The Right Approach for ISO Certification: Onsite, Remote, or Hybrid

In pursuing ISO certification, organisations today have multiple engagement models to consider for their audit and assessment process: traditional on-site audits, fully remote audits, or a hybrid of both. This choice has strategic implications for executives and compliance officers in terms of cost, efficiency, and rigour. The COVID-19 pandemic significantly accelerated the adoption of remote…

In pursuing ISO certification, organisations today have multiple engagement models to consider for their audit and assessment process: traditional on-site audits, fully remote audits, or a hybrid of both. This choice has strategic implications for executives and compliance officers in terms of cost, efficiency, and rigour. The COVID-19 pandemic significantly accelerated the adoption of remote auditing – in fact, before 2020, only about 2% of audits were done remotely, a figure that jumped to 38% in 2020. Now, post-pandemic, remote and hybrid audits have become mainstream, supported by new guidelines and technologies. Virtually all major ISO management system standards – including ISO 9001 (Quality), ISO 14001 (Environmental), ISO 27001 (Information Security), ISO 45001 (Occupational Health & Safety), and ISO 22301 (Business Continuity) – allow some form of remote auditing under the right circumstances The key challenge for business leaders is choosing the right approach for their organisation’s ISO certification journey.

In this post, we will discuss the pros and cons of on-site, remote, and hybrid auditing approaches, along with best practices and strategic considerations across these major ISO standards. We’ll also highlight post-COVID trends (such as the rise of remote audits) and enabling technologies, and provide examples of scenarios where each model is ideal. The goal is to equip you with an authoritative overview to make an informed decision on the audit approach that best fits your organisational context.

On-Site Audits: Pros, Cons, and Ideal Scenarios

On-site auditing is the traditional model for ISO certification. An on-site audit means the auditor (or consulting team) physically visits your facilities to evaluate processes and compliance on-site. This hands-on approach has long been the default for certification bodies due to the depth of insight it provides. Below, we outline its key advantages and challenges:

Pros of On-Site Audits:

  • Complete visual and contextual insight: An on-site audit gives the auditor first-hand observation of your operations – they can “gain better visualisation of practices, processes, layout, and equipment”, certaintysoftware.com. Being on the premises also allows auditors to pick up on non-verbal cues and the general atmosphere of the workplace. Many auditors value the ability to “read the air” – noticing body language, safety culture, and environmental conditions, which is much harder to do remotely. This rich context can uncover issues that paperwork alone might not reveal.

  • Real-time adaptability: With an auditor present in person, it’s easier to follow tangents or delve deeper based on observations. For example, if an auditor notices something noteworthy on the factory floor, they can immediately request to inspect further or speak with personnel on-site. This flexibility to pursue leads on the spot is a strength of face-to-face audits. It often leads to more comprehensive coverage and quick resolution of any findings.

  • Hands-on access to information: On-site audits make it simpler to review physical records or equipment that may not be digitised. Auditors can examine hardcopy documents, inspect machinery calibration stickers, or tour storage areas without the logistical barriers present in remote reviews. This “immediate and comprehensive collaboration” accelerates the audit process and ensures no aspect is overlooked. Many companies with tight schedules also find it convenient that their staff can engage with the auditor in person without dealing with webcams or file uploads.

Cons of On-Site Audits:

  • Higher travel time and costs: Bringing auditors on-site entails incurring travel expenses (such as flights, hotels, and mileage) and lost work time due to transit. Traditional in-person audits require scheduling around travel, which adds cost and can prolong the certification timeline. For organisations with sites in multiple regions, these costs multiply. On-site engagements also have a larger carbon footprint due to travel, a consideration for sustainability-minded leaders.

  • Logistical and scheduling challenges: Coordinating in-person audit visits can be complex, especially across different locations or countries. Calendars must align for both the audit team and the site being audited, and unexpected events (weather, natural disasters, or public health crises) can force cancellations. The COVID-19 pandemic underscored this vulnerability – when travel shut down, many on-site audits had to be postponed, disrupting certification schedules. (Notably, accreditation bodies responded by allowing remote audits to “keep the machine running” during the crisis, linkedin.com.)

