of digital transformation, organisations are increasingly turning to remote ISO 9001 certification audits as a viable alternative to traditional on-site assessments. The COVID-19 pandemic greatly accelerated this trend  travel restrictions and safety concerns forced certification bodies to conduct audits virtually, and many found that remote audits can be effective when done well. In fact, both auditors and clients have reported largely positive experiences with remote ISO 9001 audits, even in highly regulated industries. What began as an emergency measure is now evolving into a normal practice, with standards bodies formalising guidance for remote auditing techniques. ISO has clarified that remote auditing methods are meant to complement (not fully replace) on-site audits by leveraging technology to conduct audits effectively and efficiently. Executives, quality managers, consultants, and auditors alike are thus keen to understand how remote ISO 9001 certification works, what it requires, and how to make the most of it.

Remote ISO 9001 certification audits follow the same fundamental stages as on-site audits  planning, execution, and reporting  but these stages are adapted to a virtual environment. This article explains each stage of the remote audit process and the practicalities of conducting ISO 9001 audits off-site. We will discuss the technologies and platforms that make remote audits possible, the preparation required from organisations, and the benefits and limitations of remote certification. Real-world examples and official guidelines (from ISO and the International Accreditation Forum) are included to ground the discussion in current practice. Finally, we outline best practices for both auditors and auditees to ensure remote ISO 9001 audits are successful, credible, and smooth. The goal is to provide a comprehensive, professional guide for companies of all sizes, consultants, and auditors venturing into remote certification audits.

The Remote Audit Process: Planning, Execution, and Reporting

Remote auditing of an ISO 9001 quality management system involves the same objectives as an on-site audit  evaluating conformity to the ISO 9001 standard  but with auditors off-site using information and communication technologies (ICT). According to ISO 19011:2018 (the auditing guidelines standard), a “remote audit” refers to the use of ICT to gather information, interview an auditee, etc., when face-to-face methods are not possible or desired”. What follows is an overview of how a remote ISO 9001 certification audit is conducted, broken into the key stages of Audit Planning, Audit Execution, and Audit Reporting/Conclusion.

Planning the Remote Audit

Thorough planning is even more critical for remote audits than on-site audits. In this stage, the certification body (CB) and the organization coordinate to determine if a remote audit is feasible and set up all logistics in advance. In fact, ISO 19011 emphasizes that the feasibility of using ICT should be evaluated when establishing the audit program. Similarly, the IAF’s mandatory guidelines (MD 4) require the certification body to assess and document risks and opportunities associated with using ICT for the audit. This feasibility assessment considers factors such as the nature of the processes to be audited, the technological infrastructure available, and the competence of both auditors and auditee personnel with the proposed tech tools. If certain critical processes cannot realistically be audited remotely (for example, very hands-on activities in production), the audit plan might need to include some on-site component or at least ensure those areas will be addressed later.

Once remote auditing is deemed appropriate, detailed planning begins. The lead auditor will work with the organisation’s audit coordinator (e.g. the Quality Manager) to define the audit scope, objectives, and schedule just as for an on-site audit. However, remote audits often require more time and detail in planning. As noted by ISO’s Auditing Practices Group, “audit planning will, at least in the first audits, take longer” for remote audits. Extra planning time is needed to:

  • Agree on ICT platforms and tools: Early on, auditor and auditee must agree which technology will be used for video conferencing, screen sharing, file exchange, etc. (e.g. Zoom, Microsoft Teams, WebEx, or others). Both sides should choose a platform that is secure and accessible, and mutually agree to the use of ICT as required by IAF MD 4 The auditor will determine what tools are needed for different audit activities (interviews, document review, site walk-throughs). For example, a live video tour may be planned for a factory inspection, while a secure file-share might be used for reviewing procedures. Each chosen ICT tool should be clearly identified in the audit plan.

  • Assess and address risks: The planning stage includes identifying any risks to conducting the audit remotely. This includes technical risks (unstable internet connection, cybersecurity concerns) and risks to audit effectiveness (e.g. inability to observe certain controls firsthand). The audit team and organization should collaboratively document these risks and how to mitigate them. If a high-risk area is identified that cannot be effectively audited remotely, the plan may require an on-site audit for that area or other risk controls (for instance, using cameras or seeking alternate evidence). The overriding principle is that the integrity and objectives of the audit must not be compromised by the remote method.

  • Define the audit agenda in detail: Remote audits benefit from a very clear agenda and schedule. The plan should specify when and how each process and site will be audited, and who will be involved. Since auditors cannot physically “walk over” to find personnel spontaneously, specific times must be set for each interview and evidence review. The plan will list key auditee personnel (process owners, management, etc.) to be available at scheduled times. It’s advisable to schedule shorter sessions with breaks in between (e.g. several 2-3 hour sessions across days, rather than one very long day) to reduce screen fatigue and accommodate any time zone differences. In fact, remote audits need not always be on consecutive full days – the schedule can be more flexible, spread out in a way that minimizes disruption to the auditee’s operations. All of this should be agreed upon and documented in the audit plan.

  • Conduct a technology test run: A critical preparation step is to test the chosen communication tools before the actual audit day. Both the audit team and the auditee should verify that video conferencing works (camera, microphone, screen sharing) and that any remote access or file-sharing permissions are set up. It is recommended to hold a short “test call” or trial meeting in advance. The organisation might even conduct a brief mock interview or virtual tour to ensure everyone knows how to use the technology. ISO auditors advise confirming there is a “stable connection and people know how to use the technology” by doing a pre-audit ICT test. This practice can catch issues with firewalls, software, or user familiarity ahead of time. As one consultant notes, “A dry run will quickly show you gaps and omissions in your intended response methods.”. Both sides should also have a backup plan (for instance, exchanging phone numbers to call in case the video conference fails, or having an alternate platform ready).

In addition to the above, standard audit planning elements still apply: the auditor will review documentation (like the Quality Manual and past audit results) beforehand, and prepare checklists or sampling plans. The outcome of the planning stage is a confirmed audit plan that clearly identifies it as a remote audit, lists the schedule of activities, the ICT methods to be used for each, and any specific arrangements (such as a designated camera operator for a facility tour). Importantly, the plan will ensure that confidentiality and data security measures are in place  for example, agreeing that no meetings will be recorded without permission and that any shared documents will be handled securely. Once both the auditor and the auditee are comfortable with the arrangements, the audit moves to the execution phase.

Executing the Remote Audit

The execution stage of a remote ISO 9001 audit mirrors on-site auditing in purpose and sequence: there is an opening meeting, the collection of evidence through interviews/observations/document review, possibly team meetings (if multiple auditors), and a closing meeting. The difference is all these activities are conducted through ICT.

Opening Meeting: On the first day of the audit, the auditor holds an opening meeting via video conference or teleconference with management and relevant staff of the organization. During this meeting, aside from the usual introductions and overview of the audit scope, the auditor will re-confirm technical readiness and ground rules for the remote audit. For example, they will verify that the internet connection is stable at all participating locations and that everyone can see/hear clearly. If the auditor plans to take any screenshots or recordings of evidence (such as capturing a screen display of a record), they must ask for permission at this stage or whenever the need arise. The rules on not recording conversations without consent are emphasized to protect confidentiality. The auditor also ensures that all participants understand how to use features of the virtual meeting (mute/unmute, screen share, etc.)  a quick recap that helps avoid wasted time later. Once the ground rules and logistics are settled, the audit proceeds to evidence gathering.

Interviews and Document Review: Much of a quality management system audit involves interviewing employees and examining documents or records. In a remote audit, interviews are typically done via live video or at least audio calls. The auditor will schedule sessions with process owners, managers, and staff according to the plan. It’s important that the auditee’s team know the “dial-in” procedures  e.g. having the correct video conference link and any passwords, and joining promptly at their allotted times. During the interview, the auditor should verify who is present (noting names and roles, just as they would check IDs or business cards on-site). The auditor may ask the interviewee to show identification or simply rely on introductions by the audit host. Remote interviews should be approached with the same rigor as in person: the auditor asks open-ended questions, requests explanations of procedures, and cross-verifies statements with objective evidence. For example, if a manager says that internal audits are conducted regularly, the auditor might ask to see records of the internal audit program or reports.

Document and record review is accomplished through screen sharing or sending files electronically. Common techniques include: the auditee sharing their screen to display a procedure or record while the auditor reads it, or uploading documents to a secure shared folder for the auditor’s review. External auditors often use whatever method the client is comfortable with – whether it’s a controlled access to their document management system, a temporary SharePoint/Google Drive, or even emails with attachments. Auditors are being flexible in accepting evidence via scanned copies, photos of records, or live screen viewing. In one reported case, some companies without a digital system resorted to holding up paper documents to the webcam to show auditors. While not ideal and somewhat time-consuming, such improvised methods have been accepted when necessary, though everyone agrees it’s better to have documents digitised in advance. A best practice is for the auditor to request key documents ahead of the audit (e.g. a few days prior) so they can be reviewed off-line, reducing time pressure during the live audit sessions Many remote audits thus involve an exchange of information prior to the audit date  for instance, the auditor might ask for the quality manual, process mappings, or training records upfront, allowing more efficient use of live interview time.

