How much does ISO 9001 certification cost in the UK?

For a 10-50 person UK SME, UKAS-accredited certification body fees typically run £3,000-£8,000 for Stage 1 + Stage 2, plus annual surveillance visits at £1,500-£3,000 per year. Add internal time or consultancy (£3,000-£15,000 if outsourced). PolicySuite's ISO 9001 Quality Management Starter pack replaces the documentation drafting work.

How long does ISO 9001 take to achieve?

Realistic timeline for a UK SME is 4-6 months from kickoff to Stage 2 audit. Weeks 1-2 for scoping and gap analysis, 3-4 for policy and procedure drafting (PolicySuite cuts this to 48 hours), 4-12 for rollout, training, internal audit and management review, then Stage 1 + Stage 2 audits.

ISO 9001 Quality Management Policies for UK SMEs

Q: What does ISO 9001:2015 actually require?

ISO 9001:2015 requires a documented Quality Management System covering 10 clauses — context, leadership, planning, support, operation, performance evaluation, and improvement. In practice auditors expect around 12 core policies covering quality policy, document control, record control, management review, internal audit, corrective action, customer focus, supplier management, training and competence, non-conforming products, and continuous improvement. A quality manual is optional in 2015 but still useful.

Q: Who needs ISO 9001 in the UK?

ISO 9001 is the world's most recognised quality standard and is commonly required in UK manufacturing, engineering, construction, public-sector tenders, aerospace supply chains, automotive suppliers (often via IATF 16949), and medical devices (via ISO 13485). Many UK SMEs first pursue ISO 9001 because a large customer or a tender specifically requires it.

Q: Can I combine ISO 9001 with ISO 27001?

Yes — both standards share the same Annex SL high-level structure so clauses 4-10 align. Many UK SMEs run a combined integrated management system (IMS) with a single document-control process, single internal audit programme, and single management review. PolicySuite's Quality Management Starter + ISO 27001 Core Set packs are designed to layer into an IMS without duplication.

Q: What does the ISO 9001 Quality Management Starter include?

12 ISO 9001:2015-aligned policies: Quality Policy, Document Control, Record Control, Management Review, Internal Audit, Corrective Action, Preventive Action, Customer Focus, Supplier Management, Training and Competence, Non-Conforming Products, and Continuous Improvement. Bespoke to your sector — manufacturing, services, construction or engineering. Live pricing on the product page.

12 ISO 9001:2015 QMS policies drafted for your business — document control, internal audit, corrective action and continuous improvement. Cert-ready in 48 hours.

ISO 9001:2015 Quality Management UK SME

ISO 9001 Quality Management Starter pack

12 policies · £400 one-off

Lifetime access · no renewal · bespoke to your sector

Get Started — Buy Pack Free account · preview sample policies · buy pack when ready

UK registered & ICO compliant 197 frameworks · 8 jurisdictions · 990+ bespoke policies Lifetime purchase · no renewal

What is ISO 9001?

Quick answer. ISO 9001:2015 is the international standard for a Quality Management System (QMS). It is the most widely-adopted ISO management system standard globally with over 1.3 million certificates in force. The standard tests how an organisation defines processes, manages risk, listens to customers, and drives continual improvement — certified by an accredited body after a Stage 1 + Stage 2 audit.

ISO 9001 is the international standard for Quality Management Systems (QMS). The current version, ISO 9001:2015, uses the Annex SL high-level structure shared by ISO 27001, ISO 14001 and most other ISO management standards — making it easy to integrate if you're pursuing multiple certifications.

Certification requires a documented QMS, evidence of operation (internal audits, management reviews, corrective actions) and a two-stage audit from a UKAS-accredited certification body. The underlying philosophy is continuous improvement — Plan-Do-Check-Act — operationalised through risk-based thinking across every process.

Who needs ISO 9001?

Quick answer. UK manufacturing and engineering firms (especially aerospace, automotive, defence supply chain) where customers expect ISO 9001 as a baseline. Professional services firms (consultancy, legal, accounting) increasingly use it for procurement credibility. Public-sector tenders frequently require it for contracts above £100k. Manufacturing PE-backed scale-ups often pursue it ahead of an exit to demonstrate operational maturity.

