# ISO OS: Audit Management System for Certification Bodies
The AuditOne ISO OS is a specialized ERP solution engineered specifically for Certification Bodies (CBs). Our platform is designed to automate the high-volume, non-judgmental phases of the ISO audit lifecycle, ensuring your technical experts can dedicate their focus to high-level risk assessment and quality-driven decision-making.
Unlike generic project management tools, AuditOne is built with deep-coded adherence to IAF Mandatory Documents (MD) and ISO/IEC 17021-1 requirements. We provide the structural framework necessary to maintain your Accreditation Status while scaling operations:
* IAF MD Guidelines Integration: Automated workflows for audit duration calculations (MD 5), multi-site sampling (MD 1), and competence management (MD 7).
* End-to-End Audit Lifecycle Automation: From initial Application Review and Contract Review to Stage 1/Stage 2 Planning, and final Certification Decision workflows.
* Integrated Management System (IMS) Support: Seamlessly manage complex, multi-standard audits with unified Audit Evidence collection.
All Standard modules and functions are included in every ISO OS subscription unless otherwise agreed in writing.
## Modules
### Module 1 — Applications
#### Client Onboarding & Sales
End-to-end intake flow from first client contact through signed contract. Covers the full sales and onboarding cycle.
| # | Function / Feature | Description | Tier |
| -- | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Application Overview | Centralised dashboard of all incoming and active applications with status tracking, filtering, and quick navigation. | ✓ Standard |
| 2 | Audit Day & Duration Calculation | Automated calculation of required audit days based on employee count, number of locations, applicable standards, complexity factors, and adjustable overrides. Supports multi-site and multi-standard audits. | ✓ Standard |
| 3 | Availability Scheduling | Auditee availability and duration planning. Clients can select which weeks they are available for an audit. | ✓ Standard |
| 4 | Pricing & Offer Calculation | Automated price calculation based on audit days, registration fees, auditor rates, and configurable discounts. Supports multi-stage inclusions and exclusions. | ✓ Standard |
| 5 | Quote Generation | Automatic generation of a quote document from a certification body-provided template, shareable directly from the application. | ✓ Standard |
| 6 | Contract Generation | Automatic generation of the client contract from a certification body-provided template, directly linked to application data. | ✓ Standard |
| 7 | In-App Contract Signing | Clients can review, request revisions of, and digitally sign the contract and quote without leaving the portal. | ✓ Standard |
| 8 | Contract Revision & Version History | Full revision tracking with version history, audit trail of changes, and revision requests between the certification body and client. | ✓ Standard |
| 9 | PDF Export | Export signed contracts and quotes as PDF directly from the application. | ✓ Standard |
| 10 | Client Application Portal | Dedicated client-facing intake form verified via OTP. Client can submit details about their company, specify availability and preferred or blocked weeks, and sign contract. | ✓ Standard |
| 11 | Multi-Language Client Portal | The client portal supports language switching to accommodate international clients. | ✓ Standard |
| 12 | Secure Link Management | Application links use expiring tokens. A certification body can extend link validity. Clients can request a new link via email verification after expiry. | ✓ Standard |
| 13 | Draft Revert | Revert a submitted application back to draft so the client can amend data (e.g. add locations, standards, employees). Previously entered data is retained. | ✓ Standard |
| 14 | Deal Status Management | Mark deals as lost or reactivate them. Permanently delete applications as required. | ✓ Standard |
### Module 2 — Audits: Planning
#### Auditor Assignment & Audit Plan Generation
All pre-audit logistics: sourcing auditors, building the team, and generating the detailed audit plan.
