ISO 9001 Certification Process
8 August 2023
ISO 9001, the world's best known and most popular quality management standard, can be implemented quickly with minimal investment. This guide explains in detail how you can get certified in 5 steps. We also reveal how to make the process easy on you, steer clear of common pitfalls, and set up a meaningful ISO 9001 system that not only attains certification but also improves your business at the same time.
Overview of the ISO 9001 Certification Process
To get ISO 9001 certified, your company needs to set up an ISO 9001 compliant quality management system, verify its functionality and compliance through an internal audit, and undergo a certification audit by an external registrar.
While quick and easy certification is the goal for most companies, lasting success and sustainability hinge upon how the ISO 9001 system is set up. The key is to make your ISO system fit your company – not the other way around. Our "simplified" approach ensures that ISO 9001 works for you and makes your business processes leaner and more efficient.
How to Get ISO 9001 Certified
Particularly small and medium-sized companies don't need to make the certification process complicated. Our Five Steps to Certification show you how to get things done in a meaningful, yet stress-free, way. We include vital tasks often overlooked, bypass common mistakes, skip unnecessary Gantt charts and task force meetings, and simplify ISO 9001 for you. The steps are:
Step 1: Preparation
We start by laying the foundation for successful ISO 9001 certification, focusing on important activities activities such as training, conducting gap analyses, and planning.
Step 2: Documentation
Writing the required documentation is often considered the most difficult and time-consuming implementation step. At this point you will need to interpret every ISO 9001 requirement in the context of your company and develop custom procedures.
Step 3: Implementation
The implementation phase involves introducing the new procedures to affected employees and aiding them in adapting and improving their work processes accordingly. During this phase your company should see numerous process improvements and efficiency gains.
Step 4: Internal Audit
Internal audits serve as self-inspections to ensure the effective implementation of your ISO 9001 system across the company. A complete internal audit is mandatory before certification.
Step 5: Certification
ISO 9001 certification is awarded by an independent and accredited registrar following a successful certification audit. This step encompasses selecting the registrar, preparing for the two-stage certification audit, and undertaking activities related to marketing and sustaining your certification.
How to Get Started
To get started, you'll need to first decide on the best approach for your project: Will you handle it by yourself, access tools and support, or engage a consultant? Here are your options:
Option 1: Independent Implementation
Following the five steps outlined in this guide independently to achieve ISO 9001 certification is an option. However, you'll be, in a sense, reinventing the wheel, and despite investing substantial time and effort, there's a risk of costly mistakes. This route can become the most time-consuming and expensive choice.
Option 2: Supported DIY Method
Popular among small to medium-sized businesses, our ISO 9001 Certification Toolkit offers an inexpensive, swift, and easy approach to setting up ISO 9001 in-house. With our comprehensive DIY toolkit priced at only USD 2,490.00, companies typically achieve certification within 3-6 months, regardless of prior experience.
Option 3: Full Outsourcing
Outsourcing your entire ISO 9001 project to our senior consultants is ideal if you need quick certification and/or cannot assign dedicated staff. With our full-service ISO 9001 Certification Service starting at USD 14,990.00, companies can achieve certification in 2-3 months.
Option 4: Hybrid Approach
Combining our DIY toolkit with targeted consultancy offers a customized solution. You'll do the work in-house while engaging us for specific tasks such as kick-starting the project or performing the internal audit for you. Prices for this Hybrid Approach vary based on needs but typically start at USD 3,990.00 for certification in 2-6 months.
Whichever option you select, you'll receive a customized ISO 9001 system prioritizing simplicity and operational advantages.
Five Steps to Certification
This comprehensive guide offers a detailed roadmap to achieving ISO 9001 certification. It explains each step in the establishment of an effective and sustainable ISO 9001 system tailored to support your business needs. Read on for a thorough breakdown of these steps.
If you choose to independently pursue ISO 9001 certification, it's highly recommended to study the following steps in detail and follow them to the letter. Don't cut corners.