Remote Site Tours and Observations: A unique challenge of remote ISO 9001 audits is how to perform the on-site observations that are normally part of an audit (like walking through a production floor or service area). Here, technology offers creative solutions. Organizations may use a mobile device (smartphone or tablet) with a video call to give the auditor a virtual tour of facilities. The auditor can direct the staff holding the camera to focus on specific equipment, areas, or activities, and can ask questions in real-time as the tour progresses To make this effective, companies should ensure the person filming is well-prepared they should practice how to use the phone camera steadily and speak clearly, and verify that wireless network coverage is strong in all areas that will be shown. If live streaming is problematic (due to bandwidth or safety restrictions), another approach is to provide pre-recorded video. For example, the organization might record a walkthrough of the factory a day in advance and send it to the auditor. The auditor can review the footage, note any points of interest, and then follow up during the live audit with questions or requests to see certain parts live if needed. Drones and fixed CCTV cameras have even been used in some cases to observe remote sites  the ISO Auditing Practices Group noted examples of using real-time video from drones or wearable cameras to verify physical settings (e.g. checking pipeline labels in a remote oil facility, or inspecting a warehouse). Whatever the method, the auditor must establish the veracity of what is being shown. For instance, they might ask to pan the camera around to ensure there are no blind spots, compare what they see with floor plans or Google Earth images for consistency, or ask an operator to demonstrate a machine’s operation on camera. All these measures help ensure that remote observation provides a truthful representation of the site.

Maintaining Effectiveness and Engagement: Conducting an audit remotely requires both auditor and auditee to pay close attention to communication. Without the benefit of in-person presence, it’s crucial to avoid miscommunications. Auditors often find they need to speak clearly, ask more clarifying questions, and actively seek confirmation that the auditee understands requests. They may also need to be patient if auditees have trouble sharing a screen or locating a file in a digital format. On the auditee’s side, it’s important to not hesitate to ask the auditor to repeat or clarify something said over a patchy connection. Both parties should ensure they minimize background noise and interruptions  muting microphones when not speaking and choosing a quiet setting for the audit sessions. One should treat a remote audit meeting like a formal on-site meeting: phones on silent, no multitasking, and full attention given.

Another key to effectiveness is managing fatigue and concentration. Staring at a screen for hours can be more exhausting than walking around on-site. It has been widely recommended to schedule regular breaks during remote audits. Short, frequent breaks to stretch and rest eyes are important for both the auditor and auditee participants. In on-site audits, many breaks happen naturally (e.g. walking between departments); in a remote audit, breaks must be consciously planned. Auditors note that building in small pauses also allows them to catch up on notes and analyze information received before moving on. For example, an auditor might say, “We will take a 15-minute break now,” and use that time to review the documents just shared and formulate any further questions. This practice leads to a more thoughtful audit and can reduce the need for backtracking later.

Handling Technical Issues: Despite best preparations, technical glitches can occur  internet outages, audio/video dropouts, or hardware failures. Both the auditing team and the auditee should have agreed on fallback arrangements. A common strategy, as noted by certification bodies, is that if connectivity issues arise, the parties first switch to a basic telephone call while attempting to fix the issue Many auditors will pause the audit (not counting that downtime against the audit time) while trying alternate solutions – for instance, if a video feed isn’t working, perhaps the auditee can quickly move to a different location or device, or the auditor can ask for photos to be emailed as a substitute for live video in that moment. If a critical portion of the audit cannot be completed due to technical failures, the audit may be rescheduled or extended to ensure completion Importantly, IAF guidelines state that any significant ICT malfunction time should not be counted as audit time, so auditors should be prepared to add time or arrange a follow-up session to cover what was missed. Overall, flexibility and communication are key – both sides should keep each other informed in real time if something isn’t working and jointly decide on whether to continue via an alternate mode or take a break to resolve the issue.

Audit Team Coordination: If the audit involves more than one auditor (e.g., a lead auditor and a technical expert, or an audit team for a large company), the team will need to coordinate remotely as well. Audit teams use private call sessions or chat channels to confer during the audit day (for example, the team might debrief in a separate call while the auditee is on break). They might also use collaborative tools to share notes among auditors. Remote audits often require the team to be well-organized in splitting up tasks – for instance, one auditor might interview the Quality Manager while another simultaneously reviews documents, to make efficient use of time. Clear definition of roles in the plan helps (e.g., specifying which auditor covers which clauses or processes). Some certification bodies have implemented dedicated audit management platforms that facilitate team coordination and evidence sharing in real-time. For example, an audit firm developed an online platform to upload and track audit evidence during remote assessments, ensuring all team members and the auditee have visibility. While not every audit will have such a system, even simple solutions like shared cloud folders or instant messaging apps can keep the remote audit team aligned.

Closing Meeting: After all planned audit activities are completed, the auditor will hold a closing meeting via video conference. This meeting is akin to the traditional closing meeting – the auditor presents a summary of findings, nonconformities (if any), and the overall conclusion (e.g. recommendation for certification or areas for improvement). In a remote context, the closing meeting might include a quick discussion on how the remote methods worked for both parties, especially if this is a new experience. Auditors often appreciate feedback on any ICT issues or what could be improved in future remote audits. The auditee’s management should still use this opportunity to ask questions about findings or next steps (just as they would on-site). One practical difference: if signatures are needed on attendance sheets or acknowledgment of findings, this may be done electronically (for example, via email confirmation, e-signature, or through the audit portal).

Reporting and Certification Decision

The final stage of the audit process is reporting the results and making the certification decision. From the perspective of the organization being audited, this works similarly to an on-site audit, with a few additional notes related to the remote nature of the audit.

Audit Report: The auditor will compile an audit report that documents all the usual content  which ISO 9001 requirements were assessed, what evidence was examined, any nonconformities or observations raised, and a conclusion on system effectiveness. For remote audits, auditors are advised to clearly state the extent to which ICT was used and evaluate its effectiveness in achieving the audit objectives. For example, the report may note that the entire audit was conducted via video conference and secure document sharing, and that this approach was sufficient to assess most processes. If any parts of the QMS could not be effectively audited remotely, the report should specify those gaps. An ISO guidance document recommends that the report “indicate those processes that could not be audited and should have been audited on-site”, as this information is important for planning subsequent audits. In practice, this means if certain clauses or site activities were omitted due to remote limitations, the certification body might schedule an on-site visit at a later date or cover those areas in the next surveillance audit. Including this in the report ensures transparency to the certification decision-makers and to future auditors.

The audit report will also note any nonconformities found, and the process for corrective actions remains the same  the organisation will need to propose and implement fixes for any nonconformance, and the auditor will verify them (which might also be done remotely by reviewing evidence of correction). The difference is just in how evidence of corrective action is submitted (likely electronically).

Certification Decision: For ISO 9001 certification audits (especially initial Stage 1 and Stage 2 audits), the certification body’s internal process involves a technical review of the audit report and a certification decision committee (or person) granting the certificate. This process does not change with remote audits, except that they will be conscious of the fact the audit was done remotely and ensure that it met all requirements. Accreditation rules (e.g., IAF MD4) permit a fully remote certification audit as long as the audit is effectively able to meet objectives. Notably, the IAF removed prior restrictions on the percentage of audit time that could be remote  since 2018, it is possible for 100% of an ISO 9001 audit to be conducted remotely if appropriate. That said, some certification bodies exercise caution for initial (first-time) certification audits. For example, one major certifier advises that purely remote audits may not be suitable for initial certification due to higher risk (lack of familiarity with the system) and they prefer at least some on-site presence in such cases. In extraordinary circumstances (like a pandemic), even initial certifications have been done fully remote, but the CB might schedule an early follow-up visit when feasible to increase confidence. In any case, if the audit evidence is sufficient and any nonconformities are resolved, the organisation can be recommended for ISO 9001 certification. The resulting certificate typically does not distinguish that the audit was remote  the certification is the same. It is wise, however, for the organisation to keep a record of the fact the audit was remote, and be prepared for possibly different arrangements in future surveillance (some of which might be on-site once normal conditions resume or if required to sample things not checked remotely).

Audit Records and Feedback: Both the auditee and auditor should retain records from the remote audit as they would normally  this includes the audit plan, report, and any notes or downloaded evidence (with proper security). One additional practice encouraged by ISO/IAF is for the audit team to give feedback to the audit program manager about the use of ICT. The CB can learn from each remote audit to improve their processes or guidance for auditors (for instance, noting if a particular tool didn’t work well or if certain additional training is needed for auditors on remote techniques). From the organisation’s side, it’s also helpful to reflect on the remote audit experience and share any concerns or suggestions with the auditor or certification body. This two-way feedback loop is helping the industry refine remote auditing methods continuously.

In summary, the remote audit process involves careful upfront planning, the use of technology to perform the same audit steps as on-site (with adjustments for virtual interaction), and thorough documentation of how the audit was conducted. As long as these steps are managed diligently, a remote ISO 9001 audit can deliver results comparable to an in-person audit – a fact evidenced by many successful remote assessments over the past few years.

