At Qdot, we don't believe in shortcuts, copy-pasted templates, or certificate mills. As the UAE's only ISO 20700 certified consultancy, we follow a structured, time-tested methodology refined over 1,000+ successful ISO certifications and 4,000+ client engagements since 2016. Our 9-step ISO certification process is designed to take your business from initial assessment to certificate award, and beyond, with complete transparency, customisation, and accountability at every stage.
Whether you're pursuing ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 22301, or any other internationally recognised standard, this methodology is what we use to get your business properly certified through IAF-accredited certification bodies.
Why Our ISO Certification Methodology Works
Most ISO certification projects fail or stall for one of three reasons: generic boilerplate documentation that doesn't match how the business actually operates, poor staff engagement that collapses the moment the consultant leaves, and weak audit preparation that leads to avoidable non-conformities. Our methodology was built specifically to eliminate all three.
Three principles drive every step:
- Customisation over templates. Every manual, procedure, and form is built around your actual processes, not pulled from a stock library.
- Knowledge transfer to your team. Your staff learn the system, own it, and can sustain it long after certification day.
- Independence from certification bodies. We're a pure consultancy. We never sell certificates, and we only recommend IAF-accredited certification bodies recognised under UKAS, EIAC, DAkkS, and other members of the Global ACI.
The Qdot 9-Step ISO Certification Methodology
Below is the full process we follow with every client across Dubai, Abu Dhabi, Sharjah, the wider UAE, KSA, Qatar, Oman, Bahrain, Kuwait, and Pakistan.
Step 1: Kick-Off Meeting
Every ISO certification project begins with a structured kick-off meeting at your premises. Our assigned consultant meets your senior management, quality team, and key process owners to understand your business model, organisational structure, sites in scope, products and services, customer base, and the strategic reasons behind your certification decision.
In this session we define the project scope, agree on milestones, set realistic timelines, and identify the project champion on your side. By the end of the kick-off, both teams are aligned on objectives, communication channels, and expected level of involvement from your staff.
Deliverable: A signed project charter, scope statement, and an initial schedule.
Step 2: Planning
Once scope is agreed, our consultant develops a detailed ISO certification project plan. This plan covers every deliverable, every site visit, every training session, every documentation milestone, and every internal audit, mapped against a realistic timeline.
We also shortlist suitable IAF-accredited certification bodies for your industry and budget, draft a comparative quotation request, and define responsibilities on both sides. Qdot uses certification bodies such as SGS, Bureau Veritas, Intertek, FAHSS, DNV, TÜV SÜD, URS, KBS, TÜV Rheinland, and TÜV Apex, all accredited under recognised IAF member bodies.
Deliverable: A detailed project plan, a certification body comparison sheet, and a clear responsibility matrix.
Step 3: Gap Analysis (System As-Is Study)
This is the diagnostic heart of our methodology. Our consultant conducts on-site interviews with your management and staff, reviews your existing documentation, observes your day-to-day operations, and compares your current state against every clause of the relevant ISO standard.
The gap analysis identifies exactly where your business already complies, where it partially complies, and where new processes or documents are required. This evidence-based study becomes the foundation for the rest of the project, ensuring we never recommend unnecessary documentation or duplicate work you've already done.
Deliverable: A comprehensive Gap Analysis Report mapped clause-by-clause to the standard.
Step 4: Awareness Training
Before we develop the documentation, your team needs to understand what ISO certification is, why your organisation is pursuing it, and what their role looks like in the new system. Our consultant delivers a hands-on awareness training session tailored to the specific standard, your industry, and the literacy and language profile of your workforce.
This step is critical because ISO management systems only succeed when people on the floor understand them. Sessions are practical, interactive, and grounded in your real workplace examples, not abstract theory.
Deliverable: Trained employees with foundational understanding of the ISO standard and attendance records for audit evidence.
Step 5: Documentation Development
Using the findings from the gap analysis, our consultant develops your complete ISO management system documentation. This includes the management system manual, mandatory procedures, work instructions, forms, registers, risk assessments, objectives, and records required by the standard.