Alternatively, if you decide on any of the other outlined approaches, this guide's detailed five-step process is seamlessly integrated into our Do-It-Yourself toolkit and upheld by our consulting services, making further study unnecessary.
Step 1: Preparation
The first step addresses the preparation needed to achieve ISO 9001 certification at your small or midsize company. Don't cut corners during this phase! Preparing well not only affects the immediate success of your certification project but also the sustainability of the quality management system.
Who Is Responsible?
No matter how you pursue certification, your company needs an ISO 9001 point person (often called "ISO 9001 Management Representative") who is responsible for achieving and maintaining certification. It's often a quality manager or executive, but could be anybody with sufficient authority to implement and change operational processes. We also recommend that companies with multiple locations apply a decentralized approach and appoint additional local management reps. Done right, you'll gain flexibility and simplicity from this setup.
If you are in charge of getting your company ISO 9001 certified and manage the quality system thereafter, you'll need to be familiar with the ISO 9001:2015 standard, understand its requirements and how to apply them at your own company. You'll also need to be able to plan and execute the certification project.
If you are using a consultant to get certified, you could learn enough by working side-by-side with the expert without getting formal training. Otherwise, smaller companies might prefer an online implementation course, while larger companies with an implementation team benefit most from a remote or on-site custom course that combines training with hands-on implementation activities.
Gain Executive Support
Don't take this lightly. Top management plays an important role in ISO 9001. It's critical that they not only support the ISO project but also "walk the talk". The first step in achieving active support is providing management with the needed knowledge and teach them about their own role in ISO 9001.
Given the typical time constraints of top managers, we recommend a concise online course.
Set the Goals
ISO 9001 can bring numerous benefits, both operational and marketing. But your company won't just "automatically" achieve them. How you benefit from ISO depends not only on your organization's circumstances but most importantly on the goals set. So start your ISO certification project by helping the leadership team to define the benefits they want to gain. Focus on operational rewards. Then convert them into tangible objectives.
Define the Scope
Rather than applying ISO 9001 to every part of your organization, you could exclude specific departments, products or locations. Or you could roll out your certification gradually, starting with the most critical functions. The pros and cons of limiting the scope of ISO, though, need to be carefully considered. There is much to be gained by uniformly applying ISO 9001 to the entire organization.
This must not be delayed. Inform your staff about ISO before rumors start. Show them how ISO 9001 certification will not only benefit your company but also each employee. Explain the positive effects on work processes, employee satisfaction, and job security. Get them motivated to take part in the ISO project.
The easiest and most flexible way to generate buy-in is a short online course. An alternative is a short motivational video or a customized live course that can be conducted on-site or via video conference.
Conduct a Gap Analysis
Many companies will find a gap analysis useful to judge the extent to which their organization is already ISO 9001 compliant and where gaps exist. The results will help you determine where implementation efforts should be concentrated. You'll be able to prepare a better project plan with more accurate milestones and target dates. ISO 9001 consultants use the gap analysis to familiarize themselves with your company.
But the gap analysis is not mandatory. Particularly small and medium sized businesses implementing ISO 9001 in-house will find it more efficient to conduct several targeted "mini gap analyses" during the documentation and implementation phases.
Plan Your Project
We recommend keeping your project planning simple. Focus on implementation steps, milestones, and target dates, and assign responsibilities. Small and midsize companies, in particular, should try to avoid Gantt charts and the sort of complexities likely to arise from bloated steering committees.
Good certification kits simplify the planning phase. But you could also utilize our handy ISO 9001 implementation checklist to formulate a plan with responsibilities and target dates. Another option is to have a consultant develop a custom plan for you.
Step 2: Documentation
Writing the documentation is often considered the most difficult implementation step. For one, documents have to meet the technical requirements of the ISO 9001 standard, which some people find hard to understand, interpret, and apply to their company. But it's also the importance of getting these documents right as they directly impact on your business operations.
