  • All
  • General Questions
  • ISO 9001
  • ISO 27001


I want to wait till last minute to get my ISO/CMMI completed

We all procrastinate on things we know need to get done.   Many companies tend to put off getting their ISO/CMMI till the last minute not leaving enough time to properly implement the system.  Not only it may get difficult to find a good consultant at the last minute but also expect to pay premium charges which can be around 1.5 – 2 times the consulting cost for expediting it later.  Additionally, it can get challenging to find a certifying body to meet your certification deadlines.

The regulatory bodies have started to identify that and are changing the rules slowly. For e.g.  Up until a few months ago, CMMI could be completed within a month on the expedited path but now CMMI Appraisal bodies won’t’ be able to appraise companies who are unable to show few months of implementation time.

It is recommended that for any management system to be properly implemented, you must plan a minimum of 4-6 months in advance.

Want to know the duration, cost, and process to get your ISO/CMMI completed? Get our no-obligation Gap Assessment Report.

I think it’s best to continue doing ISO internally because we have been following compliance for many years now.

Well, if you are well versed with the specific ISO standards, are keeping up with new versions as applicable, feel comfortable doing it yourself, it should be just fine to go for a Certification Audit when needed.  If for any reason, you feel stuck or would like to have an unbiased opinion, an internal audit conducted by a consultant can certainly help. You can contact us when ready.

I think I am better off working with a company that does both Consulting and Certification

We have heard these a few times. However, it is a conflict of interest to take the consulting and certification from the same company. ANAB and SEI, regulatory bodies of ISO and CMMI respectively have started to track down such companies who are trying to follow unethical practices and have been canceling their accreditation. If you are certified by such a Certifying Body, you will lose your certification.

As an informed buyer, next time you are given such an option, you must always ask yourself, how can a company help build a quality management system and also conduct a certification audit at the same time?

Here are some tips on how tofor your firm.

I do not understand ROI on ISO or CMMI. I think it’s an unnecessary overhead cost.

ISO or CMMI doesn’t have any tangible ROI like you usually have for Marketing or Sales. However, look at it this way, like a well-lubricated machine improves the efficiency and throughput of a machine,  a well-implemented management system improves the efficiency of business processes, reduces wastage, reduces personnel time, in short, reduces your operating costs.  To learn more about the benefits of ISO, check out this article on ISO Certification Benefits.

With globalization and increasing competition, many customers are now seeking suppliers/vendors who are ISO certified or CMMI appraised. For some industries, in order to do business, ISO is a mandatory requirement. It won’t be long before it will start applying to almost all industry verticals. Also, it will impact the entire supply chain at some point. If you do not have ISO or CMMI, ask yourself, what does the cost of lost opportunities look like to you?

Still, have questions on ISO/CMMI ROI? Talk to our experts today.

Here are some tips on how tofor your firm.

After the first year, do we need to continue spending same amount of time and cost for the upkeep?

After the first year, do we need to continue spending same amount of time and cost for the upkeep?

A well-implemented quality management system should be able to save you maintenance time in subsequent years and it should add value to your business processes.

At the minimum, the only cost you should see after the first year is the surveillance audit cost for the next 2 years. The 3rd year is a recertification year and you should expect to go through stage 1 & 2 audits again.

If you feel that you are spending way more time and cost on the upkeep of your quality management system, it may be a good idea to speak to an expert.  We can do a Gap Analysis of your existing ISO and help you identify and correct the gaps which can make your process more efficient.  Feel free to contact us with your concerns.

I am not sure how ISO can be marketed to bring in more business

With globalization, companies are constantly vetting suppliers based on a number of factors, ISO certification being one of them. The reason is that customers can be working with domestic as well as global suppliers and ISO Certification can offer a sense of assurance to them.

US Federal Govt has started to mandate ISO and CMMI in many of their RFP. Many large commercial clients have also started to include in their supplier qualification. It is just a matter of time when the entire supply chain will be required to get certification in order to continue doing business with the same set of customers.

