What Does “Downloading an ISO Certificate” Actually Mean?
If you have just passed your certification audit and someone told you to “download your ISO certificate,” you might be wondering where exactly you go to do that. It is a surprisingly common question, and the confusion is understandable. There is no central ISO database where you log in and grab a certificate. The process depends entirely on which certification body issued your certificate and how their client portal works.
On this page
To be clear from the outset: ISO certificates are issued by certification bodies, not by the International Organisation for Standardisation itself. ISO does not certify organisations. That is the job of accredited certification bodies. So when you want to download your ISO certificate, you are going to your certification body's system, not any ISO website.
This guide walks you through exactly how to access, download, and manage your ISO certificate, what to do if you run into problems, and how to make sure what you have downloaded is actually legitimate and usable.
Where ISO Certificates Come From
Before diving into the download steps, it helps to understand who actually holds your certificate. When your organisation passes a Stage 2 certification audit, the certification body reviews the audit report, closes out any non-conformities, and then issues a certificate. That certificate is a formal document showing your organisation's name, the standard you are certified to, the scope of certification, the certificate number, the issue date, and the expiry date.
The certificate is created and stored by the certification body. Some bodies issue physical certificates in the post. Most now provide digital copies through an online client portal. A few do both. The specific process varies between providers, which is why there is no single answer to “where do I download my ISO certificate?”
If you are still in the process of choosing a certification body, it is worth asking about their certificate delivery process upfront. Our guide on how to select the best ISO certification body covers the practical questions you should ask before signing any agreement.
Step by Step: How to Download Your ISO Certificate
Step 1: Check Your Email From the Certification Body
After your certification is confirmed, most certification bodies send an email notification. This email usually contains one of three things: a direct download link to the certificate PDF, login credentials for their client portal, or a notification that your certificate has been posted and a digital copy is available in the portal.
Search your inbox for emails from your certification body. Check spam and junk folders too. If your certification coordinator handled the process, check with them directly. The notification sometimes goes to the primary contact listed on the certification agreement, which may not be you.
Step 2: Log Into the Certification Body's Client Portal
Most major certification bodies operate an online portal where clients can manage their certificates. Common portals include BSI's Connect portal, Bureau Veritas's MyBV platform, SGS's client portal, SAI Global's online system, and similar platforms from other bodies.
To log in, you will need the username and password set up when your organisation registered with the body. If you do not have these, contact your certification body's client services team. They can reset credentials or confirm which email address the account is registered under.
Once logged in, navigate to the certificates or documents section. The naming varies. Some portals call it “My Certificates,” others use “Documents,” “Certifications,” or “Reports.” Look for anything related to your certification record.
Step 3: Locate the Correct Certificate
If your organisation holds multiple certifications (for example, ISO 9001, ISO 14001, and ISO 45001), make sure you are downloading the right one. Certificates are usually listed by standard number and scope. Check the scope description matches what was agreed during your audit. If the scope looks different from what you expected, do not assume it is a system error. Contact your certification body to clarify before using the document.
Also check the certificate dates. There should be an issue date, a valid from date, and an expiry date. A standard ISO certification cycle runs three years, with annual surveillance audits in between. Make sure the certificate you are downloading is the current, valid version and not an older one from a previous cycle.
Step 4: Download the Certificate PDF
Most portals provide a download button or a link to a PDF version of the certificate. Click that and save the file to a secure location. Name the file clearly so it is easy to find later. Something like “ISO9001 Certificate ABC Company Expiry 2027” is much more useful than “Certificate_download_final.pdf” when you are hunting for it six months later.
Some certification bodies also provide a certificate in multiple formats, including a version with a QR code or a verification link embedded in the document. This is useful when submitting to clients or tender portals, because it allows the recipient to verify the certificate is genuine without having to call anyone.
Step 5: Verify the Certificate Details Before Using It
Before you send the certificate to a client or attach it to a tender response, check every field carefully. Confirm the legal entity name matches exactly how your business is registered. Check the scope statement reflects your actual operations. Confirm the standard version is correct (for example, ISO 9001:2015 rather than an older version). Check the certificate number, the issuing body's name, and the accreditation mark.
If anything looks wrong, even a small spelling error in your company name, contact the certification body immediately. Do not send an incorrect certificate to a client and hope no one notices. Errors on certificates do happen, and reputable certification bodies will correct them promptly.
Our article on how to verify your ISO certificate online explains exactly what a legitimate certificate should contain and how to check it against public registers.
What If Your Certification Body Does Not Have a Portal?
Not all certification bodies operate a sophisticated online portal, particularly smaller or newer ones. If your body does not have a client portal, your options are to email their client services team directly and request a digital copy of your certificate, or to check whether they sent a PDF attachment in a previous email that you may have overlooked.
Some smaller bodies still issue certificates by post only. If that is the case, you will need to scan the physical certificate yourself to create a digital copy. This is acceptable for most purposes, but be aware that some tender portals or clients may require a certificate that can be verified online. If you cannot provide that, it may be worth raising with your certification body whether they can add a verification link or QR code to future certificate issues.
