Choosing the right ISO 45001 certification body — sometimes called a registrar — is one of the most consequential decisions your organization will make on the path to certification. Get it wrong and you could face audit delays, inflated costs, or worse: an auditor who doesn't understand your industry well enough to deliver a meaningful assessment.
I've guided more than 200 organizations through ISO 45001 certification at Certify Consulting, and the certification body selection question comes up at nearly every engagement. This guide walks you through exactly what to look for, what questions to ask, and which red flags to avoid — so you can make a confident, informed choice.
What Is an ISO 45001 Certification Body?
A certification body (CB) — also called a registrar or third-party auditor — is an independent organization accredited to assess whether your occupational health and safety management system (OHSMS) conforms to ISO 45001:2018. Upon successful completion of a Stage 1 and Stage 2 audit, the CB issues a certificate of conformity that is recognized by customers, regulators, and supply chain partners.
Certification bodies do not consult. Their role is purely to audit and certify. This independence is foundational to the credibility of the ISO 45001 certificate itself.
Citation hook: ISO 45001:2018 certification requires assessment by an accredited third-party certification body; self-declaration does not constitute ISO 45001 certification under IAF requirements.
Why Accreditation Is the Non-Negotiable Starting Point
Before evaluating anything else — price, turnaround time, auditor personality — confirm that the certification body holds valid accreditation from a recognized accreditation body (AB). Accreditation is the mechanism that verifies a CB is competent, impartial, and operating consistently.
Recognized accreditation bodies for ISO 45001 include:
- ANAB (ANSI National Accreditation Board) — United States
- UKAS (United Kingdom Accreditation Service) — United Kingdom
- DAkkS (Deutsche Akkreditierungsstelle) — Germany
- JAS-ANZ — Australia and New Zealand
- COFRAC — France
All of these are members of the International Accreditation Forum (IAF), which operates the Multilateral Recognition Arrangement (MLA). An IAF MLA-covered certificate from any member AB is recognized in over 100 countries — a significant advantage for organizations with global supply chain obligations.
According to the IAF, there are more than 80 accreditation body members and over 50,000 accredited conformity assessment bodies operating globally as of 2024. Not all of them are equally rigorous. Always verify active accreditation status directly on the AB's public registry before signing any contract.
Citation hook: ISO 45001 certificates issued by non-accredited bodies carry no internationally recognized standing and are routinely rejected by procurement teams and regulatory agencies.
Key Criteria for Evaluating ISO 45001 Certification Bodies
1. Sector-Specific Auditor Competence
ISO 45001 is a framework standard, but occupational hazards are highly industry-specific. A construction firm, a chemical manufacturer, and a healthcare provider each face radically different risk profiles. The auditor assigned to your facility should have documented competence in your sector — not just a generic management systems background.
Under IAF MD 22 (Application of ISO/IEC 17021-1 for the Certification of Occupational Health and Safety Management Systems), certification bodies must ensure their auditors possess industry-specific knowledge relevant to the scope of certification. Ask the CB to provide the CV and sector codes for the lead auditor before committing.
Industry Accident Sector Activity (NACE/IAF codes) are the standard classification used by CBs to match auditors to industry scopes. Request confirmation in writing that your assigned auditor holds the relevant codes for your operations.
2. Audit Days and Methodology
ISO/IEC 17021-1:2015 and its sector-specific application document IAF MD 22 set minimum audit day requirements based on your organization's size, complexity, and number of employees. Be wary of any CB that quotes significantly fewer audit days than the IAF-recommended minimum — this is a common cost-cutting tactic that compromises audit quality and can render the certificate commercially questionable.
According to IAF MD 22, a site with 26 to 45 employees requires a minimum of 2.5 on-site audit days for the initial Stage 2 certification audit. Registrars offering single-day audits for organizations of this size should be scrutinized carefully.
3. Impartiality and Conflict of Interest Policies
ISO/IEC 17021-1 requires certification bodies to maintain impartiality. This means they cannot certify an organization where they have provided management system consulting services. If a CB offers to help you "build" your system and then certify it, walk away — this is a fundamental violation of accreditation requirements and should be reported to the relevant AB.
At Certify Consulting, we function exclusively as consultants. We help organizations build conformant systems and prepare for audit. The actual certification audit is always conducted by an independent, accredited CB — that's not just best practice, it's the only way the certificate has meaning.
4. Geographic Coverage and On-Site Audit Capability
Remote auditing (desktop reviews and video-based assessments) became more common post-2020, but ISO 45001 audits present unique challenges for fully remote delivery. Physical hazard verification — walkthrough inspections, observation of operational controls, emergency procedure checks — requires on-site presence.
