How long does ISO certification take?

The time required to achieve ISO certification depends on the standard you choose, the size and complexity of your organisation, and how prepared you already are. There is no fixed timeline, but most organisations follow a predictable sequence of steps that determines how long certification will take.

This page explains typical timeframes, what affects them, and how organisations can shorten or extend the process.

Get a quote for ISO certification

Typical ISO certification timelines (at a glance)

For most organisations, ISO certification takes between a few weeks and several months from start to certificate.

Indicative timeframes by organisation size

Organisation typeTypical timeframe
Small, simple organisation4–8 weeks
Medium-sized organisation2–4 months
Large or complex organisation4–9 months+

These ranges assume reasonable availability of internal resources and no major gaps identified during audits.

Timeframes by ISO standard

Different ISO standards require different levels of preparation and audit time.

ISO 9001 (quality management)

How long does ISO 9001 certification take?

  • Often the quickest standard to achieve
  • Typical timeframe: 4–12 weeks
  • Faster where processes are already documented

ISO 14001 (environmental management)

How long does ISO 14001 certification take?

  • Time depends on environmental impact and controls
  • Typical timeframe: 6–16 weeks

ISO 45001 (occupational health and safety)

How long does ISO 45001 certification take?

  • Influenced by workforce size and risk level
  • Typical timeframe: 8–20 weeks

ISO 27001 (information security)

How long does ISO 27001 certification take?

  • Usually the longest due to risk assessment and controls
  • Typical timeframe: 3–6 months, sometimes longer

Implementing multiple standards together can increase preparation time, but integrated management systems often reduce the total time compared to certifying each standard separately.

What determines how long ISO certification takes?

Several factors influence the overall timeline:

  • Current readiness: Organisations with existing policies, controls, or management systems progress faster.
  • Organisation size and complexity: More employees, locations, or processes increase preparation and audit time.
  • Chosen ISO standard: Standards with higher risk or technical requirements take longer.
  • Internal availability: Limited staff time or competing priorities can slow progress.
  • Use of consultants: External support often shortens timelines but increases cost.
  • Audit scheduling: Availability of certification body auditors can affect timing.

Breakdown of the ISO certification timeline

Step 1: Gap analysis (1–2 weeks)

A review of existing processes against the ISO standard to identify gaps and priorities.

Step 2: Documentation and system design (2–6 weeks)

Creating or updating policies, procedures, and records that meet ISO requirements.

Step 3: Implementation and operation (2–8 weeks)

Putting the management system into daily use, training staff, and collecting evidence of operation.

Step 4: Internal audit and management review (1–2 weeks)

Checking system effectiveness and demonstrating leadership oversight.

Step 5: Stage 1 audit (1–2 weeks including preparation)

A readiness review carried out by the certification body.

Step 6: Stage 2 audit and corrective actions (1–4 weeks)

The main certification audit and completion of any required corrective actions.

Step 7: Certification decision (1–2 weeks)

Final review and issue of the ISO certificate.

Some steps can overlap, particularly in smaller organisations.

Can ISO certification be completed quickly?

Yes, in certain circumstances.

Fast-track certification is possible where:

  • Processes are already well documented
  • Management systems are mature
  • The organisation has strong internal resources
  • A consultant is used to accelerate preparation

However, attempting to rush certification without genuine implementation often leads to audit delays, non-conformities, or long-term compliance issues.

How long does ISO certification last?

Once achieved, ISO certification is typically valid for three years.

During this period:

  • Surveillance audits take place at regular intervals
  • The management system must be maintained and improved
  • Significant changes may require reassessment

At the end of the cycle, a recertification audit is required to renew the certificate.

How to reduce the time needed for ISO certification

Organisations can shorten timelines by:

  • Clearly defining the certification scope
  • Using simple, practical documentation
  • Assigning clear ownership internally
  • Training staff early
  • Scheduling audits in advance
  • Combining standards into an integrated system

Good preparation usually saves more time than trying to rush audits.

Summary

ISO certification timelines vary, but most organisations should expect:

  • Weeks, not days
  • A structured, staged process
  • Preparation to take longer than the audits themselves

Understanding the timeline upfront helps organisations plan resources, avoid delays, and achieve certification smoothly.

Next steps

To estimate how long ISO certification will take for your organisation:

  • Identify the relevant ISO standard
  • Assess current readiness
  • Decide whether to use external support
  • Build a realistic project plan

ISOcertified.net provides detailed guides for each ISO standard, along with practical advice on preparation, audits, and certification planning.

Get A Quote ⓘ