If your certification body is consistently difficult to deal with when it comes to basic administrative tasks like this, that is worth noting. It may be a sign of broader service issues. Our article on why Australian businesses are leaving their certification body covers the warning signs that suggest it might be time to transfer.
Common Problems When Trying to Download an ISO Certificate
You Cannot Find the Portal Login
This is the most common issue. Check the original onboarding email from your certification body. If you cannot find it, search your email for the certification body's domain name. If that fails, call their client services line directly. Most bodies have a dedicated team for this and can resolve it quickly.
The Certificate Is Not Showing in the Portal
If you have logged in but cannot see your certificate, there are a few possible explanations. The certificate may not have been issued yet if you have only recently completed your audit. There may be outstanding non-conformities that need to be closed before the certificate is released. Or the certificate may be associated with a different user account within your organisation.
Contact the certification body with your certificate number or audit reference number. They can check the status and tell you exactly where things are up to.
The Certificate Shows as Expired
If the certificate in your portal shows as expired, check whether your surveillance audit is overdue. Certificates lapse if surveillance audits are not completed on time. If you have completed the audit but the certificate still shows as expired, it may be an administrative delay on the certification body's end. Follow up with them directly.
The Certificate Scope Does Not Match Your Expectations
Scope issues are more common than you might think. If the scope on your certificate does not match what you agreed during the audit, raise it formally with the certification body. Do not use a certificate with an incorrect scope, as this could create problems with clients or in tender submissions. Our guide on determining the scope of your management system explains what the scope should cover and how it should be described.
How to Share Your ISO Certificate Properly
Once you have your certificate, you will likely need to share it in several ways. Here is how to do it correctly in different situations.
Sending to a Client or Supplier
Email the PDF directly. If the certificate has a verification link or QR code, mention that in your email so the recipient knows they can verify it. Keep the file size reasonable. A certificate PDF should be well under 1MB. If it is larger, the file may have been scanned at too high a resolution.
Uploading to a Tender Portal
Many government and corporate tender portals require you to upload your ISO certificate as part of a pre-qualification submission. Upload the PDF directly. Some portals also ask for the certificate number, expiry date, and issuing body name as separate fields. Have these ready before you start the submission.
If the tender requires the certificate to be verified against a public register, make sure your certification body lists your organisation on their public register or on the JASANZ register of accredited certifications if you are in Australia. This is the standard way procurement teams verify certificates without contacting you directly.
Adding to Your Website or Marketing Materials
You can display your ISO certification on your website and in marketing materials, but there are rules around how you use the certification mark. Most certification bodies provide brand guidelines specifying how their logo and the accreditation mark can be displayed. You cannot simply put “ISO 9001 Certified” on your website without also showing which certification body issued the certificate and ensuring the claim is accurate.
Misusing certification marks is taken seriously and can result in your certificate being suspended. Ask your certification body for their mark usage guidelines and follow them carefully.
Keeping Your Certificate Records Organised
This sounds simple but it is something a lot of businesses handle poorly. You should maintain a register of your ISO certificates that includes the certificate number, the standard, the scope, the issue date, the expiry date, the issuing body, and where the digital copy is stored. This register should be reviewed regularly so you are never caught out by an expiring certificate when a tender comes in.
Assign someone in your organisation as the owner of this register. It does not need to be a full-time job, but someone needs to be responsible for tracking renewal dates and making sure the latest version of each certificate is accessible to whoever needs it. If you are handing over these responsibilities to someone new, our article on how to hand over ISO certification responsibilities is worth reading before you do.
What About Certificates from Overseas Certification Bodies?
If your certification was issued by an overseas certification body, the download process works the same way. You access their client portal or contact their team for a digital copy. The certificate will look different from an Australian-issued one, but the information it contains should be the same.
One thing to check is whether the overseas certification body is accredited by a member of the International Accreditation Forum mutual recognition arrangement. If they are, their certificates are recognised internationally. If they are not accredited, the certificate may not be accepted by Australian clients or in government tenders. Our article on whether Australian ISO certificates are recognised overseas covers the accreditation recognition framework in more detail.
Getting Help If You Are Stuck
If you are genuinely stuck and cannot access your certificate, here is the escalation path. First, contact your certification body's client services team by phone, not just email. Phone calls get resolved faster. Have your certificate number, company name, and the name of the lead auditor ready. If client services cannot help, ask to speak to the certification manager or operations team.
If there is a genuine dispute about certificate content or the body is being unresponsive, you can escalate to the accreditation body that oversees them. In Australia, that is JASANZ. In the UK, it is UKAS. These bodies take complaints about certification bodies seriously and can prompt action when direct communication has failed.
If you are still in the process of getting certified and want to make sure you end up with a certification body that handles these administrative matters properly, CertBetter can help. Submit one form and receive up to three competing quotes from vetted certification bodies and ISO consultants. It is completely free for businesses, and every provider on the platform has been checked for accreditation and service standards. It is a straightforward way to avoid ending up with a body that makes even simple tasks like downloading your certificate unnecessarily difficult.
