How Much Does ISO 9001 Certification Cost: 6 Honest Cost Factors Instead of a Price List

You opened this article to see a number. Honestly: there won't be one. Not because we're hiding it, but because an honest ISO 9001 certification cost needs a 30-minute conversation with your company. Anything else is either dumping or deception.

When a consultancy publishes "ISO 9001 turnkey — UAH 25,000 (~USD 625 / EUR 580)", they're selling not certification but an illusion. The real cost depends on your headcount, number of sites, process complexity, current state of documentation, the certification body you choose, and a dozen smaller factors. Two companies with the same legal form can receive invoices that differ by 4x — and that's normal.

At Ekontrol we took a different path. Instead of a price list — a breakdown of 6 factors that shape the price, with concrete ranges for "small / medium / large company". This way you can roughly position your project on the price spectrum yourself and ask certification bodies the right questions. At the end — how to get a personal quote within 24 hours via the contact form.

If you're just getting into the topic, start with ISO 9001 in plain language for baseline context. If you're already at the body-selection stage — read on.

Before talking about price, you need to understand what exactly you're paying for. ISO 9001 certification isn't a single transaction — it's three separate cost stages that often hide inside one invoice.

Stage 1. System preparation (consulting). Current-state audit, process design, documentation, internal auditor training, internal audits and management review. This is the largest chunk of the budget for companies starting from scratch. Done by a consulting firm (e.g., Ekontrol) or your in-house staff.

Stage 2. Certification audit. Stage 1 (documentation review) and Stage 2 (on-site). Performed by the certification body — a separate legal entity that, by law, cannot also be your consultant. This independence rule is written into ISO/IEC 17021-1; breaking it = invalid certificate.

Stage 3. 3-year support. The certificate is valid for 3 years, conditional on annual surveillance audits. Year 3 brings the recertification audit. These are all separate payments to the certification body — and they're often forgotten at the start.

Details on the ISO 9001 quality management system implementation process are on the services page. If you want to understand why this standard at all — the complete ISO 9001 guide gives context.

Key insight: when someone says "ISO 9001 costs X hryvnia", ask what exactly is inside X. Without that, comparing offers is impossible.

This is the heaviest factor. The certification body charges per audit-day (mandays), and that number is directly tied to your headcount. It's not an arbitrary formula — it's spelled out in the mandatory IAF MD 5 document "Mandatory Document for Duration of QMS and EMS Audits", which binds every accredited body. That's why the body can't simply "add a markup": the number of days is calculated from a standardised table.

Approximate Stage 1 + Stage 2 scale per IAF MD 5 for quality management systems:

• up to 5 employees — 1.5–2 mandays
• 6–10 employees — 2.5 mandays
• 11–15 employees — 3 mandays
• 16–25 employees — 3.5 mandays
• 26–45 employees — 4 mandays
• 46–65 employees — 5 mandays
• 66–85 employees — 5.5 mandays
• 86–125 employees — 6 mandays
• beyond that the scale grows gradually, adding roughly +1 manday per 100 new employees

How this works in practice. A company with 30 operators and 5 office staff has ~4 mandays for Stage 2. Multiply by the auditor's day rate (depends on the body) and you get the base price of the certification audit. Surveillance audits in years 2 and 3 — roughly one-third of that base each.

Important nuance: the count includes every person who performs work within the management system. Part-time employees on a 0.5 contract count as 0.5 FTE. Seasonal staff — by annual average. Outsourced teams are a separate conversation with the body.

The second variable is the complexity of your organisation. A manufacturing company with 30 staff and a service agency with the same 30 will receive different invoices, even at identical headcount. Why? Because the auditor checks processes, not people.

For a single-site business with a standard process set, it's simple — calculated from the base IAF MD 5 table. For multi-site organisations (a café chain, several plants, regional offices), it's harder. The body applies sampling rules: it visits a representative subset of sites, not all of them. Standard formula — the square root of the number of sites. So a company with 16 sites gets 4 sites sampled in year one.

