Can a certification body certify some of our sites but not all of them?

Yes, it is possible to certify only a subset of your sites under a multi-site program, provided the scope of your management system is clearly defined to reflect which sites are included. This is governed by how you define your certification scope, and the certification body will need to agree that the excluded sites do not undermine the integrity of the certified scope. If you later want to add more sites to the certificate, this typically requires an extension audit. Our article on limiting your ISO 9001 certification scope covers this in more detail.

What happens to our certificate if one site fails an audit?

This depends on the severity of the nonconformity and the policies of your certification body. In most cases, a nonconformity at one site results in a corrective action requirement for that site, not automatic suspension of the entire certificate. However, if the nonconformity is major or if corrective actions are not completed within the required timeframe, the certification body may suspend the certificate for the affected site or, in serious cases, for the entire program. This is one reason why the contract terms around site-level issues are so important to review before you sign.

How are audit days calculated for a multi-site program?

Audit day calculations for multi-site programs are based on a combination of factors including the total number of employees across all sites, the complexity and risk level of the activities at each site, the number of sites included, and whether sampling is being applied. The certification body uses guidance from IAF documents, particularly IAF MD 1 for multi-site sampling, to determine the minimum number of audit days required. You should ask any provider to show you their calculation methodology rather than just accepting a total number of days without understanding how it was derived.

Can we use different certification bodies for different sites?

Technically yes, but it is generally not recommended and can create significant complications. If different sites hold certificates from different certification bodies, you will not have a single integrated multi-site certificate. Each site would effectively be treated as a standalone certification, which increases total cost, creates inconsistency in audit standards, and makes it much harder to demonstrate a coherent management system to customers and regulators. There are specific circumstances where it might make sense, such as when acquiring a business that already has an existing certification, but as a deliberate strategy it is rarely the right choice.

How often does each site need to be audited in a multi-site program?

The frequency of site visits depends on the sampling approach agreed with your certification body. Under IAF MD 1 guidance, not every site needs to be visited every year if sites are performing similar low-risk activities. Typically, the central office and a sample of sites are audited annually during surveillance audits, with the goal of visiting all sites at least once across the three-year certification cycle. Higher-risk sites or sites with previous nonconformities will generally be prioritised for more frequent visits. The exact schedule should be documented in your audit program at the start of the certification cycle.

Is it worth switching certification bodies if we are already certified across multiple sites?

Switching certification bodies mid-cycle is disruptive but sometimes the right decision. Common reasons businesses switch include poor auditor quality, unreliable scheduling, lack of geographic coverage for new sites, or significant price increases at renewal. If you are considering a switch, the best time to do it is at your recertification point, which occurs every three years. The new certification body will need to conduct an initial certification audit of your sites rather than simply continuing from where the previous body left off. Make sure you factor in this additional audit cost when calculating whether the switch makes financial sense. Our article on why Australian businesses are leaving their certification body explores the most common triggers for making this decision.

Compare ISO Certification Bodies: Multi-Site Guide

Why Multi-Site Businesses Face a Completely Different Challenge

Choosing an ISO certification body is already a significant decision for any business. But when you operate across multiple locations, the complexity multiplies quickly. You are not just picking a provider to audit one office or one factory. You are selecting a partner who will need to coordinate audits across different sites, possibly in different states or countries, with different teams, different risks, and different operational realities.

On this page

Most general advice about selecting a certification body assumes you are a single-site operation. That advice does not translate well when you have five warehouses, three manufacturing plants, or a head office plus a network of service delivery sites. The pricing structures are different, the audit planning is different, the scheduling demands are different, and the risks of getting it wrong are much higher.

This guide is specifically for businesses with multiple sites who are either seeking ISO certification for the first time or reviewing their current certification body. We will walk through the key factors that actually matter in this context, the questions you need to ask, and the traps that catch businesses out.

Understanding How Multi-Site Certification Actually Works

What Counts as a Multi-Site Certification?

Under most ISO standards, a multi-site certification covers a central function and a number of sites that all operate under the same management system. The certification body issues a single certificate that covers all included sites. This is different from each site holding its own individual certificate.

The central function, sometimes called the head office or central office, is typically where your management system is controlled. This is where policy decisions are made, where document control is managed, and where senior leadership sits. Each additional site then operates within that system, even if they have their own local procedures and site-specific risks.

It is worth understanding this structure before you start comparing providers, because not all certification bodies handle multi-site programs the same way. Some are very structured and methodical about it. Others are more flexible, which can be either an advantage or a problem depending on your situation.