A proactive approach is very much recommended if your company is actively seeking new business and you can proudly share your ISO certificate with your prospects.  We ourselves are an ISO 9001 Certified Company.  To learn more, check out our blog on how ISO Certification wins more business.

I think it takes 12 to 18 months to get Quality Management System in place

It depends on the scope of the project, number of locations, type & number of standards, resource availability, skills, etc.  But for a simple one standard and one location project, it should typically take up to 6 months. To determine the time and cost for your ISO project, take the opportunity of our no-obligation High Level Gap Assessment.

I feel that everyone needs to be a Certified Lead Auditor to maintain ISO

I feel that everyone needs to be a Certified Lead Auditor to maintain ISO

This is the biggest myth which many companies have. For creating and implementing any quality management system, it is not required to be a Lead Auditor. A job of a Lead Auditor is to audit a functional quality management system and report the feedback to the Certifying Body for certification issuance.

You may choose to take Internal Audit Training (Usually 3 days) or Lead Implementor Training (Usually 5 days) instead if you are creating, maintaining, and auditing your systems internally.  Only one employee can take a certified training course and can conduct a non-certified awareness training for other employees within the organization.

Alternatively, you can hire a consultant who can conduct remote or onsite group training for employees if needed.  Some Certifying Bodies try to sell their certified lead auditor training without properly educating the customers, leading to an additional spend on something that may not be required.

Next time, if Certifying Body is offering you lead auditor training, ask them how it will help add value to implementation and instead ask for an Internal Audit training.

I feel ISO or CMMI is documentation heavy and we need to change our business processes to be certified?

It is a myth that ISO or CMMI is disruptive for your business. In fact, it is the other way around. Any quality management system should seamlessly fit into your existing business processes and add value to your business in the long run. A good consultant will be able to understand your existing business and should be able to implement the system without changing any processes. Start with no obligation high level gap assessment report for your business to see if we are a good fit.

I am not aware about how remote consulting or audit works?

In today’s day and age, with so much of technological advancement, many services can be performed and delivered remotely. We have done several remote consulting projects using Zoom, Skype for business, Phone, Email, Share Drives, etc. for seamless collaboration. Here is an article on.  An internal audit can be also performed remotely with ease.

I had a bad experience with previous consultant and need more support

In real-world, bad experiences do happen sometimes when consultants are not a good fit for the project or organization. The experience can be painful.  But be assured that there are several great consultants out there who can be an asset to your team.  If you would like to find out if we are a good fit, please setup a discovery call with one of our experts.

I can get ISO Consulting done for much less by an expert that I find through online portals offering gigs.

In today’s gig economy, you may be able to find almost any type of skilled resource online through some kind of portals like,, etc. To know if they are the right fit for your project, you must know what to look for.  Here is an article that can help to

I think I need to hire Quality Manager to manage QMS process

If your company is small and doesn’t have many processes or multiple locations, hiring a Quality Manager just for the purpose of creating and maintaining a quality management system doesn’t make sense. Most Consultants should be able to help build you a robust QMS that can be easily maintained in-house with the least time and effort. However, if you feel that you need continual help with maintenance, a consultant should be able to review your QMS once quarterly or semi-annually and keep you on track. If you have a specific need, our experts can help you find out if we are able to help.

I don’t have time to dedicate to the ISO project since our process is lean

This is true with most Small Business with lean processes. They are understaffed, working on multiple business-critical roles, don’t have a dedicated and skilled resource for ISO. For such companies, the best route to consider is investing in a consultant who can save time and cost.  If you would like to learn how we can help you with your ISO project, use our no obligation high level gap assessment report.

I have only one customer requesting ISO and we are currently evaluating if we want to continue working with them

In today’s day and age, the requirement for ISO is growing because customers want to work with vetted and approved suppliers not only domestically but globally.  ISO, a globally recognized certification, ensures that a supplier is more qualified than others in a similar niche. Even if you let go of one customer asking for an ISO certification today, it won’t be surprising if another customer would also ask for it at some point.  Also, many companies who are trying to grow their client-base will come across ISO Certification being one of their customer RFP/RFQ.  Here is an article that can help you evaluate ISO Certification Benefits.

