USA / USD
8 August 2023
ISO 9001, the world's best known and most popular quality management standard, can be implemented quickly with minimal investment. This guide explains in detail how you can get certified in 5 steps. We also reveal how to make the process easy on you, avoid the pitfalls, and set up a meaningful ISO 9001 system that improves your business at the same time.
To get ISO 9001 certified, your company needs to set up an ISO 9001 compliant quality management system, verify that it's working through an internal audit, and then undergo a certification audit by a third-party registrar.
Quick and easy certification is the goal for most companies. The long-term success and sustainability, however, depends on how the ISO 9001 system is set up. The key is to make your ISO system fit your company – not the other way around. Our "simplified" approach ensures that ISO 9001 works for you and that it makes your business processes leaner and more efficient.
Particularly small and midsize companies don't need to make the certification process complicated. Our Five Steps to Certification focus on getting things done in a meaningful, yet stress-free, way. We include important tasks that are often overlooked, avoid typical mistakes, skip unnecessary Gantt charts and task force meetings, and simplify ISO 9001 for you.
Step 1: Preparation
The first step addresses the preparation needed to achieve ISO 9001 certification and includes tasks like training, gap analysis and planning.
Step 2: Documentation
Writing the documentation is often considered the most difficult implementation step. This step addresses the interpretation of the ISO 9001 requirements and the development of custom procedures.
Step 3: Implementation
The implementation phase is about introducing the new procedures to affected employees and help them adjust and improve their work processes accordingly. Process improvements and efficiencies are gained during this step.
Step 4: Internal Audit
Internal audits are self-inspections to check if your ISO 9001 system is effectively implemented. A complete internal audit is required prior to certification.
Step 5: Certification
ISO 9001 certification is granted by an independent and accredited registrar after a successful certification audit. This step addresses the selection of the registrar, preparation for the 2-stage certification audit, as well as activities to market and maintain certification.
Yes and no. You do need to systematically follow our five certification steps to get an efficient and sustainable ISO 9001 system that supports your business. Don't cut corners! However, there is plenty of help available. To make it easy on you and achieve the best outcome, consider the following options, all of which apply our approach and follow our five steps to certification:
You Do It With Our Support
A popular option for small and midsize businesses is to set up ISO 9001 in-house using our Do-It-Yourself Toolkit. It's inexpensive, quick, and easy, and the outcome is superb. No prior experience needed. Our comprehensive ISO 9001 Certification Toolkit includes the training, guidance and tools you need to get certified in a meaningful – and stress-free – way. It's great value at only USD 2,490.00, and most companies get certified in 3-6 months.
We Do It For You
Outsourcing your entire ISO 9001 certification project to us is the ideal approach if you need quick certification but you cannot assign staff to the project. Our senior consultants will do all the work and set up an effective ISO system that improves the efficiency of your operations. It's convenient and fast, and the outcome is excellent. Our full-service ISO 9001 Certification Service even guarantees successful certification. Small companies can get certified in only 1-2 months, but prices of this premium service start at USD 15,000.00.
You Do Some, We Do Some
This is a custom solution that combines the Do-It-Yourself Toolkit with targeted consultancy. You'll do the work in-house but hire us for specific tasks such as kick-starting the project, developing a custom implementation plan, setting up specific processes, motivating and engaging difficult managers, or verifying that your ISO system is working. Prices depend on your needs but typically start at USD 4,000.00 to get you certified in 2-6 months. Find out more about this Hybrid Approach.
No matter which option you choose, you'll get a custom ISO 9001 system based on simplicity and operational benefits. Skillful interpretation of the requirements and adaptation to the specific company are key to success. Your ISO processes can only be efficient if they are custom designed to fit your individual organization – and that's exactly where our unique strength lies.
The five steps are built into our Do-It-Yourself Toolkit and are adhered to by our consultants. Read on to find out in detail what they entail.
Go to Step 1: Preparation
The first step addresses the preparation needed to achieve ISO 9001 certification at your small or midsize company. Don't cut corners during this phase! Preparing well not only affects the immediate success of your certification project but also the sustainability of the quality management system.
No matter how you pursue certification, your company needs an ISO 9001 point person (often called "ISO 9001 Management Representative") who is responsible for achieving and maintaining certification. It's often a quality manager or executive, but could be anybody with sufficient authority to implement and change operational processes. We also recommend that companies with multiple locations apply a decentralized approach and appoint additional local management reps. Done right, you'll gain flexibility and simplicity from this setup.
If you are in charge of getting your company ISO 9001 certified and manage the quality system thereafter, you'll need to be familiar with the ISO 9001:2015 standard, understand its requirements and how to apply them at your own company. You'll also need to be able to plan and execute the certification project.
