Transfer your ISO Certification
Transferring your ISO certificate is straightforward, and with Tempo, you’ll receive UKAS-accredited certification, as well as our fast-moving and modern approach to auditing
Tempo was created by a tech founder to simplify the compliance journey for modern companies.
What customers who transferred to us say
-
We've been through many audits, but our first with Tempo was a welcome change, the process was well organised and conducted in a way which minimised impact on the day to day operations at Bud.
— Bryan Parsons, Head of IT, Bud Systems
-
We transferred to Tempo and we are delighted with the choice. Our audit was smooth, with a clear reduction in disruption and on-the-day effort for us compared to previous years. That difference really shows the value of running our ISMS through a GRC platform, and it reinforced that Tempo is the right fit for us.
— Laurence Hudson, Director of IT & Client Services, RDT
-
Is it weird to say I had a good time? We worked with a more traditional auditor before, but they didn't understand the needs of our start-up. Tempo Audits were much better. They understood our business and used that understanding to explain and audit the standard in a way that made sense to our start-up.
— Jonny Arnold, Head of Engineering, Nomio
The Transfer Process
Get a quote
Either book a call or fill out this form, and Tempo will provide you with a quote to transfer your certification.
Provide your certification documentation
Once you’ve confirmed you want to proceed, you’ll need to share: your certificate, your most recent certification/re-certification report, the latest surveillance report (if the most recent audit wasn’t a certification/recertification), and the corrective action plan from your latest audit (if there were any NCs).
Tempo conducts Pre-Transfer Review
Tempo conducts the Transfer Review, normally within a few days of receiving the documentation from you.
ISO certificate issued
When the transfer review has been completed, Tempo will issue a new certificate, and the certification cycle will continue from there!
Audit time!
Why Tempo?
The whole experience is built to support modern tech companies. Our clients who transfer to us often tell us it feels like a breath of fresh air in comparison to their previous certification providers.
Tech Focus
〰️
Remote-first Audits
〰️
Agile Approach
〰️
UKAS-accredited
〰️
Tech Focus 〰️ Remote-first Audits 〰️ Agile Approach 〰️ UKAS-accredited 〰️
ISO Certificate Transfer FAQs
-
Maybe your current CB is slow, expensive, or just doesn't get tech. Transferring lets you switch to a certification body that fits how you work - without starting your ISO 27001 journey from scratch.
-
Accreditation is your proof that a certification body has been independently assessed and meets international standards. Without it, your certificate may not be recognised by customers, partners, or regulators. Always check your CB is UKAS-accredited (or equivalent).
-
Certification is what your organisation achieves - proof your ISMS meets ISO 27001. Accreditation is what your certification body holds - proof we meet the standards required to certify you. Think of it as the auditor being audited.
-
Typically: your current ISO 27001 certificate, your latest audit reports (Stage 1, Stage 2, and any surveillance audits), and your certification scope. We'll review these to determine where you are in your certification cycle so there's no unnecessary repetition.
-
We're built for tech companies - so we speak your language, respect your time, and run a modern audit experience that doesn't feel like a box-ticking exercise. Fast onboarding, clear communication, and a team that actually understands how you work.
-
Yes, as long as your certificate is valid and meets IAF MD2 eligibility requirements. However, starting the process at least three months before expiry is recommended.
-
No. The transferred certificate retains the original issuance and expiry dates, ensuring continuity in your certification cycle.
-
No. Scope expansion requires a new or extended audit. Transfers are limited to maintaining the same scope or reducing it.
-
Certification bodies are required to cooperate with transfers under IAF MD2. If you encounter resistance, escalate the issue through the accreditation body (e.g., UKAS) or seek guidance from your new certification body.
-
At Tempo, the process is free, although this varies at other certification bodies, and often they charge a fee to conduct the transfer review or cover administrative costs. Speak to certification bodies upfront to validate this.
Transfer ISO Certification Provider: Complete Step-by-Step Guide
Why Transfer Your ISO Certification Provider?
Switching your ISO certification body (CB) is a common step for growing organisations seeking better service, responsiveness, or a partner who truly understands modern tech environments. Companies often transfer when their current certification body lacks cyber security specialisation, delivers slow or overly bureaucratic audits, struggles with remote or distributed teams, or fails to communicate in plain English.
