How long does the full certification journey take?

It depends on the standard, the complexity of your operations, and where you are starting from. A well-resourced organisation building from scratch typically reaches Stage 2 audit readiness in 12 to 20 weeks. An organisation with a partial system may move faster. We define realistic timelines at the outset and do not accelerate at the cost of system quality.

Do you work across multiple ISO standards simultaneously?

Yes. Many of our engagements cover integrated management systems that address two or more standards under a common framework. ISO 9001, ISO 14001, and ISO 45001 share significant structural overlap that makes integration efficient. ISO 27001 and ISO 13485 are more specialised and typically run as dedicated workstreams.

We already have an ISO certificate. Can you help improve the system?

Yes, and this is one of the most common entry points. Certified organisations often discover at surveillance audit that their system has drifted from the documented state. We conduct a targeted assessment, identify where the gap is, and rebuild the operational practices that underpin the documentation.

What is the difference between documentation and a functioning management system?

Documentation describes what should happen. A functioning management system produces objective evidence that it actually happens. Certification bodies do not certify documents. They certify evidence: completed records, training matrices, audit findings, CAPA closures, and management review outputs. A system with good documentation but weak operational discipline will not hold at Stage 2.

How do you handle certification body selection and the audit process?

We are certification body neutral. We advise on which accredited body is appropriate for your sector, size, and geographic scope, and we manage the application process on your behalf. We do not hold commercial arrangements with certification bodies and our advice is not influenced by referral fees.

Can you support us on-site during the actual certification audit?

Yes. We provide direct on-site support during Stage 1 document reviews and Stage 2 certification audits. This includes managing document requests, preparing responses to auditor questions, and advising your team in real time. Post-audit, we manage the response to any findings.

What happens if the auditor issues a major nonconformity?

A major nonconformity means certification is not recommended at that point. We have managed this before. The path forward is a root cause analysis, a documented corrective action, objective evidence of implementation, and a follow-up review by the certification body. We manage this entire process.

Do you work with multi-site organisations?

Yes. Multi-site engagements require a sampling approach across sites, a centralised system framework, and site-specific annexes. We have designed systems covering up to 12 sites under a single certificate scope. The complexity increases the scope of work but the methodology is the same.

How do we get started?

Click "Request a gap assessment" anywhere on this page, complete the two-step form, and we will contact you within 24 business hours. If you prefer a call first, use the booking link to schedule a 30-minute introductory call.

ISO Management Systems

Built to hold at audit.

A management system must withstand scrutiny. We build the infrastructure, develop the documentation, and prepare your team for the audit.

Book a call

No certification guarantee. Independent technical readiness assessment and implementation support.

Self-assessment

How ready is your organisation for ISO certification?

Six questions assessing your quality management system, leadership commitment, and certification readiness. A structured diagnostic before booking any external assessment.

6 questions, around 5 minutes

Personalised PDF report with archetype classification and gap analysis

Optional 30-minute review call with a Clear consultant

We collect your email at the halfway point. Privacy policy.

PREVIEW

Your Report

Foundation

CoverageYou

Maturity

Optimisation

Pages3

FormatPDF

Time5 min

Methodology

Built on real audit experience.

Based on ISO 9001:2015 and related management system standards. Clear's consultants hold ISO 9001:2015 certification through QS Quality Services Italia (ESYD-accredited under ISO/IEC 17021) and support organisations through initial certification and surveillance cycles across Europe.

Sample

The questions that matter.

“Is leadership actively engaged in defining quality objectives and reviewing system performance?”

“Do you have documented procedures covering your core operational processes and their interactions?”

“Have you conducted a risk assessment identifying the key risks and opportunities for your management system?”

5 archetypes

Where you stand. What you can do.

Foundation

First stages of the compliance journey. Basic systems and documentation not yet formally in place.

Coverage

Compliance frameworks in progress, with partial implementation. Gap analysis and prioritisation are the main focus.

Maturity

Mature systems with specific gaps remaining. Targeted remediation to close priority observations.