| # | Function / Feature | Description | Tier |
| - | ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- |
| 1 | Audit Overview | Dashboard of all upcoming, ongoing, and completed audits with key metadata and quick access. | ✓ Standard |
| 2 | Certification Plan | High-level view of the full certification cycle. Manages which standards, locations, and controls are in or out of scope across all audit stages. | ✓ Standard |
| 3 | Audit Listing (Auditor Marketplace) | Publish an audit to the internal or external auditor network so auditors can indicate availability and interest in participating. | ✓ Standard |
| 4 | Auditor Assignment | View availability, qualifications, and conflicts of interest. Assign auditors in defined roles: Lead Auditor, Auditor, Technical Expert, and others. | ✓ Standard |
| 5 | Audit Plan Generation | Automatic generation of a detailed day-by-day audit plan based on template, clauses/controls, auditor assignments, locations, working hours, lunch breaks, and rounding preferences. | ✓ Standard |
| 6 | Multi-Stage & Multi-Standard Planning | Supports Stage 1 and Stage 2 audits, surveillance, recertification, and other audit types as defined in the certification plan. | ✓ Standard |
| 7 | Plan Editing & Bulk Edits | Full manual editing of the generated audit plan. Bulk edit capabilities with validation checks for gaps, overlaps, and maximum daily audit hours. | ✓ Standard |
| 8 | Calendar & Table View | View the audit plan in a table or interactive calendar format. Export to Excel. | ✓ Standard |
### Module 3 — Audits: Execution
#### Evidence Collection & Fieldwork
Conducting the audit itself — document management, evidence collection, findings recording, and AI-assisted guidance.
| # | Function / Feature | Description | Tier |
| - | ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Document Upload & Management | Upload client-submitted documents. Categorise by type, add name, publication date, and version number. | ✓ Standard |
| 2 | Third-Party Source Integration | Connect external sources (e.g. Confluence, compliance platforms) to automatically fetch documents into ISO OS. | ✓ Standard |
| 3 | Audit Execution Interface | Timeline-based execution interface aligned with the audit plan. Full clause and control structure visible with status indicators. | ✓ Standard |
| 4 | Findings & Evidence Management | Attach evidence, add audit notes, and set conformity status (conformity, nonconformity, opportunity for improvement, etc.) for each clause and control. | ✓ Standard |
| 5 | Expected Evidence & Key Questions | Pre-configured guidance per clause: expected evidence, key questions, and auditor notes to streamline fieldwork. | ✓ Standard |
| 6 | AI Readiness Check | AI-powered pre-audit document check. Analyses uploaded documents and flags missing policies or evidence before fieldwork begins. | ⬡ AI |
| 7 | AI Auditor Guidance (Stage-1 Agent) | AI assistant that processes all uploaded evidence, suggests findings, proposes audit questions for gaps, and recommends evidence attachments per clause and control. | ⬡ AI |
### Module 4 — Audits: Reporting
#### Document Generation, Signing & Certificate Issuance
Generating, reviewing, signing, and distributing all audit documents and certificates.
| # | Function / Feature | Description | Tier |
| - | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- |
| 1 | Document Generation | Pre-fill report forms with organisational and audit data. Auditor reviews, adjusts, and generates the final document. | ✓ Standard |
| 2 | Approval Workflow | Configurable approval cycles (e.g. lead auditor and reviewer sign-off) before final document generation. Full audit trail of approvals. | ✓ Standard |
| 3 | Document Preview & Download | Preview generated documents in-app and download as formatted files. | ✓ Standard |
| 4 | Client Signing Portal | Clients access a secure portal to view, sign, annotate, and process all audit documents without the certification body sending files externally. | ✓ Standard |
| 5 | Audit Report (Auto-Generated) | A comprehensive audit report is automatically generated from execution findings, nonconformities, and evidence collected during the audit. | ✓ Standard |
| 6 | Nonconformity Management | Track open nonconformities, assign corrective action deadlines, and link closures to evidence within the platform. | ✓ Standard |
| 7 | Custom Certificate Issuance | Generate a branded certificate matching the certification body's design. Configurable to exact specifications. | ✓ Standard |
| 8 | QR Code & Registry Verification | Generate QR codes and verification links (e.g. IAF database) embedded in certificates for real-time public verification. | ✓ Standard |
### Module 5 — Auditors
#### Auditor CRM & Credential Management
Centralised auditor relationship management: onboarding, profile management, qualification tracking, and access control.
| # | Function / Feature | Description | Tier |
| - | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Auditor Profile Management | Create and maintain detailed auditor profiles including sector codes, technical codes, industry focus, certifications held, and languages spoken. | ✓ Standard |
| 2 | Auditor Invitation & Onboarding | Invite auditors by email. Auditors activate their account via invitation link and complete their own profile setup. | ✓ Standard |
| 3 | Document & Credential Verification | Auditors upload qualification documents. Certification body manually reviews and approves each auditor. | ✓ Standard |
| 4 | Access Control per Audit | Define each auditor's access level per audit: Viewer, Auditor, or Lead Auditor. | ✓ Standard |
| 5 | Activate / Deactivate Auditors | Enable or disable auditor access to the platform as required. | ✓ Standard |
### Module 6 — Consultants
#### Partner Portal & Referral Management
Manage consulting partner companies that refer clients and assist with the application process on their behalf.