Sampling vs Full Auditing of Each Site

One of the most important things to understand is that in a multi-site program, the certification body may not audit every single site every year. ISO 17021-1, the standard that governs how certification bodies operate, allows for sampling of sites in certain circumstances, particularly where sites are performing similar activities with similar risks.

This can significantly reduce your audit costs and scheduling burden. But it also means you need to ask very specific questions about how each certification body approaches sampling. Some bodies are conservative and will want to visit every site. Others will apply a risk-based sampling approach that reduces the number of site visits without compromising audit integrity.

Neither approach is automatically better. It depends on your risk profile, your industry, and what your customers or regulators expect. The key is to understand what you are agreeing to before you sign a contract.

Get 3 ISO Quotes. 24 Hours Response

Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.

Trusted by 400+ businesses like yours

The Five Factors That Actually Matter When Comparing Providers

1. Geographic Reach and Auditor Availability

This is the most practical consideration and it is often underestimated. A certification body might have excellent credentials and competitive pricing, but if they do not have qualified auditors in the regions where your sites are located, you will run into serious problems.

Ask each provider directly: where are your auditors based, and do you have auditors with experience in my industry in each of the states or regions where we operate? For businesses with sites in regional or remote areas, this question is even more critical. Flying an auditor from Sydney to audit a site in regional Queensland every year adds cost and complexity that should be factored into your comparison.

Some of the larger global certification bodies have auditor networks that genuinely cover most of Australia and international locations. Smaller bodies may have depth in certain states but limited coverage elsewhere. Neither is necessarily a problem, but you need to know what you are working with.

2. Experience With Your Industry Across Multiple Sites

Industry experience matters for any certification, but for multi-site businesses it matters even more. An auditor who understands your sector will be able to identify genuine risks and meaningful nonconformities rather than spending audit time on superficial documentation checks.

When you have multiple sites, you also need auditors who understand how your industry operates at a site level. A food manufacturing business with five production facilities needs auditors who understand food safety risks in a production environment, not just the management system theory. A construction company with projects across multiple states needs auditors who understand site-specific health and safety risks.

Ask providers for examples of multi-site clients they currently certify in your industry. A reputable certification body will be able to share this without hesitation. If they are vague or cannot provide specifics, that is a signal worth noting. You can also read our article on why certification bodies struggle with niche industries for more context on this issue.

3. Pricing Structure and Transparency

Multi-site certification pricing is genuinely complex, and this is where businesses most often get caught out. The total cost includes initial certification audits, annual surveillance audits, and recertification audits every three years. With multiple sites, each of these has a multiplier effect.

When comparing quotes, look for the following specifics. First, how many audit days are being quoted for each site visit, and what is the daily rate? Second, are travel costs included in the quote or billed separately? Third, how does the body handle sampling, and does that reduce your audit day count? Fourth, what happens to the price if you add a new site mid-cycle?

Pricing transparency varies enormously between providers. Some will give you a detailed breakdown by site and by audit phase. Others will give you a lump sum that is very difficult to interrogate. Always push for a line-by-line breakdown. If a provider is reluctant to provide this, that tells you something about how they will handle billing disputes later.

Our article on hidden ISO certification costs covers many of the charges that appear after you have signed the contract, and it is worth reading before you commit to any provider.

4. Audit Scheduling and Coordination Capability

Coordinating audits across multiple sites is a logistical challenge that many businesses underestimate until they are in the middle of it. You need a certification body that has clear processes for planning and scheduling multi-site audits, communicating with site managers, and handling the inevitable last-minute changes that come with running a real business.

Ask each provider how they manage multi-site audit scheduling. Do they assign a dedicated account manager or client coordinator? How much notice do they provide before site visits? What is their process if a site visit needs to be rescheduled? How do they communicate audit findings across multiple sites to your central management team?

The answers to these questions will tell you a great deal about how the relationship will actually work day to day. A provider who gives vague answers or says they will figure it out as they go is not a provider you want managing a complex multi-site program.

5. Accreditation Status and Certificate Recognition

This should be non-negotiable. Any certification body you use must be accredited by a recognised accreditation body. In Australia, that means accreditation by JAS-ANZ, the Joint Accreditation System of Australia and New Zealand. Internationally, accreditation bodies that are members of the IAF multilateral recognition arrangement are the benchmark.

For multi-site businesses, accreditation matters even more because your certificate needs to be recognised by customers, regulators, and tender evaluators across all the jurisdictions where you operate. A certificate from a non-accredited body may be accepted by some customers but rejected by others, which creates a real commercial problem when you are operating at scale.

If any of your sites are outside Australia, check whether the certification body holds accreditation in those countries as well, or whether their accreditation is recognised under the IAF MLA. This is a question many businesses forget to ask until it becomes an urgent problem. You can read more about whether an Australian ISO certificate is recognised overseas for a detailed breakdown of how this works.

