# ISO OS: Audit Management Software for Certification Bodies
The [AuditOne ISO OS](https://www.auditone.io/iso-os) is a software solution engineered specifically for Certification Bodies (CBs). The platform is designed to automate the high-volume, non-judgmental phases of the ISO audit lifecycle, ensuring your technical experts can dedicate their focus to high-level risk assessment and quality-driven decision-making.
Unlike generic audit software tools, AuditOne is built with deep-coded adherence to IAF Mandatory Documents (MD) and ISO/IEC 17021-1 requirements. We provide the structural framework necessary to maintain your Accreditation Status while scaling operations:
* IAF MD Guidelines Integration: Automated workflows for audit duration calculations (MD 5), multi-site sampling (MD 1), and competence management (MD 7).
* End-to-End Audit Lifecycle Automation: From initial Application Review and Contract Review to Stage 1/Stage 2 Planning, and final Certification Decision workflows.
* Integrated Management System (IMS) Support: Seamlessly manage complex, multi-standard audits with unified Audit Evidence collection.
All Standard modules and functions of the software are included in every ISO OS subscription unless otherwise agreed in writing.
## Modules
### Module 1 — Applications
#### Client Onboarding & Sales
End-to-end intake flow from first client contact through signed contract. Covers the full sales and onboarding cycle.
| # | Function / Feature | Description | Tier |
| -- | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Application Overview | Centralised dashboard of all incoming and active applications with status tracking, filtering, and quick navigation. | ✓ Standard |
| 2 | Audit Day & Duration Calculation | Automated calculation of required audit days based on employee count, number of locations, applicable standards, complexity factors, and adjustable overrides. Supports multi-site and multi-standard audits. | ✓ Standard |
| 3 | Availability Scheduling | Auditee availability and duration planning. Clients can select which weeks they are available for an audit. | ✓ Standard |
| 4 | Pricing & Offer Calculation | Automated price calculation based on audit days, registration fees, auditor rates, and configurable discounts. Supports multi-stage inclusions and exclusions. | ✓ Standard |
| 5 | Quote Generation | Automatic generation of a quote document from a certification body-provided template, shareable directly from the application. | ✓ Standard |
| 6 | Contract Generation | Automatic generation of the client contract from a certification body-provided template, directly linked to application data. | ✓ Standard |
| 7 | In-App Contract Signing | Clients can review, request revisions of, and digitally sign the contract and quote without leaving the portal. | ✓ Standard |
| 8 | Contract Revision & Version History | Full revision tracking with version history, audit trail of changes, and revision requests between the certification body and client. | ✓ Standard |
| 9 | PDF Export | Export signed contracts and quotes as PDF directly from the application. | ✓ Standard |
| 10 | Client Application Portal | Dedicated client-facing intake form verified via OTP. Client can submit details about their company, specify availability and preferred or blocked weeks, and sign contract. | ✓ Standard |
| 11 | Multi-Language Client Portal | The client portal supports language switching to accommodate international clients. | ✓ Standard |
| 12 | Secure Link Management | Application links use expiring tokens. A certification body can extend link validity. Clients can request a new link via email verification after expiry. | ✓ Standard |
| 13 | Draft Revert | Revert a submitted application back to draft so the client can amend data (e.g. add locations, standards, employees). Previously entered data is retained. | ✓ Standard |
| 14 | Deal Status Management | Mark deals as lost or reactivate them. Permanently delete applications as required. | ✓ Standard |
### Module 2 — Audits: Planning
#### Auditor Assignment & Audit Plan Generation
All pre-audit logistics: sourcing auditors, building the team, and generating the detailed audit plan.