I am not familiar with the standards and confused on how it might affect our operations.

You don’t know what you don’t know. This is true with any industry. That is why we offer a no-obligation high level Gap Assessment and a complementary 30 mins call with our ISO Expert to answer any questions you may have about the project.

I am concerned about the time and cost

For most ISO projects, the time and cost depend on several factors like specific ISO standards, Industry vertical, number of processes, number of locations, previous ISO certifications, Skilled resources, etc. In short, the certification scope needs to be identified in order to determine the time and cost regardless of your choice to complete it in-house or take the help of a consultant.  Download the ISO Project Toolkit to get an idea of time and cost. If you still need help, feel free to speak to one of our experts and they can help you determine the scope.

I am not sure which specific certification is best for us.

You are not alone. Many companies have similar dilemma.  ISO 9001 usually applies to all industries and serves as a foundation for many advance ISO Standards. Specific ISO Standards apply to different industry verticals, product or services provided, customer requirement.  For e.g.  ISO 17025 specifically applies to Testing and Calibration Labs, ISO 13485 applies to Medical Device manufacturers and so on. Some industries will require more than one ISO standards.  If you are still not sure which ISO applies specifically to your industry, setup a discovery call with one of our experts.

I want to work with someone local

Local consultants can save you the overhead cost of travel only if they need to be onsite. But did you know that, nowadays, most ISO projects can be completed remotely with aid of technology? A seasoned consultant should be able to interview you, understand your business, train your resources, and help execute ISO projects remotely. We have done many of them to know for sure. Can’t wrap your mind around it? Feel free to speak to one of our experts.

I would like to do the ISO Project internally because consultants are expensive

Sure, that’s a great idea if you have

  1. The required Expertise and Skills
  2. Dedicated Resource to implement and maintain ISO / CMMI
  3. Time to execute the project

Download the toolkit and check if the self implementation is the most cost-effective solution for you.

What additional cost are associated with ISO certification and maintenance?

While considering ISO certification it is very critical to understand the various costs incurred.

These costs include:

1st Year Cost

  • Create and Charter ISO project (Quality Manager)
  • External Registrar Cost+ Logistic Cost
  • Consultant Support( if external consultant used)

2nd Year Cost

  • Surveillance Audit and Logistics cost.
  • Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS

Recertification cost ( every 3 years)

External Audit and Logistics cost

How long will it take to get certified?

Certification timelines depend on multiple factors:
  • Scope and Complexity
  • Number of Locations
  • Number of employees
  • Resource allocation

Timeline for certification ranges from 6-8 months depending on the factors above. Additionally, if the core process  & standard operating procedures are defined, that makes the process go faster and the timeline of implementation is shorter. For a small size, organization certification can be achieved in 6 months. During the external audit,  it will be very important that every process owner is able to demonstrate competence and awareness of their processes. Auditor will want to see a system that has been implemented for at least 3-4 months.

Can a startup have an ISO 27001 certification?

Yes, certification is not tied to the duration of an Organizations’ existence. Any organization having defined processes, meeting the compliance requirements of ISO 27001, and adequate resources ( personnel & finance) for implementation can achieve certification.

What is the ISO 27001 ISMS scope?

ISMS Scope is defined based on the physical and logical boundary of the organization pursuing certification. The information system that organizations consider critical and want to secure is defined with the scope. Any interrelating process is part of the scope.

Example Human Resource is responsible for maintaining the training records of all individuals hired for the personnel and confidential personnel information.

The HR department will be within the scope of the Audit. Based on the scope, the Statement of Applicability and Controls checklist needs to be documented and implemented. 3rd party audit will certify to the said scope.

How and from where should I download ISO 27001 standards?

ISO standard can be purchased from ANSI stores, ISO website, and authorized vendors only. Printed/electronic copies are managed per the Terms and Agreement as well as IEC and ISO copyright requirements.

Is there a database/list of companies which are ISO 27001 certified?

The database/list can exist based on the country and its regulations. In the USA there is no such list, but all certificates are issued by Accredited Registrars.