Every document is custom-built around how your business actually operates. We never use boilerplate templates. Your staff are not asked to write the documents themselves, although we do expect cooperation during information-gathering interviews and document review. The first draft is shared with you for feedback, refined based on your input, and finalised only after your sign-off.
Deliverable: A fully customised, signed-off ISO management system documentation package.
Step 6: Training on the Developed System
Once documentation is finalised, our consultant delivers structured training on the newly developed system. This is different from awareness training. Here, staff are trained on the specific procedures, forms, and records they'll be using day-to-day, plus a dedicated internal auditor training session for selected team members.
By the end of this step, process owners know exactly which documents apply to their function, how to fill out the relevant records, and how to demonstrate compliance during an audit. Internal auditors are equipped to run the first internal audit cycle independently.
Deliverable: Process-owner training, internal auditor training, and competence records for each session.
Step 7: Implementation Support
Documentation is only useful if the system is actually running. In this step, our consultant returns on-site to support real-world implementation. We help your team operationalise the new procedures, generate records, conduct the first internal audit, raise and close non-conformities, and run the first formal management review meeting.
We also help you set, monitor, and evaluate your management system objectives and key performance indicators, which the certification body auditor will expect to see during stage 2.
Deliverable: Completed internal audit report, management review minutes, closed non-conformities, and a system that is running, not just documented.
Step 8: Certification Audit Support
When your system is mature and the internal audit cycle is complete, we coordinate the certification audit with your chosen IAF-accredited certification body. Qdot is one of the few ISO consultancies in the UAE that physically attends both the stage 1 (documentation review) and stage 2 (implementation) audits alongside your team.
During the audit, we facilitate the process, support your team in responding to auditor questions, ensure the auditor does not deviate from international accreditation rules or impose non-existent requirements, and help you close any minor or major non-conformities raised.
Deliverable: Successful completion of stage 1 and stage 2 audits, closed non-conformities, and your ISO certification award recommendation.
Step 9: Post-Certification & Surveillance Support
Receiving your certificate is the beginning, not the end. ISO certification cycles run for three years with annual surveillance audits in years 1 and 2, and a full recertification audit in year 3. Qdot continues to support our clients through every surveillance audit, every recertification, and every standard revision.
This is why 95% of our clients stay with us long-term. We help maintain your management system, refresh your internal audits, update documentation when the standard is revised, and ensure your certification stays valid year after year.
Deliverable: Ongoing partnership covering annual surveillance audits, recertification cycles, and continual improvement of your management system.
9-Step ISO Certification Methodology at a Glance
The table below summarises the entire methodology and what you can expect at each stage.
| Step | Phase | What Happens | Key Output |
|---|---|---|---|
| 1 | Kick-Off Meeting | Scope, milestones, expectations set | Project charter |
| 2 | Planning | Detailed plan, CB shortlist, RACI | Project plan |
| 3 | Gap Analysis | Current state vs ISO standard assessed | Gap analysis report |
| 4 | Awareness Training | Team understands the standard | Training records |
| 5 | Documentation Development | Manuals, procedures, forms customised | Approved documentation |
| 6 | Training on Developed System | Process owners + internal auditors trained | Competence records |
| 7 | Implementation Support | Internal audit, NC closure, mgmt review | Audit + review records |
| 8 | Certification Audit Support | Stage 1 + Stage 2 attended with you | Certification recommendation |
| 9 | Post-Certification Support | Surveillance + recertification cycles | Long-term partnership |
How Long Does ISO Certification Take with Qdot?
For a small company with 10 to 20 staff certifying to a single standard such as ISO 9001, the typical timeline is 45 to 60 days from kick-off to stage 2 audit. Larger organisations, multi-site engagements, and integrated management system projects covering multiple standards naturally take longer.
