It depends on where you are starting from, which standard you are working towards, and how much time your team can give to it. If you already have clear processes in place, you may move more quickly. If you are building a system from scratch, you will need more time to design it properly, put it into practice, review how it works, and prepare for audit. For most SMEs, the best approach is to build something useful and workable rather than rush to a certificate.
UKAS-accredited certification comes from a certification body that has been independently checked for competence and credibility. In many sectors, that matters because customers, procurement teams, and other stakeholders may expect it. Non-UKAS certification can look quicker or cheaper, but it may not carry the same weight. Before you decide, check what your market actually requires.
The cost depends on the standard, the size of your business, the number of sites you operate, the maturity of your current systems, certification body fees, and the level of support you need. The cheapest option is not always the best value if it creates weak systems or extra work later. It is usually more useful to look at the total investment needed to build something that supports the business well and stands up to audit.
Yes, and in many cases you should. A good management system should reflect how your business already works, not replace it with unnecessary paperwork. The sensible approach is to review what you already do well, spot any gaps, and strengthen what needs attention. That usually leads to better ownership and less disruption.
No. Many SMEs choose a blended approach. Your team keeps ownership of the system, while external support helps with specific areas such as gap analysis, system design, training, internal audits, or ongoing improvement. The right balance depends on your internal capacity, capability, and what you want the system to achieve over time.
If you expect to add other standards later, such as ISO 14001 or ISO 45001, it often makes sense to think ahead. Building with integration in mind can reduce duplication, improve consistency, and make the system easier to manage as the business grows. You do not need to overcomplicate it, but a bit of foresight can save time later.
Certification is a milestone, not the finish line. After audit, you still need to keep the system working through internal audits, management reviews, surveillance audits, and regular improvement. A well-built system should help the business run better, support good decisions, and adapt as things change. It should not become a burden that sits on the shelf.
That depends on your sector, your customers, your risks, and your business priorities. ISO 9001 focuses on quality, ISO 14001 on environmental management, and ISO 45001 on health and safety. Some businesses start with one standard and add more later. Others are better served by planning an integrated system from the outset. The key is to choose a route that fits your business and creates practical value.
Yes. ISO certification is not just for large organisations. Small businesses can achieve it successfully when the system is proportionate, practical, and built around real business needs. The aim is not to create administration for its own sake. It is to put in place a clear way of working that supports quality, confidence, and continual improvement.
You will usually need input from leadership and from the people who run day-to-day activities. Staff do not need to become ISO specialists, but they do need to understand the parts of the system that affect their role. Involving people early often improves buy-in, highlights practical issues sooner, and helps the system work in real life.
Yes, in most cases you do. Internal audits help you check whether the system is working as intended, identify weaknesses, and deal with issues before the external audit. Used well, they are more than a compliance task. They help you learn what is working, adapt where needed, and improve the system over time.
Yes. Many businesses want focused support rather than full outsourcing. A consultant can help with gap analysis, document review, internal audits, training, audit preparation, or improvement work, while your team keeps ownership. That often leads to a stronger system because it stays grounded in how the business actually operates.
Focus on making sure the system is working in practice. That means key processes are in place, records are available, internal audits and management review have happened, and people understand what matters in their role. Good preparation is less about rehearsing perfect answers and more about showing that the business has a clear, workable system that people actually use.
Sometimes, but not always. Lower external spend can be offset by longer timescales, internal disruption, and avoidable rework. The right choice depends on your team’s capacity, experience, and how quickly you need to move.
No. Fees vary depending on audit duration, scope, complexity, and the provider you choose. That is why it is sensible to compare like for like rather than focus on headline cost alone.
Often, yes. Many SMEs phase the work so they can build readiness in manageable steps. That can make the investment easier to manage while still helping you make steady progress.
That depends on readiness, scope, and internal capacity. A prepared business can move quite efficiently. A business building from scratch will usually need longer. The important thing is to move at a pace that builds a system you can use and maintain.
Wessex House, 66 High Street, Honiton, EX14 1PD