How to Validate ISO Certifications

What Are ISO Certifications?

ISO certifications demonstrate that an organisation has implemented recognised management systems and processes aligned with international standards.

In construction and supply chain management, the most common certifications include:

• ISO 9001 – Quality Management
• ISO 14001 – Environmental Management
• ISO 45001 – Occupational Health & Safety Management

These certifications are commonly requested during:

• Supplier onboarding
• PQQ submissions
• Supplier audits
• Framework compliance reviews

However, not all certificates should be accepted at face value.

Why ISO Validation Matters

Accepting invalid or expired ISO certificates can expose your organisation to risk.

Potential issues include:

• False compliance assumptions
• Suppliers failing audit requirements
• Framework non-compliance
• Increased operational risk
• Reputational damage

A supplier may appear compliant on paper but unless the certificate has been properly verified, you may not have full confidence in the validity of their claims.

Step-by-Step: How to Validate ISO Certifications

1. Check the Certificate Type

Start by confirming the certification matches your requirements.

Common examples:

• ISO 9001 → Quality management
• ISO 14001 → Environmental management
• ISO 45001 → Health & safety management

👉 Make sure the supplier holds the specific standard relevant to the work being undertaken.

2. Confirm the Certificate Is Current

Review:

• Issue date
• Expiry date
• Surveillance audit dates (if shown)

Red flags include:

• Expired certificates
• Missing dates
• Certificates close to expiry without evidence of renewal

👉 An expired certificate should not be treated as valid compliance evidence.

3. Verify the Company Name

Ensure the certificate exactly matches:

• The supplier’s legal entity name
• The company you are contracting with

Watch for:

• Trading name vs registered entity differences
• Group company certificates being used incorrectly
• Misspellings or inconsistencies

👉 A certificate for a related company does not automatically apply to another legal entity.

4. Review the Scope of Certification

This is one of the most commonly overlooked steps.

Check:

What activities does the certification actually cover?

Examples:

A supplier may hold ISO 9001 for:

“Office-based consultancy services”

…but you may be engaging them for:

construction installation works

That creates a mismatch.

👉 Certification is only relevant if the scope aligns with the services being delivered.

5. Check the Certification Body

Look for:

• Certification provider name
• Accreditation details
• Certification number

The certificate should clearly identify who issued it.

6. Verify Accreditation

This is critical.

A certificate may look genuine but the issuing body must also be properly accredited.

In the UK, certification bodies are commonly accredited by UKAS (United Kingdom Accreditation Service).

Check:

• Is the certification body recognised?
• Is accreditation valid?

👉 If the certification provider is not accredited, the certificate may not provide the assurance you expect.

7. Cross-Check Certificate Details

Compare the certificate against supplier records:

• Company name
• Registration details
• Address
• Scope of services

This helps identify inconsistencies or outdated records.

8. Request Clarification If Needed

If anything appears unclear:

Request:

• Updated certificate copies
• Confirmation from the certification body
• Additional supporting documentation

👉 Never make assumptions where compliance is concerned.

9. Record and Track Expiry Dates

Once verified:

Log:

• Certificate type
• Expiry date
• Scope
• Validation date

This ensures future reviews can be managed proactively.

Common ISO Validation Mistakes

Accepting expired certificates

A very common oversight.

Ignoring the scope

Certification may not cover the actual work.

Accepting group company certificates

Different legal entities require their own validation.

Not checking accreditation

A certificate is only as trustworthy as the issuing body.

No expiry tracking

Valid today does not mean valid in six months.

Quick ISO Validation Checklist

Before accepting an ISO certificate, confirm:

✅ Correct ISO standard provided
✅ Certificate is in date
✅ Legal company name matches
✅ Scope aligns with services delivered
✅ Certification body clearly identified
✅ Accreditation verified
✅ Certificate details match supplier records
✅ Expiry date recorded for monitoring

Pro Tip: Standardise Certification Reviews

Manual certification checks often become inconsistent, especially when multiple teams are involved.

A structured process helps you:

• Standardise reviews
• Reduce human error
• Track expiry dates centrally
• Improve audit readiness
• Strengthen supplier compliance governance

Conclusion

ISO certifications are a valuable part of supplier due diligence but only if they are properly validated.

Simply collecting certificates is not enough.

By checking validity, scope, accreditation and supplier alignment, organisations can make better-informed supplier decisions and reduce compliance risk across the supply chain.

FAQs

How do I check if an ISO certificate is valid?

Review the expiry date, company details, certification scope, and accreditation of the issuing certification body.

Is an expired ISO certificate still acceptable?

No. Expired certificates should not be treated as valid evidence of compliance.

What is UKAS?

UKAS (United Kingdom Accreditation Service) is the UK’s national accreditation body that assesses certification providers.

Why is the scope of certification important?

Because certification only applies to the activities listed. A mismatch between scope and supplied services creates risk.

Can a supplier use a parent company’s ISO certificate?

Not automatically. Certification must align with the legal entity providing the services.