Your Certificate Has Arrived. Now What?
After months of preparation, internal audits, corrective actions, and two stages of external auditing, your ISO certificate finally arrives. It is a genuine milestone, and you should be proud of the work your team has put in. But before you frame it, publish it on your website, or send it to a client, take fifteen minutes to check it carefully.
On this page
ISO certificates contain specific details that must be accurate. An error on your certificate, even a minor one, can cause real problems. A client procurement team might reject it. A tender assessor might flag it as inconsistent with your company registration. And if you are submitting it as evidence of compliance, any discrepancy between the certificate and your actual operations could raise questions you do not want to answer.
This guide walks you through every detail you should verify the moment your certificate lands in your inbox or arrives by post. It also explains what to do if something is wrong, and how to make sure your certificate stays valid well beyond the initial certification date.
Why Certificate Errors Are More Common Than You Think
Certification bodies process hundreds of certificates each month. Most use templates with fields populated from audit records and application data. Mistakes happen. The organisation name might be pulled from an old application form that does not reflect a recent company name change. The scope description might be copied from an early draft that was later revised. The certificate number might have a typo that makes it unsearchable in the certification body's online registry.
In my experience auditing and consulting across Australia, I have seen certificates issued with the wrong site address, an outdated scope that no longer matched what the client actually did, and even the wrong standard version listed. None of these errors were caught immediately because the business owner assumed the certification body had it right. The problems only surfaced weeks or months later, usually at the worst possible moment.
The good news is that most certification bodies will correct genuine errors quickly and at no cost, provided you raise them promptly. The sooner you check, the easier the fix.
Get 3 ISO Quotes. 24 Hours Response
Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.
Trusted by 400+ businesses like yours
The Full Checklist: What to Verify on Your ISO Certificate
Your Legal Business Name
The name on the certificate must exactly match your registered business or company name. Not your trading name. Not a shortened version. The legal name as it appears on your ABN registration or company registration documents.
This matters because when a client or government agency verifies your certificate, they will search using your registered business name. If the names do not match, the verification will fail or raise a red flag. If your business operates under a trading name that differs from its legal name, check with your certification body about how this should be handled. Some bodies include both names on the certificate. Others list only the legal name.
Your Site Address or Addresses
The certificate must list every physical location that was included in the scope of your certification audit. If your business operates from multiple sites and all of them were audited, all of them should appear on the certificate or on an accompanying schedule of locations.
If you have moved premises since starting the certification process and forgot to notify your certification body, your certificate will show your old address. That is a problem. It suggests your current site was never audited, which may not be acceptable to clients or regulators.
If only some of your sites were included in the audit scope, the certificate should reflect that limitation accurately. Do not assume a certificate covers all your locations unless they are explicitly listed.
The Correct ISO Standard and Version
Check that the certificate references the correct standard and the correct version of that standard. For example, if you were certified to ISO 9001, the certificate should state ISO 9001:2015, not an older version. If you were certified to ISO 45001, it should say ISO 45001:2018.
This seems obvious, but errors do occur. Template mistakes can result in the wrong year being printed. With standards under review or recently updated, it is worth double checking that the version on your certificate is the one your audit was actually conducted against. You can read more about how standard updates affect your certification in our article on how ISO standards are updated and what happens to your certificate.
The Scope of Certification
The scope statement is one of the most important fields on your certificate. It describes what your management system covers, which activities, products, services, and locations are included. It is the boundary of your certification.
Read the scope statement carefully and compare it against what was agreed during your Stage 1 audit. Ask yourself these questions. Does it accurately describe what your business does? Is it specific enough to be meaningful? Does it exclude anything that should be included? Does it include anything that was not actually audited?
A scope that is too vague can be problematic in tender situations. A scope that is too broad and includes activities that were not audited is a more serious issue because it misrepresents the extent of your certification. If the scope wording does not match what you agreed with your auditor, raise it with the certification body immediately.
For a deeper understanding of how scope is determined and documented, our guide to Clause 4.3 determining scope of management systems explains the underlying requirements in plain language.
The Certificate Issue Date and Expiry Date
Your certificate should show three key dates. The date the certificate was issued, the date certification was first granted, and the expiry date of the current certification cycle. Most ISO certificates are valid for three years, subject to annual surveillance audits.
Confirm that the dates are internally consistent. If your certification cycle is three years, the expiry date should be three years from the initial certification date, not from the issue date of the physical certificate. Some businesses have been caught out by this distinction, particularly when a certificate was reissued after a scope change or a name update.
Also note the dates for your surveillance audits. These are typically due at twelve and twenty-four months after initial certification. Missing a surveillance audit can result in your certificate being suspended or withdrawn. Put these dates in your calendar now.
The Certificate Number
Every certificate issued by an accredited certification body carries a unique certificate number. This number is what clients and procurement teams use to verify your certification status through the certification body's online registry or through databases like the JASANZ register of certified organisations.
