Selecting the right external certification body is one of the most consequential decisions an organisation will make during its ISO management system journey. The certification body you choose will conduct your initial assessment, conduct surveillance audits, and ultimately determine whether your organisation receives and maintains ISO certification. This decision affects not just your compliance status, but your operational credibility, your supply chain relationships, and potentially your access to major contracts. Yet many organisations approach this choice with insufficient rigour, often defaulting to the cheapest option or accepting whoever their consultant recommends. This is a false economy that frequently leads to poor audit experiences, ineffective surveillance, and damaged confidence in the certification process itself.
On this page
Understanding the Certification Body Landscape in Australia
Australia has a well established ecosystem of ISO certification bodies, ranging from small boutique operations to large multinational organisations. These bodies operate under a scheme of national recognition through JAS ANZ (Joint Accreditation System of Australia and New Zealand), which accredits conformity assessment bodies against ISO/IEC 17021:1. This accreditation is the foundation of legitimate ISO certification in Australia, and any certification body worth considering must hold current JAS ANZ accreditation for the specific standards you wish to pursue.
The landscape includes several categories of certification bodies. The major multinational organisations such as DNV, Lloyd's Register, BSI, and TÜV SÜD operate globally with regional Australian offices. These organisations bring deep resources, established procedures, and typically higher pricing. Mid tier local and regional bodies offer more personal service and often lower costs than multinationals, though their resourcing and global reach may be limited. Then there are smaller operations that may operate with just a handful of auditors and lower overhead costs. Each category has genuine advantages and disadvantages that warrant careful consideration based on your specific organisational context.
The critical point is this: not all accredited certification bodies are equally suitable for your organisation. The audit quality, auditor expertise, and ongoing support you receive will vary significantly. Size and cost alone tell you nothing about the quality of the certification relationship you will develop. You need a systematic approach to evaluation that examines the factors that actually determine whether an external audit adds genuine value to your management system.
Key Criteria for Assessing Certification Bodies
Accreditation Scope and Currency
Begin by confirming that the certification body holds current, valid JAS ANZ accreditation for the specific ISO standard or standards you require. This is non negotiable. Visit the JAS ANZ website and verify the certification body's accreditation schedule directly. Check not just that they are accredited for (say) ISO 9001, but that their accreditation covers your industry sector if sector specific competency requirements apply. Some certification bodies hold accreditation across all industry sectors, whilst others may be limited to specific categories. If your organisation operates across multiple sectors or if you anticipate expanding into different industry areas, confirm whether the certification body's scope is broad enough to support future growth.
Equally important is the recency and continuity of the accreditation. Organisations sometimes allow their accreditation to lapse or undergo accreditation reassessment. If a certification body is in the middle of a re accreditation audit or has gaps in their accreditation schedule, this creates uncertainty and operational risk. Ask directly about their accreditation status and when their next reassessment is scheduled.
Auditor Expertise and Stability
The certification audit is only as good as the auditors conducting it. This is where individual certification bodies can differ most significantly. Request information about the auditors who would conduct your certification audit and surveillance audits. Specifically, find out:
- How many lead auditors does the certification body employ for your industry sector?
- What are their qualifications? (Look for evidence of recognised lead auditor qualifications such as Exemplar Global or equivalent credentials)
- How long have they been conducting ISO audits in your industry?
- What is the typical auditor retention rate? High staff turnover is a warning sign.
- Will you have the same lead auditor across your initial certification audit and surveillance audits, or should you expect rotation?
Some certification bodies will commit to assigning a specific named auditor to your account. Others operate on a rotation basis where different auditors may conduct your audits. There is merit to both approaches. A consistent auditor develops deep knowledge of your systems and context, which can lead to more nuanced, targeted audits over time. However, an auditor who audits your organisation too frequently can become too familiar and potentially less objective. Rotation brings fresh perspectives but can create inconsistency in audit approach. Ask the certification body how they manage this balance and what their policy is.
Industry and Process Specific Experience
An auditor who has never conducted an audit in your industry sector is a liability, not an asset. The auditor needs to understand your processes, your regulatory environment, your supply chain complexities, and the common failure modes in your industry. This knowledge allows the auditor to ask intelligent questions, identify systemic risks, and distinguish between genuine nonconformities and simply different ways of operating.
