One of the most common questions we get asked is how much does ISO 9001 certification cost. This obviously is a great question and one every company that seeks ISO 9001 certification needs to ask themselves. The return on investment needs to be there to justify getting ISO certified. In most cases, this is a no-brainer as nine times out of 10, a customer is requiring ISO 9001 certification.

ISO 9001 certification cost can vary greatly by certification body. However, they are all required to follow the same fundamental requirements. These requirements are identified in the International Accreditation Forum Mandatory document #5 (IAF MD 5:2019).

When determining the base time for establishing your audit duration, certification bodies follow the requirements in the IAF MD-5 Determination of Audit Time of Quality and Environmental Management System. IAF stands for the International Accreditation Forum. MD stands for Mandatory Document. Certification bodies who are accredited by organizations such as ANAB or UKAS must follow the IAF documents. The MD-5 grid provides the base audit time required for Quality Management Systems, which is based on effective employee count and for Environmental Management Systems, which is based on effective employee count and risk level.

Ultimately, the ISO 9001 certification cost can be broken down into two costs:

  • ISO Audit time
  • ISO Certification body fees
  • Travel Costs

ISO 9001 Audit Time

ISO 9001 audit time includes the total time on-site (physically or virtually) and time spent off-site planning for the audit, reviewing documents and writing the audit report. The ISO audit time is primarily determined based on the following criteria:

  • Number of employees
  • Risk level
  • Number of locations
  • Integration level with other ISO standards
  • Other allowable discount factors

ISO Certification bodies are required to follow the audit manday grid found in Table QMS 1 in the IAF MD 5 document.

As part of the certification body application process, organizations need to communicate their overall employee count. The employee count includes full-time employees, part-time employees, subcontractors, seasonal employees and temporary employees. From your employee count, the certification body will need to determine your organization’s effective employee count.

The number of audit days in the table above is your base time. This time can go up or down depending on your risk level and any discounts you may qualify for.

Certification bodies are allowed to allocate up to 20% of the on-site audit to off-site audit activities. This can include audit preparation activities, such as writing the audit plan and removing audit documentation, audit report writing time and closure of any nonconformances.  The maximum allocation of 20% is not typically given though, as this would eliminate any on-site report writing time that the auditor may have. What is typically seen is 10% for on-site report writing and 10% of the overall audit time allocated for off-site audit activities, such as developing the audit plan, finalizing the audit report / nonconformity reports and follow-up actions for approving corrective actions. By allocating approximately 10% of the on-site time to off-site activities, organizations can typically avoid having any additional time added for review of corrective actions. 

Some certification bodies will automatically allocate a certain amount of off-site time. Other certification bodies won’t include this initially, but may add time later if time needs to be added to close out any nonconformances.

From this base time, audit time may need to be adjusted based on the risk level.

Risk levels are generally identified as low, medium or high risk. The difference between a low risk and a high risk organization with the same employee count is approximately double in overall audit man-days.

When reviewing your quote, be sure you understand the risk level applied to your organization and that you agree with it. If for some reason you do not agree with the risk level, discuss this with the certification body to see if there is a way to provide justification to get it reduced.

Risk levels are broken down as follows: (taken from the IAF MD 5 document)

High Risk 

Where failure of the product or service causes economic catastrophe, or puts life at risk. Examples include but are not limited to: 

Food; pharmaceuticals; aircraft; shipbuilding; load bearing components and structures; complex construction activity; electrical and gas equipment; medical and health services; fishing; nuclear fuel; chemicals, chemical products and fibres. 

Medium Risk 

Where failure of the product or service could cause injury or illness. Examples include but are not limited to: 

Non load bearing components and structures; simple construction activities; basic metals and fabricated products; non-metallic products; furniture; optical equipment; leisure and personal services. 

Low Risk

Where failure of the product or service is unlikely to cause injury or illness. Examples include but are not limited to: 

Textiles and clothing; pulp, paper and paper products; publishing; office services; education; retailing, hotels and restaurants.

ISO Certification bodies are allowed discount the base audit days up to 30% of the times established from the QMS audit day table above.

The percentage discount applied is often subjective and varies. Most organizations are able to qualify for a discount in some way. An experienced consultant will be able to walk you through how to uncover any opportunities to obtain them. 

 

Examples for discounts may include 

  • low complexity of activities, 
  • maturity of management system, 
  • exclusions to standard requirements (no design for ISO 9001), 
  • very small site for the number of personnel, 

The potential reasons to increase or decrease audit time can be found in the IAF MD-5 mandatory document. Again, rely on your ISO Consultant to guide you through the process of getting the most competitive pricing on certification.