Technologies and Platforms Used in Remote Audits

Remote ISO 9001 audits heavily rely on modern information and communication technology (ICT). Here we outline the common technologies and platforms that enable auditors and auditees to connect across distances and share information securely:

  • Video Conferencing Tools: High-quality audio/video meeting software is the backbone of remote audits. Platforms such as Zoom, Microsoft Teams, Google Meet, WebEx, GoToMeeting, or industry-specific tools are commonly used for live conversations. Video conferencing allows the auditor to hold interactive opening/closing meetings and interviews as close to “face-to-face” as possible. Most auditors prefer to have video enabled (not just teleconference) because seeing the auditees provides visual context and better communication. Screen sharing features are particularly important for going through documents together or demonstrating systems. The choice of platform is usually flexible  auditors often accommodate the organization’s preferred software, especially if the company’s IT security policy only allows certain applications. What matters is that the tool is stable and secure. Both parties should ensure they have the latest version installed and that they are familiar with using it (hence the value of a test meeting beforehand).

  • Secure File Sharing and Document Repositories: Since the auditor will need to review documents and records, a secure method of transferring or accessing files is required. There are several approaches:

    • Shared Cloud Folders: Many audits use cloud storage services like OneDrive, SharePoint, Dropbox, Google Drive, or Box to share documents. The organization might create a folder with read-only access for the auditor and upload requested files there. It’s important to manage permissions carefully for example, provide access only to necessary documents and revoke access after the audit.

    • Email with Encryption: Some smaller audits may simply rely on emailing documents. If email is used, large files might be an issue and security should be considered (password-protecting sensitive PDFs or using encrypted email).

    • eQMS or Audit Platforms: If the organization has an electronic Quality Management System (eQMS) or if the certification body has a dedicated audit portal, these can be leveraged. An eQMS can allow the auditor direct read-only access to the relevant procedures and records, which is very efficient. Some certification bodies have portals where clients upload evidence and documents for the auditor to review. For instance, auditors might allow scanned records to be uploaded securely through their platform rather than via third-party services.

    • Real-time Screen Sharing: In cases where files cannot be easily shared or should not leave the company’s network, the auditee can share their screen during the audit to show documents. The auditor can then read the document in real time without actually receiving a copy. This method ensures no file transfer, though it requires coordination (the auditee may scroll or navigate as directed by the auditor).

    Regardless of method, information security is paramount. The same confidentiality rules that apply in an on-site audit also apply in remote audit. Certification bodies instruct that no unauthorized recording or retention of documents should occur. All evidence collected should be handled confidentially and disposed of properly after the audit (with only the audit report and necessary records retained). Using secure, agreed platforms (instead of ad-hoc or insecure channels) is a best practice to maintain trust.

  • Remote Desktop and System Access: Sometimes the auditor may need to inspect records that are in an internal system (for example, an ERP or quality database). Rather than simply showing the screen, the organization might grant the auditor temporary remote desktop access or a guest login to view the system. Tools like VPN access or remote desktop software can allow the auditor to navigate a system under supervision. However, this is usually read-only and carefully controlled. In many cases, screen sharing suffices, but in complex scenarios (say, wanting to query data in a live system), a direct access can be arranged. This requires IT support to set up and should be tested for connectivity and permissions.

  • Cameras and Recording Devices: To audit physical processes or observe the workplace, auditors rely on camera technology:

    • Webcams: Most laptops or external webcams are used in meeting calls for individuals. Ensure the camera can be pointed to documents or small items if needed (though often a phone is better for mobile viewing).

    • Smartphones/Tablets: As mentioned, mobile devices are extremely useful for doing a “virtual tour” of facilities. They can broadcast live video from the shop floor, warehouse, or any location. The person holding the device can use the rear camera to show machinery, safety signs, calibration stickers, etc., while talking to the auditor. Modern smartphones have high resolution cameras which can capture details if the connection bandwidth is good.

    • Wearables: Some companies have begun experimenting with wearable cameras or smart glasses for audits. For instance, a headset or glasses with a built-in camera (and microphone) can allow a person to work hands-free while the auditor sees what they see. This can be helpful in situations where an employee needs both hands free to, say, open a panel or handle a product while showing it. The DEKRA certification body notes that handheld devices, smartphones, and wearable technology may all be implemented to facilitate remote audits.

    • Drones and CCTV: In expansive or hard-to-reach sites (like large outdoor facilities, construction sites, or remote locations), drones can provide video footage. There are examples of auditors using drones to inspect areas like tank farms or pipeline routes where an in-person audit would also rely on visual surve. Additionally, if the site already has closed-circuit cameras, the auditor might ask to view those feeds if appropriate (e.g. monitoring a process line remotely).

    • Photos and Scans: Still images are also used – an auditor might ask for photos of specific items (equipment nameplates, tool calibration certificates, etc.) to examine details. Scanned copies of records serve as evidence for document review if live sharing is not practical.

  • Communication and Collaboration Tools: Beyond the main video meeting, teams might use other tools to coordinate:

    • Chat/Messaging Apps: Tools like Microsoft Teams chat, Slack, or even WhatsApp can be used (if allowed) to send quick messages or clarify something during the audit without interrupting the formal meeting. For example, an auditor might send a message, “Please pull up document XYZ for the next part,” to the host while they are finishing an interview with someone else.

    • Collaborative Documents: Auditors sometimes share a live document (like a Google Doc or Office 365 document) with the auditee for things like the audit plan or an agenda, so both can update status in real-time.

    • Task Management Systems: If the audit is conducted through a platform, it may have an integrated task tracker for any information requests or nonconformance management. If not, even a simple spreadsheet listing requested evidence and status (provided to the auditee upfront) can help keep everyone on the same page.

In summary, a variety of technologies are leveraged in remote auditing. The exact mix of tools will depend on the context and the organisation’s capabilities. A small enterprise might use a simple combination of Zoom + email for documents, whereas a large corporation could involve dedicated audit software and multiple camera setups. The key is that technology should enable the audit to be as close to an on-site experience as possible. When used properly, these ICT tools can even enhance the audit  for instance, screen sharing a procedure might be more efficient than crowding around a paper manual on-site, and bringing in a global expert via video link is easier than flying them in. At the same time, both auditors and auditees must be mindful of the limitations and security implications of technology, which we will discuss in later sections.

Preparing for a Remote Audit: Requirements for Organisations

For an organisation undergoing a remote ISO 9001 certification audit (whether it’s an initial audit or a surveillance/recertification), preparation is critical. The success of the remote audit hinges not only on the auditor’s planning but equally on the auditee’s readiness. Below are key requirements and steps organisations should take to prepare:

  • Reliable Internet and IT Infrastructure: Ensure that you have a stable, high-speed internet connection in the locations from which you will participate in the audit. If multiple people in different sites will join, each site’s connectivity should be tested. Consider having a backup internet source (for example, a mobile hotspot) in case the primary connection fails. It’s also important to have functioning hardware: a computer with a camera and microphone (or a separate webcam), and possibly a smartphone or tablet for any live video walkthroughs. Test all devices beforehand to verify they can run the chosen video conferencing software smoothly. If certain areas of your facility have poor Wi-Fi or mobile signal, plan around that (you might pre-record those areas or set up a temporary signal booster if needed).

  • Agree on and Test the Communication Tools: As noted earlier, the auditor should discuss with you which platform will be used (Zoom, Teams, etc.). Once decided, install any required applications on the computers or devices that will be used, and perform a test call. Make sure your team knows how to join the meeting, use the mute button, turn on/off video, and share their screen. If the platform requires creating accounts or login credentials (e.g., an MS Teams invite or a WebEx login), arrange those ahead of time. Also test peripheral equipment: for instance, if you will use a headset for better audio, verify it works; if you plan to use a mobile phone for a tour, test joining the meeting from the phone and check that the camera can broadcast clearly. Do a trial run: It’s recommended to schedule a brief internal practice session or a call with the auditor to iron out any technical wrinkles This will build confidence on the audit day.

  • Brief and Train Your Team: Remote audit day is not “business as usual”  your employees should treat it with the same importance as an on-site audit. Inform all relevant personnel about the audit schedule, their time slots for interviews, and what is expected. Provide guidance on basic etiquette during video meetings: be on time, dress professionally (at least business casual as you would for an in-person meeting), and minimize distractions. Make sure everyone knows how to log into the meeting and has the necessary links or dial-in info. It’s also wise to designate a quiet, appropriate environment for each person’s video call – for example, if a manager is working from home, they should plan to be in a quiet room with no interruptions during their segment. If people will be in the office, perhaps reserve a conference room with good connectivity for the audit interviews. The “responsible person” (often the quality manager or management representative) should be available for the entire audit in case the auditor needs to reach them.

  • Set Up a Dedicated Audit Space: If possible, have a central control point for the audit. For instance, the quality manager might be in a meeting room at the facility with the necessary computer setup and have key documents on hand (digitally). This person can then coordinate bringing others on video or fetching any additional info the auditor asks for. In some cases, organizations set up a sort of “war room” for the remote audit, where a small team is co-located and can quickly communicate off-camera while one person interacts with the auditor. If co-location isn’t possible (like everyone is remote), ensure there’s a way for your team to communicate internally during the audit (e.g., via a separate chat group) without the auditor having to wait while you chase answers.