Ask the certification body for references from other organisations in your industry sector that they have certified. Contact those references directly and ask specific questions about whether the auditor demonstrated genuine understanding of their operations or whether the audit felt generic and checklist driven. Be particularly wary of certification bodies that claim to audit every industry equally well. They might, but it is far more likely that their auditors have deeper expertise in some sectors than others. You want a certification body that has audit depth in your specific domain.
Audit Methodology and Approach
Request the certification body's audit procedures manual or at least a detailed description of how they conduct certification audits. Look for evidence that their approach is risk based rather than purely compliance checklist driven. This is where understanding what to expect during an ISO certification audit becomes practically important. A quality certification body will describe an audit methodology that focuses on the context of your organisation, identifies significant risks, and examines whether your management system actually addresses those risks effectively.
Ask how they determine audit scope, how they plan audit activities, how they conduct opening and closing meetings, and what their protocols are for reporting findings. Some certification bodies provide detailed audit plans in advance; others prefer to maintain more flexibility. Both approaches can work, but you should understand the certification body's philosophy and confirm it aligns with your preference. If you are experienced in ISO management systems, you may prefer the intellectual rigour of a risk based methodology. If your organisation is newer to ISO, you might prefer a more structured, procedurally driven approach that is easier to prepare for and follow.
Communication and Customer Service
Pay attention to how the certification body communicates with you during the pre contract phase. Are they responsive to your enquiries? Do they take time to understand your business, your management system maturity, and your certification objectives? Or do they treat all enquiries as transactional and rush through the process? This is a reliable predictor of how they will work with you after you sign the contract.
Specifically, ask about their communication protocols around certification audit scheduling, pre audit questionnaires, audit reports, and the process for resolving disagreements about audit findings. Some certification bodies have robust customer relationship management systems with dedicated account managers for larger organisations. Others operate on a more arms length basis. Neither approach is inherently superior, but you should understand what level of service you will receive and whether it matches your expectations.
Find out how the certification body handles disputes about audit findings. Can auditors and auditees discuss and negotiate findings during the audit, or does the certification body insist on a formal appeal process? Is there a clear escalation path if you disagree with an audit conclusion? This matters because disagreements do occur, and you want a certification body with a fair, transparent process for resolving them.
Cost Considerations and Price Transparency
Cost is always a factor, but it should never be the primary factor. That said, you should understand the certification body's pricing model and ensure you are comparing like with like across different organisations you are considering.
Ask for an itemised quote that breaks down auditor daily rates, travel costs, report preparation, and any other ancillary charges. Does the quote include pre audit questionnaires and communications? Does it include follow up time for addressing nonconformities? What are the costs for surveillance audits, and are they fixed or variable based on audit days required? Some certification bodies bundle certain services into a fixed fee; others charge separately. You need to understand the total cost of ownership over the three year certification cycle, not just the initial certification audit cost.
Be extremely wary of quotes that are substantially cheaper than other certification bodies you have approached. This sometimes reflects efficient operations and lower overhead, but it can also reflect rushed audits, less experienced auditors, or cutting corners on audit depth. Price variance of 10 to 20 percent across certification bodies is normal. Price variance of 50 percent or more should trigger scepticism and deeper enquiry about what is different in their approach.
Conversely, the most expensive certification body is not automatically the best. Large multinational organisations sometimes carry significant overhead costs that inflate their pricing without proportional value added to audit quality. The objective is to identify a certification body that offers genuine value: experienced auditors, sound methodology, good communication, and fair pricing. This is rarely found at either the absolute bottom or absolute top of the price range.
Industry Recognition and Reputation
Ask your industry peers, your customers, and your supply chain partners which certification bodies they recognise and respect. In some industries, certain certification bodies carry significantly more weight than others. This is not about snobbery; it reflects genuine differences in audit rigour, auditor expertise, and the credibility the certification carries in commercial negotiations. If your customers require ISO certification from a recognised certification body, you need to understand whether your preferred body meets that requirement.
Search for public information about the certification body. Do they have a strong online presence with detailed information about their services? Do they publish information about audit standards, quality policies, and customer complaints processes? Reputable certification bodies typically have transparent information readily available. Organisations that are difficult to research or that have limited public information should raise concerns.
Check whether the certification body is subject to any regulatory sanctions, complaints, or suspensions. JAS ANZ publishes information about accredited bodies and any actions taken against them. Industry associations and professional bodies also sometimes maintain information about certification body performance. This is not about perfect records (organisations sometimes face complaints and resolve them appropriately), but rather about understanding the track record and whether there are red flags.
