IDISO Delivered
support@isodelivered.comGet my free readiness scoreFree score

Methodology

How we compute readiness.

The snapshot score is a weighted composite of four signals pulled from your public site. This page publishes the rubric, the weightings, and the things the score does not try to measure.

The four signals

  1. Industry fit — how well your sector maps to ISO 9001:2015 as a primary standard. Weighting: 20%. A manufacturer scores higher than a pure-software services firm because 9001 was written with production and product realization in mind.
  2. Quality maturity — quality vocabulary, certifications mentioned, evidence of documented procedures, and signals of management commitment visible on your site. Weighting: 30%.
  3. Process clarity — whether the processes you describe publicly are repeatable, role-tagged, and evidence-traceable. Weighting: 30%.
  4. Business drivers — signals that certification will be commercially load-bearing (enterprise clients, government contracting, supplier audits, regulated-industry references). Weighting: 20%.

Verdict bands

  • Highly prepared (75–100) — Stage 1 is realistic within 4–6 months with focused effort.
  • Well positioned (50–74) — foundation exists; 2–3 critical gaps would need closing before a Stage 1.
  • Building foundation (25–49) — a real program of work is required before Stage 1 is defensible.
  • Early stages (0–24) — start with the fundamentals of a documented QMS.

Any gap flagged as critical (missing CAPA per clause 10.2, missing internal audit program per 9.2, missing management review per 9.3) caps the verdict at Building foundation regardless of composite score.

What the score does NOT measure

  • ISO 13485 (medical devices), AS9100 (aerospace), IATF 16949 (automotive), ISO 27001 (information security), or any sector-specific audit. Those are separate engagements.
  • Your Stage 1 or Stage 2 registrar audit outcome. Snapshot is a documentation-based estimate; only your accredited registrar can certify.
  • Your operational records. The snapshot reads what your public site says; it does not replace internal audit (clause 9.2) or management review (9.3).

Data we use

  • Public pages from the URL you submitted (up to ~20 pages, respecting robots.txt).
  • Analysis text produced by GPT-4o-mini, structured against a Zod schema.
  • Your form inputs (name, email, website, optional UTM parameters).

Data is stored in Supabase for 180 days and deleted on request. Generated documents export as Word + PDF, version-controlled, yours to keep. Privacy policy →

FAQ

How defensible is an AI-generated readiness score?
The score is a weighted composite of four public-site signals (industry fit, quality maturity, process clarity, business drivers). Any composite score alongside a critical gap is hard-capped at "Building foundation" — so the label always reflects the gap list, not the composite. The rubric is published, the weightings are stated, and AI output runs through a deterministic post-processor that strips hedging verbs, repairs severity inversions, and enforces auditor-accurate clause citations.
Does this replace a gap audit?
No. The snapshot is a documentation-based screening that reads only your public site. It cannot see your procedures, records, training matrix, CAPA log, internal audit reports, or management review minutes. A real gap audit requires an accredited Lead Auditor reviewing your actual QMS evidence.
What registrars accept documents generated by ISO Delivered?
Any registrar accredited by an IAF MLA signatory (ANAB, UKAS, DAkkS, JAB, etc.) evaluates documentation against the standard, not against who drafted it. Documents are structured to Annex SL / HLS and cite the clauses they satisfy. The Audit-Ready Guarantee covers document-scope nonconformities issued by an IAF-recognized registrar.
How is this different from a Stage 1 audit?
Stage 1 is an accredited registrar reviewing your documentation against the standard on record. The snapshot is an AI-assisted screening that anticipates what a Stage 1 auditor would flag based on what your public site reveals. No amount of screening replaces an accredited audit — but a $500 Readiness Report closes most document gaps before Stage 1 is scheduled.
What is the Audit-Ready Guarantee?
If an IAF-recognized registrar issues a major nonconformity against any document we generated (not against your implementation, records, or training), we rewrite it, a Quality Manager sits on your Stage 1 prep call, and we credit the full $8,000 against your next surveillance audit cycle. Scoped to document structure and clause coverage — implementation evidence remains the customer’s obligation under clauses 7.2, 9.2, and 9.3.
Why cap the verdict at "Building foundation" when a critical gap exists?
Missing CAPA (clause 10.2), missing documented internal audit program (9.2), missing management review (9.3), or missing scope of the QMS (4.3) are textbook major nonconformity triggers at Stage 1. A company with any of those would be sent home from Stage 1 with findings — so a "Highly prepared" or "Well positioned" verdict would be misleading regardless of the composite score.

Revisions

The rubric is versioned in public — v1.0 (2026-04-01). Updates are dated here before taking effect. The canonical URL for this version is isodelivered.com/methodology/v1.0.

Cite this methodology

Plain-text citation:

ISO Delivered. (2026). ISO 9001 readiness scoring methodology (v1.0).
https://isodelivered.com/methodology

Questions? support@isodelivered.com · 24hr response.