By Jon Tait, Co-founder, Alpha Swanson
For one client Alpha Swanson has worked with since 2018, it helped propel them from a small business serving local clients, to a large organisation, working for some of the largest businesses in Europe and making a difference to the local economy where they are based.
I speak to small business owners about this every week. My answer is always the same: it depends. And it depends on two specific things – what contracts you’re trying to win, and whether you’re willing to build the system properly. Get both right, and ISO certification is one of the shrewdest investments a small business can make; the above example is testament to this. Get either one wrong, and you’ve spent money on a certificate for your wall and a system that gathers dust.
The commercial case is real – for the right businesses
If you’re pursuing public sector contracts, the picture is clear. ISO 9001 is commonly required as a mandatory eligibility criterion across local authority, NHS, and central government procurement – and for technology or data contracts, ISO 27001 is rapidly becoming just as baseline a requirement. In practice, many SMEs are filtered out at the Pre-Qualification Questionnaire stage not because they can’t do the work, but because they lack the certification to prove it. A capable business without ISO 9001 risks losing out to a less capable but better-prepared competitor at that stage.
The numbers reflect this. The UK currently holds around 33,000 ISO 9001 certificates and over 16,000 ISO 14001 certificates, with environmental management increasingly weighted in public sector tender scoring alongside quality. For technology and professional services businesses, ISO 27001 – now covering almost 97,000 certificates globally – is climbing the same trajectory.
For a small business in this position, the return on investment calculation is simple: if certification opens the door to contracts worth hundreds or thousands of pounds or more annually, the cost of getting certified looks very different. You’re not buying a document. You’re buying access to a market.
The phrase doing the most work: “built properly”
Here’s where I must be direct about what goes wrong, because it often goes wrong.
There is a corner of this market that treats certification as a box-ticking exercise. Templates are issued, policies nobody reads are signed off, and auditors are managed through the process with minimal change to how the business operates. The client gets its certificate. The system sits in a shared drive. Nothing changes.
At Alpha Swanson, we don’t offer off-the-shelf systems. We develop documents that are relevant to each business, because a bespoke management system has a far greater chance of being embedded and sustained. That distinction matters more than most business owners realise upfront.
A properly built system means your team understands why the documents exist. It means your internal audits are honest, not performative and drive meaningful improvements to how you operate. It means, when a new client or buyer asks how you handle a quality failure or a data breach, you can walk them through a real process. The difference in cost between doing it properly and doing it cheaply is often marginal. The difference in value is not.
The ongoing commitment: what most guides don’t tell you
ISO Certification is not a one-time cost; it operates on a three-year cycle, with annual surveillance audits in between three-yearly renewals. Allowing certification to lapse typically costs significantly more to recover than maintaining it would have – and in a tender context, a lapsed certificate can be as damaging as never having had one.
This ongoing commitment is part of why the decision to certify should be made carefully. You’re not signing up for a project. You’re signing up for a process that becomes part of how the business operates. When that’s the right fit, it creates genuine discipline, and drives tangible improvements. When it isn’t, it creates overhead without return.
When I’d tell a business to wait
This might surprise you coming from someone who runs an ISO consultancy, but there are circumstances where we advise clients to hold off.
If your pipeline doesn’t include buyers who require or value certification, the commercial case isn’t there yet. Alpha Swanson has such conversations with potential clients on a regular basis, as we believe in always being open and honest. Spend the budget on sales, operations, or product development instead.
If your business is in rapid flux – restructuring, pivoting, scaling quickly – the timing matters. ISO systems require a degree of operational stability to embed effectively. Certifying during significant change often means certifying a version of the business that no longer exists by the first surveillance audit, which in turn will require a radical rewrite of the system. In such a case, waiting a few months would save time, effort and money.
And if leadership isn’t genuinely bought in, don’t start. Certification fails not because of cost or complexity, but because the business owner treated it as someone else’s problem. ISO certification requires commitment from the top. Without it, you end up with a system the senior team quietly ignores – which is worse than no system at all.
A note on who certifies you
In the UK, the quality marker to look for is UKAS accreditation – the United Kingdom Accreditation Service accredits the certification bodies that audit your business. We only work with UKAS-accredited certification bodies, because that way you can guarantee that your certificate will be recognised – by buyers, by government procurement frameworks, and internationally. A non-accredited certification can, however, add the value that comes with a well-managed and implemented system, so can be beneficial.
The bottom line
ISO certification is not a silver bullet. It’s a commitment, and like any commitment, its value depends entirely on whether the conditions are right and whether you follow through properly.
If you’re targeting contracts where certification is a gate, and you’re prepared to build a system your business lives by, it’s worth every penny. If those conditions aren’t in place yet, there are better uses of your budget right now.
The right time to certify is when you have a clear commercial reason and the organisational readiness to do it properly. Those two things rarely arrive at the same time by accident – which is usually when a conversation with the right people helps.
Jon Tait is Co-founder and Systems Director at Alpha Swanson, a Yorkshire-based ISO management consultancy working with businesses across the UK on ISO 9001, ISO 14001, ISO 27001, ISO 45001, and integrated management systems.