What increases the price independent of headcount:

• manufacturing processes with a physical product (longer shop-floor audit than office work)
• regulated industries — medical devices, aviation, defence, pharma
• several sites in different cities (auditor logistics)
• complex outsourcing chains
• high degree of automation or risk

What can reduce it: unified processes across sites (central quality management), a simplified product mix, a mature quality culture.

If your business is a network rather than a single warehouse "under one roof", insist on a proper multi-site certificate rather than a series of separate ones. This can save 30–40% of the total over 3 years.

Here's a difference the market often glosses over. The certification body itself must be accredited — otherwise its certificate is recognised by no one. Two categories of accredited bodies operate in Ukraine.

Ukrainian accreditation (NAAU). National Accreditation Agency of Ukraine is the state body that issues accreditation for work on the Ukrainian market. Certificates from such bodies are fully valid for Prozorro public procurement, for Ukrainian partners, for state inspections. Price — the lowest on the market.

International accreditation (UKAS, ANAB, DAkkS, JAS-ANZ and others). These are accreditation bodies from the UK, USA, Germany, Australia — members of the International Accreditation Forum IAF. Their certificates are recognised worldwide via IAF MLA. Price delta — +30–100% compared with NAAU accreditation.

When you actually need international accreditation:

• you export products or services to the EU, USA, UK
• you work with international corporate networks (automotive, aerospace, Fortune 500 clients)
• you're preparing for tenders outside Ukraine
• your clients explicitly require an IAF MLA certificate

When NAAU is enough:

• you operate on the domestic market
• your main goal is Prozorro tenders and state customers
• your partners are Ukrainian companies with no export angle

For tender logic, the Ukrainian DSTU ISO 9001 fully does the job — details in DSTU ISO 9001 complete guide. Paying for international accreditation "just in case" is overpaying without a reason.

Even within the same accreditation, prices vary. Major international brands (TÜV SÜD, Bureau Veritas, SGS, DNV, DEKRA) charge higher rates than Ukrainian accredited bodies (e.g., "Lider", "Standart-Sertyfik", "Management Systems Certification Body"). The gap is 25–60% for the same scope of work.

What you overpay for at an international brand:

• a recognisable logo on the certificate (matters for tenders and press releases)
• global logistics (audits at sites worldwide)
• procedural stability
• "third party with an impeccable reputation" status

What you save on at a local body:

• deeper knowledge of Ukrainian specifics (Public Procurement Law, DSSU practice)
• faster communication in Ukrainian without an interpreter
• more flexible audit scheduling
• a lower manday rate

Neither option is "better" — both are equally valid if the accreditation is real. Questions worth asking any body before signing a contract:

1. Show your active accreditation certificate (NAAU or international — with a number and validity date).
2. How many mandays do you allocate to our company and on what basis (reference to IAF MD 5)?
3. What's included in the price — only Stage 1+2, or surveillance over 3 years?
4. Who exactly will be our lead auditor, what are their credentials and industry experience?

If the body can't answer 4 questions clearly — that's a reason to look elsewhere.

Now the biggest variable component of the budget — preparation. If the audit costs a notional X, the consulting that precedes it can cost anywhere from 0.5X to 4X. The spread is huge, and it's explained by the current state of your processes.

Three typical scenarios:

Scenario A. Mature system, needs tidying up. You already run an internal quality procedure, you have job descriptions, you hold internal meetings, you log nonconformities. All that's left is to align it with the ISO 9001 structure (organisational context, risk management, documented information). Consulting — minimal, 1–2 months, focused on gap analysis and document corrections.

Scenario B. Partial readiness. You have regulations and some documentation, but they aren't tied into a system. There's no context analysis, no defined risks/opportunities, no management review on record. Consulting — 2–4 months, with documentation rework, staff training, and two cycles of internal audit.

Scenario C. From scratch. Effectively no documentation, processes aren't described, nobody in the company understands what a QMS is. Consulting — 4–6 months, the full cycle: diagnostics, process design, documentation, training, two internal-audit cycles, management review, pre-audit.