How important is ISO 27001 certification?

ISO 27001 is a Management system for Information Security. Keeping information secure is not the task of IT department but of each individual of the Organization. Becoming more aware of existing threats will help the organization to manage the risks and place effective controls. That is the true benefit of the ISMS certification.

What are the typical costs and timeframes associated with implementing ISO 27001, complete with audit?

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures and WI based on document structure most suitable and value add to the Organization.

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes.

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented ISMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors or External Contracted Auditors.
  • After Internal Audit, External Audit can be scheduled and conducted.

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, number of processes, and resource commitment by organization.

The various cost incurred in the process of securing ISO certification are distributed over a 3-year cycle:

  1. 1st Year Cost
    • Create and Charter ISO project (Quality Manager)
    • External Registrar Cost+ Logistic Cost
    • Consultant Support( if external consultant used)
  2. 2nd Year Cost
    • Surveillance Audit and Logistics cost.
    • Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS
  1. Recertification cost( every 3 years)

External Audit and Logistics cost

How much time will my staff be occupied to work on this process?

Usually, the head of each department will get involved during the interview and implementation stage. They can choose to do their part of the process or delegate it to a member of their team. However, each department head will only be occupied only during their phase of work and should not take more than 40 hours spread during the entire process.

What is required to be done from our end?

Identify and assign a designated management representative (MR) in your team to coordinate with SME during the entire process and provide the necessary information that SME requires to complete their task. Based on the Gap analysis, a timeline roadmap needs to be created with the end goal of the certification audit. This helps to maintain the appropriate timeframe as defined in the RoadMap.

What is the most important reason for you to implement the ISO/IATF 16949 certification?

A most important reason to get any certification is always for Business growth, Customer Requirement, Entry into Newmarket, build confidence, and consistent product/process/service delivery to the customer.

The automotive industry update requires all the vendors/suppliers in the Supply chain of OEM( Ford, GM, Toyota) to have a Quality Management system with a commitment of compliance to IATF.

What are the practical steps for ISO IATF Certification?

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures and WI based on document structure most suitable and value add to the Organization.

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes.

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented ISMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors or External Contracted Auditors.
  • After Internal Audit, External Audit can be scheduled and conducted.

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, number of processes, and resource commitment by organization.

Can you do the certification with internal resources?

Certification can be achieved by utilizing internal resources.  The best way is to have a person or team with ISO implementer training/previous relevant experience to charter the project.

What additional cost are associated with ISO certification and maintenance?

While considering ISO certification it is very critical to understand the various costs incurred.

These include the cost for the first year :

  • Create and Charter ISO project (Quality Manager)
  • External Registrar Cost+ Logistic Cost
  • Consultant Support (if external consultant used)

2nd-year cost: Surveillance Audit and Logistics cost

Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS

Recertification cost: External Audit and Logistics cost.

Where do I get the ISO 9001:2015 Standard?

ISO standard can be purchased from ANSI stores, ISO website, and authorized vendors only. Printed/electronic copies are managed per the  Terms and Agreement as well as IEC and ISO copyright requirements.

Is a Consultant required for a Machine Shop for ISO 9001:2015 Certification?

If you are limited in internal resources or have time constraints or not familiar with ISO standard it is best to engage a consultant. Once the need for ISO certification is defined, it’s the right time to start identifying consultants. It is important to know that the consultant may not be local.

It will be critical to check if the consultant has relevant experience in a similar industry and can provide a customized solutions based on your unique requirements. Apart from mandatory requirements, the QMS for a Medium size company vs CNC Machine shop will be tailored to each organization requirement.

Please review the details for ISO Guideline for Management Consultancy ( ISO 20700).

What are the various stages and timeline involved in getting ISO 9001:2015 quality certification?

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures and WI based on document structure most suitable and value add to the Organization.

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes.

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented ISMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors or External Contracted Auditors.
  • After Internal Audit, External Audit can be scheduled and conducted.

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, number of processes, and resource commitment by organization.

What is the duration of ISO 9001:2015 certificate?

