What are you looking for?
ISO 9001 is the world's best known and most popular quality management standard. It can be implemented quickly with minimal investment and will improve your business in several important ways. This 5-step guide shows you how.
This browser does not support the video element.
Step 1: Preparation
The first step addresses the preparation needed to implement ISO 9001 at your small or midsize company – including making a decision on your certification approach. It's an important step that sets the foundation of your project and affects the long-term success of your ISO system.
What Do You Want to Gain From ISO 9001?
ISO 9001 can bring many benefits, ranging from operational improvements to marketing advantages. How you benefit from ISO depends on your organization's circumstances and the goals you set.
So start your preparation by defining the benefits you want to gain. Focus on operational rewards. Then convert them into tangible objectives.
Define the Scope
Rather than applying ISO 9001 to every part of your organization, you could restrict its application to specific departments. You could even roll out your certification gradually, starting with the most critical functions.
If you are tempted (initially) to limit the scope of ISO, you should consider the pros and cons. Generally, though, it's better and more beneficial to apply ISO 9001 throughout your organization
Which Implementation Approach Is Best For You?
Though there are different ways to get ISO 9001 certified, most companies either outsource their ISO 9001 implementation to a consultant or do it by themselves in-house using a toolkit. It's also possible to integrate both approaches. For example, you could combine the Do-It-Yourself approach with some initial consultancy to kick-start your project. Or, if you already have internal ISO expertise, you could do it all from scratch, and get help along the way by using documentation templates and video training. Factors like urgency, budget and staff availability determine the best approach for your company. You'll find more guidance in our review of the consultant and DIY implementation approaches.
No matter your approach, you can achieve certification without any consultant, auditor or registrar visiting your premises. Leveraging communications technology, the entire process – including certification – can be done remotely.
Who Is Responsible?
The person responsible for implementing ISO and maintaining it after certification is called the "ISO 9001 Management Representative". This individual is often a quality manager or executive, but could be anybody with sufficient authority to implement and change operational processes.
Companies with multiple locations can appoint a "local" Management Representative at each site, while a "corporate" Management Representative manages company-wide processes. Done right, you can gain flexibility and simplicity from this setup. Note that our certification toolkit can be configured as multi–site version.
To get your business 9001 certified and manage the quality system thereafter, you need to familiarize yourself with:
The ISO 9001:2015 standard and its requirements
The most-widely accepted interpretations of the standard and how to apply them
Implementation steps (similar to this guide but in greater detail)
If you are using a consultant to get certified, you could learn enough by working side-by-side with the expert. Otherwise, smaller companies might prefer an online implementation course, while larger companies with an entire implementation team will benefit greatly from customized training (on-site or remote).
Gain Executive Support
Your company's top management plays an important role in ISO 9001. Avoid a common mistake and give your leadership the knowledge they need:
Awareness of all potential benefits (internal, operational and marketing) of ISO accreditation
Good grasp of the implementation steps and the necessary time, resources, and budget
Understanding of their own involvement in ISO 9001
Generate Employee Buy-In
Manager and employee support is crucial for the success of your ISO system. Inform your staff properly – and early – of:
The plan for ISO 9001 and the steps to gain certification
The benefits to them and their work
The expectations regarding their cooperation
Plan Your Project
We recommend keeping your project planning simple. Focus on implementation steps, milestones, and target dates. Small and midsize companies, in particular, should try to avoid Gantt charts and the sort of complexities likely to arise from bloated steering committees.
Some companies will find a gap analysis useful to judge the extent to which the organization is already ISO 9001 compliant and where implementation efforts should be concentrated. Most consultants use this tool to familiarize themselves with the company. But for a small or medium sized business, it's usually not necessary to perform a gap analysis.
The step-by-step project guide included with good certification kits can take the stress out of developing your project plan. Small companies can even use the guide to formulate their own plan. Another option is to have a consultant do the planning for you.
Go to Step 2
Step 2: Documentation
Writing the documentation is often considered the most difficult implementation step. This is because documents have to meet the technical requirements of the ISO 9001 standard, which some people find hard to understand, interpret, and apply to their company.
It's crucial that your ISO documentation fits the needs and circumstances of your business. So be careful when having a consultant write procedures without being sufficiently familiar with your company. Even the Do-It-Yourself approach can lead to ill-fitting documentation if you use inferior templates with poor customization instructions.
Which Documents Do I Need?
Though ISO 9001 has become less prescriptive regarding the number of required documents, these should be part of your quality management system:
Process maps (flowchart)
While there are specific requirements for the quality policy, objectives and scope, you have a lot of flexibility as to the number and content of procedures, work instructions, forms, and process maps.
We recommend you create as many procedures as needed to properly address every 9001 requirement. There's no need to follow the structure of the ISO standard; instead, your procedures may combine or split up ISO 9001 clauses as appropriate to your business.