A quick self-assessment — 5 questions:

• Do we have key processes described with owners and metrics? — yes / no
• Do we run at least one internal audit per year with a written record? — yes / no
• Do we have a procedure for logging and analysing customer complaints? — yes / no
• Does management review quality metrics at least once a year? — yes / no
• Have we defined how we respond to risks and opportunities? — yes / no

"Yes" on 4–5 questions — Scenario A. On 2–3 — Scenario B. On 0–1 — Scenario C. It's a rough estimate, but for first-pass budgeting it's enough. An external pre-certification readiness assessment gives a sharper diagnosis and a concrete action plan.

The last factor is the time you have. The standard certification cycle for Scenario B (partial readiness, ~30 staff) is 3–6 months from first contact to certificate in hand. Fast-track — 6–8 weeks. Every "acceleration" has a price.

What specifically costs more under an accelerated schedule:

• consultants work in intensive mode (full work week, not 2 days per month) → +30–50% on rate
• the certification body prioritises your audit in the schedule → rush fee as a separate line item
• your team allocates more time (minus other work)
• the risk of cut corners grows — the auditor will spot gaps and issue more nonconformities

Honestly, I don't like fast-track scenarios and I turn them down when a client asks for "ISO 9001 in 2 weeks". Because in most such cases it's about a tender where the certificate is needed as a paper artefact, not as proof of a working system. That's a one-off saving that turns into chronic pain across the next three years of surveillance.

In a commercial proposal you'll see the consulting price and the audit price. But the real 3-year cost of owning the system includes more. Here's what often stays outside the first conversation.

Internal auditor. ISO 9001 requires at least one internal audit per year. It's done either by your employee (training needed — 2–3 day course + methodology materials) or by an external contractor (separate service, 1–2 mandays per year). If you go in-house — budget the employee's time for staying qualified.

Document management. Someone in the company has to maintain the document register, control versions, run periodic reviews. That's often 0.2–0.4 FTE fully loaded — not "free". If you don't have such a person, the budget covers either a hire or outsourcing of the function.

Annual surveillance audit. 12 months after certification — the first surveillance audit. 24 months — the second. Each typically costs around 50–60% of the certification audit price. In year 3 — a full recertification audit, around 80% of the initial price.

Scope updates. Expanded the product range, opened a new plant, changed a production process — you need an extension audit. That's a separate paid procedure with the body.

Investments in the system after the audit. Identified nonconformities must be fixed, even minor ones. That might mean additional monitoring equipment, infrastructure rework, extra training — items that aren't on the initial consulting estimate.

So the right reference point is total cost of ownership (TCO) over 3 years, not "how much does the certificate cost". TCO is usually 1.7–2.2x higher than the first invoice. Knowing this upfront keeps year 2 from delivering a surprise.

If you want to see what Stage 2 looks like in reality — details in Stage 2 of the certification audit: who shows up, what they ask, what they look for, how closing meetings run.

We don't publish off-the-shelf numbers as a matter of principle. Instead we work like this: request → discovery call → personal quote within 24 hours.

How it plays out:

1. You submit a request via the contact form or give us a call.
2. We run a 30-minute free consultation — clarifying headcount, number of sites, current state of documentation, the goal (domestic market or export), target timelines.
3. Within 24 business hours we come back with a personal proposal: stages of work, duration, consultant team composition, price split between consulting and a forecast for the certification body.
4. If we agree — we sign the contract and start with a gap analysis.

Important principle: we don't invoice for the certification body's audit — that's a separate contract with an independent legal entity, as required by ISO/IEC 17021-1. Ekontrol prepares your system, the body audits it. That's an honest model — no conflict of interest, no "better outcomes for our own".

Details on the QMS certification process are in a separate article where we walk step by step through what happens after you sign with the body.

Why 24 hours and not an instant calculator on the site? Because an honest estimate needs an understanding of your context. Any automatic calculator with 5 fields will give a 30–50% error margin — we've seen dozens of clients who arrived with a "calculator quote" only to find reality was twice as different.

The most common questions clients ask on the discovery call. If yours isn't here — write to us directly, we reply within a business day.