The ISO consulting industry has no licensing, no mandatory qualifications, and no barrier to entry. Anyone can call themselves an ISO consultant tomorrow. This creates a goldmine for scammers, incompetent operators, and cowboys who'll take your money and leave you with a worthless certificate or a system that fails at audit.
On this page
Here's how to spot them before you waste $15,000+ and 6 months.
Red Flag #1: They offer Unaccredited Certification (The Biggest Scam)
The scam: "Get certified in 4 weeks for $3,000 all-inclusive... system development AND certification!"
Sounds great until you realise they're issuing certificates through their "silent partners" or as my fellow Christopher Paris calls them "certification mills" that government tenders won't recognise.
How it works:
- Consultant develops your system (legitimate)
- They use their sister company to get it audited (NOT legitimate)
- You get a fancy ISO certificate that shows title "International Quality Systems Board" or similar fake accreditation body
- Your tender and customers reject it because the certificate is fake
In Australia, government tenders and major corporations recognise ISO certification only if it originates from a JASANZ accredited certification body. Period.
Verification steps:
- Search JASANZ register: https://www.JASANZ.org/register/current-accreditations
- Verify the certification body they're recommending is listed
- If they say "JASANZ isn't necessary" or "our accreditation body is just as good" = RUN AWAY!
Common certificate mill names to avoid:
- Any certification body not on the JASANZ or IAF CertSearch register
- Bodies claiming "ISO accreditation" (ISO doesn't accredit certification bodies)
- Overseas bodies claiming "international recognition" without IAF membership
- Any consultant who owns or is affiliated with the certification body
Real cost: I personally know a Melbourne manufacturer who paid $8,000 for "quick ISO certification" only to discover that their certificate was from an unaccredited body (because I was there auditing on behalf of SAI Global). Had to pay another $12,000 to get legitimate ISO certification. Lost a $97K custome order in the meantime.
Red Flag #2: Consultant Promises "Guaranteed Certification" or "Fast-Track in 4 Weeks"
The pitch: "We guarantee you'll pass your certification audit" or "Get certified in 4 weeks or your money back."
Why it's bullshit: No consultant can guarantee certification. The certification body is an independent third party. If your consultant can guarantee it, they're either:
- Planning to use a non-accredited cert body they control
- Going to install ISO templates which are operationally useless
- Lying to win you
Realistic timeframes:
- Small business with mature processes: 4-6 months
- Medium business starting from scratch: 6-12 months
- Large/complex business: 12+ months
Anyone promising faster is cutting corners that will bite you during surveillance audits or when you actually try to use their "template based" system.
The 4-week scam mechanics:
- Provide generic templates
- Minimal training required
- Internal audit report shows everything is perfect!
- Use friendly or unaccredited cert body
- You "may pass" only for the first time
- Have no functional system
- Surveillance audit 12 months later = disaster
Red Flag #3: No Verifiable Credentials or Industry Experience
Legitimate credentials to look for:
- IRCA Lead Auditor certification in relevant standards
- Exemplar Global (formerly RAB) certification
- ASQ certifications (CSSBB, CQA, CQE)
- Minimum 5 years ISO implementation experience
- Industry-specific experience (construction ≠ healthcare)
Red flags:
- "30 years experience" but can't provide client references
- Generic "management consultant" background with no ISO specifics
- Claims to be expert in every ISO standard (9001, 14001, 27001, 45001, 22000, etc.)
- Has favourite certification body
- No auditing experience
- Does not maintain insurances
- Refuses to provide credentials
- Only testimonials are on their own website
How to verify:
- Ask for IRCA/Exemplar Global certificate numbers and verify on their registries
- Request 3-5 client references in YOUR industry
- Check LinkedIn for verifiable work history
- Google their name + "Reviews" for reviews/complaints
- Ask which certification bodies they've successfully worked with
The "20-year fraud": One Sydney consultant claimed 20 years ISO experience. Turns out he attended a 2-day no-exam-based Exemplar Global ISO course in 2022 and had never actually implemented a system. Charged $25K to three companies. All failed Stage 2 audits.