It's critical that your ISO documentation is adapted to the needs and circumstances of your business. You can't just copy somebody else's procedures. Customization is key. If you outsource your certification process, allow the consultant to first become sufficiently familiar with your company before he/she starts writing your documentation. If you use templates, pay attention to flexibility and customization instructions.
Which Documents Do I Need?
Though ISO 9001 has become less prescriptive regarding the number of required documents, the following should be part of your quality management system:
Process maps (flowchart)
While there are specific requirements for the quality policy, objectives and scope, you have a lot of flexibility as to the number and content of procedures, work instructions, forms, and process maps.
We recommend you create as many procedures as needed to properly address every 9001 requirement. There's no need to follow the structure of the ISO standard; instead, your procedures may combine or split up ISO 9001 clauses as appropriate to your business.
In addition to the more high-level procedures, you'll need to describe the detailed steps of performing work processes though work instructions. We will address this in Step 3.
Forms and checklists aren't specifically mentioned by the standard. However, they can be considered both work instructions (before they are filled in) and records (after they are filled in) – both of which are addressed by the standard. We recommend creating forms and checklists where they can save time and effort in meeting ISO 9001 requirements.
Process maps are used to provide insights into workflows. We'll cover them in Step 3.
Records provide evidence that your organization meets the requirements stated in the procedures, quality policy, quality objectives and work instructions. There are 16 clauses in which ISO 9001:2015 specifically requires records.
How to Create Documentation
Your ISO documents need to fit your business. They can't be written by somebody unfamiliar with your company. Even a company insider shouldn't do it in isolation.
Larger companies could have a multi-functional team write their high-level documentation. If you work for a small or midsize business, you can develop procedures and supporting forms yourself after obtaining staff input. Proceed as follows:
Tackle one clause at a time – study the requirements and generally accepted interpretations
Determine the organizational functions that are impacted
Establish the current level of compliance (based on gap analysis)
Explain the requirements to affected management and discuss possible ways the requirements could be adopted
Once you reach consensus on the optimal process, put it in writing
The standard doesn't prescribe any particular format, structure or numbering system so choose what works best for you and follow these tips:
DO look for the simplest way to meet a requirement and adapt it to your business
DO use your company's vernacular and avoid "ISO language"
DO use diagrams and illustrations rather than long-winded text
DO use layout that's visually appealing and easy to understand
DON'T include time-consuming references to other documents
DON'T include bureaucratic requirements, requirements that are not suitable for your company's circumstances or culture, or requirements that hinder your business operations and productivity
Where to Start
The requirements on document control in clause 7.5 of the ISO standard affect how you'll write, identify, and approve documents. It's the ideal procedure to start with before addressing the remaining requirements. Whenever you see record keeping requirements, consider if a form or checklist could be useful.
Preparing all ISO documents is rather time consuming, complicated, and prone to mistakes. But don't worry, there's a shortcut – documentation templates. These pre-written documents are designed to be tailored to your company's needs; the included customization instructions show you how.
Templates are a core component of certification toolkits, and consultants use them as well. Since their quality varies widely, due diligence is needed. Base your evaluation on the above documentation tips and pay particular attention to the extent of the customization instructions.
Step 3: Implementation
During the implementation phase you will introduce your procedures to affected employees and help them adjust and improve their work processes accordingly.
ISO 9001 implementation requires virtually all employees to change the way they work to some extent (for example, how they use documents). To make your quality management system succeed, there needs to be an incentive to adopt new work processes. It's essential that your new procedures are efficient, non-bureaucratic, and user-friendly.
Introduce the Quality Policy
Start the implementation phase by having top management communicate the quality policy, what it means and how the company will enact it. It's important - and a requirement - that staff understand the policy and can relate to it in terms of their own job responsibilities.