| # | Function / Feature | Description | Tier |
| - | --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Consultancy Management | Add and manage consulting companies and their associated client relationships. | ✓ Standard |
| 2 | Authorised Email Management | Define which email addresses within a consultancy are permitted to create and submit applications on behalf of clients. | ✓ Standard |
| 3 | Consultant Portal Access | Consultants log in via a dedicated portal using their authorised email, create applications, share them with clients, and submit completed applications. | ✓ Standard |
| 4 | Application Volume Tracking | Track and view the number of applications submitted by each consultancy partner. | ✓ Standard |
| 5 | Activate / Deactivate Consultants | Enable or disable individual consultant access at any time. | ✓ Standard |
### Module 7 — Clients
#### Client CRM
Complete client relationship management with full audit history, billing, contracts, certificates, and contact records.
| # | Function / Feature | Description | Tier |
| - | ------------------------------ | ----------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Client Profile & History | Full client profile with all audit orders, history, and linked certification cycle information. | ✓ Standard |
| 2 | Billing & Financial Records | Billing information, payment history, and financial documents accessible per client. | ✓ Standard |
| 3 | Contract & Document Repository | All contracts, quotes, and generated audit documents linked to and accessible from the client record. | ✓ Standard |
| 4 | Certificate Overview | View all issued certificates per client with validity periods and associated audit records. | ✓ Standard |
| 5 | Contact Management | Manage multiple contacts per client organisation with roles and contact details. | ✓ Standard |
### Module 8 — Analytics
#### Business Intelligence & Performance Monitoring
Business intelligence and performance monitoring across the certification body's operations.
| # | Function / Feature | Description | Tier |
| - | ----------------------------------- | ------------------------------------------------------------------------------------------------------------ | ---------- |
| 1 | Audit Volume & Activity | Monitor audit activity over time with lifetime and monthly views. Track open, ongoing, and completed audits. | ✓ Standard |
| 2 | Standards & Certification Analytics | Breakdown of audits by ISO standard, certification type, and scheme. | ✓ Standard |
| 3 | Revenue & Financial Analytics | Revenue tracking, billing summaries, and financial performance indicators. | ✓ Standard |
| 4 | Conversion Analytics | Sales funnel analysis from application submissions through to signed contracts and completed certifications. | ✓ Standard |
| 5 | Efficiency Metrics | Operational efficiency indicators including audit duration, planning time, and document turnaround. | ✓ Standard |
| 6 | Consultancy Analytics | Track and compare referral and application volumes per consultancy partner. | ✓ Standard |
### Module 9 — Configuration: Organisation Profile
#### Branding, Signatories & Operational Defaults
Central settings for the certification body's identity, branding, and operational defaults.
| # | Function / Feature | Description | Tier |
| - | ------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Organisational Details | Company name, registration details, address, and official organisational information. | ✓ Standard |
| 2 | Branding & Whitelabelling | Upload logos and configure brand colours used across client-facing portals, documents, and communications. | ✓ Standard |
| 3 | Authorised Signatories | Register authorised signatories and their signature images for use on contracts, reports, and certificates. | ✓ Standard |
| 4 | Operational Defaults | Configure default currency, time zones, support contacts, and system-wide defaults. | ✓ Standard |
### Module 10 — Configuration: ISO Standards & Rates
#### Standard Portfolio & Fee Management
Manage the portfolio of offered certification standards and all associated financial and accreditation settings.
| # | Function / Feature | Description | Tier |
| - | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Standard Management | Add, activate, and deactivate ISO standards. Active standards are selectable in the client application form. | ✓ Standard |
| 2 | Audit Type Configuration | Define which audit types are available per standard: initial certification, surveillance, recertification, transfer audit, and others. | ✓ Standard |
| 3 | Fee & Rate Configuration | Set audit day fees, registration fees, and default or promotional discounts per standard and currency. | ✓ Standard |
| 4 | Auditor Payment Rates | Define payment rates by auditor role: Lead Auditor, Auditor, Technical Expert, and others. | ✓ Standard |
| 5 | Accreditation Details | Store accreditation numbers, validity dates, accreditation body links, and related documentation per standard. | ✓ Standard |
### Module 11 — Configuration: Audit Plan Templates
#### Session Structure & Effort Allocation
Define the structure and time allocation for audit sessions by ISO standard to enable automated plan generation.