Red Flag #4: Pricing That's Suspiciously Low (Or Bundled With Certification)
Market reality for consulting:
- Small business (5-50 employees): $8,000-$15,000
- Medium business (50-250): $15,000-$35,000
- Large business: $35,000-$80,000+
If someone quotes 50% below market, ask why.
The "bundled certification" scam: "$5,000 for complete system development AND certification!"
Math that doesn't work:
- Consultant time: 40-80 hours = $4,000-$12,000
- Certification audit: 2-4 days = $4,000-$10,000
- Total actual cost: $8,000-$22,000
How are they doing it for $5,000? They're not. They're either:
- Using unaccredited cert bodies
- Providing worthless template documents
- Adding hidden fees later
- Using offshore subcontractors who don't understand Australian context
ISO 17021-1 prohibition: Certification bodies CANNOT provide consulting and then certify the same client. It's called a conflict of interest.
Legitimate bundling: Some reputable consultants partner with accredited cert bodies to offer combined pricing. This is fine IF:
- Cert body is JASANZ accredited
- Clear separation between consulting and certification
- Pricing is market-rate, not suspiciously cheap
Red Flag #5: Generic Template Approach With No Customization
The template scam: "Here's a 200-page quality manual. Fill in your company name and you're compliant!"
Why this fails: ISO 9001 requires your system to reflect YOUR actual processes. Generic templates:
- Don't match your workflow
- Include irrelevant processes
- Miss critical industry-specific requirements
- Create documentation nobody uses
- Fail Stage 2 audits when auditors check implementation
Warning signs:
- Consultant hands you documents in the first meeting
- Everything is in Word/PDF templates with [Insert Company Name]
- No gap analysis or process mapping
- No site visits to understand your operations
- Documentation arrived before they've seen your business
- Talking about "the manual" instead of "your system"
Legitimate approach:
- Gap analysis (2-4 weeks)
- Process mapping your actual operations
- Customized documentation that staff recognize
- Training specific to your processes
- Internal audit of implemented system
- Management review before external audit
Red Flag #6: No Professional Indemnity Insurance or Business Verification
Critical but often missed: Professional ISO consultants should carry:
- Professional indemnity insurance ($5M-$20M)
- Public liability insurance
- Valid ABN and business registration
- Evidence they're not operating as a sole trader from their bedroom
Why it matters: If a consultant gives bad advice that causes:
- Failed audits requiring re-work ($10K-$50K)
- Lost tender opportunities ($100K-$1M+)
- Non-compliance penalties
- Liability issues
You need recourse. Without PI insurance, you're screwed.
Verification:
- Request copy of PI insurance certificate
- Verify ABN on ABN Lookup
- Check business address (virtual office = red flag)
- Ask about their indemnity limits
- Verify they're not operating through multiple ABNs (scam tactic to avoid liability)
Or visit CertBetter and approach verified consultants:
- Professional indemnity insurance
- Public liability insurance
- Background checks
- Qualifications and certifications
- Client references
- Industry experience
This is why our platform exists... to eliminate cowboys.
Red Flag #7: Vague Scope, No Written Proposal, or Unclear Deliverables
The moving goalpost scam: Verbal quote of $10K becomes $25K with:
- "Unexpected complexity"
- "Additional sites we didn't know about"
- "Extra standards requirements"
- "Management review facilitation not included"
Legitimate consultants provide:
Written proposal including:
- Scope of standards (9001 only? Integrated system?)