  • Digitize Documents and Records: One of the biggest tasks for auditee preparation is to ensure all needed audit evidence is available in a digital format. Review the audit plan or any document request list provided by the auditor (usually, they will specify documents to have ready, such as procedures, work instructions, internal audit reports, management review minutes, etc.). Gather these in advance. If they are not already electronic, scan paper documents to PDF or take clear photographs. Pay special attention to records that the auditor is likely to sample: e.g., calibration records, training records, production inspection records, customer complaint logs. Having these ready will save time during the audit. As one source noted, companies that were mostly paper-based had to spend significant time scanning documents or even showing them page by page on camera, which “slows down the audit significantly”. Avoid that pain by doing the conversion up front. In addition, think about how you will share these documents. If you haven’t set up a file-sharing method yet, decide whether to use the auditor’s portal or a cloud folder or screen-sharing (as discussed in the technology section). If using a shared folder or eQMS, organise it logically (perhaps in folders by audit clause or by process) so that it’s easy to navigate during the audit.

  • Prepare Demonstrations of Processes: Beyond documents, consider how you will demonstrate implementation of certain processes. For example, if the auditor wants to witness how you conduct incoming inspection or how a service is delivered, plan for a short video demo. Identify which processes or areas will be shown live and ensure those areas are tidy, accessible, and that the staff involved are briefed. For manufacturing or physical operations, do a walkthrough beforehand to pick the best route for a virtual tour  note any lighting issues, noise (you might schedule that tour when noisy machinery can be turned off briefly), or safety considerations (the person holding the camera might need proper PPE and to mind their surroundings). Practice holding the camera steady and test the microphone in that environment so your narration can be heard. The person conducting the virtual tour should know the audit objectives and be ready to follow the auditor’s instructions (like moving closer to an equipment nameplate or zooming in on a label). If a virtual facility tour is not feasible (maybe due to safety or connectivity constraints), work with the auditor to possibly use pre-recorded video or photos as evidence. In any case, prepping these visual evidences in advance will make the audit smoother.

  • Security and Access Considerations: Coordinate with your IT department on any network or security settings required. Some companies have strict firewalls that might block video calls or external remote access. Test the chosen platform on the network you’ll use  if it’s blocked, you may need a workaround (e.g., using a personal device on a mobile network or asking IT to allow a certain domain temporarily). If the auditor needs access to any internal system, create a user account with appropriate read permissions and get IT to set it up in advance. Make sure that sharing of documents complies with your company’s policies  for instance, if certain sensitive documents can’t be sent out, arrange screen share sessions for those. Additionally, clarify rules on recording: usually, neither side should record the meeting unless there is an agreement. If you have a policy against recording, communicate that to the auditor (though reputable auditors will always ask permission anyway). The IAF and ISO emphasize that confidentiality and data protection measures must be agreed by both parties, so have those discussions early (e.g., “We will use our secure FTP for file transfer and require that files be deleted after audit”; “Please do not record video or take screenshots of certain proprietary documents without permission,” etc.). When the audit is finished, remember to remove any external accounts or access you provided to the auditor and revoke shared link permissions, as a security best practice.

  • Logistics and Scheduling: Since remote audits allow flexibility, use that to your advantage. Work with the auditor to set a schedule that causes minimal disruption. For example, if you have operations in multiple time zones, you might split the audit days to accommodate local working hours in each region. If key people are only available at certain times (e.g., the CEO can only join at 9 AM for the opening), arrange the agenda accordingly. Also ensure normal work doesn’t interfere  it might be tempting for staff to try to do their regular tasks while attending the audit remotely, but they should ideally clear their calendar for their audit slot to focus. If the audit spans multiple days, plan a short recap each morning internally to ensure everyone is aligned on what’s coming that day.

By diligently preparing in these ways, an organisation will set itself up for a smooth remote audit. Essentially, it boils down to making sure people, technology, and information are ready and accessible. Many organisations have found that the effort spent preparing for a remote audit actually yields side benefits  for instance, it forces them to organise and digitise their quality records better (useful for day-to-day efficiency too), and it trains staff on new communication tools. Indeed, the surge in remote audits has been a wake-up call for some SMEs to “sort out their tech and ensure they have flexible, digital tools to securely manage documentation” for audits. The better prepared you are, the more the auditor can focus on evaluating your quality system rather than troubleshooting technical issues or waiting for documents.

Benefits of Remote ISO 9001 Certification Audits

Remote auditing introduces numerous advantages for both organisations and auditors. While on-site audits have their own strengths, the remote approach can provide distinct benefits that make the certification process more efficient and accessible. Here are some key benefits:

  • Reduced Travel and Cost Savings: One of the most immediate benefits is the elimination of travel requirements for auditors (and sometimes for auditees across multiple sites). This leads to lower costs for the certification audit since expenses for flights, hotels, meals, and travel time are greatly reduced. For small and medium enterprises (SMEs) with tight budgets, remote audits can make ISO 9001 certification more affordable. Even for large corporations, the savings per audit can be significant, especially if you have many sites to be audited. Additionally, auditors can use the time saved from travel to focus more on the audit itself or to conduct more audits, potentially leading to more timely audit scheduling.

  • Scheduling Flexibility and Convenience: Without travel logistics, it’s generally easier to schedule remote audits at mutually convenient times. Auditors and auditee personnel can join from wherever they are, even from home offices. This flexibility can sometimes allow splitting the audit into smaller chunks (as discussed, not necessarily back-to-back full days), which can be easier on everyone’s schedule. Furthermore, different time zones can be navigated without anyone flying internationally  for example, a U.S.-based auditor can audit a company in Asia remotely by adjusting session times, without the need for long-haul travel. Remote audits also mean less intrusion into the workplace; staff can join an interview and then easily return to their work, rather than dedicating whole days to escorting an auditor on-site. One source notes “faster and more flexible timing as different schedules are more easily accommodated” in remote audits. This agility can be especially useful when audits are needed on short notice or to maintain certification during emergencies.

  • Minimal Disruption to Operations: An on-site audit often requires meeting rooms, plant tours, and pulling employees away from their work for extended periods. Remote audits can result in minimal workflow interruption. For instance, instead of having 10 people sit in a conference room for an opening meeting, they can each join from their desks and then immediately resume work afterward. When the auditor is reviewing documents, the auditee staff isn’t “entertaining” them; the auditor is essentially self-sufficient with the materials provided. Production or office work can continue in parallel as long as the needed personnel are available at scheduled times. Also, issues like providing physical office space and amenities for the auditor disappear. Some companies appreciate that remote audits are less intrusive  as one quality manager humorously observed, “If you must show things via Teams or Skype this is even more exciting… people really liked it” after they tried it, because it felt less disruptive than having someone physically walking around all day. The process becomes part of the normal virtual work environment.

  • Access to a Wider Pool of Expertise: Remote auditing allows greater participation of experts and support personnel without logistical barriers. If the audit team needs a technical expert for a specific process, that expert can join the call for just an hour from anywhere in the world, rather than incurring travel just for that contribution. The ISO Auditing Practices Group highlighted this benefit: an expert needed for only a short analysis can contribute remotely, which “might not be possible due to financial or logistical constraints” if travel were required. Similarly, top management or department heads who are traveling or in different offices can still join critical audit meetings remotely. This flexibility ensures the audit can involve the right people at the right time. It also means multi-site organizations can have all site representatives dial into a single opening or closing meeting, promoting a consistent understanding across the organisation.

  • Environmental and Safety Benefits: Less travel doesn’t just save money – it also yields an environmental benefit by reducing carbon emissions associated with flights and car trips for auditors. Organizations with sustainability goals may appreciate that remote audits help shrink the carbon footprint of the certification process. From a safety perspective, remote audits eliminate any risks related to travel (e.g. accidents) and reduce on-site exposure (relevant not only during a pandemic but also if a site has inherent hazards). In hazardous industries or extreme locations (offshore facilities, mines, etc.), having at least part of the audit done remotely can keep people out of harm’s way. Remote audits also avoid potential health issues  for example, during flu season or pandemics, minimizing visitors is a health benefit. One could also consider personal safety: an auditor not having to drive in a snowstorm to reach a site, etc.

  • Maintaining Business Continuity: The ability to conduct audits remotely has proven crucial for business continuity. In situations where travel is impossible or risky (pandemics, natural disasters, political unrest), remote audits allow organizations to maintain their ISO 9001 certification schedules instead of postponing audits indefinitely. The IAF even explicitly encouraged ICT auditing as a means for continuity during COVID-19. Companies that might otherwise have had lapses in certification were able to undergo remote audits and keep their credentials active. This agility can also apply to internal company disruptions  for instance, if a key location is temporarily inaccessible due to a local incident, the audit might still proceed with remote methods for other locations. Essentially, remote auditing provides a Plan B for situations where on-site audits can’t happen, ensuring that quality compliance verifications carry on.