Audit of an integrated management system could result in increased time, but if often results in a reduction of time. When a reduction to the audit time is applied, it cannot exceed 20% from the starting point. 

In other words, if your organization is looking to get certified to multiple standards, certification bodies are able to offer discounts. Typically, the greater the integration between the standards sought, the greater the discount. 

An integrated audit assumes that an auditor, qualified in all of the standards being integrated, will conduct one audit for all applicable standards.

ISO Certification Bodies are required to use the following table when determining the reduction of audit time for an integrated audit approach:

Integration discounts and requirements are outlined in the IAF MD-11 IAF Mandatory Document for Application of ISO 17021 for Audits of Integrated Management Systems (IMS).

ISO Certification Bodies are allowed to offer up to a 20% discount for integrated standards. However, this discount only applies to each standard that is beyond the first standard. For example, if a company is getting certified to ISO 9001 and ISO 14001, the integration discount will only apply to one of those standards, not both. If a company is getting certified to ISO 9001, ISO 14001 and ISO 45001. Two out of those three standards can receive the integration discount. 

When offering an integration discount, ISO Certification Bodies are typically looking to ensure companies have a single integrated approach for the following, at a minimum:

  • Documentation system, including instructions and records
  • Communication
  • Training / Competency
  • Vendor approvals
  • Policies and Objectives
  • Internal audits
  • Management review
  • Corrective actions
  • Continual improvement

The key to it all is to understand the certification body requirements so that you can receive the most cost-effective and value-added audit for your money.

So what does this all look like? Let’s take a company who is interested in getting ISO 9001 certified and let’s assume the following:

  • 75 employees
  • Low risk
  • They do not perform design functions
  • They have many employees doing the same simple task

Based on the table above, the base time for 75 employees is 6 days total for the Stage 1 and Stage 2 audit. 

The Stage 1 audit is simply a documentation review to ensure your ISO 9001 Quality Management System meets the standard requirements. In essence, it’s a readiness check to ensure you are prepared for your true ISO 9001 certification audit. 

The Stage 2 audit is your true ISO 9001 certification audit. This is where the auditor comes in and audits your processes, interviews employees and verifies records to ensure you are in conformance to the ISO 9001 standard requirements. 

The Stage 1 audit time is typically 1/3 of the overall audit time, with the stage 2 audit being 2/3 of the overall audit time. 

Based on this, without providing any discounts, the Stage 1 audit time would be 2 days and the Stage 2 audit time would be 4 days. 

Since we know this company is low risk, we don’t need to add any time to the base audit time. However, since this company is not design responsible and they have many employees performing the same simple task, we can provide a discount. Remember, the max discount allowed is 30%. Typically for a no design discount, certification bodies will provide a 20% discount.  Now, for the justification that many employees perform the same simple task, a 10% discount can be given for the full 30%. This comes out to 4.2 days. Audit days need to be rounded up to the nearest quarter day. This would bring the audit time to 4.25 days. Also, remember that up to 20% of the audit time can be allocated to off-site audit activities. This equates to 3.5 days on-site and 0.75 days off-site. When we break this down for the Stage 1 and Stage 2 audits, we typically get something like this:

Stage 1 Audit: 1 day on-site and 0.25 days off-site

Stage 2 Audit: 2.5 days on-site and 0.5 days off-site

Certification Body Fees

Every certification body is slightly unique in how much they charge per day. Typically, an audit day (also known as a man-day) ranges from $1,000 to $1,600 per day. Part of this depends on the standard being audited. The core standards, such as ISO 9001, ISO 14001 and ISO 45001 are typically on the lower end of the man-day rates. Other standards, such as aerospace, automotive, and medical require more specialized auditing and therefore cost more.

Maintenance Fees can vary from $200 to $1000 per year.

Therefore, using our example above, the ISO 9001 Certification cost for a total of 4.25 days, assuming a $1,200 daily rate would be:

4.25 days X $1,200 = $5,100 for the first year of certification. Once we include an average maintenance fee of $400, the total cost is $5,500.

Auditor Travel Costs

There are many factors that go into calculating the cost of an audit. These factors will typically include on-site audit time, off-site time, certification fees, account maintenance fees, etc. One cost that is not included in your quote that may raise heartburn later, if you are not aware of it, is travel expenses. Travel expenses can often end up being as much as the audit itself.

If you are very budget conscious, be sure to plan well in advance so that you are able to work on scheduling a local auditor to save on travel costs. However, if your timeline is very tight, this may not be an option for you.

Remember, you have a say in who your auditor is. If you don’t think the auditor chosen for you is a good fit, you have every right to request a new one.

The key to managing ISO 9001 certification cost to understand the certification body requirements so that you can receive the most cost effective and value-added audit for your money.