UK manufacturers and engineering firms — often required by OEM customers and prime contractors.
Construction and civil engineering SMEs — frequently required in PQQs and ITTs.
Aerospace suppliers — ISO 9001 is the baseline before AS 9100.
Automotive suppliers — gateway to IATF 16949.
Medical devices and life sciences — precursor to ISO 13485.
UK professional services firms tendering for public sector or enterprise contracts that mandate an accredited QMS.

Policies you need for ISO 9001

Quick answer. ISO 9001:2015 prescribes documented information for clauses 4–10. The minimum policy set most UK SMEs maintain is 12 policies: quality policy (clause 5.2), document and record control (clause 7.5), competence and training (clause 7.2), supplier evaluation (clause 8.4), product/service requirements (clause 8.2), nonconformity and corrective action (clause 10.2), internal audit (clause 9.2), management review (clause 9.3), risk-based thinking framework (clause 6.1), customer satisfaction monitoring (clause 9.1.2), design and development control (clause 8.3), and continuous improvement (clause 10.3).

ISO 9001:2015 doesn't mandate a specific policy list but auditors expect these 12 documented areas — all covered in our ISO 9001 Quality Management Starter pack:

Quality Policy

Clause 5.2 — top-level statement signed by leadership.

Document Control

Clause 7.5 — issue, review, version control of documented information.

Record Control

Clause 7.5 — retention, protection, accessibility.

Management Review

Clause 9.3 — at-least-annual leadership review with defined inputs/outputs.

Internal Audit

Clause 9.2 — planned audit programme with competent auditors.

Corrective Action

Clause 10.2 — root-cause analysis and CAR tracking.

Preventive Action

Clause 6.1 — risk-based thinking and opportunity management.

Customer Focus

Clause 5.1.2 + 9.1.2 — feedback, complaints, satisfaction measurement.

Supplier Management

Clause 8.4 — control of externally-provided processes, products, services.

Training and Competence

Clause 7.2 — skills matrix, training records, refresher cycles.

Non-Conforming Products

Clause 8.7 — identification, segregation, disposition.

Continuous Improvement

Clause 10.3 — improvement loop tied to KPIs and management review.

Realistic timeline to certification

Quick answer. 4–6 months from day zero for ISO 9001 certification. PolicySuite produces the 9-policy backbone in 48 hours; the bulk of the timeline is operational evidence collection. Month 1: scope, risk assessment, policies. Month 2: distribute and embed processes. Month 3: collect operational evidence (CAPA log, training records, supplier reviews). Month 4: internal audit + management review. Month 5–6: Stage 1 + Stage 2 audits.

Most UK SMEs reach Stage 2 certification in 4–6 months. PolicySuite compresses the documentation phase from 4–8 weeks to 48 hours.

Week 1: Scope and gap analysis. Buy the pack, receive 12 bespoke policies in 48 hours.
Week 2–4: Distribute documentation, train staff, start recording objective evidence (KPIs, supplier reviews, non-conformities).
Week 5–10: Run first internal audit programme covering every clause.
Week 11–12: Management review with full agenda — inputs, risks, opportunities, decisions.
Week 13–16: Stage 1 audit (documentation review) by UKAS-accredited body.
Week 17–24: Stage 2 audit (on-site operational audit) → certificate issued.

Policy packs for ISO 9001

ISO 9001 Quality Management Starter

12 policies · £400 · full 2015 clause coverage

ISO 27001 Core Set

16 policies · £400 · combine for integrated management system

Training & Awareness

8 policies · £250 · covers ISO 9001 Clause 7.2 in depth

Third-Party Risk & Contracting

10 policies · £300 · Clause 8.4 supplier management depth

PolicySuite vs GRC platforms vs consultant vs DIY

Quick answer. ISO 9001 consultants charge £5k–£20k for a UK SME readiness engagement with 4–6 month delivery. GRC platforms cover ISO 27001 and SOC 2 well but rarely have ISO 9001 mappings. DIY templates miss the ‘risk-based thinking’ (clause 6.1) updates added in the 2015 revision. PolicySuite generates clause-mapped ISO 9001 policies in 48 hours from £400.

UK SMEs typically compare four routes when sourcing compliance policies. Here's how they stack up on the decisions that matter.