  • Enhanced Audit Focus and Planning: Interestingly, both auditors and auditees have observed that the necessity of remote auditing has driven improvements in audit planning and focus. Because remote audits require defining agendas and requesting documents in advance, they often lead to a more structured and well-prepared audit. Auditors report that they had to coordinate more with clients beforehand, which in turn made the audits more effective – one benefit that “will hopefully be embraced moving forward to on-site audits” as well. Auditees, on their part, have to be more organized (e.g. digitising records, scheduling people precisely), which can result in a more efficient audit execution. Some even find remote audits more efficient in certain aspects: for example, an auditor can review documents on their screen faster (zoom in, search text if PDF) than flipping through paper on-site. Also, since participants join only for their segment, they can remain focused on those topics, rather than sitting through an entire on-site agenda. All of this can contribute to an audit that is highly focused on objectives and evidence, potentially uncovering the same or more insights in less overall elapsed time.

  • Reduced Auditor Fatigue = Better Audits: From the auditor’s perspective, not having to travel constantly can improve their wellbeing and alertness. NQA (a certification body) noted that remote auditing “reduces auditor travel fatigue and associated stress”, thus increasing auditor resiliency. A fresh and focused auditor is likely to perform better during the audit – noticing details, asking pertinent questions, and not rushing due to travel constraints. Auditors who aren’t exhausted from a red-eye flight or long drive can be more present during the remote audit. This subtle benefit ultimately accrues to the auditee in the form of a higher-quality audit.

  • Opportunity for Hybrid Approaches: Embracing remote methods doesn’t mean everything must be remote. Many foresee a hybrid model going forward using remote audits where they make sense and on-site visits when needed. The benefit is that organizations and CBs have more tools in their toolbox. For example, a three-year certification cycle might include a remote surveillance audit in year 2 and an on-site recertification audit in year 3, optimizing cost and thoroughness. Or an audit could be split: documentation and some interviews done remotely, then a shorter on-site visit for a facility check. The experience gained in remote auditing gives everyone more flexibility to design audits efficiently. As one lead auditor put it, “I see the future as a hybrid of remote and in-person. We can do either/both but remote is a great way to start with new clients.”.

In summary, remote ISO 9001 certification audits can deliver significant benefits: cost and time savings, less disruption, broader access to expertise, safer and greener operations, and sustained audit programs under difficult circumstances. Many organizations have found that, contrary to initial skepticism, remote audits can be “just as effective as the on-site version” when done properly. The key is to leverage these advantages while managing the accompanying limitations, which we will discuss next.

Limitations and Challenges of Remote Auditing

Despite its many benefits, remote auditing also comes with limitations and challenges that organizations and auditors must acknowledge and manage. These challenges are the reason why remote audits are considered an augmentation, not a full replacement, of on-site audits. Understanding these limitations helps in deciding when a remote audit is appropriate and how to mitigate potential downsides:

  • Difficulty Auditing “Hands-On” Processes: Certain processes are inherently harder to evaluate remotely. For example, activities like manufacturing operations, warehouse receipt and storage, assembly line processes, or maintenance work usually rely on direct observation. Through a camera lens, the auditor’s field of view is limited and they might miss contextual details. As one certification body observed, auditors find it challenging to remotely audit processes like receiving, production, and physical verification steps. There’s also the possibility that the auditee, acting as the camera operator, might guide the view to specific items, potentially missing problems elsewhere. This is not necessarily intentional, but the auditor is not in control of where to look except by instruction. Additionally, many industrial sites restrict use of cameras or phones for safety, security, or proprietary reasons. If an area doesn’t allow video devices, the auditor cannot observe it remotely at all. These factors can diminish the effectiveness of auditing certain operational controls. The mitigation is often to do a partial on-site audit for those elements or to postpone their audit until an on-site can be done. In practice, some industries (like automotive manufacturing under IATF 16949) disallowed remote audits except in emergencies, precisely because of concerns about fully assessing the production floor remotely. For ISO 9001 in general, remote audits are allowed, but one should honestly assess if all critical processes (especially those affecting product quality directly) can be sufficiently checked via ICT. If not, a limitation exists that must be addressed (perhaps by an on-site visit later or additional testing).

  • Reduced Ability to Read Physical and Human Cues: Auditors often rely on subtle cues when on-site – body language of the auditees, the general morale or culture observable in the workplace, and even sensory cues (like noticing an out-of-calibration gauge by seeing its sticker, or spotting an oil leak in a machine during a tour). Remote audits inevitably filter out some of these holistic observations. Over a video call, it’s harder to notice if someone is anxious or if a quick look between two participants reveals uncertainty. One auditor in a remote audit noted the lack of full visual cues and environment context as a downside. Also, an auditee might more easily “hide” things off-camera  e.g. a stack of unfiled documents or a messy work station that would be obvious in person might never be shown. While skilled auditors know how to ask for broader views or different angles, it’s still possible that some compliance issues go undetected without the freedom to wander and observe spontaneously. This limitation can impact the depth of findings  remote audits might skew towards document-based conformance and miss some on-the-ground reality. Auditors compensate by asking more questions and requesting sample photos or evidence, but it’s a challenge to overcome completely.

  • Technology Troubles and Interruptions: The effectiveness of a remote audit is highly dependent on technology working smoothly. Poor internet connections, audio echoes, video lags, or screen-sharing failures can significantly hinder the audit process. If participants struggle to hear each other or if a screen share blurs out when scrolling, valuable time is lost and miscommunications can occur. In the worst case, parts of the audit might have to be repeated or extended due to technical downtime. This can cause frustration on both sides. There is also the simple fact that people might not be equally tech-savvy  some auditors or auditees not fully comfortable with the tools could slow down the process or make errors (like accidentally not sharing the correct screen, or forgetting to unmute while giving a critical answer). While training and practice mitigate this, not everyone adapts readily to a virtual format. Another subtle issue is that remote communication demands more concentration (as mentioned earlier with fatigue). If an auditee or auditor loses focus for a moment (perhaps due to an email popping up or other multitasking temptation at the computer), they might miss something. In a face-to-face setting, it’s easier to maintain engagement. Thus, technical and human factors can disrupt the flow of a remote audit. The contingency  as discussed  is to have backup methods (like phone or alternative platform) and to plan for extra time or breaks. However, one should anticipate that a remote audit can stretch longer if these hiccups occur, whereas a well-run on-site audit might proceed more predictably once travel is done.

  • Heavy Reliance on Digital Documents: If an organization’s QMS records are largely paper-based or not centrally accessible, remote auditing becomes cumbersome. Companies that haven’t digitized their quality documents will find remote audits labor-intensive in prepping materials. The need to scan or photograph many documents is not only time-consuming, it also raises the chance of missing pages or scanning errors. There’s also a potential confidentiality risk in transferring a lot of files electronically (if not done securely). In some reported scenarios, employees had to scramble to scan contracts, POs, traveler sheets, etc., and sometimes ended up literally holding documents up to a webcam when the volume was too great to scan individually. This is inefficient and could lead to incomplete evidence if, say, a page isn’t shown clearly. Moreover, if an organisation’s records are not well-organised to begin with, a remote audit will expose that pain point  it might take them a long time to find and send what the auditor asks for, possibly delaying the audit. The underlying limitation is that remote audits force a level of digital organisation that not every company has yet. The obvious solution is for companies to invest in an electronic document system or at least to use the push for remote audit as motivation to organise files. In the meantime, auditors might need to be patient or reschedule portions of the audit to give the auditee time to fetch and send records.

  • Potential Security and Privacy Concerns: Using ICT means transmitting potentially sensitive information over networks. Some organizations may be uncomfortable showing certain proprietary processes on camera or sharing documents electronically. There could be legal or contractual restrictions (for example, designs or customer data that cannot be shown to external parties or taken off-site, even if the auditor is under NDA). Remote audits thus sometimes run into limitations on what can be shared via ICT. The IAF MD4 guidance acknowledges that in some cases the use of ICT might not be allowed due to security or data protection rules. For instance, a defense contractor might not allow video devices in certain areas or digital export of any QMS documents. In such cases, a remote audit has clear boundaries and might not satisfy the audit objectives fully. Organizations and auditors need to navigate these carefully, possibly substituting with on-site audits for those parts. Privacy is another aspect  employees may be uneasy being on camera or recorded (though recording isn’t done without consent, just the feeling of being “observed via webcam” can be uncomfortable for some). There’s also a risk of violating privacy if, say, an auditor inadvertently sees confidential info in the background of a screen share. Strict protocols (like closing unrelated windows, using virtual backgrounds if at home, etc.) need to be followed, but the risk can’t be entirely eliminated.

  • Not Suitable for All Situations (Initial Certifications, Certain Industries): As noted, remote audits are not a one-size-fits-all solution. Many accreditation bodies initially limited what portion of an audit could be remote, and even though the hard limits were lifted, some schemes still impose restrictions. For example, the aerospace ISO 9100 scheme (at least outside of pandemic allowances) caps remote audit time around 30% normally. In general ISO 9001 certification, there is no fixed cap now, but risk-based consideration is emphasized. A high-risk situation (a very large or complex operation, or a company with a history of nonconformities) might warrant an on-site audit because the chance of missing something remotely is deemed too great. Indeed, DEKRA (a CB) explicitly states “remote auditing is not suitable for initial certification audits” in their view, due to the lack of familiarity and higher uncertainty. A first-time certification often involves building trust and understanding the company culture, which is harder remotely. Therefore, some CBs may decline to do a totally remote Stage 2 audit unless circumstances force it. From the auditee’s perspective, they may also feel more comfortable with an auditor seeing the real operations in person at least once, to avoid any doubt about the thoroughness of certification. So a limitation is that remote methods have not completely replaced on-site  for certain audits you might still need to accommodate a physical visit, either now or eventually. Organisations should be prepared that a remote audit today could be followed by an abbreviated on-site verification tomorrow if the CB or accreditation rules require it.

