Certification CostsISO guides & calculators
The process & the costs

How ISO certification works

From gap analysis to your first surveillance audit — and where the money goes.

What "certification" actually means

An ISO management-system standard sets out requirements for how you run a particular part of your organisation — quality, information security, environmental impact and so on. Certification is when an independent, accredited certification body audits your organisation against the standard and issues a certificate confirming you meet it. In the UK, accreditation is overseen by UKAS, the United Kingdom Accreditation Service. A certificate from a UKAS-accredited body carries far more weight than an unaccredited one.

Accredited vs unaccredited

Anyone can sell a "certificate". Only a UKAS-accredited body (or one accredited by an equivalent national body recognised under the IAF) can issue accredited certification that customers, regulators and tender processes will actually trust. Always check the accreditation before you buy.

The typical journey

  1. Gap analysis. Compare what you do today against the standard to find what is missing. This can be done in-house or with a consultant.
  2. Implementation. Build the management system — policies, processes, records and controls — and embed it in day-to-day work. This is usually the biggest chunk of effort.
  3. Internal audit & management review. Check your own system works, and have leadership review it, before an external body sees it. The standard requires this.
  4. Stage 1 audit (readiness). The certification body reviews your documentation and confirms you are ready for the main audit.
  5. Stage 2 audit (certification). The auditor tests whether the system works in practice. Clear any non-conformities and the certificate is issued.
  6. Surveillance audits. Shorter annual (sometimes six-monthly) audits confirm you are maintaining the system.
  7. Re-certification. The certificate runs in a three-year cycle. At the end of it a fuller re-certification audit renews it for another three years.

Where the cost comes from

Our calculators split every estimate into the same building blocks, because that is genuinely how the cost breaks down:

Implementation effort
The internal time and any consultant fees needed to build the system. This scales with the size of your organisation, how mature your existing processes are, and whether you do it in-house, with help, or fully consultant-led. It is almost always the largest line.
Initial certification audit
The certification body's fee for the Stage 1 and Stage 2 audits. It is driven by audit days, which depend on your headcount, the number of sites and the complexity of the standard. We assume an indicative day rate of around £1,300 for a UKAS-accredited body, though this varies between bodies.
Surveillance audits
The annual check-ins during the three-year cycle. Each is typically around a third of the initial audit effort.
Re-certification audit
The renewal audit at the end of the cycle — lighter than the first full certification but heavier than a surveillance visit.
Ongoing internal cost
The staff time to keep the system running — maintaining records, running internal audits, holding management reviews and fixing issues. Easy to forget, and it never goes away.

These are estimates, not quotes

Real prices depend on your specific organisation and the certification body you choose. Use these figures to budget and compare standards, then get formal quotes from two or three accredited bodies. Always confirm current requirements and fees with official sources.

A note on standards you cannot certify

Not every ISO document is a certifiable management-system standard. Some — such as ISO 26000 on social responsibility — are guidance only: you can use them to improve, but there is no accredited certificate. Others, such as ISO/IEC 27701, can only be certified as an extension of another certification. Each guide flags this clearly.

Estimate your cost Browse the standards