Other reasons include consolidating multiple audits under one provider, reducing costs without compromising quality, or simply finding a certification body that aligns better with a startup's pace and culture. The good news: transferring your ISO 27001, ISO 42001, ISO 9001, or other accredited ISO certificate is entirely possible - and, with the right preparation, straightforward.
Eligibility: Can Your ISO Certificate Be Transferred?
Not every ISO certificate qualifies for transfer - but if you have accredited certification then a transfer should be feasible.
That said, the International Accreditation Forum (IAF) sets out eligibility rules in IAF Mandatory Document 2 (IAF MD2) to ensure that only valid, accredited certifications are transferred between certification bodies.
Key Eligibility Criteria
Valid and Active Certificate
Your certificate must be current, with no suspensions or expiry. Suspended or expired certifications cannot be transferred; organisations in those situations will need to undergo a new initial certification.
Accreditation Status
Both your current and new certification bodies must be accredited by an IAF Multilateral Recognition Arrangement (MLA) signatory - such as UKAS in the UK, ANAB in the US, or equivalent bodies internationally. Certificates issued by non-accredited bodies are ineligible for transfer.
No Outstanding Major Non-Conformities
All major non-conformities identified in your most recent audit must be resolved before the new certification body will accept the transfer. Minor non-conformities may be addressed through the ongoing audit cycle.
Scope Consistency
The scope of the transferred certificate must remain the same or reduce; you cannot expand your certification scope during a transfer. Scope expansion requires a new or extended audit.
Timing Considerations
If your certificate is due to expire within 12 months or less, some certification bodies may require a full Stage 1 and Stage 2 audit rather than a simple transfer. It's crucial to begin the process at least three months before your current certificate expires to allow sufficient time for review, acceptance, and any additional audit activities.
Documents Needed to Transfer Your ISO Certification
Your new certification body will require specific documentation to assess your existing Information Security Management System (ISMS) or quality management system and confirm transfer eligibility.
Essential Documents Checklist
Current ISO Certificate: A copy of your valid, accredited certificate with expiry date and scope clearly visible.
Previous Audit Reports: The most recent surveillance or recertification audit reports from your current provider, typically covering the last three years or the full certification cycle.
Current Audit Programme: An overview of your planned audit schedule and any upcoming surveillance or recertification dates.
List of Sites and Scope: Details of all sites, locations, or services covered under the certificate, especially for multi-site or remote-first organisations.
Non-Conformity Records or Corrective Action Plans: A report of any open non-conformities (major or minor) from the last audit, and evidence that they have been resolved or are in the process of being closed out.
Key ISMS or QMS Documents: Depending on the standard, this may include your Statement of Applicability (SoA), Information Security Policy, Risk Assessment and Treatment Plan, Quality Manual, or other core system documentation.
Reason for Transfer: Some certification bodies will ask why you are switching providers—be prepared to explain your rationale.
Step-by-Step Transfer Process
Transferring your ISO certification involves coordination between you, your outgoing certification body, and your new provider. Here's how the process typically unfolds:
1. Verify Your Certificate Validity
Before approaching a new certification body, confirm that your current certificate is valid and accredited. Use the IAF CertSearch database to verify that your existing certification body holds the appropriate accreditation for your standard and scope.
2. Research and Select a New Certification Body
Choose a certification body that is accredited for your specific ISO standard (e.g., ISO 27001, ISO 42001, ISO 9001) and demonstrates experience working with organisations like yours. For SaaS and tech companies, consider certification bodies with cyber security specialisation, remote audit capabilities, and a collaborative, plain-English approach - like Tempo Audits.
Ask prospective certification bodies about:
Their accreditation status and scope
Experience auditing tech companies and distributed teams
Typical transfer timelines and any additional audit requirements
How they handle remote audits and hybrid working environments
Customer support responsiveness and audit scheduling flexibility
3. Notify Your Current Certification Body
Formally notify your existing certification body of your intent to transfer. This step is important to terminate your current contract and avoid future billing. Request all necessary documentation (audit reports, non-conformity records, and your current certificate) to share with your new provider.
4. Submit Your Transfer Application
Complete the new certification body's application form and submit the required documents outlined above (with Tempo, you can also do this on a call if you’d prefer). The new certification body will review your submission to confirm eligibility and assess any risks or outstanding issues.
5. Pre-Transfer Review
The new certification body will conduct a pre-transfer review of your documentation. This review verifies that:
Your certificate is valid and accredited
All major non-conformities have been addressed
Your management system remains compliant with the relevant ISO standard
The scope and sites match the documentation provided
Depending on the findings, the new certification body may request additional information or clarification.
