Many years back when I started my Asset Management journey, the ISO55000 series of standards was always lingering overhead as the “bible” of asset management. The problem was that the systems and processes we tend to learn in this field stem from those standards, but rarely do we deep dive into the documentation and try to mind map for ourselves how it all fits together.
When I started Pardus Consulting, figuring out this big to small picture structure was important in order to offer clients a thorough ISO audit, but what I encountered was usually along the lines of businesses asking : “What actually is the process?, How long does it take? How much does it cost? Who certifies, who audits?” These sort of questions were a recurring trend, and to be fair, the process and system towards certification isn’t clearly written in a single concise document that is easy to find.
If you’re exploring ISO 55001 certification for your organization, you’ve probably run into this confusing landscape of auditors, assessors, consultants, and certification bodies. Who does what? What’s actually “official”? And how does the whole process work from start to finish?
I’ve taken some time to deep dive and write this article so that Asset Management Professionals and Businesses can get a good and detailed overview on the process, roles and responsibilities, and ballpark costs, after all gaining ISO certification isn’t a small feat.
What Is ISO 55001?
ISO 55001 is the international standard specifying requirements for an asset management system. It gives organizations a framework to manage assets systematically throughout their lifecycle—from the moment you acquire an asset until you dispose of it.
The standard works for any type of asset (physical, financial, or intangible) and any size of organization. Whether you’re running a water utility, a rail network, a manufacturing plant, mine, or a hospital, the same framework applies.
Here’s the important distinction that trips people up: the ISO 55000 series contains multiple documents, but only ISO 55001 is the one you can actually be certified against. ISO 55000 provides the overview and terminology—the “what” and “why” of asset management. ISO 55001 contains the actual requirements—the “how” with specific criteria your organization must meet. ISO 55002 offers guidance on implementing those requirements.
When someone talks about “ISO 55000 certification,” they’re technically using the wrong term. You get certified against ISO 55001 because that’s where the auditable requirements live.
The Certification Hierarchy: Understanding Who Does What
The ISO certification ecosystem is essentially a private, voluntary, internationally-coordinated system. There’s no government mandate requiring certification in most jurisdictions—its value comes from international recognition and stakeholder confidence.
Understanding the hierarchy helps you navigate the process and avoid common pitfalls.
At the top sits ISO itself, the International Organization for Standardization, which develops and publishes the standards. Below that, the International Accreditation Forum (IAF) coordinates mutual recognition between countries, ensuring that a certificate issued in Australia carries weight in Germany or Canada.
National accreditation bodies—organizations like UKAS in the UK, ANAB in the USA, or JAS-ANZ in Australia and New Zealand—accredit certification bodies to audit against specific standards. These are the watchdogs that ensure certification bodies are competent and operating properly.
Certification bodies (also called Conformity Assessment Bodies or CABs) are the organizations that actually conduct audits and issue certificates. Names you might recognize include BSI, TÜV, Bureau Veritas, DNV, Lloyd’s, and SGS. These are the only entities that can issue internationally recognized ISO 55001 certificates.
This last point is crucial. No matter how qualified a consultant might be, they cannot issue an official certificate. Only accredited CABs can do that.
Consultants vs. Certification Bodies: A Critical Distinction
One of the biggest sources of confusion in the certification world is the difference between consultants and certification bodies. These are fundamentally different roles, and understanding the distinction will save you headaches.
Consultants and assessors play an advisory role. They help you prepare for certification by conducting gap assessments, supporting implementation, providing training, and assisting with internal audits. Their job is to identify where you fall short of requirements and advise you on how to close those gaps. A gap assessment inherently involves giving advice—that’s the whole point.
Certification bodies, by contrast, play a judgmental role. They assess whether your system meets requirements and make the pass/fail decision. They cannot advise you on how to fix problems because that would create a conflict of interest—they’d be auditing their own recommendations.
This separation exists by design. Certification bodies operate under strict rules (ISO 17021-1 and ISO 17021-5) that prevent them from providing consultancy to organizations they certify. If a CAB could both advise you on building your system and then audit that same system, the certification would lose its credibility as independent verification.
This is why the typical certification journey involves two separate organizations: a consultant to help you prepare, and a certification body to conduct the formal audit. Many organizations actually prefer this arrangement because specialist asset management consultants often have deeper domain expertise than generic CAB auditors, and consultants can give you the hands-on guidance that CABs are prohibited from offering.
Gap Assessment vs. Certification Audit: What’s the Difference?
