Stage 1 focuses on reviewing ISMS documentation, scope definition, and readiness. Stage 2 evaluates operational effectiveness, control implementation, and evidence across departments before certification is granted.