In addition to the more high-level procedures, you'll need to describe the detailed steps of performing work processes though work instructions. We will address this in Step 3.
Forms and checklists aren't specifically mentioned by the standard. However, they can be considered both work instructions (before they are filled in) and records (after they are filled in) – both of which are addressed by the standard. We recommend creating forms and checklists where they can save time and effort in meeting ISO 9001 requirements.
Process maps are used to provide insights into workflows. We'll cover them in Step 3.
How to Create Documentation
Your ISO documents need to fit your business. They can't be written by somebody unfamiliar with your company. Even a company insider shouldn't do it in isolation.
Larger companies could have a multi-functional team write their high-level documentation. If you work for a small or midsize business, you can develop procedures and supporting forms yourself after obtaining staff input. Proceed as follows:
Tackle one clause at a time – study the requirements and generally accepted interpretations
Determine the organizational functions that are impacted
Explain the requirements to affected management and discuss possible ways the requirements could be adopted
Once you reach consensus on the optimal process, put it in writing
The standard doesn't prescribe any particular format, structure or numbering system so choose what works best for you and follow these tips:
Look for the simplest way to meet a requirement and adapt it to your business
Use your company's vernacular and avoid "ISO language"
Use diagrams and illustrations rather than long-winded text
The layout should be visually appealing and easy to understand
Avoid time-consuming references to other documents
Never include bureaucratic requirements, requirements that are not suitable for your company's circumstances or culture, or requirements that hinder your business operations and productivity
Where to Start
The requirements on document control in clause 7.5 of the ISO standard affect how you'll write, identify, and approve documents. It's the ideal procedure to start with before addressing the remaining requirements. Whenever you see record keeping requirements, consider if a form or checklist could be useful.
Preparing all ISO documents is quite time consuming, complicated, and prone to mistakes. But don't worry, there's a shortcut – documentation templates. These pre-written documents are designed to be tailored to your company's needs in accordance with the included customization instructions.
Templates are a core component of certification toolkits, and consultants use them as well. Since their quality varies widely, due diligence is needed. Base your evaluation on the above documentation tips and pay particular attention to the extent of the customization instructions.
Go to Step 3
Step 3: Implementation
During the implementation phase you will introduce your procedures to affected employees and help them adjust and improve their work processes accordingly.
To some extent, ISO 9001 implementation requires virtually all employees to change the way they work (for example, how they use documents). To make ISO succeed, the benefits of change need to be apparent, and your new procedures efficient, non-bureaucratic, and user-friendly.
One Step at a Time
Introduce one procedure at a time, starting with document control. Depending on the size of your company, you could explain the requirements in a staff meeting, or use a trickle-down approach where department managers highlight what's needed to their staff.
Implementing your procedures creates opportunities for wide-ranging improvements. Empower staff to redesign their work processes along the new ISO 9001 requirements. This will create motivation and lead to improved processes, and your new procedures will be adopted almost automatically.
It's best to visualize work processes through process maps on a white board. These flowcharts also help identify how different functions interconnect with each other and where bottlenecks, repetition, and delays occur.
Have Them Do Their Work Instructions
Work instructions are step-by-step directions on how to perform an activity. The ISO standard requires them where they add business value. This could be in the case of rarely-performed or high-risk activities, or work carried out by temporary or untrained staff.
Work instructions should be written by staff who actually perform the work. Any format will do if it's useful to the user, including text, flowcharts, pictures, screenshots and even videos. At least initially, you should review work instructions to verify compliance with ISO 9001 and your new procedures.
ISO 9001 includes numerous record-keeping requirements. As ISO requirements are gradually incorporated into daily business, records should be created, too. Auditors will review records when verifying compliance with the standard.
A Marketing Tip
If you're in a rush to get certified because your customers require it, you might be able to (partially) satisfy their demands early on. Inform them now of your pending ISO system and accreditation. Add substance by summarizing your procedures and announcing your planned certification date. If you are using our DIY certification approach, customize our quality manual and use it as a powerful marketing tool to promote your forthcoming ISO system.
Go to Step 4
Step 4: Internal Audit
Internal audits are self-inspections to check if your ISO 9001 system is effectively implemented. They are conducted prior to achieving certification, as well as periodically thereafter.
Internal audits are performed by employees who have undergone auditor training, though you may wish to consider outsourcing them. During the audit, work processes are observed, management and staff interviewed, and records examined. The objective is to verify compliance with ISO 9001, as well as with procedures and work instructions.
Small businesses typically have the ISO 9001 Management Representative or a safety inspector perform internal audits. Larger companies often appoint an audit team. Usually, the auditor role is an additional responsibility to regular job duties.
