The Standard follows the typical: Plan, Do, Check, Act cycle required by most Management Systems standards. The Certification Body (CB) typically audits against the requirements of Section 4 through Section 10. The sections 1 through 3 are not directly audited against because they provide context and definition for rest of the standard and not that of the organization.
International organization for Standardization (ISO) does not conduct audits and does not certify organizations themselves. The audit and the certification process is usually carried out by Certification Bodies (CB), separate independent organizations who conduct the audits against the standard and if the auditee is found to be compliant with the requirements of the standards, then the CB certifies them as ISO 9001;2015 organization. It is to be noted that although often the standard is commonly referred to as ISO 9000, the actual standard to which an organization’s Quality Management System is certified to is ISO 9001:2015.
The CBs are usually accredited by an accreditation body which is typically set up at the Country level, i.e. every country has its own accreditation body. The accreditation bodies typically have intra-body agreements to recognize certifications issued by each other (this is particularly relevant in global commerce). The CBs have to operate under compliance with the requirements of ISO 17021 and the accreditation bodies have to operate under compliance of ISO 17011.
An organization seeking certification under ISO 9001:2015, is typically audited based on samples of evidence collected and tested against the requirements of the standard. If all requirements are found to have been met, then the auditor recommends and CB issue the ISO 9001 Certificate. If however, the auditor finds that certain requirements are not met (either full, or partially, or not met in the way it is supposed to be met), then the auditor presents a list of problems, often defines as non-conformities, observations or opportunities for improvement. Once this is presented, the auditee, provides to the CB/Auditor a Corrective Action Report (CAR) showing how the problems will be resolved. Once the CB is satisfied that the corrective actions have been taken and the problems have been resolved, then they issue the certificate
The certificate applies only to the scope defined within the certificate. Also, it’s not a life-long certificate. The certificate needs to be renewed every three years and thereby the compliance process is an on-going continually evolving process