Optimisation

Near full compliance with refinement needs. Audit readiness and continuous improvement as the next horizon.

Next steps

A report, then options.

Right after submission

✓Your 3-page PDF report delivered to your email
✓Archetype classification with detailed reasoning
✓Concrete next steps tailored to your position

If you want to discuss

✓Optional 30-minute call with a Clear consultant
✓No commitment, no sales follow-up unless requested
✓Schedule directly via Zoom Scheduler

You are in the right place if...

We hear this every week.

"We have the documents. But when an auditor asks for evidence, we cannot find it."

"The certificate was obtained three years ago. Since then, nothing has been updated."

"We have a Stage 1 in 6 weeks. I do not know what state the system is in."

"The quality manager left. The system went with them."

"Our biggest customer is asking for ISO 27001. We have never done this before."

"We received a major finding. The certification body wants a corrective action in 30 days."

"We operate across five sites. Nothing is consistent between them."

"The internal audit found no issues. Then the external auditor found sixteen."

ISO standards covered

12+

Countries

100+

Audits supported

Accredited

CB network

The gap

Most operations have documentation. Few have a functioning system.

Certification bodies certify objective evidence rather than documents. The gap between having a procedure and demonstrating compliance with it is where most organisations lose certification audits.

What it looks like

What auditors find

A procedure exists for every process

Records prove the procedure is actually followed

The manual was written for last year's audit

Documentation reflects current operational reality

The quality manager owns the system alone

Top management demonstrates active, documented engagement

Nonconformities are closed on paper

Root cause analysis produces objective evidence of systemic change

The internal audit found no issues

The external auditor issued 14 findings on the same scope

Eight standards

Which standard fits your operation?

Core standards

Broadly applicable across sectors

ISO 9001

Quality Management

For whom

Any organisation needing to demonstrate consistent quality to customers, buyers, or regulators.

Primary driver

Customer complaints, inconsistent process outcomes, failed supplier audits, lost tenders.

ISO 14001

Environmental Management

For whom

Manufacturing, production, logistics, construction, and any sector with a material environmental footprint.

Primary driver

Environmental liability exposure, procurement requirements from large customers, regulatory compliance gaps.

ISO 45001

Occupational Health and Safety

For whom

Any employer with meaningful physical or operational risk. Replaces OHSAS 18001.

Primary driver

Incident exposure, regulatory enforcement risk, insurance requirements, tendering prerequisites.

ISO 27001

Information Security Management

For whom

IT service providers, SaaS companies, data processors, and any organisation handling sensitive client data.

Primary driver

Enterprise client RFP requirements, cyber risk exposure, GDPR enforcement risk, contractual obligations.

Specialised standards

Sector or scope-specific

ISO 50001

Energy Management

For whom

Energy-intensive manufacturers, facilities managers, and organisations with formal ESG energy commitments.

Primary driver

Rising energy costs, regulatory requirements, investor ESG reporting, carbon reduction commitments.

ISO 13485

Medical Devices Quality Management

For whom

Medical device manufacturers, component suppliers, and distributors under EU MDR or FDA requirements.

Primary driver

Regulatory approval pathways, notified body audit requirements, EU MDR compliance, market access barriers.

ISO 14064

GHG Quantification and Reporting

For whom

Organisations with investor-grade ESG commitments, carbon disclosure obligations, or supply chain pressure.

Primary driver

Scope 1/2/3 reporting accuracy, inconsistent inventory methodology, investor and customer reporting demands.

ISO 14065

GHG Validation and Verification

For whom

Organisations seeking external validation of carbon claims or preparing for formal GHG statement assurance.

Primary driver

Credibility of published carbon commitments, regulatory acceptance of GHG statements, investor trust.

How it works

How an engagement works.

Every engagement follows the same rigorous sequence across three phases. The scope and timelines vary, the methodology stays consistent.

Phase 1: Discovery and diagnosis

Intake and scope definition

We define the scope of the management system, the applicable standard requirements, and the legal and regulatory context relevant to your operations.