| # | Function / Feature | Description | Tier |
| - | ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- |
| 1 | Audit Overview | Dashboard of all upcoming, ongoing, and completed audits with key metadata and quick access. | ✓ Standard |
| 2 | Certification Plan | High-level view of the full certification cycle. Manages which standards, locations, and controls are in or out of scope across all audit stages. | ✓ Standard |
| 3 | Audit Listing (Auditor Marketplace) | Publish an audit to the internal or external auditor network so auditors can indicate availability and interest in participating. | ✓ Standard |
| 4 | Auditor Assignment | View availability, qualifications, and conflicts of interest. Assign auditors in defined roles: Lead Auditor, Auditor, Technical Expert, and others. | ✓ Standard |
| 5 | Audit Plan Generation | Automatic generation of a detailed day-by-day audit plan based on template, clauses/controls, auditor assignments, locations, working hours, lunch breaks, and rounding preferences. | ✓ Standard |
| 6 | Multi-Stage & Multi-Standard Planning | Supports Stage 1 and Stage 2 audits, surveillance, recertification, and other audit types as defined in the certification plan. | ✓ Standard |
| 7 | Plan Editing & Bulk Edits | Full manual editing of the generated audit plan. Bulk edit capabilities with validation checks for gaps, overlaps, and maximum daily audit hours. | ✓ Standard |
| 8 | Calendar & Table View | View the audit plan in a table or interactive calendar format. Export to Excel. | ✓ Standard |
### Module 3 — Audits: Execution
#### Evidence Collection & Fieldwork
Conducting the audit itself — document management, evidence collection, findings recording, and AI-assisted guidance.
| # | Function / Feature | Description | Tier |
| - | ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Document Upload & Management | Upload client-submitted documents. Categorise by type, add name, publication date, and version number. | ✓ Standard |
| 2 | Third-Party Source Integration | Connect external sources (e.g. Confluence, compliance platforms) to automatically fetch documents into ISO OS. | ✓ Standard |
| 3 | Audit Execution Interface | Timeline-based execution interface aligned with the audit plan. Full clause and control structure visible with status indicators. | ✓ Standard |
| 4 | Findings & Evidence Management | Attach evidence, add audit notes, and set conformity status (conformity, nonconformity, opportunity for improvement, etc.) for each clause and control. | ✓ Standard |
| 5 | Expected Evidence & Key Questions | Pre-configured guidance per clause: expected evidence, key questions, and auditor notes to streamline fieldwork. | ✓ Standard |
| 6 | AI Readiness Check | AI-powered pre-audit document check. Analyses uploaded documents and flags missing policies or evidence before fieldwork begins. | ⬡ AI |
| 7 | AI Auditor Guidance (Stage-1 Agent) | AI assistant that processes all uploaded evidence, suggests findings, proposes audit questions for gaps, and recommends evidence attachments per clause and control. | ⬡ AI |
### Module 4 — Audits: Reporting
#### Document Generation, Signing & Certificate Issuance
Generating, reviewing, signing, and distributing all audit documents and certificates.
| # | Function / Feature | Description | Tier |
| - | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- |
| 1 | Document Generation | Pre-fill report forms with organisational and audit data. Auditor reviews, adjusts, and generates the final document. | ✓ Standard |
| 2 | Approval Workflow | Configurable approval cycles (e.g. lead auditor and reviewer sign-off) before final document generation. Full audit trail of approvals. | ✓ Standard |
| 3 | Document Preview & Download | Preview generated documents in-app and download as formatted files. | ✓ Standard |
| 4 | Client Signing Portal | Clients access a secure portal to view, sign, annotate, and process all audit documents without the certification body sending files externally. | ✓ Standard |
| 5 | Audit Report (Auto-Generated) | A comprehensive audit report is automatically generated from execution findings, nonconformities, and evidence collected during the audit. | ✓ Standard |
| 6 | Nonconformity Management | Track open nonconformities, assign corrective action deadlines, and link closures to evidence within the platform. | ✓ Standard |
| 7 | Custom Certificate Issuance | Generate a branded certificate matching the certification body's design. Configurable to exact specifications. | ✓ Standard |
| 8 | QR Code & Registry Verification | Generate QR codes and verification links (e.g. IAF database) embedded in certificates for real-time public verification. | ✓ Standard |
### Module 5 — Auditors
#### Auditor CRM & Credential Management
Centralised auditor relationship management: onboarding, profile management, qualification tracking, and access control.
| # | Function / Feature | Description | Tier |
| - | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Auditor Profile Management | Create and maintain detailed auditor profiles including sector codes, technical codes, industry focus, certifications held, and languages spoken. | ✓ Standard |
| 2 | Auditor Invitation & Onboarding | Invite auditors by email. Auditors activate their account via invitation link and complete their own profile setup. | ✓ Standard |
| 3 | Document & Credential Verification | Auditors upload qualification documents. Certification body manually reviews and approves each auditor. | ✓ Standard |
| 4 | Access Control per Audit | Define each auditor's access level per audit: Viewer, Auditor, or Lead Auditor. | ✓ Standard |
| 5 | Activate / Deactivate Auditors | Enable or disable auditor access to the platform as required. | ✓ Standard |
### Module 6 — Consultants
#### Partner Portal & Referral Management
Manage consulting partner companies that refer clients and assist with the application process on their behalf.
