ISO Certification Guide – Answers to the 25 Most Frequently Asked Questions

ISO Certification Guide – Answers to the 25 Most Frequently Asked Questions about ISO Certification

Below you will find answers prepared by us to the most frequently asked questions regarding ISO certification that we encountered in the past year 2024:

Frequently Asked Questions about ISO Certification (ISO FAQ)

1. What is ISO Certification?

ISO certification is the process where an independent certification body assesses an organization's management system for compliance with the requirements specified in a particular ISO standard, such as:

• ISO 9001 – Quality Management,
• ISO 14001 – Environmental Management,
• ISO 27001 – Information Security Management.

The certification process consists of two stages, carried out with a time gap:

• Stage 1 – Document review and general assessment of the organization's readiness.
• Stage 2 – On-site certification audit to verify the system's compliance with the standard's requirements.

After obtaining the certificate, regular surveillance audits are required.

Learn more in the article: ISO Certification.

Answer prepared by: Łukasz Kowalski (Managing Director)

2. What are the steps in the ISO certification process?

The certification process includes the following stages:

1. Needs analysis – Selecting the appropriate ISO standard.
2. Preparation – Implementing a management system that complies with the standard.
3. Internal audit – Verifying the system internally.
4. Certification audit – Conducted by a certification body.
5. Certificate maintenance – Regular surveillance audits.

Learn more in the article: ISO Certification – How to Obtain an ISO Certificate?.

Answer prepared by: Piotr Sałaciak (Business Development Manager UK, Ireland & Americas)

3. How can I implement an ISO standard?

You can begin implementing an ISO standard by analyzing its requirements and aligning your organization's processes with its guidelines. Consulting services can be helpful for support with documentation and team training. Alternatively, you can implement the standard independently, using available resources and tools.

Learn more in the article: ISO Implementation – DIY or With a Consultant?.

Answer prepared by: Piotr Sałaciak (Business Development Manager UK, Ireland & Americas)

4. How long does the ISO implementation and certification process take?

The time required for ISO implementation and certification depends on two main factors:

• Organization size and complexity – Larger and more complex organizations take longer to develop and implement a compliant management system.
• Level of readiness – Organizations that already meet some requirements may complete the process faster.

Typically, ISO implementation takes several months to a year.

Duration of the certification audit
The duration of the certification audit is determined by the certification body based on accreditation guidelines. This ensures that different bodies provide similar time estimates for audits based on the same data.

Learn more in the article: How Long Does an ISO Certification Audit Take?.

Answer prepared by: Piotr Sałaciak (Business Development Manager UK, Ireland & Americas)

5. How much does ISO certification cost?

The cost of certification depends on:

• The selected standard,
• Organization size (number of employees, locations),
• Certification scope,
• The chosen certification body.

Costs can range from a few thousand to hundreds of thousands of dollars, depending on these factors.

Learn more in the article: How Much Does ISO Certification Cost?.

Answer prepared by: Łukasz Kowalski (Managing Director)

6. Can ISO standards be integrated?

Yes, ISO standards can be integrated into a single management system. For example, a Quality Management System (ISO 9001) can be combined with Environmental Management (ISO 14001) and Information Security Management (ISO 27001). Integration reduces costs and time for implementation and certification audits.

Learn more in the article: The Role of Integration Levels in ISO Certification.

Answer prepared by: Łukasz Kowalski (Managing Director)

7. Can I change the certification body during the validity of the certificate?

Yes, you can change your certification body during the certificate's validity period. The new body conducts a transfer audit to verify the management system's compliance with the standard's requirements. The certification cycle remains unchanged.

Learn more in the article: Changing ISO Certification Bodies: Perspectives and Challenges.

Answer prepared by: Aleksandra Gorna (Administrative at Certiget)

8. What happens if I withdraw from certification?

If you withdraw, the certificate is invalidated, and the organization can no longer reference it. Certification bodies maintain a registry of valid certificates where withdrawal is noted. Misusing a withdrawn certificate can lead to legal consequences.

Answer prepared by: Aleksandra Gorna (Administrative at Certiget)

9. Can I perform a recertification audit after the certificate expires?

No, recertification audits must be conducted before the certificate expires. If the deadline is missed, the organization must restart the certification process. Certification bodies often schedule recertification audits in advance to avoid delays.

Answer prepared by: Łukasz Kowalski (Managing Director)

10. Will I always work with the same auditor?

There is no guarantee of the same auditor for every audit. This depends on the certification body's internal arrangements.

Answer prepared by: Łukasz Kowalski (Managing Director)

11. Should I fear the audit process?

No, audits are evaluations, not inspections. Auditors help organizations identify improvement areas to ensure system compliance with the standard.

Answer prepared by: Łukasz Kowalski (Managing Director)

12. When are payments for audits made?

Payment terms depend on the certification body. Typically, payments are made after the audit, but in some cases, prepayment may be required before the certificate is issued.