Type the certificate number into the certification body's verification portal yourself before you send the certificate to anyone. Confirm that the search returns your organisation's name, the correct standard, and a status of active. If the number returns no result, or returns incorrect information, contact the certification body immediately. A certificate that cannot be verified online is effectively worthless for most commercial purposes.
The Certification Body's Accreditation Details
This is the check most businesses skip, and it is arguably the most important one. Your certificate should display the name and logo of the accreditation body that has accredited your certification body. In Australia, the primary accreditation body is JASANZ. Internationally, you may see logos from UKAS, DAkkS, ANAB, or other IAF member accreditation bodies.
The presence of an accreditation mark means the certification body has been independently assessed and found to meet the requirements of ISO 17021, the standard for certification bodies. Without this, your certificate may not be recognised by clients, government agencies, or international trading partners.
If your certificate carries no accreditation mark, ask your certification body directly which accreditation body has accredited them for the standard you were certified to, and request evidence of that accreditation. If they cannot provide it, you may have a serious problem. Our article on how to spot fake ISO certificates covers this in detail and is worth reading alongside this checklist.
The Auditor's Signature or Authorisation
Most certificates include a signature or name of an authorised signatory from the certification body. This is part of the formal issuing process. It does not need to be the auditor who conducted your audit, but there should be some form of authorised sign-off visible on the document.
If your certificate arrived as a PDF with no signature and no clear indication of who issued it, that is worth querying. It does not automatically mean the certificate is fraudulent, but you want to confirm the document is an official issued certificate and not a draft or a template that was sent prematurely.
What to Do If You Find an Error
Contact your certification body in writing as soon as you identify an error. Email is fine, but keep a record of the correspondence. Clearly describe the discrepancy and provide supporting documentation where relevant. For example, if your company name is wrong, attach your ABN registration or ASIC extract. If the address is wrong, attach a utility bill or lease agreement for the correct premises.
Most certification bodies will issue a corrected certificate within a few business days at no charge, provided the error was theirs. If the error arose because you provided incorrect information during the application process, there may be a small administrative fee, but this is rare.
Do not use the certificate or share it with clients until the error is corrected. Sharing a certificate with known errors, even minor ones, can create complications that are difficult to unwind later.
Verifying Your Certificate Online After It Is Confirmed
Once you have confirmed all the details are correct, take one more step. Search for your organisation in the certification body's public registry and in any broader databases that your industry or clients might use to verify certifications.
In Australia, the JASANZ register is a key source. Internationally, the IAF CertSearch database aggregates certification data from accredited certification bodies around the world and is increasingly used by procurement teams. If your certification does not appear in these registries within a few weeks of issue, follow up with your certification body. There is sometimes a delay in data being uploaded, but you want to confirm it happens.
For a step-by-step walkthrough of the verification process, our guide on how to verify your ISO certificate online covers each registry and how to use them.
Displaying and Sharing Your Certificate Correctly
Once you are satisfied that your certificate is accurate and verifiable, you can begin using it. There are a few practical points to keep in mind.
On Your Website
You can display your certification logo and reference your certification status on your website. Most certification bodies provide specific usage guidelines for their logo and the ISO mark. Follow these guidelines. Using the logo incorrectly, for example claiming certification to a scope broader than what your certificate covers, can result in your certification body taking action against you.
In Tenders and Proposals
When submitting your certificate in a tender response, include the full certificate document, not just a screenshot or a reference to the certificate number. Some tender portals require the actual certificate file. Make sure the PDF you submit is the official version from your certification body, not a scanned copy of a printed version if a clean digital copy is available.
With Clients and Supply Chain Partners
If a client requests a copy of your certificate, send them the official PDF and also point them to the online verification portal so they can confirm its status independently. This builds confidence and demonstrates transparency. Clients who regularly deal with ISO-certified suppliers will appreciate that you understand the verification process.
Keeping Your Certificate Valid: What Comes Next
Receiving your certificate is the beginning of a three-year commitment, not the end of a project. Your certification body will conduct surveillance audits, typically annually, to confirm that your management system continues to meet the standard's requirements. Failing a surveillance audit, or missing one entirely, can result in your certificate being suspended or withdrawn.
Beyond the audits, you need to maintain the system itself. That means continuing to run internal audits, conducting management reviews, managing nonconformities, and updating your documentation when your business changes. A certificate that reflects a management system that no longer exists is not a valid certification, regardless of what the expiry date says.
If you are unsure whether your system is genuinely functioning or just sitting on a shelf, our article on how to check if your ISO management system is actually working is a practical starting point.
Getting It Right From the Start
The best way to avoid certificate errors is to work with a certification body that has a clear, well-managed issuing process, and to double-check the information you provide during the application stage. If your company name, site addresses, or scope description changes at any point during the certification process, notify your certification body in writing and confirm that their records have been updated before the certificate is issued.
If you are still in the process of selecting a certification body and want to compare your options, CertBetter can help. Submit one short form and receive up to three competing quotes from verified, accredited certification bodies that are active in your industry. The service is completely free for businesses, and the quotes come with enough detail to make a genuine comparison. It is a straightforward way to start the certification journey on the right foot.