IAF ID 3:2011 (Informative Document for Management System Certification Audit Programmes Involving Multi-site Sampling) and IAF MD 4 address multi-site sampling. If your organization operates across multiple locations, confirm the CB's multi-site auditing methodology and whether they have auditors geographically positioned to cover all relevant sites.
5. Turnaround Time and Scheduling Reliability
Some CBs are significantly backlogged, particularly in high-demand sectors like construction, logistics, and healthcare. Ask prospective CBs:
- What is the current lead time from contract signature to Stage 1 audit scheduling?
- What is the typical gap between Stage 1 and Stage 2 audits?
- What happens if audit dates need to be rescheduled?
For many of my clients at Certify Consulting, a specific contract deadline or tender requirement drives the certification timeline. A CB that can't commit to firm scheduling windows can derail business development plans entirely.
6. Certificate Validity and Surveillance Audit Cycle
ISO 45001 certificates are valid for three years, subject to successful annual surveillance audits (conducted in years 1 and 2) and a recertification audit in year 3. Confirm with any prospective CB:
- What is included in the annual surveillance audit scope?
- Are surveillance audits fixed-price or variable?
- What triggers an unscheduled audit?
Unexpected surveillance audit fees have caught many organizations off guard. Get the full three-year cost structure in writing before signing.
Certification Body Comparison: Key Evaluation Factors
| Evaluation Factor | What to Look For | Red Flags |
|---|---|---|
| Accreditation Status | Valid accreditation from IAF MLA member AB | No accreditation, lapsed status, non-IAF AB |
| Auditor Sector Competence | Documented IAF/NACE codes matching your industry | Generic auditors, no CV available |
| Audit Days | Meets IAF MD 22 minimums for your headcount | Significantly below minimum day counts |
| Impartiality | No consulting services offered | CB offers to "help build" your system |
| Geographic Coverage | Auditors physically located near your sites | All audits proposed as remote only |
| Scheduling Reliability | Clear lead times, firm date commitments | Vague scheduling, long backlogs |
| Surveillance Audit Cost | Fixed pricing, all-in three-year quote | Variable fees, add-on charges |
| Certificate Recognition | IAF MLA covered, customer-accepted | Rejected by key customers or procurement |
| Industry Experience | Documented certifications in your sector | New to your industry vertical |
| Complaint & Appeals Process | Documented procedure per ISO/IEC 17021-1 | No formal appeals mechanism |
Questions to Ask Every ISO 45001 Registrar
When you're shortlisting certification bodies, use these questions as your standard screening tool:
-
"Can you provide your accreditation certificate and confirm it covers ISO 45001:2018 in our sector?" — Verify this independently on the AB's public registry.
-
"Who will be the assigned lead auditor, and can you share their CV and relevant IAF sector codes?" — Don't accept a promise of "a qualified auditor." Get specifics.
-
"How many ISO 45001 certifications have you issued in our industry in the last two years?" — Track record in your sector matters.
-
"What is the complete cost over the three-year certification cycle, including surveillance audits and recertification?" — Compare total cost of ownership, not just Stage 1/2 fees.
-
"What is your current scheduling lead time for initial certification audits?" — Critical if you're working against a contract deadline.
-
"What is your nonconformity resolution process if we receive a major finding during Stage 2?" — Understanding what happens when things don't go perfectly is a sign of a mature CB relationship.
How Many Certification Bodies Should You Get Quotes From?
I recommend obtaining quotes from a minimum of three accredited certification bodies. This isn't just about price — it's about comparing methodology, auditor qualifications, and scheduling capability side by side.
A 2023 survey by the IAF found that pricing for ISO management system certification can vary by as much as 300% between CBs for organizations of similar size and complexity. That variation isn't always explained by quality differences — sometimes it reflects overhead structure, geographic market positioning, or aggressive sales tactics. Due diligence across multiple quotes protects you from both overpaying and underbuying.
When comparing quotes, always normalize to total three-year cost. A low Stage 1/2 quote with high surveillance fees can easily exceed a higher upfront quote with fixed annual fees.
The Role of Your ISO 45001 Consultant in CB Selection
A competent ISO 45001 consultant can significantly accelerate and de-risk the CB selection process. Because consultants work across many clients and many certification bodies, they accumulate practical intelligence about auditor quality, scheduling reliability, and sector-specific competence that isn't visible in marketing materials.