Here’s the revised version with that explanation woven in:
A gap assessment and a certification audit might look similar on the surface—both involve someone reviewing your asset management practices against ISO 55001 requirements. But they serve completely different purposes and have very different implications.
A gap assessment is typically conducted by a consultant and produces a report identifying where your current practices fall short of requirements, along with recommendations for closing those gaps. It’s advisory in nature. The output has no formal standing—it’s a diagnostic tool to help you prepare.
A certification audit is conducted by an accredited certification body and determines whether you receive an official ISO 55001 certificate. The auditors assess your implemented system against requirements and produce findings categorized as conformities, minor non-conformances, or major non-conformances. Critically, they cannot give advice on how to fix problems—they simply report what they find. This isn’t a limitation of individual auditors; it’s a structural rule. Certification bodies are prohibited from consulting because it would create a conflict of interest—they’d effectively be auditing their own advice.
This is precisely why most organizations engage a consultant before approaching a certification body. It’s not redundant work; it’s fundamentally different work. Think of it as the difference between a tutor and an examiner. The consultant can coach you, review your drafts, suggest solutions, and tell you when you’re not ready. The certification body can only pass or fail you. If you skip the preparation and fail your certification audit, you’ve paid for an audit, received a list of problems with no guidance on solutions, and now face paying for a re-audit once you figure things out on your own. Most organizations find the cost of consultant preparation far outweighs the risk of failing certification cold.
That said, using a consultant isn’t mandatory. Organizations with mature, well-documented asset management practices sometimes proceed directly to certification. But they’re the exception.
Here’s what catches some organizations off guard: gap assessment results have absolutely no impact on your certification audit. They’re separate processes conducted by separate organizations. If your consultant says you’re ready for certification but the CAB auditor finds major non-conformances, the CAB’s decision is the only one that matters. Your consultant’s assessment carries no weight in the formal certification process.
This isn’t a flaw in the system—it’s the whole point. The certification audit is supposed to be an independent verification, not a rubber stamp of someone else’s opinion.
What Are the ISO 55001 Requirements?
ISO 55001 organizes its requirements around seven main clauses, following the same high-level structure used by other ISO management system standards like ISO 9001 and ISO 14001.
The standard starts with understanding your context—the internal and external factors affecting your asset management, your stakeholders and their expectations, and the scope of your asset management system. This grounds everything else in your specific situation rather than prescribing a one-size-fits-all approach.
Leadership requirements ensure that top management isn’t just signing off on asset management but actively driving it. This includes establishing an asset management policy, defining roles and responsibilities, and demonstrating genuine commitment to the system’s success.
Planning requirements address how you identify and respond to risks and opportunities, set asset management objectives that align with organizational objectives, and develop your Strategic Asset Management Plan (SAMP). The SAMP is a key document that translates high-level organizational goals into specific asset management direction.
Support requirements cover the resources, competence, awareness, communication, and documented information needed to make the system work. You can’t run an effective asset management system without the right people, skills, and information.
Operation requirements deal with the actual planning and control of asset management activities, management of change, and how you handle outsourced functions.
Performance evaluation requires you to monitor and measure how well your system is working, conduct internal audits, and have top management regularly review the system’s performance and suitability.
Finally, improvement requirements ensure the system doesn’t stagnate. You need processes for handling non-conformances, taking corrective action, and driving continual improvement.
How Long Does Certification Take?
The honest answer is: it depends enormously on where you’re starting from.
The gap assessment phase typically takes one to four weeks, depending on your organization’s size and complexity. This gives you a clear picture of what work lies ahead.
Implementation and remediation is where the timeline varies most dramatically. If your asset management practices are already mature and you mainly need to formalize and document what you’re doing, this might take three to six months. If you’re building significant new capabilities from scratch, expect twelve to eighteen months or more. Large, complex organizations often take longer simply because there’s more to coordinate.
You’ll need your system to be operating and generating evidence before you can be certified—typically at least three months of operation. Auditors want to see that your system actually works in practice, not just that you’ve written good documentation.
Internal audits covering all requirements need to happen before your certification audit. Budget one to four weeks for this, plus time to address any findings.
The certification audit itself happens in two stages. Stage 1 is a documentation review that typically takes one to three days, where the CAB assesses whether you’re ready for Stage 2. Stage 2 is the implementation audit—the main event—where auditors come on-site to verify your system is working as documented. This takes anywhere from two to ten days depending on your organization’s size and scope.
After a successful Stage 2, the certification decision typically comes within two to four weeks.
