ISO 9001 & ISO 45001 Audit Preparation Ireland

ISO Standards and Irish Legislation

ISO 9001:2015 (Quality Management Systems - Requirements) is the international standard for quality management. It gives organisations a framework for consistently meeting customer and regulatory requirements. Certification shows a commitment to quality and continual improvement.

ISO 45001:2018 (Occupational Health and Safety Management Systems - Requirements with Guidance for Use) is the international standard for safety management. It helps organisations manage health and safety risks, prevent work-related injury and ill health, and provide safe workplaces.

In Ireland, ISO 45001 sits alongside the Safety, Health and Welfare at Work Act 2005 and its regulations. They set the statutory baseline for workplace safety. In plain terms: the Act applies whether or not you certify, and a properly built ISO 45001 system keeps you compliant with it.

Both standards share the High Level Structure (HLS) common to ISO management system standards. That makes it straightforward to run ISO 9001 and ISO 45001 as one integrated system. Phoenix STS has extensive experience building integrated systems.

Professional indemnity (PI) insurance covers all our ISO audit preparation work. Our advice is expert and insured throughout your certification journey.

Current ISO status for 2026 planning

As of April 2026, ISO 9001:2015 remains the published edition. It includes ISO 9001:2015/Amd 1:2024, the climate action amendment. A new edition (ISO/FDIS 9001) will replace it once finalised. ISO 45001:2018 also remains current. It includes ISO 45001:2018/Amd 1:2024, and a revision is under development. Before an audit, check your certificate scope, the amendment requirements and any transition plans once a new edition is formally published.

Preparing for ISO 9001:2015 Certification

ISO 9001:2015 certification takes more than a folder of procedures. The standard centres on a quality management system (QMS) that is genuinely embedded in how you operate. A parallel paper system built only for audit will not pass. Start with an honest look at current practice, and fix gaps rather than disguise them.

A gap analysis against the ISO 9001:2015 clauses is the logical starting point. We compare your processes, documents and practice against each clause. Common gaps include:

• no formal quality policy
• unclear process ownership
• thin records of management review
• no systematic way of identifying risks and opportunities

Documentation demands are lighter than in earlier versions of the standard. A quality manual is no longer mandatory, although many organisations keep one. You must document the quality policy, the quality objectives, the QMS scope, and any process where missing documents could cause inconsistency. Keep procedures, work instructions, forms and records in proportion to your size and complexity.

Management commitment sits in Clause 5, and auditors flag it often. Top management must set the quality policy, assign roles, resource the system and take part in management review. Auditors want to see senior leaders engaged with the QMS, not delegating it wholesale to a quality manager.

Risk-based thinking entered the standard in 2015 through Clause 6. You must identify risks and opportunities that could affect the QMS and plan actions to address them. A formal risk management framework is not required. What counts is evidence that risk shapes your planning, decisions and responses to change. Clause 8 then covers operational planning and control. These are the processes that deliver your products and services, with criteria and controls to keep them on track.

Clause 9 covers performance evaluation: monitoring, measurement, analysis and management review. It includes customer satisfaction monitoring and internal audits. Plan the audit programme, use trained auditors and follow up non-conformities with corrective action. Clause 10 closes the loop with continual improvement. Show that audit findings, data and management review outputs drive real improvement in the QMS.

Preparing for ISO 45001:2018 Certification

ISO 45001:2018 sets the requirements for an occupational health and safety (OH&S) management system. For Irish organisations, preparation means aligning current safety practice with the standard's framework. It also means staying compliant with Irish law, mainly the Safety, Health and Welfare at Work Act 2005 and the General Application Regulations 2007. In short: the standard organises what the law already requires of you.

Worker participation and consultation, covered in Clause 5.4, marks ISO 45001 out. Workers at every level must be consulted on safety matters and able to take part in the management system. In Ireland, this lines up with the 2005 Act's rules on safety consultation and safety representatives. Auditors look for genuine, ongoing consultation, not an annual survey or the odd toolbox talk.

Hazard identification and risk assessment, under Clause 6.1.2, must be systematic. Cover routine and non-routine work, everyone with access to the workplace, and the design of work areas and processes. Use one documented method, and review assessments after incidents, legal changes or process changes. Irish organisations must also meet the General Application Regulations, which name specific hazards to assess, including manual handling, display screen equipment and work at height.

Legal and regulatory compliance, under Clause 6.1.3, requires a register of the legal requirements that apply to you, checked at planned intervals. In Ireland, that register must include the 2005 Act and the General Application Regulations. Add any sector rules, such as the Chemical Agents Regulations or Construction Regulations, plus the HSA's codes of practice.

Clause 8 covers operational controls and emergency preparedness. Build processes that remove hazards and reduce OH&S risks. Prepare emergency procedures, test them through drills and make sure workers know what to do. Clause 10 requires structured incident investigation: find root causes and act to stop recurrence.

Integration with existing safety management systems is a practical question for many organisations. ISO 45001 shares the High Level Structure (Annex SL) with ISO 9001 and ISO 14001. If you already hold ISO 9001, moving to an integrated quality and safety system is a natural step. It cuts duplication and improves efficiency.

The Audit Process - What to Expect

Knowing how the certification audit works removes most of the anxiety. The process is structured and predictable. It tests two things: does your system meet the standard, and does it work in practice.

The Stage 1 audit is a documentation review. The certification body reads your management system documents and checks they address every requirement. That includes the scope statement, policy, objectives, risk assessments, procedures and management review records. Stage 1 can happen off-site or on-site. Its purpose is to confirm you are ready for Stage 2. Close any gaps it finds before Stage 2 goes ahead.

The Stage 2 audit is the on-site assessment. Auditors visit your premises, interview staff at all levels, review records and watch processes in action. They cover every clause of the standard. They check conformity (does the system meet the requirements?) and effectiveness (does it work in practice?). Expect one to three days on site, depending on your size and complexity.

Audit findings fall into three groups: major non-conformities, minor non-conformities and observations. A major is a significant failure, such as a missing required process or a critical process being ignored. A minor is a smaller departure that does not undermine the whole system. Observations are improvement suggestions. Majors must be resolved before certification. Minors need a corrective action plan with agreed timelines.

After certification you enter a three-year cycle. Surveillance audits run annually, typically at months 12 and 24, to confirm the system still operates effectively. They are shorter than the first audit and focus on selected areas. At the end of the cycle comes a full recertification audit, similar in scope to the original Stage 2.

The common pitfalls are predictable. Management review records are thin. Corrective actions from earlier audits stay open. Procedures do not match real practice. Evidence of continual improvement is missing. Top management matters here too. Auditors interview senior leaders about their understanding of and commitment to the system, so prepare them for those interviews.

Phoenix STS provides audit preparation support for organisations seeking ISO 9001 and ISO 45001 certification. We run gap analyses, develop documentation, train internal auditors and support you through the audit itself. Contact us to discuss your certification goals.

ISO Audit Preparation Services Across Ireland

Phoenix STS delivers ISO 9001 and ISO 45001 audit preparation across all 26 counties. From our midlands base, our consultants give practical, hands-on support to organisations of every size.

We work with manufacturers in Cork, construction firms in Dublin, healthcare organisations in Galway and professional services firms in Limerick. Whatever your industry, the support fits your organisation. Our pricing includes all travel costs, wherever you are.