What are the Costs of Third Party Certification?
Every time I meet a client one of the questions they ask me is “how much is all of this going to cost”? Whether in the private or public sector we all have to budget and justify our spend prior to gaining approval, ISO Certification is no different...
Every time I meet a client one of the questions they ask me is “how much is all of this going to cost?” Whether in the private or public sector we all have to budget and justify our spend prior to gaining approval, ISO Certification is no different.
One of the benefits of third party certification is the impartiality and value added experience a third party auditor can bring to your business, but how much should you pay for this? Unfortunately there is no simple answer to this question as it depends entirely on your organization and management systems!
The Quote Itself
The actual quote for a third party ISO Certification Audit such as ISO 9001:2015 or ISO 14001:2015 is relatively straightforward. Your quote will normally include the number of days required for an audit multiplied by a day rate. And this is broken down into the initial cost for certification (Stage 1 and Stage 2) and then the ongoing maintenance costs over a three year period. This consists of a surveillance audit in years 1 and 2, and a full recertification audit in the third year.
Sometimes you will find additional items on your quote such as expenses, travel time, application fees, annual management fees etc. and sometimes they are hidden in the small print where most people don’t look. But don’t worry - we don’t charge those at NQA for our UK and Ireland clients - we like to keep it simple!
So… it’s easy to see from the example above that the quote is built around the number of days we need to spend auditing your management system. So how do we figure out how long we need to spend on site with you? Well that is totally dependent on a number of factors. Let’s explore these some more so that you understand how a certification body works and what to expect from your quote.
Factors Determining Audit Duration
1. Number of Employees
This has the biggest impact on your quote as it lets us know the size of your organization and how many day to day users of the management system processes there are. This is important as it gives us a good indication of a starting point for the audit duration based on the IAF (International Accreditation Forum) document IAF MD 5:2015 - DETERMINATION OF AUDIT TIME OF QUALITY AND ENVIRONMENTAL MANAGEMENT SYSTEMS.
It is also important that we understand the activities that the employees of the organization engage in. Don’t worry - we don’t need a breakdown of job roles and titles by individual, but groups of employees that undertake the same activities (e.g Telesales) or seasonal workers employed only at Christmas, or staff that work shifts in manufacturing plants and hospitals etc. can help us to understand any variations from one month to the next.
2. Scope of Certification
This allows us to really understand the activities you conduct as a business. This is important as it allows us to identify the risk associated with your company's scope and the impact that the potential failure of the management system may have on your organization and the wider industry and community.
For example, there is much more risk associated with a quality or environmental management system failure in a power plant, than there would be should a similar management system fail in an office environment. Therefore the more detail you can give us, the more accurately we can predict the risk level of your organizations scope.
3. Number of Sites
The number of sites or locations your organization operates from; can impact your quote dramatically on some occasions. As a UKAS Accredited Certification Body we have to ensure that the management system is fully implemented and compliant at all locations within the scope of certification. This means visiting the Head Office location each annum, and some or all of the sites to ensure compliance.
When you have multiple locations across the UK or Globe it may be possible to sample your sites if they are all conducting the same activities. If however you have a unique process at a site, then we will need to audit that location each annum to ensure compliance within the scope. Our methodology here is all aligned with the IAF document IAF MD 1:2007 – CERTIFICATION OF MULTIPLE SITES BASED ON SAMPLING.
4. Complexity of your Organization and Activities
Determining the complexity of your organization is similar to obtaining a house insurance quote. For example you will regularly get asked questions such as “Is your house built near any flood plains”? “What lock mechanism do you have on your doors”? Answers to these questions will either increase the complexity and risk associated with your insurance or decrease it, ultimately impacting your quote.
In a similar manner your organization's complexity can impact your quote in a positive or negative manner. It is therefore important that we fully understand the activities that your organization conducts and the context in which it operates as this all leads us to determining your complexity. So what are these complexity factors that impact your audit duration? Well here are just a few to give you an idea:
- Site or remote work undertaken by employees – such as construction sites, or engineers
- Simple or complex organization structure – for example 2 tier management structure or multiple management tiers and management system levels
- Staff speaking in more than one language – the use of a translator will take time and therefore more time is required
- High degree of regulation within the industry – e.g. banking industry, food safety or waste management
- Whether you are an existing customer and we already know you as an organization and your management system
All of these and more can help us determine whether we can reduce your audit duration or whether we need to increase it.
5. Integrated Management System
Finally your quote may be impacted if you have integrated your management system with another standard. The introduction of Annex SL in 2015, as a common structure for management systems, has enabled and eased the process of integrating management systems and conducting integrated management system audits.
An organization that has chosen to integrate ISO 9001:2015, ISO 14001:2015 and OHSAS 18001:2007 for example, will find cost and time efficiencies compared to those who implement separate management systems for Quality, Environmental and Health and Safety. This is because they are able to cover the same clause in both standards at the same time during an internal audit. For example the management review can cover the same requirements found in ISO 9001:2015, ISO 14001:2015 and OHSAS 18001:2007 and this will be even easier with the forthcoming publication of ISO 45001.
Similarly when your NQA auditor comes to audit the management review element, they can save time by auditing both aspects as once, through one collerction of processes and documents.
Once again we have to ensure our quote is aligned with the requirements of the IAF document, IAF MD11: 2013 - THE APPLICATION OF ISO/IEC 17021 FOR AUDITS OF INTEGRATED MANAGEMENT SYSTEMS. It is therefore important to note that your quote can only be reduced for integration factors if both of the following criteria are met:
1. Your management system is fully integrated
2. NQA has an integrated management system (IMS) auditor to audit your organization.
It is for this reason that 98% of our full time auditors are multi-standard, Integrated Management Systems Assessors mitigating the risk of not being able to support you with your integrated management system.
It’s not as easy as it looks determining the audit duration required for your business. We understand that no one knows your business better than you, so we will always try and meet with you or discuss with you over the phone your specific requirements, management system structure and organizational context to ensure that the quote we supply is as accurate as possible.
If you are interested in finding out the cost of gaining certification, or adding a new standard such as Information Security (ISO 27001) or Health and Safety (OHSAS 18001 / ISO 45001) we would love to hear from you. Simply contact myself or our friendly Business Development Team on 0800 052 2424 or email us email@example.com.
If you are stuck for time or would rather not talk to us, our Quote Request Form can be completed by yourself and asks you all the questions we need (per standard) to determine your correct audit duration. Or if you are right at the beginning of your journey and just want some top level figures, why not try our Quick Quote facility – our team will respond to you within 1 working day.
Author: Laura Cottom, Commercial Director