If the company is involved in DoD contracts then yes, usually the company will have to maintain the ISO certification.
There are indeed both ISO (external) and internal audits that do, and should, take place. Sort of a method of self policing.
Do not mistake ISO for "quality." ISO is a PROCEDURAL method, not an assurance of quality. Mention that and you'll score some points on the interview. This will show that you really understand the whole process.
In short, ISO is a system of verification that ensures you're doing what you say you're going to do, and you can prove that you did. It's that simple. If your ISO says you wipe your ass with 2 sheets then you can produce a signed record of every person that uses the john, multiply that X 2- sheets and you should have an accurate count of the number of sheets used.
From a procedure standpoint you need to document what you plan to do, then prove via records that you did that. It's that simple.
The "quality" part of the equation will depend entirely on how well your processes are to being with. Quality has nothing to do with the simple exercise of keeping ISO records. Understand? ISO can improve quality ***if*** the company/supervisors really understand how ISO works and how it doesn't work.
IM me if you want to chat before your interview. Be glad to help.
CMOS