How to Choose an ISO Consultant: 8 Questions to Ask
How to Choose an ISO Consultant: 8 Questions to Ask
Hiring an ISO consultant is one of those decisions that looks simple until you start comparing proposals. Two firms quote wildly different prices for what sounds like the same work. One promises certification in 90 days; another says six months. One sends a polished template package; another wants to spend a week walking your floor before writing a word.
The difference between a good consultant and a bad one rarely shows up in the sales pitch. It shows up eight months later, when your registrar auditor opens a manual that reads like it belongs to another company, or when your “certified” management system quietly falls apart because nobody in-house ever understood it.
This is a buyer’s guide, not a sales page. The eight questions below are the ones that actually separate consultants who will get you certified and leave you stronger from the ones who will sell you a binder. Ask all of them before you sign anything.
1. Have you implemented this exact standard in my industry?
“ISO experience” is not a monolith. ISO 9001 for a machine shop, ISO 13485 for a medical device manufacturer, AS9100 for an aerospace supplier, and ISO/IEC 27001 for a software company share a common backbone, but the risks, the documentation auditors expect, and the failure points are completely different.
A consultant who has run twenty ISO 9001 projects but has never touched ISO 13485 will learn your regulatory environment on your dime. Ask specifically: how many organizations like mine, implementing this specific standard, have you taken through certification? Vague answers about “decades in quality” are a warning sign. You want a number and a few examples.
If you operate under a sector scheme such as AS9100 or IATF 16949, this question matters even more. Those standards layer industry-specific requirements on top of ISO 9001, and a generalist will miss them.
2. What is your first-audit pass rate?
The whole point of hiring a consultant is to get certified on the first attempt. A failed certification audit, or a stage 2 audit that closes with a pile of major nonconformities, costs you re-audit fees, months of delay, and internal credibility.
Ask directly: of the clients you have guided through a full implementation, how many passed their initial registrar audit? A confident firm will answer without flinching. At QRC, clients who use the full-service implementation program consistently achieve certification on their first registrar audit, and that track record is exactly the kind of claim you should ask any consultant to back up with specifics.
Be reasonably skeptical of anyone who claims a literal 100% with no context. Ask what happens if you don’t pass, and get the answer in writing.
3. Who actually does the work: the person in the room, or a junior behind them?
Consulting firms sometimes win the contract with a seasoned expert and then hand delivery to a junior associate you never met in the sales meeting. The senior name on the proposal shows up for the kickoff call and disappears.
Ask who will be on-site or on your calls week to week, what their background is, and whether that person stays with you through certification. Continuity matters. An implementation is a relationship built over months, and swapping consultants midway forces you to re-explain your operation every time.
4. Do you write from templates, or do you build the system around how we actually work?
This is the single biggest red flag to watch for. Template mills sell the same quality manual to every client, change the logo, and call it a management system. The document set looks complete, but it describes a company that isn’t yours. Auditors spot the mismatch immediately, and worse, your team can’t follow procedures that don’t reflect reality.
A good consultant starts with a gap analysis: they look at what you already do, compare it to the standard, and build documentation around your real processes. Templates are a fine starting skeleton. They should never be the finished product. Ask to see a redacted example of a manual they produced for a company in your sector and judge how tailored it looks.
5. Who owns the documentation when the engagement ends?
You would be surprised how often this comes up too late. Some consultants keep your quality manual, procedures, and forms in their own proprietary system or make the “living” versions dependent on their continued involvement. When you try to leave, you discover you can’t easily take your own management system with you.
Insist on a clear answer: you own every document, in an editable format, with no strings attached. A legitimate consultant wants you self-sufficient. Ownership of your ISO documentation should never be a bargaining chip.
6. What happens after we’re certified?
Certification is the starting line, not the finish. ISO certificates run on a three-year cycle with annual surveillance audits, and your system has to keep breathing the whole time: internal audits, management reviews, corrective actions, and updates as your business changes.
Ask whether the consultant offers post-certification support and internal auditor training so your own team can carry the system forward. A consultant who is only interested in the initial implementation and vanishes at certification leaves you exposed at your first surveillance audit. The best engagements aim to make you independent while remaining available when you need a check-in.
7. How do you use AI, and where does a human stay accountable?
This is a newer question, and a fair one to ask in 2026. AI tooling can genuinely accelerate the mechanical parts of an ISO project: drafting first-pass documentation, cross-referencing clauses during a gap analysis, flagging inconsistencies before an audit, and monitoring compliance between reviews.
The right answer is that AI speeds up the tedious work while a veteran consultant reviews, tailors, and stands behind every deliverable. The wrong answer is either “we don’t use it at all” (you may be paying for slow manual work) or “AI writes your whole manual” (nobody accountable, and auditors will notice the generic output). QRC’s approach pairs experienced ISO consultants with AI tooling so the drafting moves faster, but a human expert owns the result. Ask any firm to be specific about where the machine helps and where a person signs off.
8. How do you price the work, and what isn’t included?
ISO consulting is priced in a few common ways: fixed project fee, monthly retainer, hourly, or per-deliverable. None is automatically better, but each hides different risks. Fixed-fee protects you from overruns but can tempt a consultant to cut corners. Hourly aligns effort but can balloon. Retainers are predictable but can drift on indefinitely.
What matters is knowing the total cost and what falls outside it. Ask what is not included: registrar fees (which you always pay separately to the certification body, never to the consultant), travel, extra revision rounds, training, or surveillance support. Get the scope in writing. A firm that gives you a clear, itemized answer respects your budget; one that stays vague is setting up a change order later.
Frequently Asked Questions
How much does an ISO consultant cost?
Costs vary widely by standard, company size, and how much of your system already exists. Small ISO 9001 implementations can run a few thousand dollars in consulting fees; larger or multi-site programs, or sector standards like AS9100 and ISO 13485, cost more. Always confirm that registrar (certification body) fees are separate from consulting fees, and ask for an itemized scope before comparing quotes.
How long does ISO 9001 certification take with a consultant?
A typical full ISO 9001 implementation runs about five to seven months from kickoff to certification audit, depending on your starting point, company size, and how quickly your team can dedicate time to the project. A good consultant will give you a realistic timeline after a gap analysis, not a number pulled from a sales script.
Can’t I just do ISO certification myself without a consultant?
You can, and some organizations do. The trade-off is time and risk: self-implementation usually takes longer, and first-audit failures are more common when nobody on the team has run a certification before. A consultant is worth it when the cost of delay, a failed audit, or an internal team that can’t spare the hours outweighs the fee.
What’s the biggest red flag when hiring an ISO consultant?
Generic, template-only documentation. If a consultant hands you a quality manual that could belong to any company and never invested time understanding how you actually operate, both your auditor and your own staff will struggle with it. Insist on a system built around your real processes.
QRC has helped more than 1,000 organizations implement ISO-compliant management systems since 1993, and every engagement is led by a veteran consultant who stays accountable for the result. If you’re weighing your options, learn more about our team or explore our full range of ISO consulting services, then call us with your questions before you sign with anyone.
Call (800) 244-5409
Local: (408) 371-9995
Contact Us