Six factors influence project duration:
- Scope of work and number of standards being implemented
- Total headcount and number of sites in scope
- Competence level of staff and existing quality culture
- Complexity of your products, services, and processes
- Maturity of any existing management system
- Level of cooperation and availability of your team
Rush programs are available on request, subject to feasibility and your team's capacity to absorb the workload in a shorter window.
How ISO Certification Pricing Works
Qdot's pricing is transparent and scope-based. There are no hidden fees, no certificate-mill commissions, and no surprises. Your final quote is built around the same six factors that drive timeline:
- Activity and scope of work covered
- Total number of staff
- Number of sites or locations to be included in the system
- Competence and quality awareness of staff
- Complexity of processes and product lines
- Maturity of existing systems and documentation
For a clear, no-obligation estimate, request your free quote here or call us toll-free on 800 QDOT9 (800 73689).
Industries We Apply This Methodology Across
Our 9-step methodology has been successfully delivered across virtually every sector of the UAE and GCC economy:
- Oil & gas, petrochemicals, and energy
- Manufacturing and heavy industry
- Food manufacturing, food trading, and HORECA
- Construction, contracting, and MEP
- Perfumes, cosmetics, and personal care
- Pharmaceuticals and medical devices
- General and food trading companies
- Testing, calibration, and inspection laboratories
- Facility management and real estate services
- Logistics, supply chain, and freight forwarding
- Information technology and managed services
- Government, semi-government, and public sector
See the full industries we serve for sector-specific standard recommendations.
ISO Standards We Apply This Methodology To
Qdot's 9-step methodology is used to deliver consultancy across the full range of internationally recognised ISO and management system standards, including:
- QHSE: ISO 9001, ISO 14001, ISO 45001, and Integrated Management Systems
- Food safety: HACCP, ISO 22000, FSSC 22000, BRC, HALAL, ISO 22716 (GMP)
- Information security and continuity: ISO 27001, ISO 22301, NCEMA 7000
- Accreditation standards: ISO 17020, ISO 17025, ISO 17024
- Social compliance: SEDEX/SMETA, WRAP, SA 8000, EcoVadis, ESG
- Product registration: ECAS, ROHS, SABER, IECEE
Ready to Start Your ISO Certification Journey?
Whether you're starting from zero, moving away from an unaccredited certificate, or scaling a multi-site ISO program across the UAE and GCC, Qdot's 9-step methodology is built to get you certified properly, the first time.
FAQs
While the work can broadly be grouped into 4 high-level phases such as gap analysis, documentation, implementation, and audit, our 9-step methodology breaks the process into more granular, accountable stages. This gives clients clarity on exactly what happens when, makes project tracking easier, and ensures critical steps like awareness training and post-certification surveillance support are never treated as afterthoughts.
For a small company of 10 to 20 staff certifying to a single standard, expect 45 to 60 days end-to-end. Multi-standard, multi-site, or larger projects scale accordingly based on scope, complexity, and team availability.
The 9-step framework is consistent across every standard we deliver, but the content of each step is fully customised to the standard in question. The gap analysis, documentation, and training content for ISO 27001 looks very different from ISO 22000, even though the methodology stages are identical.
Qdot consultants develop the full management system documentation. Your staff are not assigned writing duties, but cooperation is expected during interviews, evidence gathering, and document review to ensure the system genuinely reflects how your business operates.
Yes. Qdot consultants physically attend both stage 1 and stage 2 certification audits alongside your team, supporting responses, ensuring the auditor stays within international accreditation rules, and helping close any non-conformities raised.
ISO certificates run on a 3-year cycle with annual surveillance audits. Qdot continues supporting clients through every surveillance audit and full recertification at year 3. 95% of our clients renew with us year after year.
No. Qdot is purely an ISO consultancy firm, not a certification body. The certificate is always issued by an independent, IAF-accredited certification body. This separation is essential to the integrity of ISO certification, and any organisation that claims to be both a consultancy and a certification body is engaging in malpractice.
If your preferred certification body is IAF-accredited, such as one recognised under UKAS, EIAC, DAkkS, or another accreditation member of the Global ACI, yes. We will not work with non-accredited certificate mills.