	PolicySuite	GRC platforms (Vanta, Drata, SecureFrame)	Compliance consultant	DIY templates
Typical cost	£250–£1,500 one-off	£10k–£40k per year	£5k–£30k one-off	£0 + your time
Pricing model	Lifetime purchase	Annual seat-based	Project fee	Free (indefinite effort)
Time to policies ready	48 hours	4–8 weeks setup	8–16 weeks	Months — rarely finished
UK-specific content	✓ Built for UK SMEs	Partial — US-originated	✓ If UK consultant	Partial — ICO templates only
Bespoke to your business	✓ LLM-tailored from your answers	Partial — fill-in-the-blank	✓ Yes — manual	✗ Generic template
Framework coverage	197 frameworks · 8 jurisdictions	20–50 frameworks	Whatever the consultant knows	Up to you to find
Audit-ready evidence	✓ Acknowledgements, distributions, version history	✓ Strong — but seat-priced	✗ You track it yourself	✗ You track it yourself
Suits <50-person SMEs	✓ Designed for UK SMEs	✗ Price-prohibitive at SME scale	Sometimes — depends on scope	✓ If you have the time
Cost to switch away	✓ You own the docs — export anytime	✗ Lose access on cancellation	✓ You own the docs	✓ You own the docs

See full head-to-head comparisons →

Frequently asked questions

What does ISO 9001:2015 require?

A documented QMS covering 10 clauses — context, leadership, planning, support, operation, performance evaluation, and improvement. Auditors expect around 12 core policies covering quality policy, document control, record control, management review, internal audit, corrective action, customer focus, supplier management, training, non-conforming products, and continuous improvement.

Who needs ISO 9001 in the UK?

ISO 9001 is commonly required in UK manufacturing, engineering, construction, public-sector tenders, aerospace supply chains, automotive and medical devices. Many UK SMEs first pursue it because a large customer or a tender specifically asks for accredited QMS certification.

How much does ISO 9001 cost in the UK?

UKAS-accredited certification body fees for a 10–50 person UK SME typically run £3,000–£8,000 for Stage 1 + Stage 2, plus £1,500–£3,000/year surveillance. Add internal time or £3,000–£15,000 if you use a consultant. PolicySuite replaces the policy-drafting portion with a one-off pack.

How long does ISO 9001 take?

4–6 months from kickoff to Stage 2 audit for a UK SME. Weeks 1–2 for scoping and gap analysis; 3–4 for policy drafting (PolicySuite cuts this to 48 hours); 4–12 for rollout, training, internal audit and management review; then Stage 1 + Stage 2 audits.

Can I combine ISO 9001 with ISO 27001?

Yes — both standards share the Annex SL high-level structure so clauses 4–10 align. Many UK SMEs run an integrated management system with single document control, single internal audit programme, single management review. Our QMS Starter + ISO 27001 Core Set are designed to layer cleanly.

What does the ISO 9001 pack include?

12 ISO 9001:2015-aligned policies covering every documented-information expectation: quality policy, document control, record control, management review, internal audit, corrective action, preventive action, customer focus, supplier management, training and competence, non-conforming products, continuous improvement. Bespoke to your sector — see live pricing.

Start your ISO 9001 rollout today

Get 12 bespoke QMS policies in 48 hours — lifetime access, no renewal.

Get Started — £400

References and primary sources

Quick answer. The framework guidance on this page is reviewed against the primary-source documents below. Each link resolves to an official regulator or standards-body publication so an auditor, procurement reviewer or DPO can verify the alignment without taking the page on trust.

ISO 9001:2015 (ISO) — the official quality-management standard.
International Accreditation Forum — the body that accredits certification bodies issuing ISO 9001 certificates.
ISO management-system standards (Annex SL) — the harmonised structure shared by ISO 9001, 27001 and 14001.
ISO 31000 risk management — the companion standard on risk-based thinking baked into 9001:2015.

In our experience working with UK SMEs and similar organisations across the EU and US, the framework pages that survive enterprise vendor reviews are the ones that cite primary sources rather than secondary blog posts. Many UK SMEs typically discover this only after their first failed vendor questionnaire — the reviewer asked for a clause-to-source map and the standard reply pointed at a marketing page rather than the relevant regulator. The references above are the standing set we cite from inside the policies themselves so the chain stays intact end-to-end.