Skip to main content
Source JournalDispatchesArticlesRSS
← Back to Articles

You're Choosing a Person, Not a Certificate

11 June 2026 · Updated 16 June 2026 · Ben Visser · 4 min read

At a glance - TL;DR

Most organisations choose a certification body by comparing prices and logos, then wait to find out who turns up. The piece argues that the human who walks through the door matters far more than the logo on the certificate, and that continuity with the same auditor compounds in value across a three-year cycle in ways a new face each time cannot. Choosing well, up front, means favouring a smaller body where keeping a personal bond with one auditor is realistic rather than accidental.

Key takeaways

  • The price and the accreditation logo are not what shapes your audit; the human being who walks through the door is, and whether you will see that person again matters more than almost anything you compared on a spreadsheet.
  • A returning auditor compounds in value across the three-year cycle: they build on previous findings, remember trade-offs you made for good reasons, and know where to push without wasting time re-establishing context.
  • Large certification bodies optimise for throughput; rotation is by design, and you can sit across from a different auditor each time explaining the same context to someone who has never heard it.
  • Choosing locally, favouring a smaller body, and approaching the relationship as a partnership rather than an examination are decisions made before you sign anything; that is when you have the most control.
  • Askara Solutions will help you choose and then get out of the way; inserting a preferred-supplier layer between you and your auditor would sacrifice the direct, long-term relationship that is the entire point.

Most companies choose a certification body the way they choose a courier. Get three quotes, glance at the logos, pick the one that looks reputable and lands in the middle on price. Then they wait to find out who actually turns up. Here is the thing nobody puts in the procurement checklist: the price and the logo are not what shapes your audit. The human who walks through the door is. And whether you will ever see that human again matters more than almost anything you compared on the spreadsheet. The third audit with the same auditor is worth more than the first three with three different ones.

This is part two of a short series about the parts of compliance a machine cannot do for you. The first piece looked at the three people whose buy-in an information security management system actually runs on: your management team, your auditor, and your own staff. Call it the stakeholder triangle. This piece zooms into one corner of it, the auditor, and asks a question the speed-obsessed market almost never asks. Not how do you pass the audit, but how do you choose the person who runs it.

Big Body, Small Body

There are two kinds of certification body, and the difference is not really about quality. It is about whether you are a relationship or a row in a database.

The large bodies are built for scale, and scale has a logic. They run internal allocation desks whose job is to match an available auditor to a slot in your calendar. If your auditor is unavailable, someone else is scheduled. Across the three-year certification cycle there is rotation by design, so it is entirely possible to sit across from a different person each time, explaining the same context about the same topic to someone who has never heard it before. None of this is incompetence. It is just what an org chart optimised for throughput produces. You are handled efficiently, and you are handled by a number of people, and you are, to the system, a number yourself.

The small bodies work differently because they cannot afford not to. Often the person auditing you is the person who owns the firm, working with a handful of colleagues, doing the job because they genuinely like it. I have sat across from an auditor like this, someone with real love for the craft, who clearly enjoyed the conversation, and who turned what could have been a grim formality into something I looked forward to. That is not a small thing. An audit you look forward to is an audit that does you good.

Why Continuity Compounds

Here is the part the market structure quietly hides from you. A returning auditor is not just more pleasant. They are worth more, and the value compounds.

Think about what happens on a second or third visit with someone who already knows your history. They remember the trade-off you made last year, the one where you accepted a risk for a reason that made sense at the time. So they can reopen it: is that still the right call, now that you have grown? They build on previous findings instead of starting from zero. They know where this particular company tends to be strong and where it tends to drift, so they push a little harder exactly where pushing helps. None of the session gets spent on re-establishing context, because the context is already shared. Every minute goes to the actual work.

Now run the alternative. A new auditor each cycle, each one fed the same introduction, each one forming first impressions you have already corrected twice. You are not building anything. You are re-explaining. The audit becomes a reset rather than a step forward, and you pay for that reset in the most expensive currency you have, which is the time of the people who understand your business.

So this is the anchor I would offer: continuity is the asset. Not the certificate, not the logo on it. The certificate is the same piece of paper either way. What differs is whether the relationship behind it accumulates value or starts over.

Choosing Well, Up Front

You have more control over your audit experience than the procurement framing suggests, and almost all of it is exercised before you sign anything.

Choose locally. Choose someone who works in your language, understands your culture, and recognises your way of operating without needing it translated. Favour a relatively small body where keeping a personal bond with one auditor is realistic rather than accidental. And approach the relationship as a partnership, not an examination. The auditor is not there to catch you out. The good ones are there to make the thing genuinely better, and they respond to being treated accordingly.

This is also where I want to be precise about Askara Solutions, because it would be easy to misread what we do here. We will help you choose. We can hand you the few things to look for, the questions to ask, the signals that tell you whether a body will treat you as a partner or a ticket number. What we will deliberately not do is sit in the middle of it. No preferred-supplier arrangement, no broker fee, no Askara-shaped layer between you and the person auditing you. The moment a third party inserts itself into that relationship, it starts to behave like a staffing agency, with its own reasons to keep you moving and churning, and the direct long-term bond is exactly what gets sacrificed. The relationship is yours. It should stay yours. The most useful thing we can do is help you start it well and then get out of the way.

This is, when you look at it plainly, the whole reason these choices cannot be automated. An allocation desk can match a calendar slot. Software can compare prices and surface logos and rank bodies by turnaround time. What none of it can do is judge whether you will trust this particular person across three years, or build the rapport that makes the third audit worth more than the first. That judgement, and that relationship, are stubbornly, permanently human.

The audit you dread is not really the audit. It is the prospect of a stranger arriving to grade you. Choose the person instead of the price, choose someone you can keep, and the thing inverts. It becomes a standing appointment with someone who knows your company, wants it to be better, and helps make it so. The machines will take more and more of the compliance work off your hands. Good. That just leaves you the part that was always worth keeping.