After the initial certification award, regular surveillance audits are required and mandatory. Every 3 years recertification audits are conducted. The validity of the certificate is for 3 years based on the above-defined cycle. If any organization fails to comply with 3rd party registration requirements/certification body Audit program, there can be repercussions.

What is ISO 9001:2015?

ISO, International Organization for Standardization released the framework for the Quality Management system that can be used by masses as ISO 9001:1987. ISO 9001 is applicable to various industries for product, service and processes. Since then every 7-8 years this standard is updated, and the current updated version is 2015 which was released on year 2015. ISO 9000 is a family of standards, of which only ISO 9001 is a certifiable standard.

What is difference between compliant and certified?

What is difference between compliant and certified?
When a company claims that it is ISO certified it means that all the process standards are met and an independent Registrar has audited the Management System and certified that the entire standard are followed and company meets them.
Compliance means that company meets the ISO standards but has not be certified by Registrar.

Are your quotes no obligation?

Are your quotes no obligation?
Yes, our quotes are free and no obligation.

How long does it take and how much is the cost?

Gone are the days where the mythical figure was its going to be in range of 50,000 and its upkeep is 25,000 per year. The time and cost will be determined considering factors such size of company, pre-assessment and GAP analysis, various locations, complexity of manufacturing facilities and number of employees.

Will you provide assistance and be present during External Audit and after certification?

Yes, we will be present during the external audit and as per our service model is we will also provide a complimentary free internal audit visit after certification. If you want to retain our services we will be able to plan and schedule to do periodical audits and all the non conformance will be addressed promptly.

Is there extra charge for consultation over phone during certification process?

No extra charge. All the related concerns and queries will be covered under the pre-decided fee.

Where can I find more information about ISO?

You can find more information about ISO on our Blog.




General Questions

I want to wait till last minute to get my ISO/CMMI completed

We all procrastinate on things we know need to get done.   Many companies tend to put off getting their ISO/CMMI till the last minute not leaving enough time to properly implement the system.  Not only it may get difficult to find a good consultant at the last minute but also expect to pay premium charges which can be around 1.5 – 2 times the consulting cost for expediting it later.  Additionally, it can get challenging to find a certifying body to meet your certification deadlines.

The regulatory bodies have started to identify that and are changing the rules slowly. For e.g.  Up until a few months ago, CMMI could be completed within a month on the expedited path but now CMMI Appraisal bodies won’t’ be able to appraise companies who are unable to show few months of implementation time.

It is recommended that for any management system to be properly implemented, you must plan a minimum of 4-6 months in advance.

Want to know the duration, cost, and process to get your ISO/CMMI completed? Get our no-obligation Gap Assessment Report.

I think it’s best to continue doing ISO internally because we have been following compliance for many years now.

Well, if you are well versed with the specific ISO standards, are keeping up with new versions as applicable, feel comfortable doing it yourself, it should be just fine to go for a Certification Audit when needed.  If for any reason, you feel stuck or would like to have an unbiased opinion, an internal audit conducted by a consultant can certainly help. You can contact us when ready.

I think I am better off working with a company that does both Consulting and Certification

We have heard these a few times. However, it is a conflict of interest to take the consulting and certification from the same company. ANAB and SEI, regulatory bodies of ISO and CMMI respectively have started to track down such companies who are trying to follow unethical practices and have been canceling their accreditation. If you are certified by such a Certifying Body, you will lose your certification.

As an informed buyer, next time you are given such an option, you must always ask yourself, how can a company help build a quality management system and also conduct a certification audit at the same time?

Here are some tips on how tofor your firm.

I do not understand ROI on ISO or CMMI. I think it’s an unnecessary overhead cost.

ISO or CMMI doesn’t have any tangible ROI like you usually have for Marketing or Sales. However, look at it this way, like a well-lubricated machine improves the efficiency and throughput of a machine,  a well-implemented management system improves the efficiency of business processes, reduces wastage, reduces personnel time, in short, reduces your operating costs.  To learn more about the benefits of ISO, check out this article on ISO Certification Benefits.