- Site/location coverage
- Number of staff covered
- Exclusions (if any)
- Deliverables:
- Gap analysis report
- Documented procedures
- Forms and records
- Training materials and delivery
- Internal audit
- Management review facilitation
- Support through Stage 1 and Stage 2
- Timeline with milestones
- Payment schedule tied to deliverables
- Assumptions (e.g., assumes mature processes exist)
- Exclusions (e.g., doesn't include certification fees)
- Fixed price OR clear day-rate structure
Payment structure red flags:
- 100% upfront (never pay everything up front)
- No payment milestones
- Vague "monthly retainer"
- Extra charges for "revision requests"
- Travel costs not specified
Legitimate payment structures:
- 30% on engagement
- 40% at system development completion
- 30% after certification OR
- Monthly milestones based on deliverables
- Day rates with clear scope boundaries
Additional Warning Signs
Communication red flags:
- Only available via WhatsApp or mobile
- No business email address
- Unprofessional communication
- Pressure tactics ("offer expires this week")
- Unwilling to meet in person/video
Behavioural red flags:
- Badmouthing certification bodies
- Claims all auditors are "too strict"
- Promises to "handle" the auditors
- Dismisses your questions as unnecessary
- No interest in understanding your business
- Focuses on price not value
- Can't explain specific requirements
Website/marketing red flags:
- Stock photos with no real team images
- No case studies with verifiable details
- Testimonials with no company names
- Claims of "thousands of certifications"
- Registered business address is a UPS store
- Multiple domain names, different trading names
How to Verify a Consultant's Track Record
Step 1: Request references
- Minimum 3 references in your industry
- Companies of similar size
- Certified within last 3 years
- Ask for certification body used
Step 2: Send email as a record. Ask:
- Timeline promised vs actual
- Budget promised vs actual
- Quality of documentation
- Training effectiveness
- Support during audit
- System usability post-certification
- Surveillance audit experience
- Would you use them again?
Step 3: Verify certifications
- Check IAF CertSearch for referenced companies
- Verify they're actually certified
- Confirm cert body is JASANZ accredited
- Check certification is still current
Step 4: Industry verification
- Search consultant name + ISO + complaints
- Check LinkedIn for connections
- Ask in industry forums
- Contact certification bodies (off-record) about their reputation
The CertBetter Solution
We built CertBetter specifically to solve this huge problem. Verified consultants on our platform are:
- Background checked
- Insurance verified (PI and PL)
- Qualification verified
- Client reference checked
How we verify consultants:
- Credential verification (IRCA, Exemplar Global, ASQ)
- Insurance certificate verification (current, adequate limits)
- Client references contacted and validated
- Background check including trading history
Why this matters: Government has no ISO consultant register. Anyone can claim expertise. We created the vetting layer that should exist but doesn't.
What you get on CertBetter:
- Compare verified consultants side-by-side
- See verified reviews from real clients
- Request quotes from multiple consultants
- Verified credentials visible on each profile
- Insurance verified
The Bottom Line
The ISO consulting industry is unregulated. No government oversight. No mandatory qualifications. No licensing body. This creates a massive opportunity for scammers.
Protect yourself:
- Never pay for consulting + certification bundled together
- Verify certification body JASANZ accreditation
- Check consultant credentials on IRCA/Exemplar Global registers
- Get written proposals with clear deliverables
- Verify professional indemnity insurance
- Call client references in your industry
- Use platforms like CertBetter that vet ISO consultants
The stakes are real:
- Lost tender: $50K-$500K+
- Wasted consulting fees: $10K-$30K
- Re-certification costs: $10K-$25K
- Time lost: 6-12 months
- Reputation damage: priceless
A competent, legitimate ISO consultant in Australia costs $150-$250/hour or $1,200-$2,000/day. If someone's charging less, ask why. If they can't provide verifiable credentials, insurance, and references—walk away.
At CertBetter, our mission is to simplify the ISO certification process so businesses can quickly discover, compare and request quotes from verified providers. We've done the vetting so you don't have to.
Stop gambling with cowboys. Use the verified ISO consultants directory. Get certified right the first time.
Verification beats hope. Every time.