The Assessment and Transition Process
Different certification bodies handle the transition from your current state to certification differently. Some conduct a pre assessment or gap analysis before the formal certification audit. This is valuable because it allows you to understand what you need to do before the formal audit, reducing the risk of failing the certification audit due to undetected gaps. Ask whether the certification body offers this service and what it entails. If they do offer it, is it included in the certification fee or charged separately? How long does the gap analysis take, and how soon after completion would the certification audit occur?
Understanding the pre assessment process is important to prepare your organisation effectively for an external audit. A certification body that works with you collaboratively before the formal audit, providing feedback on your readiness, is offering significant value. A certification body that simply shows up on day one of the certification audit with no prior engagement is forcing you to diagnose your own readiness gaps, which is risky.
Audit Frequency and Surveillance
Your relationship with a certification body extends well beyond the initial certification audit. Under ISO standards, surveillance audits typically occur annually or at intervals specified in the scope of accreditation, with a comprehensive re certification audit every three years. Ask the certification body about their surveillance audit approach. How do they plan and conduct surveillance audits? Do they use the same auditors across the certification cycle? How do they determine audit scope for surveillance audits? Do they adjust scope based on audit history and risk, or do they follow a standardised approach?
Some certification bodies conduct very comprehensive surveillance audits that are only marginally less thorough than the initial certification audit. Others conduct more targeted surveillance audits that focus on specific areas of higher risk. Both approaches are legitimate, but they will create different costs and different levels of disruption to your operations. Understand the certification body's philosophy and confirm it aligns with your expectations.
Ask how the certification body manages the transition between surveillance audits and the three yearly re certification audit. The final surveillance audit before re certification is sometimes conducted differently than earlier surveillance audits. Clarify this process so you are not surprised when the audit scope expands unexpectedly in year three.
Non Conformity and Complaint Resolution
No audit process is perfect, and disagreements about findings do sometimes occur. Ask the certification body about their formal process for handling disputes about audit findings. What is their policy on major versus minor nonconformities? How is that determination made, and what is the appeal process if you believe a finding has been incorrectly classified? Is there a process for obtaining clarification or challenging findings during the audit, or only after the audit is completed?
Request information about the certification body's quality assurance processes. Do they conduct audits of auditors? Do they have mechanisms to identify inconsistent or problematic audit outcomes? Is there oversight of auditor quality? These are indicators of whether the certification body maintains active quality control over its audits or whether auditors operate more independently.
Also ask about the certification body's complaint handling process. If you have a serious concern about an audit, how would you formally lodge a complaint? To whom would that complaint be directed? What is the timeline for response and resolution? A certification body should have a clear, transparent complaints process that is independent of the auditor who conducted the problematic audit. If they do not, this is a warning sign.
Making Your Final Decision
After you have gathered information from multiple certification bodies, create a simple matrix that scores each organisation against your key criteria. Weight the criteria according to your priorities. For most organisations, auditor expertise and industry experience should be heavily weighted, followed by methodology, communication, and value for cost. Accreditation status should be a non negotiable threshold (they must be properly accredited), not a differentiating factor.
Request a meeting with the selected certification body's representative or the proposed lead auditor before finalising the contract. This gives you a chance to assess whether you will work well together and whether the certification body genuinely understands your business. Poor chemistry at this stage rarely improves once the contractual relationship begins.
Finally, remember that selecting a certification body is not a permanent decision. If after your initial certification audit you find the relationship is not working well, you can transfer your certification to a different body at the time of your three yearly re certification. However, transferring auditors mid cycle is possible but less common and creates some administrative complexity. So whilst you are not locked in forever, the decision deserves genuine care and consideration at the outset.
The certification body you select will shape your ISO audit experience for at least the next three years. A good certification body contributes meaningfully to the value of your management system, helps you identify genuine risks and improvement opportunities, and supports your compliance journey. A poor certification body creates administrative burden, fails to add genuine insight, and can damage your confidence in the ISO process itself. This is one of the most important purchasing decisions you will make for your management system, and it warrants the rigorous evaluation it deserves.
Audit Workshop offers accredited ISO Lead Auditor and Internal Auditor training that prepares you for every stage of external certification audits. Our courses are Exemplar Global recognised and delivered online for working professionals.
