Why ISO Certification Quotes Are So Confusing
You ask three providers for a quote to get ISO certified. You get three completely different numbers back, with different line items, different terminology, and no obvious way to compare them. One quote is $4,000. Another is $14,000. A third one is $8,500 but seems to include more. Sound familiar?
On this page
This is one of the most common frustrations businesses face when starting the ISO certification journey. The problem is not that providers are trying to deceive you. The problem is that there is no standard format for an ISO certification quote, and different providers bundle things differently, use different terminology, and sometimes leave out costs that will appear later.
This article breaks down exactly what a proper ISO certification quote should include, what is commonly left out, and how to read between the lines before you commit to anything. Whether you are chasing ISO 9001, ISO 45001, ISO 27001, or any other standard, the same principles apply.
The Two Types of Costs in ISO Certification
Before you can understand a quote, you need to understand that ISO certification involves two completely separate types of costs from two completely separate parties.
Consultant Fees
A consultant is the person or firm that helps you build your management system, prepare your documentation, train your team, and get ready for the audit. They are not the ones who certify you. Their job is to make sure you are ready. Consultant fees cover the preparation side of the process.
Certification Body Fees
A certification body (also called a registrar) is the accredited organisation that actually audits your business and issues the certificate. They are independent of your consultant. Their fees cover the audit itself and the ongoing certification cycle. These are the fees that most people underestimate or overlook entirely.
The reason this matters is that some quotes you receive will only cover one of these two categories. Some consultants quote only their own fees and leave you to separately approach a certification body. Some certification bodies quote only their audit fees and assume you already have a consultant. Very few quotes give you the full picture in one document. If you want to understand the full cost landscape, our article on hidden ISO certification costs is worth reading alongside this one.
What a Consultant Quote Should Include
If you are getting a quote from an ISO consultant, here is what a thorough, honest quote will cover.
Gap Analysis
A gap analysis is an assessment of where your business currently sits relative to the requirements of the standard. It identifies what you already have in place and what needs to be built or improved. This is typically one of the first billable activities and should be listed explicitly in the quote. If it is not, ask whether it is included or whether it will be charged separately once you engage.
Documentation Development
Most management system standards require documented procedures, policies, and records. The quote should specify what documents the consultant will develop for you, whether that is a full suite of templates, a quality manual, risk registers, or specific procedures. Be cautious of vague language like “all required documentation” without any breakdown. That phrase means different things to different consultants.
Implementation Support
There is a significant difference between a consultant who hands you a folder of documents and walks away, and one who actually works with your team to implement the system. Implementation support means helping you embed the processes into daily operations, not just writing them down. A quote should specify how many hours or days of implementation support are included and what that looks like in practice.
Internal Audit Support
Before your certification audit, you are required to conduct at least one internal audit of your management system. Some consultants include this in their quote. Others charge it separately. Some will conduct the internal audit for you. Others will train someone in your team to do it. The quote should be clear about which approach is included and what the cost is.
Management Review Support
Similarly, most standards require a management review before certification. This is a formal meeting where leadership reviews the performance of the system. Some consultants facilitate this for you. Others just provide a template. Make sure the quote specifies what level of support is included here.
Stage 1 Audit Preparation
The Stage 1 audit (sometimes called a document review or readiness review) is the first formal audit conducted by the certification body. A good consultant will help you prepare for this specifically, reviewing your documentation against the standard's requirements before the auditor arrives. This preparation time should be included in the quote or clearly identified as an add-on.
Stage 2 Audit Support
The Stage 2 audit is the main certification audit. Some consultants attend this audit with you to provide support on the day. Others do not. If on-site support during the audit matters to you, check whether it is included. If you are in a regional location, check whether travel costs for the consultant are included or charged separately.
Corrective Action Support
After an audit, it is common to receive nonconformities or observations that require corrective action before the certificate is issued. A thorough quote will include some level of post-audit support to help you respond to these findings. If the quote does not mention this, ask what happens if the auditor raises issues and how much it will cost to get additional help.
What a Certification Body Quote Should Include
When you approach a certification body directly, or when a consultant arranges certification on your behalf, the certification body will issue its own quote. Here is what should be in it.
Stage 1 Audit Fees
The Stage 1 audit is a review of your documentation and readiness. The certification body charges for the auditor's time to conduct this. The quote should specify how many audit days are allocated and the daily rate or total fee.
Stage 2 Audit Fees
The Stage 2 audit is the main on-site assessment. This is where the auditor reviews your actual operations against the standard. The number of audit days is calculated based on factors like the size of your organisation, the number of employees, the complexity of your processes, and the scope of certification. The quote should explain how the audit day calculation was made. If it does not, ask. Our article on what determines how many audit days you need explains this in detail.
Certificate Issuance Fee
Once you pass the audit, there is typically an administrative fee for issuing the certificate. This is sometimes bundled into the audit fees and sometimes charged separately. Make sure you know whether it is included.
Annual Surveillance Audit Fees
ISO certification is not a one-time event. Once you are certified, you enter a three-year certification cycle. In years one and two after initial certification, the certification body conducts annual surveillance audits to verify you are maintaining your system. These audits are shorter than the initial certification audit but they cost money. A proper quote should include the estimated fees for surveillance audits in years one and two, not just the initial certification cost.
