Pillar 05 · Practice Area

Certifications that open doors. And keep them open.

From ISO 9001 to FSSAI, GMP to MSME Udyam — we navigate the certifying bodies, draft the documentation, drill your team for audits and renew it all on schedule. A single advisor across every standard you carry.

SevenSub-Practices within Certifications & Licences
  • ISO 9001 · 14001 · 27001
  • ISO 22000 · 45001
  • GMP & WHO-GMP
  • FSSAI Licensing
  • MSME / Udyam
  • IEC & DGFT
  • Shop & Establishment
Certifications & Licences
Why Zfiling for Certifications & Licences

A certificate is a promise. We make sure you can keep it.

A certificate on the wall is the easy part. The hard part is the management system underneath it — the documented procedures, the calibrated equipment, the trained operators, the corrective-action loops that auditors will probe two and three years from now. Get that wrong and a surveillance audit becomes a non-conformity letter.

Zfiling builds certification-ready businesses, not certification theatre. We map your processes against the actual clauses of the standard, write the procedures in language your team will actually read, run mock audits with the same checklist the registrar will use, and stay on retainer through every surveillance and recertification cycle. The certificate becomes a by-product of how you genuinely operate.

Whether you are an exporter chasing ISO 9001 to qualify for tenders, a food manufacturer in line for FSSAI Central licence, a pharma unit preparing for WHO-GMP, or an MSME looking for Udyam classification — the depth of attention is the same.

1 DayResponse Guarantee
100%Senior-Led Review
End-to-EndFiled & Defended
Standalone Offering

Digital Signature Certificate (DSC)

Class 2 and Class 3 Digital Signature Certificates — required for MCA filings, GST registration, ITR e-filing, e-tendering and ROC compliance. Government-issued, courier-delivered, two-year validity.

Apply for DSC 24-48 hours · Pan India delivery
What's Included
End-to-end DSC service
  • Class 2 & Class 3 — for individuals, directors, professionals, organisations
  • Aadhaar e-KYC or video verification — no physical visit needed
  • USB token + DSC certificate couriered to your address
  • Two-year validity · Renewal & revocation support
View Full DSC Service Page →
The Sub-Practices

Seven sub-practices, one continuous workflow.

Most clients carry three or four certifications at once. We sequence the work — and the audits — so renewals never collide and management bandwidth never breaks.

ISO 9001, 14001 and 27001 — the foundational trio
01Quality Management

ISO 9001, 14001 & 27001 — the foundational trio

The three certifications that open the most doors in tenders, exports and enterprise procurement. ISO 9001 (Quality Management System) demonstrates process control. ISO 14001 (Environmental Management System) demonstrates regulatory and environmental discipline. ISO 27001 (Information Security Management System) demonstrates that data — customer, financial, operational — is genuinely protected.

We treat the three as an integrated management system, not three parallel projects. The same risk register, document-control architecture, internal-audit calendar and management-review rhythm serve all three. The cost of running three certifications becomes a fraction of running them independently.

What we deliver
  • Gap analysis against ISO 9001:2015, 14001:2015 and 27001:2022
  • Integrated Quality Manual + procedures + work instructions
  • Risk register, context analysis, interested-parties matrix
  • Internal auditor training (two team members certified)
  • Mock audit + corrective actions before registrar visit
  • Registrar selection, Stage-1 + Stage-2 audit support
  • Surveillance audit support (annual) + 3-year recertification
ISO 22000 and ISO 45001 — food safety and occupational health
02Operational Standards

ISO 22000 & ISO 45001 — food safety and occupational health

ISO 22000 (Food Safety Management System) is the global passport for food manufacturers, processors, packagers and exporters — including alignment with HACCP principles, prerequisite programmes (PRPs) and operational PRPs. ISO 45001 (Occupational Health & Safety) replaces the older OHSAS 18001 and is increasingly expected by large industrial customers, government tenders and international principals.

We build the hazard analyses, the control plans, the emergency procedures and the safety committees that these standards demand — and train the cross-functional teams that have to keep them running between audits.

What we deliver
  • HACCP study + flow diagrams + hazard analysis
  • Prerequisite programme (PRP) documentation
  • OH&S risk assessments + legal-register mapping
  • Emergency preparedness + incident-investigation protocols
  • Internal auditor + HACCP team leader training
  • Stage-1 + Stage-2 registrar audit support
  • Annual surveillance + recertification cycle
GMP and WHO-GMP for pharmaceutical units
03Pharma & Manufacturing

GMP & WHO-GMP for pharmaceutical units

Good Manufacturing Practice — Indian Schedule M, WHO-GMP and country-specific GMPs — for pharmaceutical formulations, APIs, nutraceuticals, cosmetics and ayurvedic preparations. The certification is intricate: facility design, validation protocols, calibration records, batch-manufacturing records, deviation handling, change control and CAPA all have to align with the standard and with the licence under which the unit operates.