Auditors are not allowed to audit their own work. If your company has one internal auditor, another employee would need to inspect the duties of that auditor. But don't worry, learning auditing skills and performing ISO audits is neither difficult nor expensive with good online training and a detailed audit checklist.
Audits as Training Tool
Internal audits can help train management and staff in ISO 9001 processes, so you best start auditing before Step 3 has been completed. Initially, you might focus your audits on particular requirements. Later, you'll audit entire work processes.
Audits as Improvement Tool
Audits can be leveraged as a corporate improvement tool. You can use them to foster cross-training, and to identify and spread best business practices. To accomplish this, appoint and train several internal auditors from different functions, and apply these simple improvement techniques.
One Complete Audit
In order to be considered for ISO 9001 registration, you have to successfully conclude one complete internal audit. A complete audit covers your entire ISO quality management system, but not every department needs to be checked for compliance with every requirement. Also, the audit doesn't need to be conducted as a single event but can be split into several partial audits. You could, for example, focus on a particular department or process at a time.
Once your business has been audited against all ISO requirements, and the number of non-conformances (or noncompliances) have decreased to a manageable amount, your company will be ready for the certification audit.
Go to Step 5
Step 5: Certification
Your company will gain ISO 9001 certification after passing a complete audit conducted by an independent, third-party auditor. This certification audit can be conducted on-site or remotely. You can schedule it after your complete internal audit AND after accumulating about 1-2 months worth of ISO records.
Selecting Your ISO 9001 Registrar
The ISO 9001 registrar is the independent entity that sends the auditor and issues your 9001 certificate. A reputable registrar must be officially accredited by a national accreditation body. Start your search on the internet or get several custom quotes through our registrar finder. Compare the candidates and evaluate them against your company's criteria. A good DIY toolkit or consultant will help with the selection process.
The ISO 9001 Certification Audit
The ISO 9001 certification audit is similar to your internal audits. Your registrar will assign an auditor or audit team to verify that the 9001 standard, your procedures and work instructions are effectively implemented and adhered to by management and employees. The audit is conducted either on-site or remotely through video conferencing or other technology.
Most audits uncover at least a few minor issues. In this case, all you need to do is prepare a plan for corrective action and you can receive your certificate. But if severe noncompliances (non-conformances) are encountered, a follow-up audit may be necessary before the ISO certificate can be issued.
How to Prepare for the Certification Audit
Prepare your staff and address the following issues prior to the audit day:
Reduce anxiety – explain what to expect from the audit and the auditor
Tidy up – be sure that there are no outdated or uncontrolled documents floating around
Practice – rehearse typical auditor questions and how to answer them truthfully without volunteering additional information
Frequently asked questions include:
"How do you know that you perform your work correctly" (the auditor wants to know about performance criteria and measurements), and
"How do you contribute to the objectives of your company's quality policy?" (checking understanding of the quality policy and its application in daily work)
Good consultants can help with the preparation. If you are implementing ISO 9001 by yourself, consider showing your staff a short multimedia video and the preparation tips included with good certification kits.
Reaping the Marketing Benefits
Your ISO certificate can provide numerous marketing benefits. Start leveraging 9001 registration with a press release, targeted customer notifications, and by adding the certification mark to business cards, stationary and advertisements. Local customers can be informed of your success by flying a flag or banner outside your premises. Last but not least, keep motivation up and reward your employees for the hard work they put in.
Accreditation is not a one-off event after which you can close the chapter on ISO 9001. In fact, losing focus after the certification audit is a common mistake.
To verify continued implementation and continual improvement of your ISO system, your 9001 registrar will perform periodic surveillance audits, usually once or twice a year. If you implemented ISO correctly, the improvement mechanism is built in. Just make sure your ISO processes remain implemented, continue your internal audits, and you'll see your company's performance improvements at the bottom line.
ISO 9001 for small businesses and midsize companies can be straightforward and rewarding if done right. If you opt for a Do-It-Yourself approach, excellent results can be achieved with our Certification Package. If you're in a hurry and don't have the time or inclination to do it yourself, consider our full-service consultancy solution to get certified. Either way, you'll benefit from our unique simplified approach to ISO 9001.
Contact us anytime. We'll evaluate your situation and give you thoughtful advice.
Go Back to Step 1
To find out more if and how to get ISO 9001 certified, consider the following resources in addition to this 5-step guide:
Our Learning Center
Our free resources are packed with information and practical tips, including advice on how to avoid the most common mistakes.
Effective and time-saving ways to fill any knowledge gaps can be found through our training recommendations.
The ISO 9001:2015 standard is something you will need to get. You may buy the standard as hard copy or downloadable PDF version.
If you enjoyed this article, subscribe for updates
Stay in touch with our free resources on ISO 9001
We won't send you spam. Unsubscribe at any time.
Thanks. Your message has been sent. We'll get back to you as soon as possible.
We'll reply ASAP