| # | Function / Feature | Description | Tier |
| - | --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Consultancy Management | Add and manage consulting companies and their associated client relationships. | ✓ Standard |
| 2 | Authorised Email Management | Define which email addresses within a consultancy are permitted to create and submit applications on behalf of clients. | ✓ Standard |
| 3 | Consultant Portal Access | Consultants log in via a dedicated portal using their authorised email, create applications, share them with clients, and submit completed applications. | ✓ Standard |
| 4 | Application Volume Tracking | Track and view the number of applications submitted by each consultancy partner. | ✓ Standard |
| 5 | Activate / Deactivate Consultants | Enable or disable individual consultant access at any time. | ✓ Standard |
### Module 7 — Clients
#### Client CRM
Complete client relationship management with full audit history, billing, contracts, certificates, and contact records.
| # | Function / Feature | Description | Tier |
| - | ------------------------------ | ----------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Client Profile & History | Full client profile with all audit orders, history, and linked certification cycle information. | ✓ Standard |
| 2 | Billing & Financial Records | Billing information, payment history, and financial documents accessible per client. | ✓ Standard |
| 3 | Contract & Document Repository | All contracts, quotes, and generated audit documents linked to and accessible from the client record. | ✓ Standard |
| 4 | Certificate Overview | View all issued certificates per client with validity periods and associated audit records. | ✓ Standard |
| 5 | Contact Management | Manage multiple contacts per client organisation with roles and contact details. | ✓ Standard |
### Module 8 — Analytics
#### Business Intelligence & Performance Monitoring
Business intelligence and performance monitoring across the certification body's operations.
| # | Function / Feature | Description | Tier |
| - | ----------------------------------- | ------------------------------------------------------------------------------------------------------------ | ---------- |
| 1 | Audit Volume & Activity | Monitor audit activity over time with lifetime and monthly views. Track open, ongoing, and completed audits. | ✓ Standard |
| 2 | Standards & Certification Analytics | Breakdown of audits by ISO standard, certification type, and scheme. | ✓ Standard |
| 3 | Revenue & Financial Analytics | Revenue tracking, billing summaries, and financial performance indicators. | ✓ Standard |
| 4 | Conversion Analytics | Sales funnel analysis from application submissions through to signed contracts and completed certifications. | ✓ Standard |
| 5 | Efficiency Metrics | Operational efficiency indicators including audit duration, planning time, and document turnaround. | ✓ Standard |
| 6 | Consultancy Analytics | Track and compare referral and application volumes per consultancy partner. | ✓ Standard |
### Module 9 — Configuration: Organisation Profile
#### Branding, Signatories & Operational Defaults
Central settings for the certification body's identity, branding, and operational defaults.
| # | Function / Feature | Description | Tier |
| - | ------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Organisational Details | Company name, registration details, address, and official organisational information. | ✓ Standard |
| 2 | Branding & Whitelabelling | Upload logos and configure brand colours used across client-facing portals, documents, and communications. | ✓ Standard |
| 3 | Authorised Signatories | Register authorised signatories and their signature images for use on contracts, reports, and certificates. | ✓ Standard |
| 4 | Operational Defaults | Configure default currency, time zones, support contacts, and system-wide defaults. | ✓ Standard |
### Module 10 — Configuration: ISO Standards & Rates
#### Standard Portfolio & Fee Management
Manage the portfolio of offered certification standards and all associated financial and accreditation settings.
| # | Function / Feature | Description | Tier |
| - | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Standard Management | Add, activate, and deactivate ISO standards. Active standards are selectable in the client application form. | ✓ Standard |
| 2 | Audit Type Configuration | Define which audit types are available per standard: initial certification, surveillance, recertification, transfer audit, and others. | ✓ Standard |
| 3 | Fee & Rate Configuration | Set audit day fees, registration fees, and default or promotional discounts per standard and currency. | ✓ Standard |
| 4 | Auditor Payment Rates | Define payment rates by auditor role: Lead Auditor, Auditor, Technical Expert, and others. | ✓ Standard |
| 5 | Accreditation Details | Store accreditation numbers, validity dates, accreditation body links, and related documentation per standard. | ✓ Standard |
### Module 11 — Configuration: Audit Plan Templates
#### Session Structure & Effort Allocation
Define the structure and time allocation for audit sessions by ISO standard to enable automated plan generation.
