Compliance10 min read

Physical Verification as ISO 55001 Evidence: Proving Your Asset Register Reflects Reality

ISO 55001 doesn't prescribe an evidence format, but certification-audit practice is consistent about what it expects. Here's what auditors actually look for — and what clause 8.3 requires when that verification is outsourced.

Jarred Wakefield
Jarred Wakefield
Managing Director
July 14, 2026
Auditor and technician reviewing an exception report beside tagged warehouse equipment

ISO 55001 doesn't prescribe an evidence format for asset existence, but certification-audit practice is remarkably consistent about what "good evidence" looks like. This page covers the evidence itself, and what clause 8.3 requires when that verification work is outsourced — as it is when CPCON performs it.

This page leads with ISO 55001 evidence framing. For the practical fieldwork checklist, see our fixed asset verification checklist; for the UK governance angle on the same physical work, see Provision 29 and material controls.

Documentary and observational evidence

Before verification even starts, best practice is to first reconcile the asset register to the general ledger and to EAM/CMMS systems, validating data completeness so the system of record is reliable before fieldwork begins. From there, auditors look for:

  • Documentary evidence: the reconciled register/ledger, a documented sampling methodology with rationale for sample size, count sheets and scan logs (which assets, when, by whom), exception reports for ghost and unregistered assets, and disposition records showing how every exception was resolved.
  • Observational evidence: the ability for an auditor to accompany a verification walkdown, see assets tagged and scanned live, and compare physical assets against register entries in real time.

Sampling methodology, tagging, and scan logs

Where a full wall-to-wall count isn't practical, accepted approaches include random statistical sampling from the register, floor-to-register sampling (starting from physical assets and tracing back), or a hybrid of both. High-risk, high-value, or critical assets typically warrant full census or higher sampling coverage, and the rationale must be documented. Barcode, QR, or RFID tagging creates durable, re-performable verification records — scan logs let auditors test the integrity of the verification process itself, not just its outcome. Every exception — ghost asset, unregistered asset, mislocation — must be investigated and dispositioned with a clear audit trail.

Clause 8.3: outsourced physical verification

A precise and important 2024 change: clause 8.3 was renamed from "Outsourcing" (2014 title) to "Externally provided processes, products, technologies and services" (2024 title) — a broader scope covering more than just contracted labor, reflecting that any external element of the asset management system must be controlled.

Engaging a third-party inventory firm does not relieve the organization of responsibility for data quality and asset control. Practically, this means the organization must define scope and requirements (which assets, what data attributes, what sampling methodology, how exceptions are handled) before the engagement, retain internal oversight of methodology, review the provider's output, make exception-disposition decisions itself, and update its own registers and ledgers — the vendor doesn't do that part. ISO 55001:2024's new data-and-information requirements (a data specification and a plan for collection, integration, quality improvement, and sharing) apply directly to externally-produced verification data — auditors expect to see that this plan exists, not just a vendor contract. Findings from an outsourced verification — discovered ghost assets, condition issues — must be captured into the organization's own systems, not left sitting in a vendor's report unused.

CPCON's role: the controlled external provider

The boundary we hold: CPCON performs the physical verification work — sampling design input, tagging and scanning, exception identification, and reconciliation reporting — as the evidence-producing activity clause 8.3 governs. CPCON does not retain accountability for the asset management system itself, does not make exception-disposition decisions unilaterally, and does not replace the client's own internal oversight obligations under clause 8.3.

For the full Stage 2 readiness picture, including common nonconformities, see Preparing for ISO 55001 Stage 2 Audit, and for ghost-asset specifics see our ghost asset detection guide.

Frequently Asked Questions

What evidence does an ISO 55001 auditor expect for physical verification?

A combination of documentary evidence (reconciled register/ledger, documented sampling methodology, count sheets and scan logs, exception reports with dispositions) and observational evidence — the ability to accompany a verification walkdown and see assets tagged and scanned in real time.

Can we sample instead of counting every asset?

Yes. Random statistical sampling, floor-to-register sampling, or a hybrid are all accepted approaches — provided the methodology and sample-size rationale are documented, with higher coverage for high-risk, high-value, or critical assets.

Does outsourcing physical verification affect ISO 55001 compliance?

No — but the organization retains full responsibility for asset management system conformance. Under clause 8.3, the organization must define the scope and requirements given to the provider, retain oversight of methodology, and integrate the provider's findings back into its own registers.

What changed in clause 8.3 for ISO 55001:2024?

Clause 8.3 was renamed from "Outsourcing" (2014) to "Externally provided processes, products, technologies and services" (2024) — a broader scope covering more than contracted labor, reflecting that any external element of the asset management system must be controlled.

What happens to ghost assets found during verification?

They are logged in an exception register and investigated for write-off, theft, loss, or unauthorized disposal. Auditors expect every exception — ghost asset, unregistered asset, or mislocation — to have a documented, resolved disposition, not be left open.

Independent, evidence-grade physical verification

CPCON supplies the sampling design, tagging, exception reports, and reconciliation documentation your ISO 55001 evidence base needs — governed and controlled the way clause 8.3 requires.

Explore CPCON's fixed-asset count & tagging services
Share this article:
Jarred Wakefield

Jarred Wakefield

Managing Director

Expert in fixed asset management and compliance with over 15 years of experience helping organizations optimize their asset verification processes.

Need Expert Help?

CPCON's asset management specialists can help you implement effective verification processes and ensure compliance with all regulatory requirements.

Talk to CPCON About Physical Verification

Related Articles