Document and context review

Remote review of existing documentation, procedures, and records. We identify what exists, what is missing, and what contradicts current operations.

On-site gap assessment

Structured interviews with process owners and operational staff. We map actual practice against ISO requirements at each clause level.

Gap report and nonconformity register

Written report scoring each clause. Findings classified as major nonconformities, minor nonconformities, or opportunities for improvement.

Phase 2: Build and implement

Remediation roadmap

Prioritised action plan with ownership, sequencing, and realistic timelines. Built around your operational capacity, beyond a standard template.

Management system design

System structure: processes, interactions, performance indicators, and governance framework designed before a single document is written.

Documentation development

Policy, procedures, work instructions, forms, and records developed to reflect how your organisation actually operates.

Staff training and competence verification

Role-specific training on system requirements and individual responsibilities. Competence records established and maintained.

Phase 3: Certify and sustain

Internal audit

Full-scope internal audit conducted at lead auditor grade. Findings formally recorded. The internal audit report becomes a certification-grade artefact.

Certification audit support

On-site support during Stage 1 document review and Stage 2 certification audit. Document request management and technical responses to auditor questions.

Post-audit follow-up

Management of audit findings through root cause analysis, corrective action, and closure evidence submitted to the certification body.

Services

What we deliver.

ISO gap assessment

Deliverable

Scored clause-by-clause report, classified findings, remediation roadmap.

When needed

Starting point for any engagement. Suitable for new and existing systems.

Management system design

Deliverable

Process map, system architecture, performance indicator framework, governance structure.

When needed

First-time certification or full system rebuild.

Documentation development

Deliverable

Policy, procedures, work instructions, forms, and records templates.

When needed

Documentation is absent, outdated, or disconnected from actual operations.

Risk and opportunity register

Deliverable

Clause 6.1-compliant risk register with assessment criteria, mitigation actions, and monitoring cadence.

When needed

ISO 9001, 14001, 45001, 27001, or 50001 engagements.

Legal and regulatory compliance register

Deliverable

Applicable legislation mapped to system requirements. Compliance status documented.

When needed

ISO 14001, ISO 45001, and any regulated sector engagement.

Internal audit

Deliverable

Full-scope audit report, nonconformity register, corrective action tracking.

When needed

Surveillance cycle, pre-certification, or when internal audit capability is absent.

Training and competence programs

Deliverable

Role-specific training materials, delivery, and competence records.

When needed

Staff onboarding, system implementation, and surveillance readiness.

Certification body selection and liaison

Deliverable

Certification body recommendation, application management, Stage 1 scheduling.

When needed

First-time certification or change of certification body.

Certification audit support

Deliverable

On-site support during Stage 1 and Stage 2. Document request management and real-time technical guidance.

When needed

Any organisation without in-house certification audit management experience.

Nonconformity management and CAPA

Deliverable

Root cause analysis, corrective action plan, objective evidence package, closure submission.

When needed

Following any major or minor finding at internal or external audit.

Integrated Management System design

Deliverable

Single-framework IMS covering two or more standards. Common documentation structure and audit programme.

When needed

Organisations pursuing ISO 9001 + 14001 + 45001 or any multi-standard combination.

Typical findings

What auditors find at the first audit.

These are the five most common finding categories at first-time ISO certification audits. None of them are surprising. All of them are preventable.

Objectives and monitoring

Quality objectives exist on paper. No baseline data, no measurement method, no review cadence. The system cannot demonstrate improvement.

Internal audit

An internal audit was conducted. The auditors were from the team being audited. No independence, no findings, no corrective actions.

Document control

Multiple versions of the same SOP in circulation. No revision history. No controlled distribution. No evidence of obsolete document withdrawal.

Management review

Management review minutes exist. Inputs cover only part of the clause 9.3 elements. Outputs lack links to actions with owners and deadlines.

Competence records

Personnel performing critical activities lack documented competence records. Training happened. The evidence was lost.

Who it's for

Built for your situation.

You lost a tender that required ISO 9001 certification.

The buyer's supplier questionnaire requires certification. The deadline is real.