  • Health and safety risks: Auditors travelling to sites face the usual business travel risks and may be exposed to workplace hazards. In high-risk industrial environments, an on-site auditor must be mindful of personal safety (PPE, site inductions, etc.), which adds complexity to their role. There’s also the general risk of illness transmission when bringing outside personnel into facilities. A remote audit, by contrast, involves zero physical contact – a factor that was crucial during the pandemic and remains relevant for biosecure or hazardous sites.

Ideal use cases for On-Site: On-site audits are often indispensable in high-risk or highly regulated industries. For example, consider a pharmaceutical manufacturing plant seeking ISO 45001 (Occupational Health and Safety) certification or a chemical facility undergoing an ISO 14001 (Environmental Management) audit – the auditor will likely need to walk through the site to evaluate compliance thoroughly. As one expert noted in the context of a food processing facility, you can’t “assess cross-contamination risk through a webcam” and you won’t notice specific issues (like chemical smells or whether workers follow safety protocols) unless you “need to be there” in person On-site audits are ideal when direct inspection of physical conditions, equipment, or behaviours is critical to verify compliance. They’re also suited to organisations that prefer the immediacy of face-to-face interaction or that may not have the IT infrastructure to support remote auditing. In fact, in some regulated sectors, the prevailing view is that an on-site or hybrid audit is inherently better than an entirely off-site audit whenever feasible, because it provides a level of assurance and depth that stakeholders find more credible.

Remote Audits: Pros, Cons, and Ideal Scenarios

A remote audit (also called a virtual audit) is conducted with the auditor off-site, using technology to perform the evaluation. Instead of being physically present at your organisation, the auditor may review documents via a secure portal, conduct interviews with employees over video conference, and inspect facilities through live video streaming or shared photos. Remote audits went from rarity to necessity in 2020, and they remain a powerful option today. Below are key advantages and disadvantages of the remote approach:

Pros of Remote Audits:

  • Significant cost and time savings: A remote audit “eliminates travel costs” and the associated downtime, certaintysoftware.com. Auditors spend no time in transit, allowing them to focus more time on the audit itself. This efficiency can shorten the overall audit duration, and scheduling is easier with no need to account for travel logistics. In one analysis, global business travel expenses fell from $ 1.3 trillion in 2019 to approximately $ 0.5 trillion in 2020, mainly due to the shift to remote work and auditing, illustrating the significant savings potential. For organisations, a remote audit can be more budget-friendly and easier to fit into busy calendars, without waiting weeks for an auditor to arrive on-site.

  • Flexibility and global reach: Remote auditing allows you to bring the audit to wherever your data and people are, instantly. Through video meetings and online collaboration, an auditor can engage with multiple sites or international teams in a single, consolidated audit, which would be impractical to conduct face-to-face within the same time frame. It also enables the involvement of specialised experts on the audit team without requiring them to travel – for example, if a technical expert is needed for just a two-hour consultation, they can join remotely to analyse a specific process committee. iso.org. These reach and flexibility are especially valuable for organisations spread across many locations or those with key staff (or consultants) working remotely.

  • Reduced disruption and safer execution: Many companies find that virtual audits are less intrusive on day-to-day operations. Employees can join video calls from their desks, and document requests can be fulfilled asynchronously, which often causes less workflow interruption than hosting an auditor on-site for days. Furthermore, remote audits were crucial to maintaining oversight during the pandemic – auditors and auditees could stay on schedule, “rather than allowing auditing programs to fall months behind,”onlinegmptraining.com. Even outside of pandemic conditions, the health and safety benefits are clear: auditors aren’t exposed to site hazards, and the business doesn’t need to allocate personnel to escort visitors around. One report noted that work-site injury incidents dropped in 2020. While many factors played a role, remote auditing “reduces the time and energy committed to safety” oversight for visiting auditors, placing less strain on both the business and the auditor. Additionally, eliminating travel inherently reduces an organisation’s carbon footprint, aligning the audit process with sustainability goals by reducing emissions.