We work with the QA head, production manager and regulatory team to build (or remediate) the entire quality system, draft the site master file and validation master plan, prepare for the inspector visit and represent the unit during the audit and through the post-audit observations.

What we deliver
  • Site Master File + Validation Master Plan drafting
  • SOPs across production, QA, QC, engineering, warehouse
  • Equipment qualification (DQ, IQ, OQ, PQ) protocols
  • Batch Manufacturing Records + Master Formula Records
  • CAPA, deviation, change-control and OOS systems
  • State licensing authority + WHO-GMP audit support
  • Annual re-audit + product-specific endorsements
FSSAI licensing — Basic, State and Central
04Food Sector

FSSAI licensing — Basic, State & Central

The Food Safety and Standards Authority of India categorises food businesses by turnover and operation type into Basic registration, State licence and Central licence. Each carries its own documentation, infrastructure standards and renewal cycle. Modifications — adding a product category, opening a new manufacturing line, changing the proprietor — all trigger fresh applications.

We handle category selection, application drafting, infrastructure compliance, FoSCoS portal filings, modifications and renewals end-to-end — and respond to FSSAI inspection observations on your behalf.

What we deliver
  • Category determination (Basic / State / Central)
  • Application drafting + FoSCoS portal filing
  • Infrastructure gap analysis + remediation guidance
  • Product approvals + label compliance review
  • Inspection support + observation responses
  • Modifications: product addition, line extension, transfer
  • Renewals on a managed calendar — no licence lapses
MSME / Udyam registration and benefits realisation
05MSME Recognition

MSME / Udyam registration & benefits realisation

Udyam Registration is the gateway to MSME benefits — priority sector lending, government tender preferences, subsidy schemes, interest subvention, delayed-payment protection under the MSMED Act and a host of state-level incentives. The classification turns on plant & machinery investment and turnover, both of which are auto-fetched from PAN and GST returns.

Getting the registration is straightforward; getting the most out of it is not. We help businesses claim the benefits they qualify for — lodging delayed-payment claims at MSME Samadhaan, applying for CGTMSE-covered credit, registering on GeM and TReDS, and presenting eligibility documentation to lenders.

What we deliver
  • Udyam registration / re-registration on the portal
  • Activity classification + NIC code mapping
  • Udyam Assist platform support for informal micro units
  • MSME Samadhaan delayed-payment claim filings
  • CGTMSE collateral-free loan documentation
  • GeM (Government e-Marketplace) seller onboarding
  • TReDS platform onboarding for invoice discounting
IEC and DGFT compliance for exporters / importers
06Import Export

IEC & DGFT compliance for exporters / importers

The Importer-Exporter Code (IEC) from DGFT is the single mandatory identifier for any cross-border movement of goods or services from India. Around it sits an ecosystem of schemes — RoDTEP, RoSCTL, Advance Authorisation, EPCG, AA, MEIS legacy claims, SEIS — that materially affect export economics.

We open and maintain the IEC, file scheme applications, manage Bank Realisation Certificates (BRCs), file EDPMS / IDPMS responses, and represent clients in DGFT Policy Relaxation Committee hearings when entitlements get stuck.

What we deliver
  • IEC application + DSC-based annual update on DGFT portal
  • RoDTEP / RoSCTL claim filing + reconciliation
  • Advance Authorisation + EPCG scheme applications
  • BRC / e-BRC follow-up with banks
  • EDPMS / IDPMS overdue export / import responses
  • Policy Relaxation Committee representations
  • DGFT show-cause notice responses + appeals
Shop and Establishment + state-level registrations
07State Compliance

Shop & Establishment + state-level registrations

Every commercial establishment in India needs Shop & Establishment registration under the respective state Act — the licence that governs working hours, weekly offs, leave entitlements, women employees in night shifts and basic labour conditions. Add Professional Tax registration (state-specific), Labour Welfare Fund (state-specific) and Trade Licence from the municipal corporation, and most businesses are running four or five state-level registrations in parallel.

We register, file periodic returns, manage renewals and respond to inspector visits across Delhi NCR, Haryana, Maharashtra, Karnataka, Tamil Nadu, Telangana and the other major commercial states — and coordinate across states for clients with multi-location operations.

What we deliver
  • Shop & Establishment registration in any Indian state
  • Professional Tax (PT) registration + monthly / annual returns
  • Labour Welfare Fund (LWF) registration + contribution filings
  • Municipal Trade Licence + signage / health / fire NOCs
  • Multi-state coordination for centralised operations
  • Inspector visit support + observation responses
  • Renewals on a managed calendar with reminders
Beyond the Catalogue

Any other service
you need.

