ISO 9001 certification is a 4–12 month process that involves a gap analysis, system design, documentation, internal auditing, and a two-stage external audit by an accredited certification body. Most organizations hire ISO 9001 certification consultants to manage this process — and the quality of that consultant determines whether you sail through your audit or spend months fixing nonconformities. Here’s exactly what the process looks like, phase by phase.
The first thing any competent ISO 9001 certification consultant does is assess where you are relative to where ISO 9001:2015 requires you to be. This is called a gap analysis.
The consultant reviews your existing documentation, processes, and quality practices against each clause of ISO 9001:2015. The output is a written gap analysis report that identifies:
A thorough gap analysis takes 2–5 days of consultant time depending on organization size. It’s the foundation of the entire project — skip it or rush it, and you’ll discover the gaps during your certification audit instead.
Expert note: “We’ve taken over projects where the previous consultant skipped the gap analysis and went straight to writing documents. The result is always the same: a QMS that looks complete on paper but has fundamental structural gaps that surface during the audit. The gap analysis is not optional.” — Sam Sammane, Founder, Aurora TIC
Once the gaps are identified, the consultant works with your team to design and document the Quality Management System. ISO 9001:2015 requires documented information for specific elements, including:
Mandatory documented information (ISO 9001:2015 requires these):
Recommended (not mandatory but practically necessary):
The documentation phase is where most of the consultant’s time is spent. The key is building documentation that reflects how your organization actually works — not a generic template that your employees will ignore. A good consultant involves your team in writing procedures, not just hands them documents to sign.
Documentation is not a QMS. A QMS is a functioning system that your organization actually uses. Phase 3 is about implementation — rolling out the documented processes, training staff, and running the system for at least one full operational cycle before the certification audit.
Key implementation milestones:
Internal Audit: ISO 9001 requires that you conduct at least one full internal audit before certification. The internal audit assesses whether your QMS is effectively implemented and conforms to the standard. Your consultant should either conduct the first internal audit or train your internal auditors to do it themselves (the latter is better for long-term sustainability).
Management Review: ISO 9001 requires top management to review the QMS at planned intervals. The management review must cover specific inputs (audit results, customer feedback, process performance, etc.) and produce documented outputs. This must occur before your certification audit.
Corrective Actions: Any nonconformities found during the internal audit must be addressed through documented corrective actions before the Stage 2 certification audit.
ISO 9001 certification is issued by an accredited certification body (also called a registrar) — not by your consultant. The certification body conducts a two-stage audit:
Stage 1 Audit (Document Review) The auditor reviews your QMS documentation and confirms that your system is ready for the Stage 2 audit. This is typically a 1-day off-site or remote review. The auditor will identify any areas of concern before the Stage 2 visit.
Stage 2 Audit (On-Site Assessment) The auditor visits your facility and verifies that your QMS is effectively implemented. They interview staff, review records, observe processes, and test whether your documented procedures match reality. Duration: 1–3 days depending on organization size.
Audit outcomes:
A well-prepared organization with a competent consultant typically passes Stage 2 with minor nonconformities at most.
Your consultant is separate from your certification body. Common accredited certification bodies in the USA include:
Your consultant should be neutral on certification body selection — they should help you choose based on your industry, geographic needs, and budget, not based on referral relationships.
Consulting fees for ISO 9001 certification vary by organization size and complexity:
| Organization Size | Typical Consulting Fee | Timeline |
|---|---|---|
| Small (1–20 employees) | $5,000–$12,000 | 3–6 months |
| Mid-size (20–100 employees) | $12,000–$25,000 | 5–9 months |
| Large (100–500 employees) | $20,000–$50,000+ | 8–14 months |
Certification body fees (separate from consulting) typically range from $2,000–$8,000 for the initial certification audit, depending on the registrar and number of audit days required.
For testing and inspection organizations seeking ISO/IEC 17025 accreditation alongside ISO 9001, Aurora TIC provides integrated consulting for both standards — contact us for a scoped estimate.
No — ISO 9001 certification doesn’t require a consultant. Organizations with experienced quality managers sometimes self-implement successfully. However, a consultant typically reduces time to certification, reduces audit risk, and builds a more robust system. The ROI is usually positive, especially for organizations without a dedicated quality function.
Yes, if they have experience with both standards. ISO 9001 and ISO/IEC 17025 share significant overlap (management system requirements, document control, internal audit, corrective action), but ISO 17025 adds laboratory-specific technical requirements. Aurora TIC specializes in both standards for testing and inspection organizations.
Major nonconformities that require a repeat Stage 2 audit are relatively uncommon for well-prepared organizations — typically 10–20% of first-time audits. Minor nonconformities are more common (60–70% of audits have at least one). Proper preparation with a competent consultant significantly reduces both.
ISO 9001 certificates are valid for 3 years with annual surveillance audits. Maintaining certification requires keeping your QMS active: conducting internal audits, holding management reviews, addressing nonconformities, and continuing to improve. Many organizations retain their consultant on a retainer basis for ongoing support.
For most B2B organizations, yes. ISO 9001 certification is increasingly required by enterprise customers, government contractors, and regulated industries. Beyond the market access benefit, organizations that implement ISO 9001 properly typically see measurable improvements in process consistency, customer complaint rates, and operational efficiency.
ISO 9001 certification is a structured, manageable process when you have the right consultant guiding it. The four phases — gap analysis, system design, implementation, and certification audit — typically take 4–12 months and require consistent engagement from both the consultant and your internal team.
The most important decision is choosing a consultant with real industry experience, Lead Auditor credentials, and verifiable references from certified organizations.
Aurora TIC provides ISO 9001 and ISO/IEC 17025 consulting for testing, inspection, and manufacturing organizations across the USA. Get a free scope assessment →