Risqs Logo
Menu
Contact us
Login
Register
  • News
  • About RISQS
    • How RISQS is run
    • Supplier Verification
    • Scheme Documents
    • RISQS Audits
    • Two-stage audits FAQs
    • Resource Centre
    • Events
    • RISAS
  • Buyers
    • Buyers FAQs
    • RISQS Buyer Member List
    • Benchmarking
  • Suppliers
    • RISQS New Portal FAQs
    • Suppliers FAQs
    • Benchmarking
  • RICCL
Contact us
Login
Register
  • RisqsWebsite
  • About RISQS
  • Two-stage audits FAQs

Two-stage audits FAQs

03/03/2025
While we’re excited about the launch of our new and improved two-stage auditing process, we know you’ll have lots of questions about what to expect. Dive into our FAQs below to learn more.
  • My audit has already been booked as ‘onsite’. Is this going to change?
    No. The two-stage audit will be rolled out to all suppliers who have been booked on or after 23 June. If you are booked before this date, your audit will go ahead as previously confirmed by the scheduling team.
  • What documentation is required for Stage 1, and what is required for Stage 2? And do I need to prepare ahead of Stage 1?
    The Stage 1 process will involve uploading some of your policies and procedures in line with the protocol requirements. However, the audit content will not change. In addition, please note that audits are typically raised around 20 weeks in advance, and you will see all the information required on your portal from this point. This means that you will have sufficient time to review ahead of undertaking your Stage 1 audit.
  • We currently have 5 days total auditing per legal entity, based on the protocols we hold. Could you advise how many of these days will be spent reviewing evidence (Stage 1) and how many will be spent in the remote call (Stage 2)? For example, will this be split 50/50?
    Most audits will be split 50/50 when possible. Where audits cover high-risk modules, the Stage 1 review will be conducted remotely for the initial 2 days, and Stage 2 will be completed for 3 days either face to face or remotely.
  • At what point will the requirements appear within the portal?
    When an audit is raised on your profile, new requirements will be assigned to your account on the portal to allow you to start the upload process. Audits are typically raised 20 weeks from your expiry date.
  • In the new way of carrying out the audits, how far in advance will I be notified of Stage 1? I have received notification recently, and that leaves me only 8 weeks to upload the evidence.
    All suppliers will be able to start the upload process for Stage 1 as soon as their audit is created in the system, which will be around 20 weeks before their target date.
  • My audit date falls on the new two-stage process go-live date. Do we need to comply with the new process?
    Since your audit was booked before 23 June, you do not need to follow the new two-stage audit format. However, should you wish to do so, please contact us, and we can add it to your profile.
  • What are the key dates that we need to be mindful of in regard to the two-stage process?
    The two-stage audit process went live on 3 March. All audits booked before 23 June can still be carried out on site. However, if you wish to adopt the new format (desktop and on site), please contact us.
  • Are there any changes in the audit booking and payment dates?
    No. You can schedule your audit before making payment, but all audit payments must be made 8 weeks before your booked date.
  • What are the benefits of having the two-stage audit, and why is it changing?

    There are three key benefits:

    • increased efficiency
    • targeted focus
    • alignment with industry standards. 

    Please refer to the guidance provided for further details. Suppliers also benefit from having to host the audit for fewer days.

  • Who can I contact if I have any issues with uploading or submitting evidence to the portal?
    • RISQS Customer Services are available on 0800 410 1300, option 1, or via email at info@risqs.org.
    • RISQS Scheduling Team are available on 0800 410 1300, option 2, or via email at scheduling@risqs.org.
    • RISQS Payments Team are available on 0800 410 1300, option 3, or via email at payments@risqs.org.
  • Is the two-stage audit optional, and can I request a face-to-face audit instead?
    All audits booked on or after 23 June will be undertaken in the new format. However, if your audit was already created before the communications going out, the stage 1 process will not already be on your profile. We can add this should you wish.
  • My audit was booked before 23 June. Do I need to follow the new two-stage audit? Some of the documentation is not ready yet, and I worry that I will be penalised for late submission.
    Only audits booked on or after 23 June will be undertaken in the new two-stage format. At no point in the process will you be impacted. If you have any concerns, please contact Customer Services.
  • What happens if I fail to submit all the documentation or if there is a minor discrepancy during Stage 1? Will I be penalised or asked to submit the documentation at a very short notice?

    If the documentation submitted is:

    • deemed to not answer the requirements
    • insufficient in coverage to make the Stage 2 reduced time feasible
    • or not submitted in time 

    you will be given two options to choose from. These are as follows:

    Late submission application

    You can request a late submission application which will give upload access and an unscheduled Stage 1 audit (desktop review). A late submission application is £250 + VAT and ensures your lead audit date remains as booked. 

    Full audit without the desktop requirement

    You can request a full audit (Stages 1 and 2) without the desktop requirement. This option will result in your current lead audit being cancelled, cancellation fees applied, and a new lead audit date being scheduled. If a full lead audit cannot be scheduled prior to a suppliers’ expiry date the supplier will not be given an extension and your audit status will expire.

  • I’m concerned about data protection and confidentially when submitting evidence as part of Stage 1. What do you advise?

    GDPR (General Data Protection Regulation) is a data privacy law established by the European Union (EU) to protect individuals’ personal data. It came into effect on May 25, 2018, and it applies to any organisation worldwide that collects, processes, or stores data of EU citizens.

    We take GDPR concerns and cyber security very seriously, with RSSB and our platform supplier achieving ISO:27001 certification.

    When you upload information as part of Stage 1, any personal information or identifiable characteristics must be redacted.

    RISQS and RSSB both use job roles rather than individual names. However, we recognise that some entities within the supply chain may not have considered this requirement. 

    If there is no alternative, please redact the name, and our auditors will contact you directly.

    Should information be uploaded incorrectly, this will be rejected, and you will be required to re-submit, potentially causing delays within the auditing process.

    When it comes to Intellectual Property Right, we expect you to use processes that are yours and that are designed for your business.

Haven’t found what you’re looking for?
Get in touch with us for more information.
RISQS
Email: info@risqs.org
News
News
About
about-risqs
Events
How RISQS is run
Scheme Documents
Resource Centre
Buyers
Buyers
Buyers FAQs
RISQS Buyer Member List
Benchmarking
Suppliers
Suppliers
Suppliers FAQs
Benchmarking
Contact
Contact us
Social
RISQSLogo

5th Floor

25 Fenchurch Avenue

London

EC3M 5AD

© 2025 RSSB Ltd. All Rights Reserved - Privacy Policy - Cookies