6. Transfer Audit (If Required)
In some cases, particularly if your certificate is nearing expiry or if there are gaps in documentation, the new certification body may conduct a transfer audit. This is typically lighter than a full Stage 2 audit and focuses on confirming that your management system is still effective and compliant. For organisations transferring well ahead of certificate expiry, this step may be integrated into the next scheduled surveillance audit.
7. Acceptance and Contract Signing
Once the pre-transfer review (and any transfer audit) is complete, the new certification body will formally accept the transfer. You'll sign a new contract, and the certification body will issue a new certificate. The transferred certificate typically retains the original issuance and expiry dates, ensuring continuity.
If the transfer is not accepted due to unresolved non-conformities, expired accreditation, or other issues, you may need to undergo a new initial certification process.
8. Certificate Issuance and Ongoing Surveillance
Your new certification body will issue a replacement certificate reflecting the transfer. From this point forward, all surveillance and recertification audits will be conducted by the new provider according to your existing audit schedule.
Timeline: How Long Does a Transfer Take?
The actual transfer process with Tempo typically takes 2 to 4 weeks from initial application to final certificate issuance, depending on:
The completeness of your documentation
The responsiveness of your current certification body in providing records
Whether a transfer audit is required
The new certification body's scheduling availability
However, to ensure a smooth transition, start the process at least three months before your current certificate expires so that:
The transfer can be processed, and there is still time to schedule your next audit
You don’t get an invoice from your current provider for the next year
What Happens If Your Transfer Is Rejected?
In some cases, a transfer may not be accepted (although this is unlikely and, in Tempo’s instance, it’s only happened if we did not cover the sector the client applied from, or if the certificate was not accredited). Hypothetically, common reasons for a transfer being rejected could include:
Expired or Suspended Certificate: Only valid, active certifications are eligible for transfer.
Unaccredited certification: the applicant’s certificate is not eligible for a transfer due to not being accredited.
Unresolved Major Non-Conformities: Outstanding major NCs must be closed before transfer acceptance.
Lack of Accreditation: If your current certification body is not properly accredited (or has lost accreditation), the certificate cannot be transferred.
Incomplete Documentation: Missing audit reports or non-conformity records may prevent acceptance.
If your transfer is rejected, the new certification body will typically offer to conduct a new initial certification audit. While this requires more time and effort than a transfer, it ensures you maintain compliance and can still achieve certification with the new provider.
Best Practices for a Smooth ISO Certification Transfer
Start Early
Begin the transfer process as early as possible, and at least three months before your certificate expires, to allow time for documentation review, any required audits, and contract finalisation.
Verify Accreditation
Confirm that both your current and prospective certification bodies are accredited by recognised IAF MLA signatories. Use IAF CertSearch to verify accreditation status.
Resolve Non-Conformities
Close out any open major non-conformities before initiating the transfer. This accelerates acceptance and reduces the risk of rejection.
Maintain Documentation
Keep all audit reports, non-conformity records, and system documentation organised and up to date. This simplifies the transfer process and demonstrates ongoing compliance.
Choose a Certification Body That Understands Your Business
For SaaS and tech companies, partner with a certification body that specialises in cybersecurity, understands modern tech stacks, and offers remote-first audits. Tempo Audits is built specifically for fast-growing tech companies and offers a streamlined, collaborative approach to ISO 27001 and SOC 2 audits.
Why Choose Tempo Audits for Your ISO Certification Transfer?
Tempo Audits specialises in ISO 27001 and SOC 2 audits for modern SaaS and tech companies. Our remote-first, tech-native approach is designed to make compliance simpler, faster, and less disruptive—whether you're transferring from another certification body or pursuing certification for the first time.
We offer:
Cyber Security Specialisation: Auditors trained in the tools and environments tech companies use daily.
Fast Quoting and Scheduling: Get a quote and book your audit quickly, without lengthy forms or delays.
Plain-English Communication: No jargon, no fluff—just clear, actionable guidance.
Remote-First Audits: Built for distributed and hybrid teams, with no need for on-site visits unless required.
Collaborative Approach: We work with you to find conformity and improve your information security posture, not just tick boxes.
If you're ready to transfer your ISO certification to a certification body that understands how modern tech companies operate, get a quote from Tempo Audits today.