  • Human Preference and Change Management: Finally, a softer challenge is that not everyone likes remote audits. Some auditors frankly “are not comfortable with the ICT technology and find auditing remotely frustrating”. Similarly, some auditees prefer the personal touch of having an auditor on-site  it can feel more direct and easier to communicate. Remote interactions lack the personal rapport-building that happens when an auditor tours the facility, chats with people during breaks, etc. This can impact the auditee’s perception of the audit’s value. The quote from a QHSE manager after trying a remote audit is telling: “Remote auditing was certainly not what we wanted in the beginning… personal contact is important so onsite audits have to remain.”. While he acknowledged people “really liked” the remote experience once they tried it, he also emphasises that human face-to-face interaction still has an important place. Thus, a challenge is balancing the new remote methods with the traditional approach in a way that people accept. Over time, as remote auditing becomes more normal and technology improves (perhaps even virtual reality audits in the future), these reservations may lessen. But at present, change management  training auditors to audit remotely effectively, and convincing organizations of its credibility  is part of the journey.

In light of these limitations, both auditors and organizations are advised to adopt a case-by-case approach. ISO’s stance (reflected in ISO/IEC TS 17012:2024) is that remote auditing is a tool to be used where appropriate, and not an outright substitute for on-site audits. The limitations can be mitigated by careful planning (as we described) and by hybrid auditing models. For example, if a particular process can’t be checked remotely, plan an on-site check later; if an auditor is uncomfortable with tech, provide them training or a co-auditor. The decision to perform a remote audit should always weigh these factors  ensuring that the audit objectives can still be met with confidence. When the risks of a remote audit outweigh the benefits, an on-site audit is likely the better choice. In many cases, however, with proper preparation and skilled execution, the challenges can be managed and a remote audit can deliver strong results. The next section will outline official guidelines that help navigate these decisions and provide best practices to address some of these challenges.

Guidelines from ISO and IAF on Remote Auditing

Remote auditing of management systems, including ISO 9001, has been formalized through various guidelines by ISO and the International Accreditation Forum (IAF). These guidelines provide the framework and principles to ensure that remote audits are conducted effectively without compromising audit integrity. Key documents and provisions include:

  • ISO 19011:2018 – Guidelines for Auditing Management Systems: This is the primary ISO guidance for how to audit, and it explicitly recognizes remote auditing as a valid audit method. Annex A.1 of ISO 19011:2018 gives examples of remote audit techniques alongside on-site methods. It advises that the feasibility of a remote audit using ICT should be considered when planning the audit programme and emphasises verifying that resources (technology, competence) are adequate for an effective remote audit. ISO 19011 also clarifies terminology  for instance, distinguishing a remote audit (using ICT to audit a physical location from afar) versus auditing a virtual location (where the auditee’s process itself is in cyberspace like cloud services). The main takeaway is that ISO 19011 supports remote audits but urges due caution and planning.

  • ISO/IEC TS 17012:2024 – Guidelines for the use of remote auditing methods: Published in July 2024, this technical specification is a new comprehensive guideline specifically focusing on remote auditing of management systems. It was developed by ISO’s conformity assessment committee (CASCO) to capture best practices learned in recent years. TS 17012 reinforces the general principles of ISO 19011 and offers detailed guidance on conditions, possibilities, and limitations for implementing remote audits. Importantly, the document states that remote methods are not intended to replace on-site audits, but rather to serve as a flexible tool to conduct audits effectively. It aims to strengthen confidence among all parties (organizations, certification bodies, regulators) in the use of remote audits by addressing how to maintain audit reliability. Although TS 17012 is a guideline (not a mandatory standard), it represents international consensus on remote auditing practices. Organisations and auditors would benefit from familiarizing themselves with its content, which likely covers risk assessments for remote audits, communication protocols, and criteria for deciding when remote is suitable.

  • IAF MD 4 – IAF Mandatory Document for the Use of ICT for Auditing/Assessment Purposes: The IAF (which is the global association of accreditation bodies) issued MD 4 originally in 2008, updated in 2018, and most recently updated again as IAF MD 4:2025 (Issue 3) IAF MD 4 is mandatory for accreditation bodies and certification bodies, meaning any accredited ISO 9001 certification audit must abide by it. The document provides rules and expectations for using ICT in audits to ensure that the efficiency and effectiveness of the audit are optimized while maintaining its integrity Some key points from IAF MD 4:

    • The use of ICT for an audit must be agreed by both the auditee and the audit body you cannot force a client into a remote audit if they are not willing or do not have the means.

    • The decision to use ICT should be based on a risk assessment: IAF MD 4 requires identifying risks and opportunities for using each ICT method in the audit, and deciding accordingly. For example, if using live video to audit a process, what are the risks (poor connection, narrow view) and how to mitigate (test the connection, use multiple cameras, etc.)? This analysis should be documented by the certification body.

    • MD 4:2018 notably removed any fixed limit on the portion of an audit that can be done remotely. Earlier guidance had suggested maybe only 30% remote, but since 2018 it allows up to 100% remote auditing if appropriate. This gave CBs flexibility, which proved prescient when the pandemic hit in 2020.

    • However, sector-specific rules can override this  MD 4 acknowledges that certain schemes or regulators may restrict remote audits (as was the case with some automotive/aerospace standards). Certification bodies have to comply with those and also consider any accreditation body advisories (during COVID, many ABs issued guidelines on remote audits, often referencing MD 4).

    • MD 4 covers considerations like ensuring confidentiality, security, and data integrity when using ICT, echoing points we’ve discussed. It also addresses that using ICT is part of audit time (so you count remote audit hours just like on-site hours).

    • In the newest MD 4:2025, some objectives mentioned include supporting principles of safety and sustainability via ICT use which ties into the benefit of remote audits reducing travel. The update likely refines definitions and may incorporate lessons from the mass remote audit experiment of 2020-2021.

  • IAF ID 12 – Principles on Remote Assessment: This is an IAF Informative Document (ID 12:2015) that provides additional guidance on remote assessments for conformity assessment bodies. While aimed more at accreditation assessments, it contains principles that are relevant to ISO certification audits as well. It’s not mandatory but offers good practice suggestions, complementing MD 4. For instance, it may discuss scenarios when remote assessments are appropriate and how to plan them effectively. The NQA reference noted IAF ID 12 as a helpful guidance alongside MD 4.

  • ISO 9001 Auditing Practices Group Papers: The ISO 9001 Auditing Practices Group (APG), a joint ISO and IAF initiative, has issued guidance papers, one of which is “Guidance on Remote Audits” (Edition 1, 2020)c This document was released in April 2020 during the pandemic and provides practical advice for auditors on remote auditing in the ISO 9001 context. It covers everything from audit program considerations to planning, execution, and even an example risk assessment for ICT. We have cited several points from this APG guidance throughout our discussion. Certification auditors often refer to these APG papers for non-normative tips to improve their practices. The APG emphasizes that both ISO 19011 and IAF MD 4 “should be known and considered by auditors” when doing remote audits It also highlights questions auditors should ask themselves, like “Can the processes be realistically audited offsite? Are we seeing real-time images or possibly recordings?”, which are meant to keep auditors vigilant.

  • Accreditation Body and Industry Guidelines: Many local accreditation bodies (ABs) have issued their own guidance or rules for remote auditing, especially in 2020. For example, some ABs required prior notification or approval for conducting a fully remote audit, or provided criteria (like “critical sectors require an on-site within X months if remote was used”). Industry-specific schemes (automotive, aerospace, food safety, etc.) also had addendums. While these are beyond ISO 9001 generic guidance, they influenced how CBs formulated their remote audit policies. It’s worth noting that as of 2025, the general stance is supportive of remote auditing, but always with a case-by-case risk-based application.

  • Mutual Recognition of Remote Audits: The IAF’s Multi-Lateral Agreement (MLA) ensures that a certificate issued after a remote audit is recognized as valid as one issued after an on-site audit. During the pandemic, the IAF even passed resolutions urging flexibility for remote audits to prevent disruption in certification. Now with formal guidelines in place, as long as a CB follows MD 4 and related rules, a remote audit has the same credibility. The audit report just needs to clearly reflect what was done remotely so that anyone reviewing (like an accreditation evaluator) can understand the extent.

In essence, the official guidelines provide a safety net of requirements to maintain quality of audits:

  • Evaluate feasibility and risks (don’t just do remote because it’s convenient  ensure it’s suitable).

  • Obtain agreement from the auditee.

  • Ensure security and confidentiality during ICT use.

  • Document the use of ICT and any limitations in the audit report.

  • Use competent auditors who are trained in remote auditing techniques.

  • Follow all scheme-specific rules.