Industry-specific and international certifications we routinely handle alongside the seven above — from medical devices to data centres, from cosmetics to organic produce.

A short, non-exhaustive list of other services we routinely deliver:

  • ISO 13485 — Medical Devices Quality Management
  • ISO 50001 — Energy Management Systems
  • ISO 22301 — Business Continuity Management
  • ISO 20000-1 — IT Service Management
  • SOC 2 Type I / Type II readiness & audit support
  • PCI DSS compliance for payment processors
  • HIPAA / HITRUST readiness for US healthcare clients
  • BIS (ISI) marking + CRS registration for electronics
  • BIS Hallmark registration for jewellers
  • EPR (Extended Producer Responsibility) for plastics, e-waste, batteries
  • Pollution Control Board (CPCB / SPCB) consents — CTE, CTO
  • Drug & Cosmetic licences (Form 20, 21, COS-1 to COS-8)
  • AYUSH licences for ayurvedic and herbal preparations
  • Halal, Kosher, USDA Organic and India Organic (NPOP / NOP) certifications
  • FCC, CE marking, RoHS, REACH documentation for export markets
  • NABH / NABL accreditation for healthcare and testing laboratories
  • Star Rating for hotels & restaurants — Ministry of Tourism
  • GeM & CPP Portal vendor registrations + bid filing
  • CGWA No-Objection Certificate for groundwater extraction
  • Legal Metrology registrations + pre-packaged commodity rules
  • Bureau of Energy Efficiency (BEE) star labelling
  • Spice Board, Tea Board, Coffee Board exporter registrations
  • APEDA registration for agricultural exporters
  • TRAI / DoT licences for telecom and OTT operators

Don\u2019t see your specific need? Send us a brief description in writing — we will honestly tell you within 24 hours whether we are the right team for it.

How It Actually Goes

A five-step engagement, designed for clarity.

Every engagement at Zfiling runs through the same disciplined workflow.

01

Diagnose

Two-hour scoping call to understand your business, current state, certification objective and target registrar. Output: a detailed gap report and timeline.

02

Document

We draft the manual, procedures, work instructions, formats and registers — tailored to your operations, not boilerplate. You review and we iterate.

03

Implement

Training sessions for the team, document rollout, internal auditor certification and three full management-review cycles before the audit.

04

Certify

Mock audit by our senior auditor using the registrar\u2019s checklist. CAPA closed. Stage-1 and Stage-2 audits accompanied by us, every objection responded to in writing.

05

Renew

Surveillance audits handled on the managed calendar. Recertification at the three-year mark. No certificate at Zfiling has ever lapsed for procedural reasons.

Engagement & Pricing

Four ways to work with us.

Fixed-fee for one-off engagements. Scaled by complexity or turnover. Monthly retainer for ongoing engagements.

Single ISO Standard
ISO 9001 / 14001 / 45001
Fixed Fee

Gap analysis, documentation, training, mock audit and Stage-1/2 audit support — registrar fees billed separately at actuals.

Pharma / Food Sector
GMP, WHO-GMP, FSSAI Central, ISO 22000
Scoped Fee

Quoted by unit size, product range, current state of the QMS and number of manufacturing lines. Includes SOP architecture and audit defence.

Registration & Licensing
MSME / Udyam, IEC, Shop & Estab, PT
Per Filing

Transparent per-registration fees. Bundled rates for multi-state and multi-licence engagements. Renewals included on annual retainer.

Compliance Retainer
Multi-certification calendar
Monthly Retainer

For clients carrying three or more certifications and licences — single point of contact, renewal calendar, audit support, scheme claims, all-inclusive.