If you are using a consultant to get certified, you could learn enough by working side-by-side with the expert without getting formal training. Otherwise, smaller companies might prefer an online implementation course, while larger companies with an implementation team benefit most from a remote or on-site custom course that combines training with hands-on implementation activities.
Don't take this lightly. Top management plays an important role in ISO 9001. It's critical that they not only support the ISO project but also "walk the talk". The first step in achieving active support is providing management with the needed knowledge and teach them about their own role in ISO 9001.
Given the typical time constraints of top managers, we recommend a concise online course.
ISO 9001 can bring numerous benefits, both operational and marketing. But your company won't just "automatically" achieve them. How you benefit from ISO depends not only on your organization's circumstances but most importantly on the goals set. So start your ISO certification project by helping the leadership team to define the benefits they want to gain. Focus on operational rewards. Then convert them into tangible objectives.
Rather than applying ISO 9001 to every part of your organization, you could exclude specific departments, products or locations. Or you could roll out your certification gradually, starting with the most critical functions. The pros and cons of limiting the scope of ISO, though, need to be carefully considered. There is much to be gained by uniformly applying ISO 9001 to the entire organization.
This must not be delayed. Inform your staff about ISO before rumors start. Show them how ISO 9001 certification will not only benefit your company but also each employee. Explain the positive effects on work processes, employee satisfaction, and job security. Get them motivated to take part in the ISO project.
The easiest and most flexible way to generate buy-in is a short online course. An alternative is a short motivational video or a customized live course that can be conducted on-site or via video conference.
Many companies will find a gap analysis useful to judge the extent to which their organization is already ISO 9001 compliant and where gaps exist. The results will help you determine where implementation efforts should be concentrated. You'll be able to prepare a better project plan with more accurate milestones and target dates. ISO 9001 consultants use the gap analysis to familiarize themselves with your company.
But the gap analysis is not mandatory. Particularly small and medium sized businesses implementing ISO 9001 in-house will find it more efficient to conduct several targeted "mini gap analyses" during the documentation and implementation phases.
We recommend keeping your project planning simple. Focus on implementation steps, milestones, and target dates, and assign responsibilities. Small and midsize companies, in particular, should try to avoid Gantt charts and the sort of complexities likely to arise from bloated steering committees.
Good certification kits simplify the planning phase. But you could also utilize our handy ISO 9001 implementation checklist to formulate a plan with responsibilities and target dates. Another option is to have a consultant develop a custom plan for you.
Go to Step 2: Documentation
Writing the documentation is often considered the most difficult implementation step. For one, documents have to meet the technical requirements of the ISO 9001 standard, which some people find hard to understand, interpret, and apply to their company. But it's also the importance of getting these documents right as they directly impact on your business operations.
It's critical that your ISO documentation is adapted to the needs and circumstances of your business. You can't just copy somebody else's procedures. Customization is key. If you outsource your certification process, allow the consultant to first become sufficiently familiar with your company before he/she starts writing your documentation. If you use templates, pay attention to flexibility and customization instructions.
Though ISO 9001 has become less prescriptive regarding the number of required documents, the following should be part of your quality management system:
Process maps (flowchart)
While there are specific requirements for the quality policy, objectives and scope, you have a lot of flexibility as to the number and content of procedures, work instructions, forms, and process maps.
We recommend you create as many procedures as needed to properly address every 9001 requirement. There's no need to follow the structure of the ISO standard; instead, your procedures may combine or split up ISO 9001 clauses as appropriate to your business.
In addition to the more high-level procedures, you'll need to describe the detailed steps of performing work processes though work instructions. We will address this in Step 3.
Forms and checklists aren't specifically mentioned by the standard. However, they can be considered both work instructions (before they are filled in) and records (after they are filled in) – both of which are addressed by the standard. We recommend creating forms and checklists where they can save time and effort in meeting ISO 9001 requirements.
Process maps are used to provide insights into workflows. We'll cover them in Step 3.
Records provide evidence that your organization meets the requirements stated in the procedures, quality policy, quality objectives and work instructions. There are 16 clauses in which ISO 9001:2015 specifically requires records.
Your ISO documents need to fit your business. They can't be written by somebody unfamiliar with your company. Even a company insider shouldn't do it in isolation.