Provide Manager Training
Department managers and team leaders will utilize the ISO 9001 system the most – and will have a major impact on the success of your ISO implementation. It's best to teach them how to use ISO to achieve tangible benefits and then let them adopt an active role during implementation. Our uniquely targeted, online manager training is best suited.
Introduce the Procedures
Introduce one procedure at a time, starting with document control. Depending on the size of your company, you could explain the requirements in staff meetings, or use a trickle-down approach where you leave the explanations to department managers.
Achieve Process Improvement
Implementing the procedures creates opportunities for process improvement. Empower staff to redesign their work processes along the new ISO 9001 requirements. This will create motivation, lead to improved processes, and the ISO procedures will be adopted almost automatically.
Teams start by visualizing their existing work processes through process maps on a white board. These flowcharts will help to identify how different functions interconnect, and where bottlenecks, repetition, and delays occur. Once there is consensus on improvements, the redesigned workflows should be documented.
Have Them Do Their Work Instructions
Work instructions are step-by-step directions on how to perform an activity. The ISO standard requires them where they add business value. This could be in the case of rarely-performed or high-risk activities, or work carried out by temporary or untrained staff.
Work instructions should be written by staff who actually perform the work. Any format will do if it's useful to the user, including text, flowcharts, pictures, screenshots and even videos. At least initially, you should review work instructions to verify compliance with ISO 9001 and your new procedures.
ISO 9001 includes numerous record-keeping requirements. As ISO requirements are gradually incorporated into daily business activities, records should be generated. Auditors will review records when verifying compliance with the standard.
Reap Early Marketing Benefits
You aren't certified yet – but ISO could already pay off in marketing. You might even be able to satisfy potential customers who made accreditation a prerequisite.
Inform your customers now of your pending accreditation. Add substance by describing your QMS, summarizing your procedures, and announcing your planned certification date. Users of our certification system simply use our special quality manual template for this purpose.
Step 4: Internal Audit
Internal audits are self-inspections to check if your ISO 9001 system is effectively implemented. During the audit, work processes are observed, management and staff interviewed, and records examined. The objective is to verify compliance with ISO 9001, as well as with your procedures and work instructions. Internal audits are conducted prior to achieving certification, as well as periodically thereafter.
Internal audits are typically performed by employees who take on the auditor role as an additional responsibility. Some companies prefer to outsource the audit program.
Set Up the Audit Program
When setting up your audit program, you develop an audit schedule and methods to plan and prepare your audits. You'll also prepare documents, forms and checklists that support your audits. It's easy with an audit toolkit.
You'll also appoint one or more auditors. Small businesses typically have the ISO 9001 point person, quality manager, or a safety inspector perform internal audits. Larger companies often appoint an audit team. Usually, the auditor role is an additional responsibility to regular job duties.
Provide Auditor Training
Auditors need to be familiar with the ISO 9001:2015 standard, be able to verify if its requirements are effectively implemented, and have otherwise good auditing skills. They also need to be able to report audit findings and follow up on corrective action. Ideally they also have the skills to promote best practices and add operational value.
Start Your Audits Early
Internal audits can be leveraged as a training tool to support the ISO implementation. You can use them to train management and staff in your new processes. Therefore, the best time to start auditing is during Step 3 - Implementation. Initially, you might focus your audits on particular requirements or procedures. Later, you'll audit entire work processes.
Conduct a Complete Audit
In order to be considered for ISO 9001 registration, you have to successfully conclude one complete internal audit. A complete audit covers your entire ISO quality management system, but not every department needs to be checked for compliance with every requirement. Also, the audit doesn't need to be conducted as a single event but can be split into several partial audits. You could, for example, focus on a particular department or process at a time.
Another alternative is to outsource this audit to our experienced lead auditors. This way you can be confident that each and every issue with your quality management system gets identified. We'll even guarantee that you'll pass your subsequent certification audit.
Once your business has been audited against all ISO requirements and any identified nonconformities have been addressed, your company will be ready for the certification audit.