At Certify Consulting, I maintain active awareness of CB performance across the industries I serve. When a client asks me which registrar to use, I don't give a generic answer — I give a recommendation based on their specific industry, geographic footprint, timeline requirements, and budget. That said, the final decision always rests with the client, and I never accept referral fees or commissions from certification bodies. Independence matters.
If you're building your ISO 45001 system from scratch, read our guide on [building an ISO 45001 management system that passes first-time audits] for a clear picture of how the consultant and CB roles interact throughout the certification journey.
Common Mistakes to Avoid When Selecting a Registrar
Choosing on price alone. The cheapest CB is rarely the right choice. A low-quality audit that fails to identify real system gaps can leave serious OHS risks unaddressed — defeating the entire purpose of ISO 45001.
Not verifying accreditation independently. CBs occasionally market themselves with accreditation logos that are expired or inapplicable to your scope. Always check the AB's public registry yourself.
Ignoring auditor-industry fit. An auditor who has never set foot in a manufacturing facility will struggle to meaningfully assess the operational controls of a metal fabrication plant. Sector competence is not optional.
Failing to read the contract. Certification body contracts often contain automatic renewal clauses, cancellation fees, and provisions for additional audit days if nonconformities are found. Read every line before signing.
Treating certification as a one-time event. ISO 45001 certification is a three-year cycle with ongoing obligations. Choose a CB you can build a productive long-term relationship with, not just one that can get you over the finish line at Stage 2.
Frequently Asked Questions About ISO 45001 Certification Bodies
Q: What is the difference between a certification body and an accreditation body? A: A certification body (CB) audits and certifies organizations against ISO 45001. An accreditation body (AB) assesses and accredits certification bodies, verifying that they are competent and impartial. You hire a CB; the CB is overseen by an AB. Examples of accreditation bodies include ANAB in the US and UKAS in the UK.
Q: How long does ISO 45001 certification take from start to finish? A: The timeline depends on your organization's readiness and the CB's scheduling availability. For organizations that engage a consultant and begin with a gap assessment, initial certification typically takes 4 to 12 months. The Stage 1 (document review) audit is followed by a Stage 2 (on-site) audit, usually 4 to 12 weeks later. Factor in CB lead times when planning against contract deadlines.
Q: Can I use the same certification body for ISO 45001 and ISO 9001? A: Yes, and there are often cost and logistical advantages to using a single CB for multiple management system standards. Integrated audits — where ISO 45001, ISO 9001, and ISO 14001 are assessed simultaneously — can reduce total audit days and minimize operational disruption. Confirm that your CB holds accreditation for all relevant standards.
Q: What happens if I fail the Stage 2 certification audit? A: A "fail" at Stage 2 typically means one or more major nonconformities were identified. Your CB will give you a defined timeframe — usually 90 days — to address root causes and provide objective evidence of correction. The CB then reviews your corrective action response. If accepted, certification is granted without a full re-audit. If not accepted, a partial or full re-audit may be required at additional cost.
Q: Is ISO 45001 certification legally required? A: ISO 45001 certification is voluntary — it is not mandated by law in most jurisdictions. However, it is increasingly required by large enterprises and government procurement agencies as a supply chain qualification criterion. In some sectors, such as construction and energy, certification is effectively a commercial prerequisite for tendering on major projects.
Final Thoughts
Selecting an ISO 45001 certification body is not a procurement transaction — it's a three-year professional relationship that directly affects the credibility, cost, and value of your OHSMS certification. The right CB brings sector-relevant auditors, rigorous methodology, transparent pricing, and scheduling reliability. The wrong one can deliver a certificate that fails to withstand customer scrutiny or, worse, misses the genuine safety management gaps your system needs to address.
Take the time to verify accreditation, evaluate auditor qualifications, compare full three-year costs, and ask the hard questions before you sign. If you'd like guidance on CB selection or help preparing your organization for a first-time ISO 45001 audit, visit certify.consulting to learn how Certify Consulting supports organizations from gap assessment through certification.
For a deeper look at how to structure your safety management system before the auditor arrives, explore our resource on [ISO 45001 gap assessment: what to expect and how to prepare].
Last updated: 2026-04-07
Jared Clark
Principal Consultant, JD, MBA, PMP, CMQ-OE
Jared Clark is the founder of Certify Consulting and a recognized expert in occupational health and safety management systems. With credentials including JD, MBA, PMP, CMQ-OE, CPGP, CFSQA, and RAC, Jared helps organizations implement ISO 45001 and build safety cultures that protect workers and drive business results.