Larger companies could have a multi-functional team write their high-level documentation. If you work for a small or midsize business, you can develop procedures and supporting forms yourself after obtaining staff input. Proceed as follows:
Tackle one clause at a time – study the requirements and generally accepted interpretations
Determine the organizational functions that are impacted
Establish the current level of compliance (based on gap analysis)
Explain the requirements to affected management and discuss possible ways the requirements could be adopted
Once you reach consensus on the optimal process, put it in writing
The standard doesn't prescribe any particular format, structure or numbering system so choose what works best for you and follow these tips:
DO look for the simplest way to meet a requirement and adapt it to your business
DO use your company's vernacular and avoid "ISO language"
DO use diagrams and illustrations rather than long-winded text
DO use layout that's visually appealing and easy to understand
DON'T include time-consuming references to other documents
DON'T include bureaucratic requirements, requirements that are not suitable for your company's circumstances or culture, or requirements that hinder your business operations and productivity
The requirements on document control in clause 7.5 of the ISO standard affect how you'll write, identify, and approve documents. It's the ideal procedure to start with before addressing the remaining requirements. Whenever you see record keeping requirements, consider if a form or checklist could be useful.
Preparing all ISO documents is rather time consuming, complicated, and prone to mistakes. But don't worry, there's a shortcut – documentation templates. These pre-written documents are designed to be tailored to your company's needs; the included customization instructions show you how.
Templates are a core component of certification toolkits, and consultants use them as well. Since their quality varies widely, due diligence is needed. Base your evaluation on the above documentation tips and pay particular attention to the extent of the customization instructions.
Go to Step 3: Implementation
During the implementation phase you will introduce your procedures to affected employees and help them adjust and improve their work processes accordingly.
ISO 9001 implementation requires virtually all employees to change the way they work to some extent (for example, how they use documents). To make your quality management system succeed, there needs to be an incentive to adopt new work processes. It's essential that your new procedures are efficient, non-bureaucratic, and user-friendly.
Start the implementation phase by having top management communicate the quality policy, what it means and how the company will enact it. It's important - and a requirement - that staff understand the policy and can relate to it in terms of their own job responsibilities.
Department managers and team leaders will utilize the ISO 9001 system the most – and will have a major impact on the success of your ISO implementation. It's best to teach them how to use ISO to achieve tangible benefits and then let them adopt an active role during implementation. Our uniquely targeted, online manager training is best suited.
Introduce one procedure at a time, starting with document control. Depending on the size of your company, you could explain the requirements in staff meetings, or use a trickle-down approach where you leave the explanations to department managers.
Implementing the procedures creates opportunities for process improvement. Empower staff to redesign their work processes along the new ISO 9001 requirements. This will create motivation, lead to improved processes, and the ISO procedures will be adopted almost automatically.
Teams start by visualizing their existing work processes through process maps on a white board. These flowcharts will help to identify how different functions interconnect, and where bottlenecks, repetition, and delays occur. Once there is consensus on improvements, the redesigned workflows should be documented.
Work instructions are step-by-step directions on how to perform an activity. The ISO standard requires them where they add business value. This could be in the case of rarely-performed or high-risk activities, or work carried out by temporary or untrained staff.
Work instructions should be written by staff who actually perform the work. Any format will do if it's useful to the user, including text, flowcharts, pictures, screenshots and even videos. At least initially, you should review work instructions to verify compliance with ISO 9001 and your new procedures.
ISO 9001 includes numerous record-keeping requirements. As ISO requirements are gradually incorporated into daily business activities, records should be generated. Auditors will review records when verifying compliance with the standard.
You aren't certified yet – but ISO could already pay off in marketing. You might even be able to satisfy potential customers who made accreditation a prerequisite.
Inform your customers now of your pending accreditation. Add substance by describing your QMS, summarizing your procedures, and announcing your planned certification date. Users of our certification system simply use our special quality manual template for this purpose.
Go to Step 4: Internal Audit
Internal audits are self-inspections to check if your ISO 9001 system is effectively implemented. During the audit, work processes are observed, management and staff interviewed, and records examined. The objective is to verify compliance with ISO 9001, as well as with your procedures and work instructions. Internal audits are conducted prior to achieving certification, as well as periodically thereafter.
Internal audits are typically performed by employees who take on the auditor role as an additional responsibility. Some companies prefer to outsource the audit program.
When setting up your audit program, you develop an audit schedule and methods to plan and prepare your audits. You'll also prepare documents, forms and checklists that support your audits. It's easy with an audit toolkit.
You'll also appoint one or more auditors. Small businesses typically have the ISO 9001 point person, quality manager, or a safety inspector perform internal audits. Larger companies often appoint an audit team. Usually, the auditor role is an additional responsibility to regular job duties.
Auditors need to be familiar with the ISO 9001:2015 standard, be able to verify if its requirements are effectively implemented, and have otherwise good auditing skills. They also need to be able to report audit findings and follow up on corrective action. Ideally they also have the skills to promote best practices and add operational value.
Internal audits can be leveraged as a training tool to support the ISO implementation. You can use them to train management and staff in your new processes. Therefore, the best time to start auditing is during Step 3 - Implementation. Initially, you might focus your audits on particular requirements or procedures. Later, you'll audit entire work processes.