Gap assessment in week one. Remediation roadmap with fixed milestones. Certification audit supported from document review to close-out.

Your quality manager left. The system left with them.

The certificate exists. No one knows what it covers, where the documents are, or when the next surveillance audit is.

System recovery assessment. Documentation inventory. Interim quality management support through the next surveillance cycle.

A Stage 2 audit is 8 weeks away and the gaps are still unknown.

The certification body confirmed the date. The team needs clarity about the current state of the system.

Accelerated internal audit. Prioritised remediation of critical findings. On-site support on audit day.

An enterprise client is asking for ISO 27001.

The RFP requires ISO 27001 certification. You are an IT company with no formal information security management system in place.

Scope definition. Asset and risk register. Statement of Applicability across 93 controls. Structured path to Stage 2.

You received a major nonconformity at audit.

The certification body issued a major finding. You have 30 days to submit a corrective action with objective evidence.

Root cause analysis. Corrective action plan. Implementation tracking. Evidence package for certification body submission.

You need ISO 13485 for the EU MDR pathway.

The medical device regulatory pathway requires ISO 13485. Your current QMS sits below the standard.

ISO 13485-specific gap assessment. Documentation rebuilt and aligned with EU MDR technical file requirements.

You operate across multiple sites with inconsistent systems.

Four sites. Different procedures, different forms, different practices. A single certificate scope requires a unified system.

Multi-site IMS design. Central framework with site-specific annexes. Sampling approach for the certification audit.

Selected engagements

How it plays out in practice.

ISO 9001 + ISO 14001Industrial manufacturing

Integrated management system from scratch to certification in 14 weeks.

A mid-size manufacturing group needed ISO 9001 and ISO 14001 simultaneously for a major customer tender. Starting with no formal system, we designed an integrated management system, developed 34 procedures and 112 record templates, conducted a full internal audit, and supported the Stage 2 audit through to certification recommendation.

Result

Zero major nonconformities at Stage 2. Three minor findings closed within 10 days.

ISO 27001Technology / SaaS

ISO 27001:2022 certification in response to an enterprise RFP.

A SaaS company received an enterprise RFP requiring ISO 27001 certification within 6 months. Starting from an informal security posture, we built the ISMS, completed a risk assessment covering 89 assets, developed the Statement of Applicability across 93 controls, and managed the Stage 1 and Stage 2 audit process.

Result

Certification issued on time. Deal closed.

ISO 9001 + ISO 45001 + ISO 14001Multi-site industrial group

Unified integrated management system across 6 sites.

A multi-site industrial group operated with inconsistent procedures across six facilities. We designed a single integrated management system under one certificate scope with a common framework at each site and site-specific annexes. One internal audit programme replaced six separate ones.

Result

One certificate. Six sites. Surveillance cycle manageable with in-house team.

Free resource

ISO readiness scorecard

A practical self-assessment tool covering the 12 most common gap areas found at first-time ISO certification audits. Use it to benchmark your current state before engaging a consultant or scheduling a gap assessment.

Leadership commitment and policy

Objectives and measurable targets

Risk and opportunity register

Documented information control

Internal audit independence

Management review completeness

Competence records

Nonconformity management and CAPA

Supplier and external provider control

Performance monitoring and KPIs

Legal and regulatory compliance tracking

Surveillance and recertification readiness

Why Clear

CB neutral

We hold zero commercial arrangements with certification bodies. Our recommendation is based purely on fit.

Lead auditor grade

Internal audits are conducted at lead auditor standard. The audit report is a certification-grade artefact.

Accredited network

We connect you to accredited certification bodies aligned with your sector, size, and geographic scope.

Common questions

Questions about ISO consultancy.

The gap assessment covers three phases: a remote document review, a structured on-site or video-based operational interview, and a written report. The report scores each ISO clause against your current state, classifies findings as major nonconformities, minor nonconformities, or opportunities for improvement, and includes a prioritised remediation roadmap.

Ready to build a system that holds at audit?

Gap assessment first. Everything else follows from what we find.

Book a call