| # | Function / Feature | Description | Tier |
| - | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Session Template Builder | Define audit sessions per ISO standard (e.g. opening meeting, HR review, access control review) with associated clauses, controls, and story-point effort allocations. | ✓ Standard |
| 2 | Fixed & Scaled Sessions | Set sessions to a fixed duration or scaled proportionally to total audit days using story points. | ✓ Standard |
| 3 | Multiple Templates per Standard | Create multiple plan templates per ISO standard selectable during audit planning. | ✓ Standard |
### Module 12 — Configuration: Execution Configuration
#### Rating Scales, Clause Guidance & AI Training
Customise the audit execution environment: rating scales, clause-level guidance, and AI assistant configuration.
| # | Function / Feature | Description | Tier |
| - | ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Custom Rating Scale | Define the conformity rating scale used during execution (e.g. conformity, minor nonconformity, major nonconformity, opportunity for improvement) per standard or globally. | ✓ Standard |
| 2 | Clause & Control Configuration | For each clause and control, configure expected evidence, key questions, audit phase mapping, and rating criteria. | ✓ Standard |
| 3 | AI Assistant Configuration | Clause-level expectations and evidence requirements feed directly into the AI assistant to enable automated evidence analysis and rating suggestions. | ⬡ AI |
### Module 13 — Configuration: User Management
#### Roles, Permissions & User Lifecycle
Manage internal team users, roles, permissions, and access across the ISO OS platform.
| # | Function / Feature | Description | Tier |
| - | ---------------------------------- | --------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Role Management | Create custom roles with granular permission assignments across modules, sub-modules, and individual functions. | ✓ Standard |
| 2 | Default Role Templates | Load pre-configured permission sets as a starting point. Fully editable by the certification body. | ✓ Standard |
| 3 | Role-Based Access Control (RBAC) | Assign one or more roles to each user to govern their access across the platform. | ✓ Standard |
| 4 | Discretionary Access Control (DAC) | Override or fully customise permissions at the individual user level, independent of assigned roles. | ✓ Standard |
| 5 | User Invitation & Onboarding | Invite users by email. Users activate via invitation link and complete profile setup. | ✓ Standard |
| 6 | User Lifecycle Management | Activate, deactivate, and reactivate users. Resend invitations. Reset passwords. | ✓ Standard |
| 7 | User Activity Logs | Full activity log per user with timestamps, IP addresses, and action records. Exportable as CSV. | ✓ Standard |
### Module 14 — Security & Platform
#### Authentication, Encryption & Data Residency
Platform-wide security controls and authentication mechanisms.
| # | Function / Feature | Description | Tier |
| - | ------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Two-Factor Authentication (2FA) | All users authenticate with password plus a one-time password (OTP) delivered by email. | ✓ Standard |
| 2 | Automatic Session Expiry | Users are automatically logged out after inactivity or when access is detected from a new IP address. | ✓ Standard |
| 3 | Data Encryption | All data encrypted in transit and at rest using industry-standard protocols. | ✓ Standard |
| 4 | EU Data Residency | Data stored within the European Union to support GDPR and data sovereignty requirements. | ✓ Standard |
| 5 | Comprehensive Audit Logs | Platform-wide action logging for oversight, compliance, and security monitoring. | ✓ Standard |
## Advanced Modules
Advanced modules are optional add-ons. Inclusion in the contract is subject to separate agreement and pricing. AI-tagged functions require the Advanced tier.