In order to be considered for ISO 9001 registration, you have to successfully conclude one complete internal audit. A complete audit covers your entire ISO quality management system, but not every department needs to be checked for compliance with every requirement. Also, the audit doesn't need to be conducted as a single event but can be split into several partial audits. You could, for example, focus on a particular department or process at a time.
Another alternative is to outsource this audit to our experienced lead auditors. This way you can be confident that each and every issue with your quality management system gets identified. We'll even guarantee that you'll pass your subsequent certification audit.
Once your business has been audited against all ISO requirements and any identified nonconformities have been addressed, your company will be ready for the certification audit.
Go to Step 5: Certification
In order to gain ISO 9001 certification, your company needs to undergo a certification audit conducted by an independent, third-party auditor. This assessment is similar to your internal audits but scope and number of audit days are regulated. Once your company successfully completed the audit and addressed any identified nonconformities to the satisfaction of the auditor, the ISO 9001 certificate with 3-year validity can be issued.
Before the certification audit can be conducted, it is necessary for your company to complete a full internal audit and accumulate enough records for the auditor to verify effective implementation of your quality management system and adherence to all ISO 9001 requirements. Often 1-2 months worth of records are enough.
The ISO 9001 registrar is the independent entity that sends the auditor or audit team and issues your 9001 certificate. Reputable registrars are accredited by a national accreditation board.
Start your search on the internet or get several custom quotes through our free registrar finder service. Compare the candidates and evaluate them against your company's criteria. A good DIY toolkit or consultant will help with the selection process.
Preparing for the certification audit is a good opportunity to check work areas and tidy up. Be particularly wary of outdated or uncontrolled documents floating around. It's also important to prepare your staff to face the auditor.
Reduce anxiety and explain what to expect from the audit and the auditor
Explain how to interact with auditors and answer their questions truthfully without volunteering additional information
Rehearse typical auditor questions and how to answer them, including:
"How do you know that you perform your work correctly?" – – the auditor wants to know about performance criteria and measurements
"How do you contribute to the objectives of your company's quality policy?" – – checking understanding of the quality policy and its application in daily work
Preparation activities should be conducted during the day(s) leading up to the audit. Good consultants can help with the preparation. If you are implementing ISO 9001 by yourself, consider showing your staff a short explanatory video; also, a good certification kit should include preparation instructions and tips.
The certification audit is divided into two stages: the first is a review of your documentation, the second is the actual audit of your work processes. The stage 1 audit is conducted remotely, while the stage 2 audit can be conducted on-site or remotely depending on your registrar and your choice.
Most audits uncover at least a few minor issues. Unless the nonconformities a severe, you'll only need to correct them and inform your registrar before your ISO 9001 certificate can be issued. If major nonconformities are encountered, your registrar will likely conduct a follow-up audit before deciding whether your company can be certified.
Your ISO certificate can provide numerous marketing benefits, ranging from access to new customers and markets to increased prestige.
Start leveraging 9001 registration with a press release, targeted customer notifications, and by adding the certification mark to business cards, stationary and advertisements. Local customers can be informed of your success by flying a flag or banner outside your premises. Last but not least, keep motivation up and reward your employees for the hard work they put in.
Accreditation is not a one-off event after which you can close the chapter on ISO 9001. In fact, losing focus after the certification audit is a common mistake.
To verify continued implementation and continual improvement of your ISO system, your registrar will perform periodic surveillance audits, usually once or twice a year. If you implemented your quality management system correctly, an automatic improvement mechanism is built in. Just make sure your ISO processes remain implemented, continue your internal audits, and you'll see your company's performance improvements reflected at the bottom line.
ISO 9001 for small businesses and midsize companies can be straightforward and rewarding – if done right. No matter if you opt for a full-service consultancy, the Do-It-Yourself approach, or a custom hybrid solution, we've got you covered. Either way your company will benefit from our uniquely simplified approach to ISO 9001.
Contact us anytime and let our experts evaluate your situation and give you thoughtful advice.
Comprehensive toolkit that guides company staff without prior experience to achieve certification.
Efficient / zero bureaucracy
Certification in 3-6 months
USD 2,490.00Discover the Toolkit
Experienced consultants set up a custom ISO 9001 system for you and guarantee certification.
Efficient / zero bureaucracy
Certification in 1-2 months
From USD 15,000.00Explore Consultancy
Combine the Do-It-Yourself kit with targeted consultancy to address specific concerns.
Efficient / zero bureaucracy
Certification in 2-6 months
From USD 4,000.00Consider Hybrid
If you enjoyed this article, subscribe for updates.
Stay in touch with our free resources on ISO 9001.
We won't send you spam. Unsubscribe at any time.
Thanks. Your message has been sent. We'll get back to you as soon as possible.
We'll reply ASAP