How long does ISO certification take?

Content

ISO-certificering Many people interested in obtaining an ISO certification wonder how much time such certification takes. How long does the process with a certifying body take to obtain an ISO certificate? In this article we explain how the required time is determined. There is no fixed time frame, but there is a fixed method! Read all about it below. 

Initial audit #

In order to achieve ISO certification, a so-called initial audit is completed. An initial audit consists of stage 1 and stage 2. 

During stage 1, it is assessed whether the organization is ready for stage 2 on the basis of documented information in your management system and the understanding of the requirements of the standard. 

During stage 2, the implementation and effectiveness of the management system are assessed. Are all processes executed as described? Is the policy adhered to? Are employees aware of their contribution to the management system? 

Man-day table  #

How much time is needed for the initial audit is determined in the ‘man-day table’ from the accreditation standard. An accreditation standard contains requirements that certification bodies, such as Brand Compliance, must adhere to. For example, ISO 17021 for certification of ISO 9001 and ISO 27006 for certification of ISO 27001. 

Example  #

Let’s sketch an example for the ISO 27001 certification. In accordance with accreditation standard ISO 27006 for an organization with 1 to 10 FTE, a total of 5 days of audit time is calculated for an initial audit. Of this time, 70% is spent on the audit at your location or by means of remote audit techniques. The remaining 30% is used for administrative tasks related to the audit, such as drawing up the audit plan and writing the audit report. 

Factors  #

In addition to the factor of the number of FTEs, there are more factors that must be taken into account in arriving at a time calculation. 

Some examples: 

  • the degree of outsourcing of services;
  • the number of locations;
  • the complexity of the management system. 

The factors can lead to an increase or reduction of the audit time. All time factors are discussed in detail during the application process. 

Follow-up audits  #

When ISO certification is achieved, smaller audits will take place after the initial audit, the so-called surveillance audits. Approximately 1/3 of the audit time of the initial certification is spent on the first and second surveillance audit. For the recertification after the two surveillance audits, this concerns 2/3 of the initially calculated time. 

For follow-up audits it is also determined whether there are factors that lead to time reduction or increase. For example, many nonconformities found during the initial or surveillance audits or significant changes within the management system. In such cases, the auditor usually needs more time to perform the audit. 

In conclusion  #

Now you know how the time spent on a certification is determined. As you have read, there is no ready-made answer to the question of how long ISO certification takes. It depends on several factors. A conversation with one of our account managers can provide you with more insight.