| # | Function / Feature | Description | Tier |
| - | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Session Template Builder | Define audit sessions per ISO standard (e.g. opening meeting, HR review, access control review) with associated clauses, controls, and story-point effort allocations. | ✓ Standard |
| 2 | Fixed & Scaled Sessions | Set sessions to a fixed duration or scaled proportionally to total audit days using story points. | ✓ Standard |
| 3 | Multiple Templates per Standard | Create multiple plan templates per ISO standard selectable during audit planning. | ✓ Standard |
### Module 12 — Configuration: Execution Configuration
#### Rating Scales, Clause Guidance & AI Training
Customise the audit execution environment: rating scales, clause-level guidance, and AI assistant configuration.
| # | Function / Feature | Description | Tier |
| - | ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Custom Rating Scale | Define the conformity rating scale used during execution (e.g. conformity, minor nonconformity, major nonconformity, opportunity for improvement) per standard or globally. | ✓ Standard |
| 2 | Clause & Control Configuration | For each clause and control, configure expected evidence, key questions, audit phase mapping, and rating criteria. | ✓ Standard |
| 3 | AI Assistant Configuration | Clause-level expectations and evidence requirements feed directly into the AI assistant to enable automated evidence analysis and rating suggestions. | ⬡ AI |
### Module 13 — Configuration: User Management
#### Roles, Permissions & User Lifecycle
Manage internal team users, roles, permissions, and access across the ISO OS platform.
| # | Function / Feature | Description | Tier |
| - | ---------------------------------- | --------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Role Management | Create custom roles with granular permission assignments across modules, sub-modules, and individual functions. | ✓ Standard |
| 2 | Default Role Templates | Load pre-configured permission sets as a starting point. Fully editable by the certification body. | ✓ Standard |
| 3 | Role-Based Access Control (RBAC) | Assign one or more roles to each user to govern their access across the platform. | ✓ Standard |
| 4 | Discretionary Access Control (DAC) | Override or fully customise permissions at the individual user level, independent of assigned roles. | ✓ Standard |
| 5 | User Invitation & Onboarding | Invite users by email. Users activate via invitation link and complete profile setup. | ✓ Standard |
| 6 | User Lifecycle Management | Activate, deactivate, and reactivate users. Resend invitations. Reset passwords. | ✓ Standard |
| 7 | User Activity Logs | Full activity log per user with timestamps, IP addresses, and action records. Exportable as CSV. | ✓ Standard |
### Module 14 — Security & Platform
#### Authentication, Encryption & Data Residency
Platform-wide security controls and authentication mechanisms.
| # | Function / Feature | Description | Tier |
| - | ------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Two-Factor Authentication (2FA) | All users authenticate with password plus a one-time password (OTP) delivered by email. | ✓ Standard |
| 2 | Automatic Session Expiry | Users are automatically logged out after inactivity or when access is detected from a new IP address. | ✓ Standard |
| 3 | Data Encryption | All data encrypted in transit and at rest using industry-standard protocols. | ✓ Standard |
| 4 | EU Data Residency | Data stored within the European Union to support GDPR and data sovereignty requirements. | ✓ Standard |
| 5 | Comprehensive Audit Logs | Platform-wide action logging for oversight, compliance, and security monitoring. | ✓ Standard |
## Advanced Modules
Advanced modules are optional add-ons. Inclusion in the contract is subject to separate agreement and pricing. AI-tagged functions require the Advanced tier.