### Advanced Module A1 — AI Readiness Check
#### Pre-Audit Document Gap Analysis
Pre-audit AI agent that reviews all uploaded client documents and flags missing or insufficient evidence before fieldwork begins.
| # | Function / Feature | Description | Tier |
| - | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ---- |
| 1 | Document Gap Analysis | Automatically scans all uploaded documents against required evidence and policies per standard. Flags missing items. | ⬡ AI |
| 2 | Readiness Report | Generates a structured readiness summary with identified gaps, enabling the certification body to notify the client before the audit. | ⬡ AI |
### Advanced Module A2 — AI Auditor Guidance
#### AI Auditor Assistant & Evidence Analysis
AI assistant embedded in the audit execution interface to accelerate evidence review, question generation, and finding suggestions.
| # | Function / Feature | Description | Tier |
| - | ----------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ---- |
| 1 | Evidence Extraction & Tagging | Processes all uploaded documents and automatically tags relevant content to corresponding clauses and controls. | ⬡ AI |
| 2 | Suggested Audit Questions | Generates targeted audit questions per clause and control based on identified evidence gaps. | ⬡ AI |
| 3 | Automated Finding Suggestions | Suggests conformity ratings and findings per clause and control based on evidence analysis against configured expectations. | ⬡ AI |
### Advanced Module A3 — Phishing Simulator
#### Security Awareness Training
Built-in phishing simulation tool to run security awareness training exercises for clients.
| # | Function / Feature | Description | Tier |
| - | ---------------------------- | --------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Phishing Campaign Management | Design and launch phishing simulation campaigns targeting client employees to test security awareness. | ★ Advanced |
| 2 | Results & Reporting | Track click rates, reporting rates, and employee behaviour. Generate reports for awareness training programmes. | ★ Advanced |
### Advanced Module A4 — KYC / KYB Services
#### Identity & Business Verification
Integrated Know Your Customer and Know Your Business verification services.
| # | Function / Feature | Description | Tier |
| - | --------------------------- | ------------------------------------------------------------------------------------------------------ | ---------- |
| 1 | Identity Verification (KYC) | Digital identity verification for individual contacts, integrated into the client onboarding workflow. | ★ Advanced |
| 2 | Business Verification (KYB) | Corporate entity verification to confirm legitimacy and ownership structure of client organisations. | ★ Advanced |
### Advanced Module A5 — Blockchain Certificate Publishing
#### Immutable, Publicly Verifiable Certification Records
Publish issued ISO certificates to the blockchain for immutable, publicly verifiable proof of certification.
| # | Function / Feature | Description | Tier |
| - | --------------------------- | ---------------------------------------------------------------------------------------------- | ---------- |
| 1 | On-Chain Certificate Record | Issue a cryptographic record of the certificate on the blockchain. Immutable and tamper-proof. | ★ Advanced |
### Advanced Module A6 — Single Sign-On (SSO)
#### Enterprise Identity Federation
Enterprise identity federation allowing users to authenticate via your organisation's existing identity provider.
| # | Function / Feature | Description | Tier |
| - | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | SSO Integration (SAML / OIDC) | Connect ISO OS to your corporate identity provider (e.g. Okta, Azure AD, Google Workspace) using SAML 2.0 or OpenID Connect. | ★ Advanced |
| 2 | Automated User Provisioning | Automatically provision and deprovision user access based on identity provider group membership. | ★ Advanced |
### Advanced Module A7 — Self-Hosted Deployment
#### On-Premises & Private Cloud
Deploy ISO OS on your own infrastructure for maximum data control and sovereignty.
| # | Function / Feature | Description | Tier |
| - | -------------------------------------- | ----------------------------------------------------------------------------------------------- | ---------- |
| 1 | On-Premises / Private Cloud Deployment | Full deployment of ISO OS on the certification body's own servers or private cloud environment. | ★ Advanced |
| 2 | Dedicated Support & Maintenance | Dedicated technical support, update management, and SLA package for self-hosted instances. | ★ Advanced |
### Advanced Module A8 — Custom Development & Integrations
#### Bespoke Features & White-Label Configuration
Bespoke features, custom integrations, and tailored configurations developed specifically for the certification body.
| # | Function / Feature | Description | Tier |
| - | ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | ---------- |
| 1 | Custom API Integrations | Connect ISO OS to third-party systems (ERP, HRMS, billing, compliance tools) via custom API development. | ★ Advanced |
| 2 | Custom Document Templates | Design and implement fully customised document templates aligned with the certification body's brand and legal requirements. | ★ Advanced |
| 3 | Custom Workflow Development | Development of tailored workflows, approval chains, or features specific to the certification body's operational needs. | ★ Advanced |
| 4 | Full White-Label Configuration | Custom domain, custom email domain, and removal of AuditOne branding. Full white-label deployment. | ★ Advanced |