With globalization and increasing competition, many customers are now seeking suppliers/vendors who are ISO certified or CMMI appraised. For some industries, in order to do business, ISO is a mandatory requirement. It won’t be long before it will start applying to almost all industry verticals. Also, it will impact the entire supply chain at some point. If you do not have ISO or CMMI, ask yourself, what does the cost of lost opportunities look like to you?

Still, have questions on ISO/CMMI ROI? Talk to our experts today.

Here are some tips on how tofor your firm.

After the first year, do we need to continue spending same amount of time and cost for the upkeep?

A well-implemented quality management system should be able to save you maintenance time in subsequent years and it should add value to your business processes.

At the minimum, the only cost you should see after the first year is the surveillance audit cost for the next 2 years. The 3rd year is a recertification year and you should expect to go through stage 1 & 2 audits again.

If you feel that you are spending way more time and cost on the upkeep of your quality management system, it may be a good idea to speak to an expert.  We can do a Gap Analysis of your existing ISO and help you identify and correct the gaps which can make your process more efficient.  Feel free to contact us with your concerns.

I am not sure how ISO can be marketed to bring in more business

With globalization, companies are constantly vetting suppliers based on a number of factors, ISO certification being one of them. The reason is that customers can be working with domestic as well as global suppliers and ISO Certification can offer a sense of assurance to them.

US Federal Govt has started to mandate ISO and CMMI in many of their RFP. Many large commercial clients have also started to include in their supplier qualification. It is just a matter of time when the entire supply chain will be required to get certification in order to continue doing business with the same set of customers.

A proactive approach is very much recommended if your company is actively seeking new business and you can proudly share your ISO certificate with your prospects.  We ourselves are an ISO 9001 Certified Company.  To learn more, check out our blog on how ISO Certification wins more business.

I think it takes 12 to 18 months to get Quality Management System in place

It depends on the scope of the project, number of locations, type & number of standards, resource availability, skills, etc.  But for a simple one standard and one location project, it should typically take up to 6 months. To determine the time and cost for your ISO project, take the opportunity of our no-obligation High Level Gap Assessment.

I feel that everyone needs to be a Certified Lead Auditor to maintain ISO

This is the biggest myth which many companies have. For creating and implementing any quality management system, it is not required to be a Lead Auditor. A job of a Lead Auditor is to audit a functional quality management system and report the feedback to the Certifying Body for certification issuance.

You may choose to take Internal Audit Training (Usually 3 days) or Lead Implementor Training (Usually 5 days) instead if you are creating, maintaining, and auditing your systems internally.  Only one employee can take a certified training course and can conduct a non-certified awareness training for other employees within the organization.

Alternatively, you can hire a consultant who can conduct remote or onsite group training for employees if needed.  Some Certifying Bodies try to sell their certified lead auditor training without properly educating the customers, leading to an additional spend on something that may not be required.

Next time, if Certifying Body is offering you lead auditor training, ask them how it will help add value to implementation and instead ask for an Internal Audit training.

I feel ISO or CMMI is documentation heavy and we need to change our business processes to be certified?

It is a myth that ISO or CMMI is disruptive for your business. In fact, it is the other way around. Any quality management system should seamlessly fit into your existing business processes and add value to your business in the long run. A good consultant will be able to understand your existing business and should be able to implement the system without changing any processes. Start with no obligation high level gap assessment report for your business to see if we are a good fit.

I am not aware about how remote consulting or audit works?

In today’s day and age, with so much of technological advancement, many services can be performed and delivered remotely. We have done several remote consulting projects using Zoom, Skype for business, Phone, Email, Share Drives, etc. for seamless collaboration. Here is an article on.  An internal audit can be also performed remotely with ease.

I had a bad experience with previous consultant and need more support

In real-world, bad experiences do happen sometimes when consultants are not a good fit for the project or organization. The experience can be painful.  But be assured that there are several great consultants out there who can be an asset to your team.  If you would like to find out if we are a good fit, please setup a discovery call with one of our experts.

I can get ISO Consulting done for much less by an expert that I find through online portals offering gigs.