### Advanced Module A1 — AI Readiness Check
#### Pre-Audit Document Gap Analysis
Pre-audit AI agent that reviews all uploaded client documents and flags missing or insufficient evidence before fieldwork begins.
| # | Function / Feature | Description | Tier |
| - | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ---- |
| 1 | Document Gap Analysis | Automatically scans all uploaded documents against required evidence and policies per standard. Flags missing items. | ⬡ AI |
| 2 | Readiness Report | Generates a structured readiness summary with identified gaps, enabling the certification body to notify the client before the audit. | ⬡ AI |
### Advanced Module A2 — AI Auditor Guidance
#### AI Auditor Assistant & Evidence Analysis
AI assistant embedded in the audit execution interface to accelerate evidence review, question generation, and finding suggestions.
| # | Function / Feature | Description | Tier |
| - | ----------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ---- |
| 1 | Evidence Extraction & Tagging | Processes all uploaded documents and automatically tags relevant content to corresponding clauses and controls. | ⬡ AI |
| 2 | Suggested Audit Questions | Generates targeted audit questions per clause and control based on identified evidence gaps. | ⬡ AI |
| 3 | Automated Finding Suggestions | Suggests conformity ratings and findings per clause and control based on evidence analysis against configured expectations. | ⬡ AI |
### Advanced Module A3 — Phishing Simulator
#### Security Awareness Training
Built-in phishing simulation tool to run security awareness training exercises for clients.
| # | Function / Feature | Description | Tier |
| - | ---------------------------- | --------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Phishing Campaign Management | Design and launch phishing simulation campaigns targeting client employees to test security awareness. | ★ Advanced |
| 2 | Results & Reporting | Track click rates, reporting rates, and employee behaviour. Generate reports for awareness training programmes. | ★ Advanced |
### Advanced Module A4 — KYC / KYB Services
#### Identity & Business Verification
Integrated Know Your Customer and Know Your Business verification services.
| # | Function / Feature | Description | Tier |
| - | --------------------------- | ------------------------------------------------------------------------------------------------------ | ---------- |
| 1 | Identity Verification (KYC) | Digital identity verification for individual contacts, integrated into the client onboarding workflow. | ★ Advanced |
| 2 | Business Verification (KYB) | Corporate entity verification to confirm legitimacy and ownership structure of client organisations. | ★ Advanced |
### Advanced Module A5 — Blockchain Certificate Publishing
#### Immutable, Publicly Verifiable Certification Records
Publish issued ISO certificates to the blockchain for immutable, publicly verifiable proof of certification.
| # | Function / Feature | Description | Tier |
| - | --------------------------- | ---------------------------------------------------------------------------------------------- | ---------- |
| 1 | On-Chain Certificate Record | Issue a cryptographic record of the certificate on the blockchain. Immutable and tamper-proof. | ★ Advanced |
### Advanced Module A6 — Single Sign-On (SSO)
#### Enterprise Identity Federation
Enterprise identity federation allowing users to authenticate via your organisation's existing identity provider.
| # | Function / Feature | Description | Tier |
| - | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | SSO Integration (SAML / OIDC) | Connect ISO OS to your corporate identity provider (e.g. Okta, Azure AD, Google Workspace) using SAML 2.0 or OpenID Connect. | ★ Advanced |
| 2 | Automated User Provisioning | Automatically provision and deprovision user access based on identity provider group membership. | ★ Advanced |
### Advanced Module A7 — Self-Hosted Deployment
#### On-Premises & Private Cloud
Deploy ISO OS on your own infrastructure for maximum data control and sovereignty.
| # | Function / Feature | Description | Tier |
| - | -------------------------------------- | ----------------------------------------------------------------------------------------------- | ---------- |
| 1 | On-Premises / Private Cloud Deployment | Full deployment of ISO OS on the certification body's own servers or private cloud environment. | ★ Advanced |
| 2 | Dedicated Support & Maintenance | Dedicated technical support, update management, and SLA package for self-hosted instances. | ★ Advanced |
### Advanced Module A8 — Custom Development & Integrations
#### Bespoke Features & White-Label Configuration
Bespoke features, custom integrations, and tailored configurations developed specifically for the certification body.
| # | Function / Feature | Description | Tier |
| - | ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Custom API Integrations | Connect ISO OS to third-party systems (ERP, HRMS, billing, compliance tools) via custom API development. | ★ Advanced |
| 2 | Custom Document Templates | Design and implement fully customised document templates aligned with the certification body's brand and legal requirements. | ★ Advanced |
| 3 | Custom Workflow Development | Development of tailored workflows, approval chains, or features specific to the certification body's operational needs. | ★ Advanced |
| 4 | Full White-Label Configuration | Custom domain, custom email domain, and removal of AuditOne branding. Full white-label deployment. | ★ Advanced |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.auditone.io/iso-os.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.