Cons of Remote Audits:

  • Limited direct observation: The in-person sensory input that auditors get on-site – seeing equipment up close, walking the shop floor, noticing body language in interviews – is inherently reduced in a remote setting. Even with high-definition video, an auditor might miss subtle aspects of workplace culture or housekeeping that would be obvious if present. As one auditor put it, remote auditing can never fully replicate “hearing the machines, smelling the air, watching staff behaviour” – all those unspoken cues that are part of absolute compliance assurance. Face-to-face communication is often considered the gold standard because a significant amount of information is conveyed non-verbally. Without being physically present, an auditor must rely on what the auditee shows or tells them via the camera, which may be selective. This lack of full-context awareness is a known drawback. In short, certain audit checks cannot be done remotely (for example, you can’t verify the calibration of an instrument or the effectiveness of a fire drill via Zoom). It’s widely acknowledged that “some situations are simply not suitable for remote audits and require auditors to be physically present, especially in complex, high-risk environments.

  • Technology and connectivity dependence: A successful remote audit hinges on the quality of information and communication technology (ICT) used. Technical issues can disrupt the process, e.g., weak internet bandwidth causing video calls to drop, or time zone differences making live meetings difficult to schedule. Both auditor and auditee need to be comfortable with the digital tools (video conferencing apps, screen-sharing, remote desktop access, etc.), which may require a learning curve or advanced testing. There are also concerns regarding data security and confidentiality that the committee needs to manage. iso.org. Audit evidence is often sensitive (e.g., internal procedure documents, records of incidents, even live CCTV feeds); therefore, transmitting this information over the internet must be done securely. Organisations need to use secure file-sharing platforms and, if necessary, VPNs or encrypted connections for remote access. If not handled properly, remote audits could risk exposing confidential information. Robust protocols (aligned with ISO/IEC 27001 principles) are necessary to maintain trust in the process.

  • Potential for reduced rigour if not managed well: An often-cited concern is that remote audits could devolve into a “check-the-box” exercise if auditors rely too heavily on documents and interviews without the balance of on-site reality checks, linkedin.com. If an organisation is inclined to stage-manage what the auditor sees (intentionally or unintentionally), a remote audit might not penetrate beyond the surface. There is also a psychological aspect: some auditors experience a loss of autonomy and engagement when auditing remotely through a screen. They can’t walk up to a random employee and ask questions or spontaneously inspect a different area without scheduling it. This can reduce the audit’s effectiveness in discovering the unexpected. However, it’s worth noting that skilled auditors are adapting techniques to mitigate these issues – for instance, requesting live video tours (to avoid only seeing pre-selected footage) and conducting more in-depth document reviews to compensate. Still, remote audits require careful planning and transparency between the auditor and the auditee to achieve the level of insight typically found in on-site audits.

Ideal use cases for Remote: Remote audits shine in low-risk, highly digital, or geographically dispersed scenarios. A classic example is an IT or software company pursuing ISO 27001 certification, where most evidence (policies, access logs, configuration settings) is already in electronic form, and the workforce is remote or office-based. In such a case, “a remote Stage 1 audit works brilliantly” – the auditor can review documentation, conduct interviews via screen-share, and assess the management system without ever setting foot in an office. Remote audits are also excellent for routine surveillance audits or internal audits, where the organisation is already certified and requires periodic checks; these can often be conducted with minimal disruption using virtual means. Multi-site organisations use remote techniques to sample far-flung locations – for instance, conducting multiple site interviews via video to determine where an on-site visit is truly necessary. Moreover, in circumstances such as global travel restrictions or when an auditee site is challenging to reach (e.g., an offshore facility or a remote region), remote auditing is a valuable tool to avoid long delays. Many certification bodies and companies have found that a hybrid or remote approach is far better than letting an audit program lapse behind schedule in such cases, onlinegmptraining.com. That said, if your operations involve high-risk processes (such as manufacturing, healthcare, or aviation), you should be cautious about conducting fully remote audits – a hybrid model might be more appropriate, balancing virtual reviews with some on-site verification.

Hybrid Auditing: Combining On-Site and Remote

For many organisations, the optimal path to ISO certification is neither wholly on-site nor wholly remote, but a hybrid approach that combines elements of both. A hybrid audit involves conducting part of the audit remotely and part on-site. For example, document reviews and staff interviews may be conducted via video conference, followed by an auditor’s physical visit to inspect the production floor and witness key processes in person. This model aims to capture the “best of both worlds” – leveraging remote efficiency where it works, and still providing the assurance of on-site checks for areas that truly require it.