Adding it all up, organizations starting from scratch should realistically plan for twelve to twenty-four months. Those with mature practices needing formalization might achieve certification in six to twelve months. Organizations transitioning from PAS 55 (the predecessor standard) often complete the process in three to six months.
What Does Certification Cost?
Costs vary widely based on your organization’s size, complexity, number of sites, geographic spread, and your starting point.
Gap assessment fees from consultants typically range from $5,000 to $50,000 or more, depending on scope. Implementation support—if you need it—can run from $10,000 into the hundreds of thousands for large, complex organizations starting from scratch. Training costs for staff awareness and internal auditor development add another few thousand to $20,000 or more.
Certification body fees are typically calculated based on auditor days required, which correlates to your organization’s size and complexity. Stage 1 audits might cost $3,000 to $15,000; Stage 2 audits typically represent the largest single cost, ranging from $5,000 to $50,000 or more for large organizations.
Annual surveillance audits run roughly thirty to forty percent of your initial certification cost. At the end of the three-year cycle, recertification audits cost similar amounts to the initial certification.
Don’t forget the hidden costs: staff time diverted from regular duties for preparation and audit participation, system improvements identified during gap analysis, and potential re-audit fees if major non-conformances are found. These internal costs often exceed the external fees.
The Certification Process: Step by Step
The journey from deciding to pursue certification to receiving your certificate typically unfolds in three phases.
Preparation begins with a gap assessment to understand where you stand against ISO 55001 requirements. With that diagnostic in hand, you move into implementation—developing your asset management policy, creating your SAMP, establishing objectives, building processes, creating documentation, and training staff. Once implemented, you run the system and collect evidence that it’s working. Before approaching a certification body, you’ll conduct internal audits covering all requirements and have top management conduct a formal review of the system’s performance.
Certification starts with selecting and engaging an accredited certification body. Verify their accreditation for ISO 55001—don’t assume. The Stage 1 audit reviews your documentation to confirm you’re ready for Stage 2. The Stage 2 audit is the on-site implementation assessment where auditors interview staff, review records, observe processes, and assess conformance against all requirements. If you pass—possibly with some minor non-conformances that need addressing—the CAB issues your certificate.
Maintaining certification requires annual surveillance audits where the CAB verifies continued conformance. At the end of the three-year cycle, you undergo a recertification audit to renew for another three years.
What Happens If the Consultant Says “Ready” But the Certification Body Disagrees?
This scenario worries many organizations, but it’s actually not the crisis it might seem.
Remember: consultants advise, certification bodies decide. These are fundamentally different roles with no formal relationship to each other. A consultant’s gap assessment is their professional opinion about your readiness—nothing more. It carries no weight in the certification process.
If your consultant assessed you as ready but the certification audit uncovers major non-conformances, the CAB’s decision stands. You won’t receive certification until those issues are resolved. Your consultant’s reputation takes a hit for misjudging your readiness, but there’s no legal consequence—they weren’t claiming to issue a certificate in the first place.
You address the findings, implement corrective actions, and the CAB verifies the fixes (either through document review or a follow-up audit). Once resolved, certification proceeds.
This actually happens more often than you might think. Consultants and CAB auditors may probe different areas or interpret requirements differently. The consultant’s assessment was a point-in-time judgment based on what they observed. The CAB auditor brings fresh eyes and may dig into areas the consultant didn’t examine as deeply.
This is precisely why choosing an experienced, reputable consultant matters—but even the best assessment can’t guarantee certification outcomes.
Is Certification Worth It?
Certification makes strong sense when stakeholders require or highly value it—regulators, major customers, investors, or contract partners who expect independent verification of your asset management capabilities. Industries like utilities, transportation, oil and gas, and public infrastructure increasingly see ISO 55001 certification as standard practice.
Certification also provides value when you want the discipline that external auditing brings. Knowing that an independent auditor will assess your system annually creates accountability that internal-only approaches sometimes lack. The certification process itself often surfaces improvement opportunities that internal reviews miss.
On the other hand, certification may not be worth the investment if your stakeholders don’t require it and wouldn’t change their behavior based on your certification status. Many organizations run excellent asset management systems without formal certification—the standard is freely available as a framework for internal use.
Consider your specific context: who cares about certification, what doors does it open, and do those benefits justify the costs? There’s no universally right answer.
Personally I’ve seen companies in the Middle-East, Europe and the USA request this sort of certification help a lot more than in Australia, however in Australia, specifically Mining and Processing, the workings of ISO55001 are mostly well embedded and mature (from personal experience).
Leave a Reply