Answer prepared by: Łukasz Kowalski (Managing Director)

13. Can certification bodies provide consultancy services?

Certification bodies cannot offer consultancy services to clients they audit. ISO 17021 standards mandate independence and impartiality in the certification process.

Learn more in the article: Trust Principles in ISO 17021-1:2015 Certification.

Answer prepared by: Łukasz Kowalski (Managing Director)

14. Can I change the certification scope during its validity?

Yes, you can modify the certification scope, such as adding new departments or processes. This requires an additional audit, preferably during scheduled surveillance audits, to minimize costs.

Answer prepared by: Aleksandra Gorna (Administrative at Certiget)

15. What happens if my company name changes?

The certificate can be updated with the new details if the change is reported to the certification body and verified. Additional costs may apply. Significant changes, like ownership restructuring, may require re-certification.

Answer prepared by: Aleksandra Gorna (Administrative at Certiget)

16. Can certification costs change?

Yes, certification costs may change due to incorrect data provided for the initial offer, additional time required for non-conformities, travel or accommodation expenses for auditors, or price indexation. Certiget ensures transparency and informs clients in advance about any potential changes.

Answer prepared by: Piotr Feltynowski (Certification Analyst)

17. How long will I wait for the ISO certificate?

The waiting time depends on the certification body but usually ranges from a few days to a few weeks after a successful audit. If you need the certificate urgently, inform the body in advance.

Answer prepared by: Piotr Sałaciak (Business Development Manager UK, Ireland & Americas)

18. Can I promote having an ISO certificate?

Yes, you can promote your ISO certificate using the certification body's logo and references in marketing materials, in compliance with their guidelines. Certiget offers professional support to help you avoid common promotional mistakes.

Learn more in the article: Why Promote Your ISO Certificate?

Answer prepared by: Aleksandra Gorna (Administrative at Certiget)

19. Where can I find reviews of ISO certification bodies?

Verified reviews of ISO certification bodies can be found in the ISO Certification Body Directory available on the Certiget platform. These reviews can greatly simplify the selection of a suitable certification partner.

Learn more in the article: Why Use the ISO Certification Body Directory?.

Answer prepared by: Aleksandra Gorna (Administrative at Certiget)

20. Is it worth opting for a certificate from a non-accredited certification body?

Choosing a non-accredited certification body poses a risk that the certificate may not be recognized by customers or business partners. Accreditation ensures that the certification process meets international standards and follows specific guidelines. Before making a decision, always verify whether a non-accredited certificate will be accepted by relevant stakeholders.

Answer prepared by: Łukasz Kowalski (Managing Director)

21. How can I reduce the costs of maintaining an ISO certificate?

To lower the costs of maintaining an ISO certificate, consider integrating standards, scheduling changes during planned surveillance audits, and working with certification bodies offering comprehensive solutions at competitive prices.

Answer prepared by: Łukasz Kowalski (Managing Director)

22. Can I state on my website that I have implemented an ISO management system without having a certificate?

Yes, you can inform others that you have implemented an ISO management system. However, without a certificate, you should not imply that your organization has formal confirmation of compliance with the standard. Remember that both the use of ISO standards and certification is voluntary.

Answer prepared by: Łukasz Kowalski (Managing Director)

23. Can a non-conformity identified by an auditor interrupt the audit?

Serious non-conformities can lead to the interruption of an audit. For example:

• Failure to implement a risk assessment requirement under ISO 9001, which could lead to production errors.
• Neglecting workplace safety procedures specified in ISO 45001, endangering employees' health.

In such cases, the auditor may halt the audit and request corrective actions before proceeding with the certification process.

Answer prepared by: Aleksandra Gorna (Administrative at Certiget)

24. Is it worth discussing with the auditor if I disagree with their findings?

Yes, it’s important to clarify any doubts. Auditors should listen to your arguments and take them into consideration. Discussions should be factual and based on the requirements of the standard.

Learn more in the article: How to Prepare for Discussions with a Certification Body Auditor?

Answer prepared by: Łukasz Kowalski (Managing Director)

25. Can audits be conducted remotely?

Yes, in some cases, audits can be conducted remotely, particularly for small organizations or logistical constraints. However, the decision depends on the type of audit, the standard in question, the certification body's policy, and current accreditation guidelines.

Answer prepared by: Łukasz Kowalski (Managing Director)

Bonus Question:

Can a certification audit be conducted without a time gap between the first and second stages?

Yes, in exceptional cases, it is possible to conduct the certification audit without a time gap between stages. The decision depends on the certification body's policy and the organization's readiness to meet the standard's requirements. However, having a time gap allows for corrective actions before the second stage.

Answer prepared by: Łukasz Kowalski (Managing Director)