For organizations, being aware of these guidelines is useful too. For example, knowing that you have the right to agree or disagree with remote auditing, or that the auditor is obligated to maintain confidentiality of electronic data just as paper data, can empower you to set expectations with the CB. Also, understanding that the principle of audit effectiveness is paramount

if at any point a remote audit isn’t effective, guidelines would support the decision to switch to an on-site audit. The IAF documents effectively remind everyone that the goal is still to ensure a thorough audit; the method (remote or on-site) can be flexible as long as that goal is met.

In summary, ISO and IAF have laid down a solid framework that legitimises remote ISO 9001 audits while emphasising due diligence. These guidelines have evolved quickly after the global “stress test” of remote auditing and will likely continue to be refined. They collectively encourage best practices and help the auditing community to conduct remote assessments in a standardised, credible manner, which brings us to our final section: the best practices gleaned from these guidelines and real-world experience.

Best Practices for Remote Audits (Auditors and Auditees)

Successfully conducting a remote ISO 9001 audit requires both auditors and auditee organizations to adapt their approaches. Below are best practices for each, synthesized from guidelines and practical experiences. By following these, both parties can ensure the remote audit is as smooth and effective as possible:

Best Practices for Auditors

  • Perform a Risk-Based Feasibility Check: Before committing to a remote audit, carefully assess if remote methods are suitable for the specific client and scope. Analyze risks like limited process visibility or ICT issues and plan how to address them. If risks are too high, advocate for an on-site audit or a hybrid approach. Document this assessment (as required by IAF MD 4) and discuss it with the auditee so they understand any limitations upfront.

  • Engage in Thorough Pre-Audit Planning: Invest extra time in planning the audit. Develop a detailed audit plan with defined timings, and share it with the client well in advance. Identify documents to review beforehand and request them early so you can arrive at the audit already familiar with the company’s key processes. Clarify who will be available when, and make sure to get the auditee’s agreement on using the selected ICT tools. Essentially, leave as little as possible to chance on the audit day.

  • Test Technology and Train Yourself: Ensure you are proficient with the video conferencing platform and any tools you’ll use. Do a test run (even if the client doesn’t request one) – for example, join a test meeting from your end to confirm your camera/microphone and internet are working well, and practice features like screen sharing or recording (if you intend to use them). If you’re not tech-savvy, seek training or guidance from colleagues. Some CBs have provided their auditors with tip sheets or practice sessions for remote audits  take advantage of those. Remember that your comfort with ICT sets the tone; if you struggle to use the software, the client may lose confidence. Also have a backup: keep a phone handy, and have an alternate internet source if possible.

  • Set Clear Communication Protocols: At the audit start, establish ground rules. For example, agree on what to do if disconnected (e.g., “If we drop off the call, I will dial your phone” or “we’ll try to rejoin within 5 minutes then call if not”). Inform the client how you will conduct the audit – let them know you might ask for time to review documents offline and then come back with questions (so they don’t worry if you go silent for a bit). Also, be explicit about not recording the session (unless there’s mutual agreement to do so for evidence purposes), and about any note-taking conventions (you might say “I will be typing notes; if you hear typing, don’t assume something is wrong”). Good communication prevents misunderstandings.

  • Foster Engagement and Patience: Make an extra effort to build rapport and keep the auditee engaged. Simple things like looking into the camera (to simulate eye contact), smiling, and nodding go a long way when behind a screen. Encourage auditees to ask questions or speak up if anything wasn’t clear. Be patient with interviewees who might not be used to speaking on camera  some may be nervous. Use active listening and occasionally summarise what you heard to confirm understanding (this also shows you are listening despite the virtual barrier). If someone seems very quiet or if a technical hiccup might have cut them off, politely ask for their input again.

  • Be Flexible and Adaptive: Remote audits often require auditors to think on their feet. If a plan isn’t working (say, a live video tour is too choppy to be useful), adapt by perhaps asking for photos instead or rescheduling that portion for later. If an auditee doesn’t have a requested document ready, prioritise other areas first while they gather it. Manage time but be willing to adjust the sequence of the audit to accommodate unforeseen issues. Your ability to adapt maintains the audit flow and puts the auditee at ease that progress can still be made despite glitches.

  • Use a Variety of Evidence-Gathering Techniques: Don’t rely solely on one method. Mix approaches to get a fuller picture: interviews, screen shares, document review, video observation, and even things like data analysis. For instance, you might ask the auditee to show a process dashboard via screen share to verify performance metrics, complementing the qualitative interview. During a virtual tour, take notes of things to follow up on via document evidence (e.g., if you see a fire extinguisher, later verify inspection records for it). Utilize the technology  maybe use the chat to drop questions or links if appropriate. Some auditors take screenshots of evidence (with permission) to later reference in their notes or report, which can be helpful for accuracy. If you do, be sure to handle those images per confidentiality agreements.

  • Verify and Corroborate Information Rigorously: Because you have a narrower view remotely, double-check facts. If an interviewee says “we do X”, ask to see a record of X being done. If you observe something over video that raises a question, ask for additional evidence or photos from another angle. ISO guidance reminds auditors to “verify statements of fact against other evidence” in remote interviews. Also, confirm the authenticity of what you see: for example, if doing a remote site tour, you could ask the guide to point the camera at a clock or live screen to be sure it’s real-time, or compare a view with a map to ensure you’re seeing the correct location. It may feel awkward to do this, but it’s part of maintaining audit rigor.

  • Manage Time and Fatigue: Keep an eye on the clock and take breaks as planned. Stick to the schedule for interviews so that you don’t end up cutting short later parts or overwhelming participants. Use breaks to regroup your thoughts and check if you’ve gathered sufficient evidence for each clause before moving on. Also, factor in potential downtime: if 30 minutes were lost to tech issues, note that and either extend the audit or plan to cover critical items later so that nothing is missed. Don’t count that lost time as audit time; ensure the auditee gets the full audit value in terms of hours of assessment.

  • Document the Audit Trail Clearly: In your working papers and later in the report, make a note of what was done remotely and any areas not covered. This transparency is crucial. If, say, you could not verify something because it required an on-site check, record that. Also record positive evidence obtained remotely (e.g., “Seen via video: operator followed procedure X correctly”). If an auditee was particularly cooperative or if any issues were encountered (like “internet dropped, switched to phone for 10 mins”), note those as well, so the report’s narrative makes sense and the certification decision-maker or a future auditor can understand the context.

  • Continue Professional Conduct: Just because you might be auditing from your home office doesn’t mean informality. Maintain professionalism: dress appropriately if on video, just as you would on-site. Be punctual logging into meetings. Respect the auditee’s virtual space (don’t demand they stay on beyond scheduled hours without agreement, etc.). And uphold confidentiality  ensure your screen is not being overlooked by unauthorised people, use a headset if discussing sensitive information to avoid it being overheard, and secure any files shared with you. After the audit, delete any confidential materials from your local storage if they’re not needed, as you would shred papers after an on-site audit.

By following these practices, auditors can conduct remote audits that are thorough, fair, and credible. Many auditors have sharpened these skills over numerous remote audits and often remark that preparation and communication are the make-or-break factors.

Best Practices for Auditees (Organisations Being Audited)

  • Plan Your Resources and Logistics: Treat the remote audit as a project. Assign a coordinator (typically the quality manager) who will be the main contact with the auditor throughout. Make sure that person is free of other duties during the audit. Arrange for backup personnel if someone critical becomes unavailable (e.g., have an alternate for each key interviewee in case of illness or technical failure). Set aside a quiet room or space for the coordinator to work and maybe to host group calls with top management. Also, if the audit spans multiple days, plan a brief internal catch-up each evening or morning to address any requests from the auditor (e.g., “They asked for document X, let’s have it ready first thing tomorrow”).

  • Ensure Strong Technical Setup: As mentioned earlier, test your internet and devices. On the audit day, use the best connection possible (wired Ethernet if available, or strong Wi-Fi). Have IT support on standby or at least reachable quickly if something goes wrong. It’s wise to suspend any heavy network activities at your end during the audit (for example, don’t schedule large data backups or system updates that day which could choke bandwidth). If the audit involves multiple team members in the same building joining separate calls, check that your network can handle that load. Keep chargers handy (for laptops, phones, tablets) or keep devices plugged in to avoid battery issues. Essentially, eliminate tech as a potential weak link to the extent you can.

  • Create a Digital Document Repository in Advance: A highly recommended practice is to set up a dedicated folder (cloud or on your system) with all likely audit documents. Organize it by topics (Management Review, Internal Audit, Calibration, etc.) to quickly retrieve files during the audit. You might even share this with the auditor before the audit (some CBs request documents 1-2 weeks ahead). Not only does this speed up the audit, it shows the auditor you are well-prepared, which creates a good impression. If you have an electronic QMS or document control system, ensure the auditor has access or you have a plan to rapidly fetch documents from it. During the audit, when asked for a record, you can then either screen-share the document from this repository or send it immediately via the agreed method. This prevents awkward scrambling and delays. Remember to include evidence of implementation, not just procedures – e.g., not only have the calibration procedure ready, but also the latest calibration records for select equipment.