Benefits of Hybrid Audits:

  • Balanced thoroughness and efficiency: A hybrid approach allows auditors to address the limitations of remote audits by scheduling targeted on-site sessions. Critical aspects that benefit from in-person observation (such as safety walks, equipment inspection, or hands-on verification of controls) can be earmarked for the on-site portion. Meanwhile, more administrative or centrally managed elements (policy reviews, management interviews, etc.) can be handled remotely in advance. This division means the on-site visit can be shorter and more focused, saving time and cost without sacrificing rigour. Indeed, hybrid projects have proven to be just as effective as 100% on-site engagements for many ISO consultancies, while being more cost-effective for clients. Certification bodies emerging from the pandemic report that hybrid audits kept certification programs on track during lockdowns. In the future, these bodies are “proposing hybrid audits as the best of both worlds” because they manage risks like missing body-language cues or poor connectivity by still having an in-person component.

  • Risk-based flexibility: Hybrid auditing enables the audit strategy to be tailored to the organisation’s risk profile and the relevant standard. For instance, an ISO 27001 (information security) audit for a software firm might be 80% remote (since documentation and system evidence can be reviewed online) with a short on-site to double-check physical security. Conversely, an ISO 45001 audit for a large factory might involve 20% remote work (for preliminary document checks) and 80% on-site observation of safety practices. Rather than a one-size-fits-all approach, hybrid enables applying the right tool to the right task – as one auditor advises, use remote methods when the risk is low, but “when lives, safety, or critical quality are at stake? Get in the car. Show up.”. This flexibility is a strategic advantage, ensuring that high-risk areas receive the necessary scrutiny, while low-risk aspects are handled efficiently online.

  • Broader expertise and stakeholder participation: With a hybrid model, you can still capitalise on the global reach of remote technology. For example, your audit could include a remote interview with a subject-matter expert or a key manager in another country, in addition to the local on-site audit team. Hybrid audits make it easier to involve specialised auditors or technical experts, regardless of geography – the expert can join the remote sessions for their input, rather than being flown in. Likewise, if you have multiple sites, representatives from various locations can dial into remote portions (e.g. a corporate QMS review) and then the auditor visits a subset of sites physically. This inclusive approach can strengthen the audit’s coverage. It also tends to improve auditor and auditee satisfaction. BSI reports that hybrid audits have improved work-life balance for their auditors (resulting in less incessant travel) and have even reduced environmental impact by cutting unnecessary flights. Many view hybrid models as a sustainable and future-ready approach to auditing.

  • Regulatory compliance with remote benefits: A hybrid audit can satisfy mandatory on-site requirements from regulators or accreditation rules, while still reaping some benefits of remote work. Specific standards or schemes (for example, medical device regulations under ISO 13485/MDSAP, or initial ISO 45001 certifications in high-risk industries) require an auditor to be on-site for at least part of the audit. By planning a hybrid audit, an organisation ensures it meets these obligations – the auditor will physically witness crucial operations – but everything that doesn’t require that physical presence can be done off-site. This not only keeps the certification legal and accredited, but it also often results in a more pleasant and productive on-site visit, since the groundwork (documents, basic interviews) has already been laid remotely. In short, hybrid models can align with both business efficiency and compliance needs.

Challenges of Hybrid Audits: There are several considerations to manage when adopting a hybrid approach. It requires careful planning and coordination – the audit program must delineate which parts will be conducted remotely versus on-site, and ensure that evidence gathered remotely is verified as needed during the on-site visit. Without good coordination, there’s a risk of either gaps or redundancy. Additionally, a hybrid still entails some travel logistics (though less than an entirely on-site audit, it’s not zero). Organisations must also maintain two modes of operation (supporting the auditor virtually and in person), which can be a bit more effort. However, these challenges are generally manageable with proper preparation, and the downsides are minor compared to the upsides for most. As one report concluded, high-performing companies will continue to leverage both remote and on-site methods in combination, yielding “more robust and auditor-friendly strategies” rather than debating one versus the other.