In today’s gig economy, you may be able to find almost any type of skilled resource online through some kind of portals like,, etc. To know if they are the right fit for your project, you must know what to look for.  Here is an article that can help to

I think I need to hire Quality Manager to manage QMS process

If your company is small and doesn’t have many processes or multiple locations, hiring a Quality Manager just for the purpose of creating and maintaining a quality management system doesn’t make sense. Most Consultants should be able to help build you a robust QMS that can be easily maintained in-house with the least time and effort. However, if you feel that you need continual help with maintenance, a consultant should be able to review your QMS once quarterly or semi-annually and keep you on track. If you have a specific need, our experts can help you find out if we are able to help.

I don’t have time to dedicate to the ISO project since our process is lean

This is true with most Small Business with lean processes. They are understaffed, working on multiple business-critical roles, don’t have a dedicated and skilled resource for ISO. For such companies, the best route to consider is investing in a consultant who can save time and cost.  If you would like to learn how we can help you with your ISO project, use our no obligation high level gap assessment report.

I have only one customer requesting ISO and we are currently evaluating if we want to continue working with them

In today’s day and age, the requirement for ISO is growing because customers want to work with vetted and approved suppliers not only domestically but globally.  ISO, a globally recognized certification, ensures that a supplier is more qualified than others in a similar niche. Even if you let go of one customer asking for an ISO certification today, it won’t be surprising if another customer would also ask for it at some point.  Also, many companies who are trying to grow their client-base will come across ISO Certification being one of their customer RFP/RFQ.  Here is an article that can help you evaluate ISO Certification Benefits.

I am not familiar with the standards and confused on how it might affect our operations.

You don’t know what you don’t know. This is true with any industry. That is why we offer a no-obligation high level Gap Assessment and a complementary 30 mins call with our ISO Expert to answer any questions you may have about the project.

I am concerned about the time and cost

For most ISO projects, the time and cost depend on several factors like specific ISO standards, Industry vertical, number of processes, number of locations, previous ISO certifications, Skilled resources, etc. In short, the certification scope needs to be identified in order to determine the time and cost regardless of your choice to complete it in-house or take the help of a consultant.  Download the ISO Project Toolkit to get an idea of time and cost. If you still need help, feel free to speak to one of our experts and they can help you determine the scope.

I am not sure which specific certification is best for us.

You are not alone. Many companies have similar dilemma.  ISO 9001 usually applies to all industries and serves as a foundation for many advance ISO Standards. Specific ISO Standards apply to different industry verticals, product or services provided, customer requirement.  For e.g.  ISO 17025 specifically applies to Testing and Calibration Labs, ISO 13485 applies to Medical Device manufacturers and so on. Some industries will require more than one ISO standards.  If you are still not sure which ISO applies specifically to your industry, setup a discovery call with one of our experts.

I want to work with someone local

Local consultants can save you the overhead cost of travel only if they need to be onsite. But did you know that, nowadays, most ISO projects can be completed remotely with aid of technology? A seasoned consultant should be able to interview you, understand your business, train your resources, and help execute ISO projects remotely. We have done many of them to know for sure. Can’t wrap your mind around it? Feel free to speak to one of our experts.

I would like to do the ISO Project internally because consultants are expensive

Sure, that’s a great idea if you have

  1. The required Expertise and Skills
  2. Dedicated Resource to implement and maintain ISO / CMMI
  3. Time to execute the project

Download the toolkit and check if the self implementation is the most cost-effective solution for you.




ISO 9001

Can you do the certification with internal resources?

Certification can be achieved by utilizing internal resources.  The best way is to have a person or team with ISO implementer training/previous relevant experience to charter the project.

What additional cost are associated with ISO certification and maintenance?

While considering ISO certification it is very critical to understand the various costs incurred.

These include the cost for the first year :

  • Create and Charter ISO project (Quality Manager)
  • External Registrar Cost+ Logistic Cost
  • Consultant Support (if external consultant used)

     2nd-year cost: Surveillance Audit and Logistics cost

Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS

Recertification cost: External Audit and Logistics cost

Where do I get the ISO 9001:2015 Standard?