  • Secure and Control Shared Information: When sharing documents, follow secure practices. If using a shared drive, only upload what the auditor needs to see. If sending via email or link, double-check you’re not inadvertently sending confidential info not asked for. Keep track of what you shared and to whom. After the audit, remove access or ask for confirmation that the auditor deleted the files (though auditors will usually do so, it’s okay to politely remind or confirm). Also, if you allowed any remote login to systems, disable those accounts post-audit. These steps protect your information and are part of good cyber hygiene.

  • Brief Your Team on Audit Etiquette: Make sure everyone involved knows how to behave in the remote audit. Some pointers to share:

    • Join meetings on time and with a professional demeanor. Use your real name on the video conference (so the auditor knows who’s who).

    • Keep your camera on if possible when speaking to build rapport (unless bandwidth is an issue).

    • Mute yourself when not speaking to reduce background noise, but remember to unmute when you need to talk.

    • Avoid multitasking – don’t check emails or phone during your audit interview. Give full attention as you would in person.

    • If you have to momentarily do something (e.g., retrieve a file from a cabinet in the room), let the auditor know or excuse yourself briefly rather than just disappearing off camera.

    • Be mindful of your surroundings: ensure there’s nothing confidential in view of your camera that shouldn’t be, and that no loud noises or interruptions occur. For those at home, this might mean securing pets or family out of the room during the call.

    • Encourage honesty and openness – just because it’s remote doesn’t mean people should be any less candid. If someone doesn’t know an answer, they should say so and offer to find out, rather than try to hide (same as on-site).

    • Lastly, advise them to speak clearly and a bit slower than normal, since audio can sometimes lag or clip.

  • Practice the Virtual Tour (if applicable): If you plan to show facilities, do a test walk. Check lighting and audio. Decide what route to take and what points of interest to highlight that cover the audit scope. Practice holding the camera steadily and focusing on specific items. You might do a quick recording and play it back to see if it’s clear. Also think of contingency: if the live tour fails, have recent photographs of key areas as a backup to send. If you are extremely concerned about showing certain areas live (perhaps due to trade secrets physically visible), discuss that with the auditor beforehand to find a solution (maybe they’ll accept a controlled on-site later or you can show them to the auditor alone without recording, etc.). The Cognidox guide suggests that auditors are open to virtual tours via mobile but emphasizes the operator should have “practised” and ensure sound is cleara good summary of the need for rehearsal.

  • Manage Schedule and Availability: Make sure the people the auditor needs are available and not distracted. It’s a common pitfall in remote audits that someone thinks they can quickly join a call while also doing something else  discourage that. Block their calendars. If the CEO or other leaders need to join the opening or closing, send them reminders and maybe a direct calendar invite with the link so they don’t forget. Have a plan for break times: perhaps arrange that everyone will reconvene after lunch via the same link. Internally, be ready to fill time if needed – for example, if an auditor needs a few minutes to review notes, don’t wander off too far, as they might come back with questions sooner than expected. Conversely, be prepared in case the audit runs over a bit. Try to keep the day flexible for key participants so that if a session goes long, it doesn’t cause conflict with another meeting (avoid scheduling critical meetings on the audit day for those folks altogether, if possible).

  • Be Communicative and Responsive: In a remote audit, communication is your friend. If something goes wrong on your side (say, your screen share isn’t working), inform the auditor immediately rather than panicking. If you need a moment to find a file, tell them “I’m searching for X, it may take 2-3 minutes.” Auditors appreciate knowing what’s happening rather than silence. If you didn’t understand a question because of audio quality, don’t guess  ask them to repeat or clarify. It’s better to take a moment to ensure mutual understanding than to give an off-track answer. Additionally, if you realize the auditor hasn’t seen something critical due to the remote format, feel free to volunteer it: e.g., “We can’t easily show you the shop floor cleanliness via video, but I can send some high-resolution photos we took last week during 5S rounds.” Proactive sharing is good as long as it’s relevant. Just be careful not to overwhelm with extraneous info  stick to what the auditor is interested in.

  • Take Notes and Ask Questions: It’s perfectly fine for you as the auditee to take notes during the audit. You might jot down what the auditor asks for, any nonconformance or concern they mention, or simply observations about how it’s going. These notes help you in the closing meeting and in addressing any findings later. Also, don’t hesitate to ask questions to the auditor if something is unclear  for instance, “Does that answer your question or would you like more detail?” This ensures you’re meeting their need. If an auditor highlights a potential nonconformance, you can ask for clarification or evidence so you fully understand it (though avoid being argumentative; treat it as clarifying information). After the audit, ask for feedback on how the remote experience was and if anything could be improved on your side. This shows your commitment to the process and helps you prepare even better next time.

  • Maintain a Positive, Cooperative Attitude: Without in-person interaction, tone of voice and attitude matter even more. Encourage your team to be courteous, enthusiastic, and honest throughout. Remote communication can sometimes dampen the emotional cues, so make an effort to convey engagement  simple verbal acknowledgments like “okay,” “yes, I see,” or nodding on video help show you are actively participating. When issues are found, respond professionally (“We understand; we will address that”). Avoid negative body language on camera (like eye-rolling or obvious boredom)  it can still be noticed and creates a poor impression. Remember, the auditor’s objective is not to “catch” you but to verify compliance, so approach it as a collaborative verification. Many auditors have noted that a positive auditee attitude makes remote auditing easier and more pleasant, just as in person.

By following these best practices, auditees can significantly smooth the remote audit experience. Ultimately, an audit  remote or otherwise  is a two-way street that works best when both parties are well-prepared and communicative. The remote context simply means paying extra attention to the tech and communication aspects. Companies that have embraced these practices often report that their remote audits went far better than expected, sometimes even more smoothly than an on-site audit because of the level of preparation involved.

Remote ISO 9001 certification audits have evolved from a novel concept to a proven approach for maintaining quality compliance in a connected world. As we’ve explored, conducting an audit remotely involves reimagining the traditional audit stages  meticulous planning, adaptive execution through technology, and transparent reporting  to suit a virtual format. The process calls for diligent preparation on both sides, from testing technology to digitising documents, and it benefits greatly from the wealth of guidelines provided by ISO and the IAF to ensure rigor and credibility.

For organizations (SMEs and large corporations alike), remote audits offer real advantages: reduced costs, flexibility, and the ability to engage in audits with minimal disruption to operations. These benefits can be especially valuable for multi-site companies or those in locations far from auditors. However, organisations must also invest in the necessary infrastructure and training to facilitate a remote audit. The experience of many companies during the pandemic underscored that being *“audit-ready” in a virtual sense  having solid IT connectivity and organized electronic records  is now part of business resilience. Those that were prepared often sailed through their remote audits, while those that weren’t faced a scramble to adapt. As remote auditing becomes more common, even outside of crisis situations, it is wise for organizations to integrate such preparedness into their quality management routines.

For consultants and auditors, the rise of remote ISO 9001 audits has expanded the toolkit for assessments. Auditors have learned to harness video, screen-sharing, and other ICT tools to gain insights into a management system from afar. The profession has seen a significant upskilling in terms of digital literacy and innovative audit techniques. Moving forward, the best auditors will likely be those who are adept at both in-person and remote auditing, choosing the right mix to achieve audit objectives most effectively. Consultants, on the other hand, are now guiding clients not just on meeting ISO 9001 requirements but also on how to present evidence and interact during remote audits a new facet of audit readiness consulting.

It’s important to stress that remote auditing is not a panacea or a one-size-fits-all solution. There will always be situations where an on-site visit is irreplaceable, and indeed ISO’s stance is that remote methods complement rather than completely supplant face-to-face audits. Many foresee a hybrid future where initial certifications or complex audits might use a blend: perhaps a short on-site audit augmented by remote follow-ups or vice versa. This hybrid approach can optimize both confidence and convenience. The key is flexibility  the quality assurance community now has multiple avenues to ensure that audits (and thus certifications) can continue under a variety of circumstances.

Real-world experiences have shown that remote ISO 9001 certification can work remarkably well. One case in the aerospace industry saw a drastic increase in remote audits during 2020 and found that “most auditors and clients have a favorable opinion of the audit experience and the quality and depth of auditing activities”. Another company’s quality manager, after trying remote audits, acknowledged that while they were skeptical at first, “after the first audit it turned out that people really liked it… we will certainly see more use of it in the future”. Such testimonials illustrate a broader trend: initial reluctance gives way to acceptance when the remote process proves its worth. Still, as he noted, personal contact remains important and organizations are likely to strike a balance.

In conclusion, remote ISO 9001 certification audits work  and they work best when approached with the same professionalism and thoroughness as traditional audits, supplemented by the power of modern technology. Businesses and auditors that embrace this method can reap the benefits of efficiency and resilience, all while upholding the high standards of quality assurance that ISO 9001 represents. Remote auditing is here to stay as a part of the certification landscape. By following the guidelines and best practices outlined in this article, you can ensure that whether your next ISO 9001 audit is held in a conference room or over a video call, it will be informative, practical, and above all, effective in driving quality excellence.

Get Started

There has never been a better time to invest in ISO certification. Show your commitment to quality management, the environment or occupational health & safety performance with a UKAS certified ISO certification from Compliant.
Get in Touch

Free Download

Download our free “The ISO process and ongoing Support pdf”