Ideal use cases for Hybrid: Hybrid audits are well-suited for complex organisations and those pursuing multiple ISO standards. For example, a company seeking an integrated certification for ISO 9001, 14001, and 45001 can conduct a unified audit where corporate-level processes (common to all standards) are reviewed remotely, and each facility gets a shorter on-site audit focusing on site-specific environmental and safety controls. Multi-site companies also benefit hugely: consider a global manufacturer with 10 plants – a hybrid audit might remotely assess 8 of them on key documentation and interviews, and visit 2 in person as representative samples. This approach provides confidence that all sites are covered while keeping audit time and travel reasonable. A hybrid is also ideal when expert availability or geography is an issue. If the best auditor for your scope is overseas, a hybrid audit can have that auditor lead remote portions, paired with a local auditor for on-site portions, combining their strengths. In essence, any scenario that demands both thoroughness and efficiency is a candidate for a hybrid model.

Remote Auditing in the Post-COVID Era: Trends and Technologies

The pandemic permanently changed the ISO certification landscape, making remote auditing not just a stop-gap but an accepted practice. Post-COVID trends indicate that remote and hybrid audits are here to stay as part of the auditor’s toolkit. Surveys by industry groups (like the Independent International Organisation for Certification) found that by late 2021, as many as 79% of audits were being conducted remotely or via a hybrid process. Furthermore, 79% of auditors themselves expressed support for continuing with remote or mixed audits, reflecting a notable shift in mindset among professionals. In response to this trend, international oversight bodies have formalised guidance for remote methods. Notably, in 2024, ISO published ISO/IEC TS 17012, a technical specification that provides comprehensive guidelines on using remote auditing for management system audits.

This document was a direct response to the global shift, and it emphasises that remote auditing is not a replacement for on-site audits but a complement to them – a tool to be used effectively and efficiently alongside traditional methods. In other words, the future of auditing is a blend of on-site and remote work, where necessary and possible, respectively.

Hand in hand with these trends, a range of technologies now enables practical remote assessments that were previously impractical. Organisations evaluating remote or hybrid audits should ensure they have – and are comfortable with – the following tools and techniques:

  • Secure video conferencing and screen-sharing: High-quality video meetings (using platforms like Zoom, Microsoft Teams, etc.) are the backbone of remote audits. They enable auditors to conduct interviews with employees, observe processes in real-time, and even conduct virtual “site tours” by having a staff member walk through the facility with a camera. Screen-sharing allows auditors to observe as an employee navigates management software or accesses digital records, closely mimicking the over-the-shoulder review an auditor would conduct on-site.

  • Remote cameras, drones, and wearable technology: Visual inspection of physical assets can be facilitated with these tools. Many organisations use mobile devices or webcams to provide auditors with a live view of equipment nameplates, production lines, warehouse conditions, and other relevant areas. For large or hard-to-reach areas, drones have been used to provide video of infrastructure (for example, scanning a large tank farm or a rooftop HVAC installation). Some audits have even equipped on-site personnel with wearable cameras (like GoPro devices or smart glasses) to stream POV footage to remote auditors. These technologies expand what can be seen remotely, sometimes even beyond what an auditor could cover on foot in the same time. In regulated industries, auditors and associations experimented with such immersive technology during the pandemic, gathering “solid learnings and evidence” that these tools can be practical.

  • Collaborative audit management platforms: Dedicated software solutions can significantly enhance remote auditing. These platforms serve as secure repositories where auditees upload evidence (procedures, records, videos) for auditor review. They can track audit findings, host chat threads for clarifications, and manage action items – all in one place. Utilising such tools keeps the process organised and ensures nothing falls through the cracks when face-to-face interaction is limited. Even simple solutions, such as shared cloud folders, when used with proper version control and access security, allow both the auditor and the auditee to stay on the same page. The use of ICT (Information and Communication Technology) in audits is now defined broadly to include not just video, but any hardware/software that helps gather and assess information – “smartphones, laptops, drones, video cameras, wearable technology, artificial intelligence, and others,” as one reference defines it.

  • Data analytics and emerging AI tools: While still on the horizon for many, advanced tech is starting to play a role. For instance, some forward-thinking organisations are using real-time data logging (such as IoT sensors on equipment and automated KPI dashboards) to provide auditors with direct access to performance data. The vision for the future is that AI-assisted auditing could automatically analyse data patterns, flag anomalies, or even predict compliance issues. We’re not fully there yet – most audits still rely on human judgment – but it’s a trend to watch. In the meantime, simpler technologies like audit-specific mobile apps (for capturing photos with timestamps and GPS) or electronic signatures for confirming attendance can enhance the credibility of remote evidence.