ISO standard can be purchased from ANSI stores, ISO website, and authorized vendors only. Printed/electronic copies are managed per the  Terms and Agreement as well as IEC and ISO copyright requirements.

Is a Consultant required for a Machine Shop for ISO 9001:2015 Certification?

If you are limited in internal resources or have time constraints or not familiar with ISO standard it is best to engage a consultant. Once the need for ISO certification is defined, it’s the right time to start identifying consultants. It is important to know that the consultant may not be local.

It will be critical to check if the consultant has relevant experience in a similar industry and can provide a customized solutions based on your unique requirements. Apart from mandatory requirements, the QMS for a Medium size company vs CNC Machine shop will be tailored to each organization requirement.

Please review the details for ISO Guideline for  Management Consultancy ( ISO 20700).

What are the various stages and timeline involved in getting ISO 9001:2015 quality certification?

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures and WI based on document structure most suitable and value add to the Organization.

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes.

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented ISMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors or External Contracted Auditors.
  • After Internal Audit, External Audit can be scheduled and conducted.

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, number of processes, and resource commitment by organization.

What is the duration of ISO 9001:2015 certificate?

After the initial certification award, regular surveillance audits are required and mandatory. Every 3 years recertification audits are conducted. The validity of the certificate is for 3 years based on the above-defined cycle. If any organization fails to comply with 3rd party registration requirements/certification body Audit program, there can be repercussions.

What is ISO 9001:2015?

ISO, International Organization for Standardization released the framework for the Quality Management system that can be used by masses as ISO 9001:1987. ISO 9001 is applicable to various industries for product, service and processes. Since then every 7-8 years this standard is updated, and the current updated version is 2015 which was released on year 2015.ISO 9000 is a family of standards, of which only ISO 9001 is a certifiable standard.




ISO 27001

Can a startup have an ISO 27001 certification?

Yes, certification is not tied to the duration of an Organizations’ existence. Any organization having defined processes, meeting the compliance requirements of ISO 27001, and adequate resources ( personnel & finance) for implementation can achieve certification.

What is the ISO 27001 ISMS scope?

What is the ISO 27001 ISMS scope?

ISMS Scope is defined based on the physical and logical boundary of the organization pursuing certification. The information system that organizations consider critical and want to secure is defined with the scope. Any interrelating process is part of the scope.

Example Human Resource is responsible for maintaining the training records of all individuals hired for the personnel and confidential personnel information.

The HR department will be within the scope of the Audit. Based on the scope, the Statement of Applicability and Controls checklist needs to be documented and implemented. 3rd party audit will certify to the said scope.

How and from where should I download ISO 27001 standards?

ISO standard can be purchased from ANSI stores, ISO website, and authorized vendors only. Printed/electronic copies are managed per the  Terms and Agreement as well as IEC and ISO copyright requirements.

Is there a database/list of companies which are ISO 27001 certified?

The database/list can exist based on the country and its regulations. In the USA there is no such list, but all certificates are issued by Accredited Registrars.

How important is ISO 27001 certification?

ISO 27001 is a Management system for Information Security. Keeping information secure is not the task of IT department but of each individual of the Organization. Becoming more aware of existing threats will help the organization to manage the risks and place effective controls. That is the true benefit of the ISMS certification.

What are the typical costs and timeframes associated with implementing ISO 27001, complete with audit?

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures and WI based on document structure most suitable and value add to the Organization.

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes.

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented ISMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors or External Contracted Auditors.
  • After Internal Audit, External Audit can be scheduled and conducted.

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, number of processes, and resource commitment by organization.

The various cost incurred in the process of securing ISO certification are distributed over a 3-year cycle:

  1. 1st Year Cost
    • Create and Charter ISO project (Quality Manager)
    • External Registrar Cost+ Logistic Cost
    • Consultant Support( if external consultant used)
  2. 2nd Year Cost
    • Surveillance Audit and Logistics cost.
    • Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS
  1. Recertification cost( every 3 years)

External Audit and Logistics cost