Questions to Ask Every Certification Body Before You Decide

The Non-Negotiable Questions

Beyond the five factors above, there are specific questions that every multi-site business should ask each certification body they are evaluating. These questions are designed to reveal how the provider actually operates, not just how they present themselves in a sales conversation.

How many multi-site clients do you currently certify, and in what industries? This establishes genuine experience versus theoretical capability.
Who will be the lead auditor for our program, and what is their background? You want to know the actual person, not just the company's general capability.
How do you handle auditor continuity across a three-year certification cycle? Changing auditors frequently disrupts the relationship and increases audit preparation burden on your team.
What is your process for communicating nonconformities found at one site to the central management team? This is critical for maintaining a coherent management system across all locations.
How do you handle a situation where one site is performing well but another has significant issues? The answer reveals how the body thinks about multi-site programs holistically versus site by site.
Can you provide a reference from a current multi-site client of similar size and complexity to ours? Any credible provider should be willing to facilitate this.

Questions About Contract Terms

The contract terms for a multi-site certification program deserve very careful review. Key things to look for include what happens to the certificate if one site has its certificate suspended, whether you can add or remove sites without penalty, what the notice period is for terminating the contract, and how disputes about audit findings are handled.

Some certification bodies have contracts that are quite rigid about site additions and removals. If your business is growing or restructuring, this can become a significant issue. Make sure you understand exactly what flexibility you have before you sign.

Common Mistakes Multi-Site Businesses Make When Choosing a Certification Body

Choosing on Price Alone

This is the most common mistake, and it is understandable. Multi-site certification is expensive, and when you receive quotes that vary significantly, it is tempting to go with the lowest number. But price differences between providers often reflect real differences in what is being offered, particularly around auditor quality, scheduling support, and the depth of site coverage.

A cheap quote that requires your team to spend weeks preparing for poorly planned audits, or that results in a certificate that is not recognised by your major customers, is not actually cheap. Calculate the total cost of the relationship, including your internal time, not just the certification body's fees.

Not Checking Auditor Qualifications for Each Site

A certification body might have excellent auditors for your head office but less experienced auditors available for your regional sites. This happens more often than you might expect, particularly with providers who have strong metropolitan presence but limited regional networks.

Ask specifically about the qualifications and industry experience of the auditors who will be assigned to each of your sites. If the provider cannot give you this information before you sign, that is a problem.

Ignoring the Transition and Onboarding Process

Moving to a new certification body with multiple sites is significantly more complex than a single-site transfer. The new body needs to review your existing management system documentation, understand your site structure, and plan audits for all sites within the certification cycle. This takes time and coordination.

Ask each provider to walk you through their onboarding process for a multi-site client. How long does it typically take? What do they need from you? Who is responsible for managing the transition on their side? A provider who has done this many times will have a clear and structured answer.

How to Structure Your Comparison

Once you have gathered information from multiple providers, the comparison process itself needs to be structured to be useful. A simple spreadsheet with rows for each of your key criteria and columns for each provider is often the most practical approach.

Weight the criteria based on what matters most for your specific situation. Geographic coverage might be the most critical factor for a business with remote sites. Pricing transparency might be the priority for a business under cost pressure. Industry experience might be paramount for a highly regulated sector.

Do not rely solely on written proposals. Have a direct conversation with the person who will actually manage your account, not just the sales representative. The quality of that conversation will tell you a great deal about what the ongoing relationship will be like.

For a broader framework on evaluating providers, our article on how to compare ISO certification providers provides a useful starting point that you can adapt for the multi-site context.

Getting Multiple Quotes Without the Runaround

One of the practical challenges of comparing certification bodies for a multi-site program is simply getting accurate, comparable quotes. Because the pricing is complex and depends on many variables, some providers will give you a ballpark figure quickly and a detailed quote only after several meetings. Others will want extensive information before they quote at all.

This makes comparison time-consuming, particularly if you are approaching providers one at a time. A more efficient approach is to submit your requirements to multiple providers simultaneously, with a clear brief that covers your number of sites, locations, approximate employee headcount per site, the standards you need certification against, and your target timeline.

This is exactly what CertBetter is designed to help with. You submit one detailed brief and receive up to three competing quotes from verified, accredited certification bodies and consultants. For multi-site businesses, this removes the weeks of back-and-forth that typically comes with gathering comparable quotes from multiple providers. The service is completely free for businesses, and all providers on the platform have been vetted for accreditation status and industry experience.

How to Compare ISO Certification Bodies for Multi-Site Businesses