Recertification Audit Fees
At the end of the three-year cycle, you must undergo a full recertification audit. Some certification bodies include an estimate of this cost in the initial quote. Others do not. Ask for it. Over a three-year period, the ongoing audit fees can add up to as much or more than the initial certification cost.
Travel and Accommodation Costs
If your site is not in a major city, or if you have multiple sites, travel costs for the auditor can be significant. These are often listed separately from audit fees. Some certification bodies include travel in a fixed daily rate. Others charge actual expenses on top. This is one of the most common sources of bill shock in ISO certification. Make sure the quote is explicit about how travel is handled.
What Is Commonly Left Out of ISO Certification Quotes
This is where things get important. The following costs are frequently absent from quotes, even from reputable providers.
Your Internal Time and Labour Costs
No quote from a consultant or certification body will include the cost of your own team's time. But that cost is real. Someone in your organisation needs to coordinate the process, attend meetings, gather evidence, implement procedures, and respond to auditor requests. For a small business, this could easily amount to 40 to 100 hours of management time across the certification project. For a larger organisation, it could be significantly more. Factor this in when you are assessing total cost.
Staff Training Costs
If your team needs training on the new management system, on specific requirements of the standard, or on internal auditing, that training may not be included in the consultant's quote. Some consultants include a training session as part of their package. Others charge separately. External training courses can cost anywhere from a few hundred to several thousand dollars per person.
Software and Tools
Some management systems benefit from dedicated software for document control, risk management, or audit tracking. If your consultant recommends a specific platform, the subscription cost for that software is almost never included in the quote. Ask whether any software is required or recommended and what the ongoing cost will be.
Remediation Work
If the gap analysis reveals significant gaps in your current systems, there may be substantial work required to bring your operations up to standard before the audit. This remediation work, whether it involves updating equipment, changing processes, or creating entirely new procedures, is rarely included in a standard consulting package and can add considerable cost.
Multiple Site Costs
If your business operates from more than one location, both the consultant and the certification body will typically charge additional fees for each site. Multi-site organisations need to be especially careful about reading quotes, as the initial quote may only cover the primary site.
Expedited or Urgent Fees
If you need certification by a specific date for a tender or contract, some providers charge a premium for expedited timelines. This is rarely mentioned upfront and only appears when you ask for a faster turnaround.
How to Read an ISO Certification Quote Properly
Once you have a quote in front of you, here is a practical checklist to work through before accepting it.
- Is the scope clearly defined? The quote should specify exactly which standard you are being certified to, which sites are included, and what activities or processes are in scope. A vague scope means a vague price.
- Are audit days specified? The number of audit days drives a large portion of the certification body's fees. If the quote does not specify how many days are included, ask.
- Are surveillance and recertification fees included? If the quote only covers the initial certification, ask for a three-year total cost estimate.
- Is travel charged separately? Confirm whether travel and accommodation are included in the quoted fees or charged on top.
- What happens after an audit finding? Ask what is included if the auditor raises nonconformities and whether corrective action support is part of the package.
- What is the payment structure? Some providers charge upfront. Others invoice in stages. Understand when payments are due and whether there are cancellation terms.
If you want a broader framework for evaluating competing quotes side by side, our guide on how to compare ISO certification quotes walks through the process in detail.
Red Flags in ISO Certification Quotes
Some quotes are not just incomplete. They are warning signs. Here are a few things that should prompt you to ask harder questions.
- A quote that seems extremely low with no explanation of what is excluded. Cheap ISO certification often means corners are being cut somewhere, and that can cost you far more in the long run.
- A quote that does not separate consultant fees from certification body fees. If these are bundled together without explanation, you cannot tell what you are actually paying for each service.
- No mention of surveillance audits or recertification. A provider who only quotes the initial certification without acknowledging the ongoing cycle is either inexperienced or deliberately showing you a lower number.
- Vague descriptions like “all documentation included” or “full support” without any breakdown of what those phrases mean in practice.
- No mention of what happens if the audit fails or if nonconformities are raised. Every provider should have a clear answer to this question.
The 10 red flags to watch for when choosing an ISO certification partner covers this topic in more depth if you want to dig further.
Getting Comparable Quotes From Multiple Providers
The best way to protect yourself from incomplete quotes is to get multiple quotes based on the same scope and ask each provider the same set of questions. When providers know they are being compared, they tend to be more thorough and transparent in their proposals.
This is exactly what CertBetter is built for. You submit one form describing your business, the standard you need, your number of employees, and your sites. CertBetter then sends your requirements to up to three verified providers who compete for your business. Because each provider is responding to the same brief, you can actually compare their quotes on equal terms. The service is completely free for businesses seeking certification, and it saves you the time of approaching multiple providers individually and trying to make sense of incomparable proposals.
According to IAF mandatory documents on certification body requirements, accredited certification bodies must provide transparent information about their certification processes and fees. If a quote you receive does not meet that standard of transparency, that itself is useful information.
