The purpose of the initial audit

What “Year 0” means

Preparing for the audit

Remote vs. onsite audits

During the audit: what actually happens

After the audit: deliverables and next steps

Addressing Nonconformities 

Finalizing the certification decision

Your initial B Corp certification audit is a key milestone on your journey to becoming a B Corp. While there are several types of audits throughout the five-year certification cycle, this article focuses on the initial, or first certification audit. 

It explains the full initial audit experience, including what Year 0 requirements mean, how remote and onsite audits work, expected timelines, and the reports and follow-up steps you’ll receive after the audit.

The purpose of the initial audit

The initial audit is the first independent, third-party review of your company against the B Lab standards. Its goal is to confirm that the policies, practices, and systems you described in your self-assessment are accurate and meet the Year 0 requirements for your certification track.

The audit is conducted by a B Lab-approved assurance provider, not by B Lab itself. B Lab assigns the assurance provider and confirms your certification scope, while the assurance provider plans, conducts, and reports on the audit. The assurance provider is responsible for making the final certification decision. 

What “Year 0” means

The requirements in B Lab’s standards are designed to be implemented in a phased approach, guiding companies on a journey of continuous improvement that unfolds over the years. Year 0 requirements are the ones that apply at the start of your first five-year certification cycle. These requirements focus on establishing strong foundations, including:

• Having appropriate governance, policies, and procedures in place

• Demonstrating initial conformity across the relevant Impact Topics for your size, sector, and risk profile

The initial audit checks your compliance against Year 0 sub-requirements. Your initial audit does not assess future-dated requirements (such as Year 3 or Year 5). Instead, it verifies that the essentials are in place now and that your sustainability management system can support ongoing improvement over time. For more information, read Achieving the new standards through continuous improvement.

Before the audit

Once you’ve completed your self-assessment, uploaded all evidence, and signed the B Lab Agreement, B Lab assigns your assurance provider. At this point, your self-assessment data is transferred from B Impact to the new digital platform B Audit. This is a separate digital platform from B Impact designed to independently manage your audit. This is where you will interact directly with your auditor to schedule the audit, receive an audit report, close any nonconformities and receive your final certification decision.

Inside the platform, you need to create a request for your audit and share your availability. From here, you work with your assurance provider. Your assigned assurance provider will then conduct a risk assessment and send you a detailed Audit Plan. This covers the type of audit, its scope, the duration, and the number of site visits (if you have multiple sites with scope).

1. Both parties declare potential conflicts of interest 

Both your company and the assurance provider disclose any potential conflict of interest to B Lab, or confirm that there are none. Once the assurance provider assigns auditors to your company, you disclose any prior or existing relationships with the assigned auditors, or confirm that there are none.

2. Assurance provider develops the audit plan

The assurance provider develops an audit plan and shares it with you at least 10 business days before the audit begins. This plan outlines:

• Audit objectives, criteria and scope

• Whether the audit will be remote, onsite, or a combination of the two

• Dates, sites and duration of the onsite audit; number of site visits if you have multiple sites in scope

• Roles and responsibilities of the audit team members

Once you review and accept this plan, you sign the Assurance Provider’s Agreement, and the audit can begin.

3. Your company gets ready for the audit. To ensure a smooth audit process, you will: 

• Confirm interview availability and access to required documentation

• Invite key staff to opening and closing meetings and inform teams in advance

• Arrange site access, safety requirements, and meeting spaces (for onsite audits)

• Ensure appropriate technology is in place for remote audit activities

Format of audits

The format of your initial audit depends on your certification track (based on company size, sector, and complexity). For most new and recertifying companies, your first audit will be remote, unless the assurance provider identifies a specific reason to go onsite. For example, the assurance provider identified a risk in its risk assessment that warrants an onsite visit.

Remote audits

Remote audits usually include:

• An opening meeting (via email, phone, or videoconference call)

• A remote asynchronous review of your self-assessment and uploaded evidence

• At least one synchronous live audit meeting to discuss findings, review confidential records, and request clarifications or missing evidence 

• A closing meeting to share findings (via email, phone, or videoconference call)

Duration of audits

Remote and onsite initial audits are completed within the following minimum durations: 

• 1-3 business days for Companies without Workers through Medium tracks

• 5-10 business days for Large to XX Large tracks

For companies with multiple sites, additional time will apply depending on the type and number of sites selected for audit by the Assurance Provider.

Onsite audits

Onsite audits happen in two stages:

• Stage 1 (remote desk review):
  The auditor reviews your self-assessment and documentation to identify gaps and assess your company’s readiness for the onsite audit.

• Stage 2 (onsite visit):
  The onsite visit is conducted within three months of Stage 1. The onsite review begins with an opening meeting on the first day, and ends with a closing meeting on the last day of the audit. To confirm that the information your company has provided is accurate, auditors review documents and sample records, walk through the facilities and observe processes in action, and conduct interviews (which often include speaking with a sample of workers).

During the audit: what actually happens

Regardless of format, your audit will include:

• Opening meeting
  The auditor confirms the scope of the audit and the audit plan, including objectives, timelines, and communication approach.

• Evidence review
  Auditors verify policies, procedures, records, and examples of implementation. This may include sampling documents or records.

• Interviews and observations
  Auditors may speak with leadership, managers, and workers to understand how practices work in reality, not just on paper.

• Closing meeting
  The auditor shares initial findings and nonconformities, and outlines next steps. This is an opportunity for you to provide additional evidence to clarify and close any nonconformities identified. This is also the time to ask questions and clarify expectations. 

After the audit: deliverables and next steps

Within 30 calendar days of the closing meeting, your assurance provider will upload two key deliverables to the B Lab Digital Certification Platform:

1. Audit report

This report documents:

• Where your company conforms to the B Lab Standards

• Where nonconformities were identified

• The evidence reviewed to support these conclusions

2. Corrective action report

The corrective action report is a part of the audit report that lists any minor or major nonconformities and explains what needs to be addressed to move forward. For more information on what constitutes a minor or major nonconformity, read “ Major vs. Minor Nonconformities: What They Mean for Your Certification Status”.

Nonconformities are intended to clarify expectations and support improvement, not to “fail” companies. 

After receiving the audit report, you will address the nonconformities and the assurance provider will finalize the certification decision. 

Addressing Nonconformities 

You’ll be given clear instructions and timelines to respond to the nonconformities identified in the corrective action report, including conducting root cause analysis and submitting evidence of corrective actions where required. For guidance on how to effectively address nonconformities, read “How to Build an Effective Corrective Action Plan for B Corp Audits.”

For initial audits, major nonconformities must be closed within six months of the corrective action report for a positive certification decision. 

There are no consequences for not closing minor nonconformities at an initial audit. However, if a minor nonconformity is not closed by the next audit, it will be upgraded to a major nonconformity. For more information about nonconformities and timelines, please read “Major vs. Minor Nonconformities: What They Mean for Your Certification Status”

Finalizing the certification decision 

Once the major nonconformities have been closed, and evidence of closure verified, the assurance provider will make a certification decision and communicate this decision (including issuing a certificate in the case of a positive decision) to your company within 10 business days of closing nonconformities.

Once the Assurance Provider issues your certificate, B Lab steps back in. We will invite you to sign the B Lab License Agreement. Signing this is the key that unlocks your official right to use the B Corp logo on your products and marketing. Finally, your company profile will be published on the global B Lab directory.