Overall, the post-COVID era has normalised the idea that an audit can be effective without an auditor being in the same room as you. Accreditation forums and standard bodies have accepted remote auditing as “a viable tool for conducting audits efficiently and effectively, provided the right technologies and techniques are in place. Companies preparing for ISO certification should invest in these capabilities (e.g., reliable conferencing setups, secure data channels, training for staff on remote collaboration) as part of their audit readiness. Doing so not only helps if you opt for a remote or hybrid audit now, but also strengthens your resilience for the future, whatever new disruptions or innovations may come.

Choosing the Right Approach for Your Organisation

With the options laid out, how should an organisation decide between on-site, remote, or hybrid for their ISO certification audit? The optimal approach will depend on your organisation’s context, objectives, and constraints. Below are strategic considerations and best practices to guide your decision:

  • Scope, Risk Level, and Industry: Begin by evaluating the nature of your operations and the relevant ISO standard. If your activities involve high inherent risks to safety, environment, or product quality (e.g. heavy manufacturing for ISO 45001, chemical processing for ISO 14001), an on-site or mostly on-site audit is generally advisable to observe controls in action truly. Conversely, suppose your business is lower-risk and information-centric (e.g., a software company seeking ISO 27001 certification or a professional services firm pursuing ISO 9001 accreditation). In that case, remote auditing can capably cover most requirements. Many organisations fall in between – for example, a multi-site business continuity scope for ISO 22301 might warrant a hybrid audit, which involves remote evaluation of documentation and remote interviews with geographically dispersed teams, combined with select site visits to verify emergency equipment and procedures. Always align the audit mode to the risk profile: critical processes should get eyes-on verification, whereas routine aspects can be checked via screens. Certification bodies will also consider risk in determining how much of an audit may be done remotely, often following international guidance (high-risk sectors typically demand some on-site audit presence).

  • Regulatory or Customer Requirements: Consider any external requirements or expectations that may apply. Specific industries and regulators require physical audits for initial certifications or specific compliance checks. For instance, some government contracts or supplier mandates may require an auditor’s on-site visit as a trust factor. Accreditation rules (IAF guidelines) often limit remote auditing for initial ISO certifications in high complexity sectors. For example, initial ISO 45001 audits in a high-hazard industry or ISO 14001 audits in a complex facility will require an on-site component. If you operate in such a realm, a fully remote audit might not even be permitted.

  • On the other hand, if no one explicitly requires on-site audits, you have more freedom to choose based on internal preferences. Still, it’s wise to communicate with key stakeholders (customers, regulators, the certification body) about your chosen approach so that it inspires confidence. A hybrid approach can often be a good middle ground that satisfies conservative expectations while introducing efficiency.

  • Geographical spread and multi-site operations: If your organisation spans multiple locations, consider the logistical practicality of conducting on-site audits at all sites. A global or multi-site company will incur heavy costs and time commitments to have auditors travel to every facility. In such cases, remote techniques can significantly enhance coverage – auditors can remotely assess far-away sites that would otherwise be visited infrequently. A common strategy is to use remote audits for surveillance or interim checks at select sites, with periodic on-site audits rotating among sites for more in-depth reviews. Hybrid models are highly effective here: for example, central corporate processes can be audited remotely (covering all sites uniformly), and a sample of sites gets visited in person on a rotating schedule. This approach maintains audit rigour across the network while keeping the program sustainable. When planning a multi-site audit, also leverage the fact that remote audits allow you to involve personnel from different sites simultaneously (for instance, a group interview with all site managers on a call), which can enrich the audit and facilitate knowledge sharing among sites.

  • Organisational readiness and culture: An honest appraisal of your organisation’s culture and technical readiness is essential. If your team is tech-savvy, has most documents digitised, and has experience with virtual collaboration, then a remote or hybrid audit will likely go smoothly. Ensure that confidentiality is ingrained in the culture, as remote audits might expose sensitive info over networks – a concern particularly for an ISO 27001 Information Security audit (make sure secure channels are used). On the other hand, if your company relies heavily on in-person interaction or if key records are only maintained on paper, pushing for a 100% remote audit could create stress and risk essential details being lost in translation. It may be worth investing in digitisation and training before attempting a remote audit. Keep in mind, an audit – remote or on-site – is also an opportunity for engagement and learning. Some leaders believe that hosting an auditor on-site conveys a message to employees about the importance of the certification. If that level of engagement is a priority, consider it when making your decision. Often, a pilot remote audit (for an internal audit or a single department) can help gauge how well your organisation adapts before you commit to a fully remote certification audit.

