ISO 9001: Who Needs It and Why? The Process at a Glance
If your customer wants you to bid, if you are entering public tenders, or if you are planning growth: ISO 9001 is probably on your path. How long the process takes, what it does for you, which companies it overshoots — short, clear answers.
ISO 9001 is the most widespread of the international quality management system standards. The "quality" it refers to is not the quality of the product or service itself, but rather the standardisation of how the company produces it. So holding an ISO 9001 certificate does not mean what you produce is good; it shows that your production process is repeatable, traceable, and capable of continual improvement.
Who gets ISO 9001?
If one of the three situations below applies to you, the certificate is on your path:
1. Your customer requires it. Automotive OEMs, main contractors in construction, and public-tender specifications — these sectors typically demand ISO 9001 from their suppliers. Without the certificate, you can be eliminated at the bid stage.
2. You are entering public tenders. Turkish public procurement legislation requires ISO 9001 above certain scope thresholds (particularly in public works, health, and defence). It is also a preference factor in private-sector tenders.
3. You are planning growth and export. In companies that pass the 50-employee mark, processes naturally move from being "person-dependent" to documented. ISO 9001 makes this transition systematic. In exports, it is a standard item on the foreign customer's "supplier audit" checklist.
For which companies is it overkill?
For micro-enterprises with fewer than 5 employees and a single specialised product, the bureaucracy introduced by ISO 9001 typically outweighs the benefit. For these, a business-specific quality control procedure plus transparent customer reporting is usually sufficient.
How long does the process take?
Typical timeline: 3-6 months, depending on the documentation maturity of the company's existing processes.
| Stage | Duration | Performed by |
|---|---|---|
| Gap analysis | 1-2 weeks | Consultant / in-house team |
| System set-up (documentation, procedures) | 1-3 months | In-house team + consultant |
| Internal audit | 1 week | Internal auditor |
| Management review | 1 day | Senior management |
| Certification audit (Stage 1 + Stage 2) | 2-4 weeks | Certification body such as ASİS UK |
| Certificate issuance | 2-3 weeks after corrective actions | — |
How long is the certificate valid?
3 years. During this period, an annual surveillance audit is carried out (a lighter version of Stage 1). At the end of 3 years, the re-certification audit (a repeat of Stage 2) follows.
If an annual surveillance is missed, or a serious non-conformity is not corrected, the certificate is suspended, then revoked. Third parties can verify the certificate status through our certificate verification page.
What does it cost?
It varies according to employee count, scope width, and sector risk profile. A typical range for an SME: TRY 10,000 — 40,000 for the certification audit, plus optional consultancy.
At ASİS UK, we do not offer consultancy and audit services together; this is a requirement of the independence principle of certification (TS EN ISO/IEC 17021-1, clause 5.2 — the consultant and the auditor cannot belong to the same organisation). From us, you receive the audit service only.
Next step
To discuss where your company stands on the ISO 9001 path, reach out via our quote request form. Our expert will get back to you within 24 hours. We will either propose an offer or, if it is a case where certification should not be pursued, we will tell you honestly.
— ASİS UK Certification Team