How long does it take to get ISO Certification?

ISO Certification is increasingly becoming important for forward-looking business who are seeking to structure and grow their business. The first consideration that most business owners consider when seeking such a certification is “How much does it cost to get ISO Certified in Malta?”.

Like with any other investment that is to be made, the exact price for the certification depends on various factors, including:

  • The number of people working within the company
  • The number of sites (offices) the company has
  • The activities that will be included within the scope of certification
  • The certification body that you choose to provide you with the certification

However, another factor that seems to remain at the back of the mind of business owners is “how long does it take to get ISO Certified?”

How long does it take to get ISO Certified?

To get ISO Certified, companies would usually need around 6 months. This is a ball-park figure, and the exact amount will vary from one company to the next. In a previous post, we’ve already discussed the process to get ISO Certified. Here, I will outline the time it will take for each step to be completed:

Step 1: ISO 9001 Familiarisation training

Right after engaging the services of an ISO consultant, reputable consultants would first start off by giving your employees a training session to cover all aspects of the relevant ISO certification that you are after.

This training session will be done in the first 2 weeks (depending on the availability of your consultant, and of your team). For larger organisations, this training session may be repeated with various teams – to ensure that whilst the training is ongoing, the company can still keep its operations running.

Step 2: Gap Analysis & Process Mapping

The 2nd step is about getting a clear picture of how things are done within your organisation. In other posts, we’ve described that there are 4 main key processes, and various supporting processes that will need to be considered.

Key Processes

For an average company (employing around 10-25 people), there would usually be around 10 processes that would need to be documented. Documenting a process in the required level of detail takes time, and it is suggested that 1 or 2 processes are covered during each meeting. Given that the employees of your company are busy with other projects, we usually allocate 1 meeting per week to document these processes.

Therefore, to document the key processes it will take around 8 weeks.

Supporting processes

The supporting processes don’t need to be explicitly documented in detail, and therefore it will take less time to cover this section. The are 10 supporting processes that would need to consider. From experience I can safely assume that it will take around 4 weeks to define and implement all activities define within these supporting processes.

Step 3: Reviewing the process to get ISO 9001 Certified

After the processes have been document, and the employees have been trained on what ISO Certification means, and any new practices/changes in business processes have been implemented, it would be time to review the process.

There are mainly 2 activities that are required to review the ISO implementation process.

Internal Audit

The internal audit is an evidence-based find-out of the compliance of your operations to the processes (as defined in Step 2, above). The mantra for ISO Certification “Say what you do, do what you say”. Therefore, the standard allows you to be very flexible in how you implement the requirements. That said, once the processes have been define, it is important for your organisation to follow the set procedure.

The main of the internal audit is to confirm that the activities within your business match what was defined in the procedures. The internal audit would usually be done over 1 or 2 days, depending on the size and complexity of the organisation.

Therefore, including the creation of the report by the Consultant/Internal Auditor, you would need around 2 weeks to complete this stage.

Management Review Meeting (MRM)

Following the internal audit, a management review meeting is required. During the management review meeting, we will discuss a specific agenda, that is defined by the standard. This agenda includes items such as tracking the progress being made on the objectives of the organisation. Therefore, to have the information that is needed by the management, you will need to prepare some reports. The creation of these reports might not be easily done (especially for the first couple of times, as your organisation is still adapting to the creation of these reports).

From experience, the management review meeting would be done around 4 weeks after the internal audit – to ensure that all information required is made available to have high quality management review (whereby the conversations about quality improvement are done based on facts and figures – not assumptions).  

Step 4: Getting a certification body

The final step to get ISO Certified is to choose the certification body. As has already been discussed, there are 3 major steps getting a certification body to audit your business processes, namely:

Getting a quote from a certification body

This is the longest step within the process of hiring a certification body. We always advise our clients to kick off communication with the certification body as early as possible within the process to get ISO certified. Therefore, we will consider that this step will be done concurrently with the previous step, and no further time will be required.

Stage 1 audit

Stage 1 audit is done by the certification body at their offices, whereby, they will review the management system as created by your consultant, to ensure that all the requirements have been met. Various certification bodies enjoy different workload levels, and therefore this will vary from one certification to the next. However, from experience I can safely say that it will take around 4 weeks for the certification body to complete this step.

Stage 2 audit

Finally, the last step to get ISO Certified requires the certification body to physically visit your offices and audit your processes (just like your consultant would have done in the internal audit). The major factor effecting how long this step would take is whether the certification body is local or foreign. Foreign certification bodies would need to book flights, and accommodation to visit your premises – and this rarely happens instantly. However, given that sufficient planning is done, it is very reasonable to assume that it will take another 2 weeks for the certification body to visit come and conduct the external audit, after the Stage 1 audit.

How much of my time will ISO Certification need?

Above, we’ve discussed how long does it take to be certified. But in today’s fast-paced environment, time is sometimes more important than money. As an ISO Consultant I have always believed that there should be a standard way to implement this standard. And therefore, over the years, I have developed a systematic way to implement this standard.

By having a clear agenda for each meeting, I take far less time than any other consultant would need. The legendary Drucker had said that “What gets measured, gets managed”. The time of my clients is extremely important for me to ensure a high-quality service. If I would require my clients to be with me for an indefinite period, they might as well do the work themselves.

How long does it take to get ISO Certification?

To cover the full ISO Certification process, I would generally need my clients’ attention for 38 hours during the 6-month period that is required for the implementation.

Time is critical nowadays and knowing how long it would take to get ISO Certified is a common question asked by my clients. If you value your time, it is therefore important for you to make sure to work with a consultant who is conscious of your availability. I do understand that my clients have a million and one things to do – and not that they are not interested in process to get ISO Certified – but that there might be more pressing issues that would need their immediate attention.