Step 5: Certification
In order to gain ISO 9001 certification, your company needs to undergo a certification audit conducted by an independent, third-party auditor. This assessment is similar to your internal audits but scope and number of audit days are regulated. Once your company successfully completed the audit and addressed any identified nonconformities to the satisfaction of the auditor, the ISO 9001 certificate with 3-year validity can be issued.
Before the certification audit can be conducted, it is necessary for your company to complete a full internal audit and accumulate enough records for the auditor to verify effective implementation of your quality management system and adherence to all ISO 9001 requirements. Often 1-2 months worth of records are enough.
Select Your Registrar
The ISO 9001 registrar is the independent entity that sends the auditor or audit team and issues your 9001 certificate. Reputable registrars are accredited by a national accreditation board.
Start your search on the internet or get several custom quotes through our free registrar finder service. Compare the candidates and evaluate them against your company's criteria. A good DIY toolkit or consultant will help with the selection process.
Prepare Company and Staff
Preparing for the certification audit is a good opportunity to check work areas and tidy up. Be particularly wary of outdated or uncontrolled documents floating around. It's also important to prepare your staff to face the auditor.
Reduce anxiety and explain what to expect from the audit and the auditor
Explain how to interact with auditors and answer their questions truthfully without volunteering additional information
Rehearse typical auditor questions and how to answer them, including:
"How do you know that you perform your work correctly?" – – the auditor wants to know about performance criteria and measurements
"How do you contribute to the objectives of your company's quality policy?" – – checking understanding of the quality policy and its application in daily work
Preparation activities should be conducted during the day(s) leading up to the audit. Good consultants can help with the preparation. If you are implementing ISO 9001 by yourself, consider showing your staff a short explanatory video; also, a good certification kit should include preparation instructions and tips.
Pass the Stage 1 and Stage 2 Audits
The certification audit is divided into two stages: the first is a review of your documentation, the second is the actual audit of your work processes. The stage 1 audit is conducted remotely, while the stage 2 audit can be conducted on-site or remotely depending on your registrar and your choice.
Most audits uncover at least a few minor issues. Unless the nonconformities a severe, you'll only need to correct them and inform your registrar before your ISO 9001 certificate can be issued. If major nonconformities are encountered, your registrar will likely conduct a follow-up audit before deciding whether your company can be certified.
Market Your Certification
Your ISO certificate can provide numerous marketing benefits, ranging from access to new customers and markets to increased prestige.
Start leveraging 9001 registration with a press release, targeted customer notifications, and by adding the certification mark to business cards, stationary and advertisements. Local customers can be informed of your success by flying a flag or banner outside your premises. Last but not least, keep motivation up and reward your employees for the hard work they put in.
Accreditation is not a one-off event after which you can close the chapter on ISO 9001. In fact, losing focus after the certification audit is a common mistake.
To verify continued implementation and continual improvement of your ISO system, your registrar will perform periodic surveillance audits, usually once or twice a year. If you implemented your quality management system correctly, an automatic improvement mechanism is built in. Just make sure your ISO processes remain implemented, continue your internal audits, and you'll see your company's performance improvements reflected at the bottom line.
Getting ISO 9001 certified can be straightforward and rewarding – if done right. By diligently following our five-step certification process, you'll be able to implement an ISO 9001 compliant quality management system that not only meets the standard but also enhances your business operations.
Whether you do it yourself with our comprehensive toolkit or prefer to leverage our experienced consultants, remember that the ultimate goal is to make ISO 9001 work for your business, not the other way around. The key is to ensure that the ISO system is intricately tailored to your organization's needs, making your business processes leaner and more efficient.
Also, remember that attaining ISO 9001 certification is not merely a one-off event. Instead, it's a continuous journey that involves integrating the quality management system into daily operations and constantly seeking improvement.
To make your next step on this journey towards operational excellence, contact us for thoughtful advice or simply choose one of the implementation options below.