  • Which ISO standard should I get first?
    In most cases, ISO 9001 (Quality Management) is the foundational standard — it builds the document control, internal audit and management review architecture that every other ISO standard then plugs into. If you handle customer or financial data, ISO 27001 (Information Security) is the second priority. ISO 14001 (Environment) makes sense if you have a physical manufacturing or service operation with environmental aspects. For food, ISO 22000 typically precedes ISO 9001 because it is the export-acceptance standard.
  • How long does ISO 9001 certification take end-to-end?
    Realistically, three to four months from kick-off to Stage-2 audit for a single-location business with reasonable existing process discipline. Faster timelines (six weeks) are possible but produce documentation that fails surveillance audits. Multi-location businesses or those with no existing documented procedures should plan for four to six months. The bulk of the time is implementation and management-review cycles — not drafting.
  • What is the difference between Basic, State and Central FSSAI licence?
    Basic Registration is for food businesses with turnover up to Rs 12 lakhs per annum — single page, fastest. State Licence covers turnover Rs 12 lakhs to Rs 20 crores per annum, manufacturers under specific thresholds and storage warehouses. Central Licence covers turnover above Rs 20 crores, importers, e-commerce food operators, head offices of multi-state operators, large manufacturers and 100% export-oriented units. Selection turns on the highest-applicable trigger across all branches.
  • Can I get WHO-GMP without first getting Schedule M GMP?
    No. Schedule M (Indian GMP under the Drugs and Cosmetics Rules) is the prerequisite licence for any pharmaceutical manufacturing unit in India. WHO-GMP is a voluntary additional certification on top, evidenced by a WHO-GMP certificate and a Certificate of Pharmaceutical Product (CoPP) — required for exporting to most regulated markets. The two audits typically run six to nine months apart.
  • My turnover crossed the MSME limit — do I lose the registration?
    Under the current Udyam framework, an enterprise that crosses either the investment or turnover threshold retains MSME status for the year of crossing and the following year (a two-year grace), then is reclassified. You continue to enjoy benefits already secured (contracts won, loans sanctioned) but new benefits are at the revised category or excluded. We help model the upgrade carefully — for some businesses, the Medium classification is more advantageous than Small.
  • What is RoDTEP and how do I claim it?
    Remission of Duties and Taxes on Exported Products is a refund scheme that compensates exporters for embedded duties and taxes that are not refunded under any other mechanism (electricity duty, mandi tax, stamp duty on import documents, etc). Rates vary by product (HS code). Claim is filed automatically through the shipping bill with the RoDTEP flag, with credit scrips issued to the IEC holder\u2019s ledger on ICEGATE — which can then be transferred or utilised for paying basic customs duty.
  • Do I need separate Shop & Establishment registration in each state I operate?
    Yes. Shop & Establishment is a state subject and registration is location-specific — every branch, office, factory or warehouse in a different state requires its own registration. Some states (Delhi, Karnataka, Maharashtra) allow online single-shot registration; others (Tamil Nadu, West Bengal) involve municipal-level visits. We coordinate across states for multi-location clients.
  • How often do I have to renew ISO certifications?
    The ISO certificate is valid for three years, but the certification cycle requires annual surveillance audits in years one and two, and a full recertification audit at the end of year three. The surveillance audits sample the management system rather than auditing it end-to-end — so they are shorter, but they can still result in non-conformities and certificate suspension if not handled properly.
  • What happens if a surveillance audit finds a major non-conformity?
    The registrar issues an NCR (Non-Conformity Report) and gives a stipulated time (usually 90 days) for corrective action with root-cause analysis and evidence of effectiveness. If the response is not satisfactory, the certificate is suspended; further failure leads to withdrawal. We routinely handle NCR closure for clients who came to us mid-cycle after failed surveillance audits.
  • Can the same firm handle both certification consulting and the audit?
    No — and we would not, even if the rules permitted it. The registrar (certifying body) must be independent of the consultant. Zfiling builds and prepares; an accredited registrar (BSI, TUV, BVQI, DNV, Intertek, SGS or any other accredited body) audits and certifies. We help with registrar selection but never have a financial relationship with the registrar.
  • Are MSME Udyam benefits available to traders?
    Yes — since July 2021, trading enterprises (wholesale and retail trade) are explicitly covered under the Udyam Registration framework, after being excluded for several years. Traders are eligible for priority sector lending classification and several state-level benefits. Government tender preferences (the 25% reserved-category procurement) are however largely restricted to manufacturers and services.
  • Can certifications be transferred when a business is sold or restructured?
    ISO certifications transfer with the legal entity if the entity itself continues. If the business is sold as a slump sale or merged into a new entity, the certification has to be re-issued in the new entity\u2019s name — usually a faster process than fresh certification if the management system continues unchanged. FSSAI, IEC and most state licences require fresh applications in the new entity\u2019s name. We handle these transfer / re-issue processes routinely during M&A transactions.
Talk to a Founder

Pick one certification. Or all seven.

The first 30-minute consultation is on us. A senior advisor responds within one business day.

+91 8338 981 953  ·  infoZfiling@gmail.com

U, Lower Ground Premise – 28, Road Fifty, DLF Phase III, Gurgaon – 122 010

Voices from Clients

What clients say about our Certifications practice

ISO, BIS, MSME, DSC, LEI — the credentials that unlock contracts.

★★★★★
We needed ISO 9001 for a government tender that had a 30-day window. Zfiling audited our systems, drafted SOPs, and got us certified in 22 days. Also handles our annual DSC renewals and MSME registration.
PM
Priya M.
Managing Partner · Design Studio · Mumbai
ISO 9001 + DSC
★★★★★
ISO 9001 certification for a Tier-1 supplier requirement. Zfiling audited our systems, drafted SOPs, and got us certified in 45 days flat. Also handles our BIS product certification and DSC renewals annually. Reliable, no drama.
AG
Amit G.
Plant Head · Auto-Parts Mfg · Pune
ISO + BIS