  • Technology and infrastructure: A remote or hybrid audit is only as effective as the technology behind it. Assess whether you have the necessary infrastructure, including stable high-speed internet at all relevant locations, high-quality webcams or mobile devices for video, a secure method for file sharing, and possibly conference rooms with large screens for group calls. Any gaps here can be remedied – for example, upgrading internet links, using wired connections during audits, or purchasing a few dedicated tablets or 360° cameras for facility tours. Additionally, consider implementing data security measures, such as using encrypted communication tools and controlling access to shared audit materials. Demonstrating to the auditor that you take information security seriously (primarily if the audit itself is based on ISO 27001) will build trust in the process. If you’re pursuing standards like ISO 22301 or ISO 27001, you may already have contingency and security technology that can also support remote audits (e.g., secure remote access systems). The bottom line is to ensure your IT setup can handle the worst-case scenario (such as a long live video inspection) without outages. Doing a dry run or test call with your certification body ahead of the audit can iron out technical kinks.

  • Cost-benefit and strategic goals: Finally, align the choice with your broader business strategy and budget. Remote audits can significantly reduce direct costs, which may be a deciding factor for smaller companies or those with tight travel restrictions. If you have experienced the expense of flying auditors to multiple continents, the appeal of remote auditing is clear. However, consider the benefits on the other side as well: an on-site audit might uncover issues that save you from bigger problems later, or it might strengthen relationships (with the auditor or within teams) in a way a remote audit might not. Some organisations use on-site audits as a deliberate exercise in team-building around quality or compliance culture. Others have strategic sustainability goals and thus favour remote audits to cut travel emissions. If cost-saving is a major driver, a fully remote project can indeed lead to successful ISO certification at a fraction of the cost – consultants note that this is an attractive option, provided the risks are understoo In many cases, a hybrid approach offers the best cost-benefit balance, trimming expenses where possible while still investing in critical on-site validation. Consider performing a cost-benefit analysis: what is the marginal gain of on-site days versus the marginal cost? This will help determine the sweet spot for your context.

Strategic guidance: There is no one-size-fits-all answer to which model is “best” – the right approach is the one that best aligns with your organisation’s risk landscape, operational needs, and stakeholder expectations. For some, that might be a fully digital audit that showcases their cutting-edge systems; for others, it might be an auditor walking the shop floor to see the culture in action, truly. Often, the answer will be a blend of both. It’s telling that even ISO’s newest guidance on auditing emphasises using remote methods to complement on-site audits, not to replace them entirely. In practice, a conversation with your certification body or ISO consultant can help tailor the approach to your specific needs. They can advise on any accreditation rules (for example, which audit stages can be remote) and share what similar organisations are doing.

At a high level, remember the mantra that remote auditing is a tool, not a strategy in itself. As one ISO auditor noted, we shouldn’t use “remote” as a blanket solution for everything – “when risk is low, use it. When lives, safety, or critical quality are at stake? Get in the car. Show up.”. In other words, let the nature of your operations and risks drive the decision. Executives and compliance leaders should weigh the pros and cons outlined above, possibly opting for a hybrid model that gives confidence to all parties involved. By deliberately choosing the audit approach, you set the tone for your ISO certification journey – whether it’s ISO 9001, 14001, 27001, 45001, 22301, or any other standard – and can ensure that the journey is both efficient and effective in verifying your organisation’s excellence. The ultimate goal is a smooth, successful ISO certification that stands up to scrutiny and delivers value; selecting the right approach is a crucial first step toward that goal

Get Started

There has never been a better time to invest in ISO certification. Show your commitment to quality management, the environment or occupational health & safety performance with a UKAS certified ISO certification from Compliant.
Get in Touch

Free Download

Download our free “The ISO process and ongoing Support pdf”