ISO 9001:2015 Certification Process: Expert Insights
3 April 2024
ISO 9001, the world's best known and most popular quality management standard, can be implemented quickly with minimal investment. This comprehensive guide will walk you through the five steps to get ISO 9001 certified. We will also provide insights on how to streamline the process, avoid common pitfalls, and establish an ISO 9001 system that not only achieves certification but also improves your business operations.
0:54
Overview of the ISO 9001 Certification Process
To obtain ISO 9001 certification, your company must establish an ISO 9001 compliant quality management system, ensure its functionality and compliance through internal auditing, and undergo a certification audit conducted by an external registrar.
While the goal for most companies is quick and easy certification, long-term success and sustainability depend on how the ISO 9001 system is set up. It is crucial to tailor the ISO system to fit your company and its unique needs. Our "simplified" approach ensures that ISO 9001 works for you, making your business processes leaner and more efficient.
How to Get ISO 9001 Certified in 5 Steps
Small and medium-sized companies, in particular, do not need to complicate the certification process. This practical guide provides a meaningful and stress-free approach. We address commonly overlooked tasks, avoid common mistakes, skip unnecessary Gantt charts and task force meetings, and simplify ISO 9001 for you. The steps involved are:
Step 1: Preparation
A solid foundation is crucial for successful ISO 9001 certification.
Preparation focuses on essential activities such as training, conducting gap analyses, and planning.
Step 2: Documentation
Writing the required documentation is often seen as the most challenging and time-consuming step in the implementation process.
At this stage, you must interpret each ISO 9001 requirement in the context of your company and develop custom procedures.
Step 3: Implementation
The implementation phase involves introducing the new procedures to your employees and helping them adapt and improve their work processes accordingly.
This phase should yield numerous process improvements and efficiency gains for your company.
Step 4: Internal Audit
Internal audits serve as self-inspections to ensure the effective implementation of your ISO 9001 system throughout the organization.
A thorough internal audit is mandatory prior to certification.
Step 5: Certification
ISO 9001 certification is granted by an independent, accredited registrar following a successful certification audit.
This step includes selecting the registrar, preparing for the two-stage certification audit, and engaging in activities related to marketing and sustaining your certification.
Do I Need to Read This?
If you choose our assistance, you can relax and skip the details, knowing that the five-step process is seamlessly integrated into our Do-It-Yourself toolkit and supported by our consulting services.
Real-World Example
Environmental Painting Alternatives (EPA), facing urgent pressure to achieve ISO 9001 certification when a long-standing client suddenly mandated it, opted for our full consultancy service to expedite the process. Conversely, AirportCreators leveraged our guided toolkit for in-house implementation, recognizing that "involving the team will facilitate long-term ISO utilization."
Explore our detailed case studies to gain insights into diverse ISO 9001 certification strategies employed by various organizations.
If, however, you decide to pursue ISO 9001 certification independently, we highly recommend studying the following steps meticulously and adhering to them fully. Cutting corners will jeopardize the effectiveness of your implementation.
This guide provides a detailed roadmap to achieving ISO 9001 certification. It breaks down each step necessary to establish an effective and sustainable ISO 9001 system tailored to your business needs. Continue reading for a thorough breakdown of these steps.
Contents
Preparation
Documentation
Implementation
Internal Audit
Certification
Step 1: Preparation
Achieving ISO 9001 certification can bring numerous benefits to small or midsize companies, but proper preparation is essential for success. This stage not only affects the immediate outcome of the certification project, but also the long-term sustainability of the quality management system.
Who is Responsible?
Regardless of the approach taken, companies pursuing certification require an ISO 9001 point person (often referred to as "ISO 9001 Management Representative") who is responsible for achieving and maintaining certification. Typically, this individual should be a quality manager or executive but can be anyone with sufficient authority to implement and change operational processes. We strongly advise companies with multiple locations to take a decentralized approach and appoint local management reps. If performed properly, this approach offers flexibility and simplicity.
Get Trained
If you are managing the certification process and quality system, you must understand the ISO 9001:2015 standard and its requirements and know how to apply them within your company. You must also be able to plan and execute the certification project.
Working with a consultant can provide valuable experience and knowledge, but the absence of formal training can be considered a drawback. Our flexible online course is ideal for individuals and small implementation teams, while larger groups should consider our customized training that blends lectures with practical implementation activities.
Gain Executive Support
Top management plays a crucial role in ensuring the success of the ISO 9001 project. It's not enough for them to support the project, but they must also "walk the talk." It's vital to provide executives with the necessary comprehension and guidance of ISO 9001's role in the business.
Given the typical time constraints of top managers, we recommend our concise online course.
Set Your Goals
ISO 9001 certification can offer substantial benefits, both on the operational and marketing fronts. Still, your organization won't automatically achieve them without proactive measures. Accordingly, the first step towards ISO certification involves defining the benefits you desire by helping your leadership team identify them. Focus on operational rewards, then translate them into tangible objectives.
Define the Scope
Instead of applying ISO 9001 to the entire organization, you can exclude certain products, departments, or locations. Alternatively, you could gradually roll out certification, starting with critical functions. However, the pros and cons of limiting the scope need careful consideration. Uniformly applying ISO 9001 to your organization's entire scope can bring significant benefits.
Create Enthusiasm
Ensure your staff is familiar with ISO before rumors start. Enlighten them on how ISO 9001 certification can benefit the company as well as individual employees. Explain its positive effects on job security, employee satisfaction, and work processes to motivate them to become stakeholders in the ISO project.
The easiest and most flexible way to generate buy-in is by offering our online awareness course that can be taken at any time.
Conduct a Gap Analysis
Conducting a gap analysis can be useful in assessing how compliant your organization is with ISO 9001 and the areas where gaps exist. This information will help you identify which implementation efforts require more focus. You'll be able to prepare a better project plan with more accurate milestones and target dates. ISO 9001 consultants use gap analysis to familiarize themselves with your company.
Particularly for small and medium-sized businesses undertaking ISO 9001 implementation in-house, multiple targeted "mini gap analyses" during the documentation and implementation stages could be more effective.
Plan Your Project
We suggest that project planning should be simple, focusing on implementation steps, milestones, target dates, and assigning responsibilities. Small and midsize companies should avoid Gantt charts and complexities that may arise from bloated steering committees.
Good certification kits simplify this phase, but you could also utilize our helpful ISO 9001 implementation checklist to create a plan with responsibilities and timelines, or have a consultant develop a custom plan that best suits your needs.
Step 2: Documentation
When pursuing ISO 9001 certification, one of the most challenging implementation steps is the creation of documentation. This process can be daunting due to the necessity of aligning documents with the technical requirements of the ISO 9001 standard while at the same time understanding, interpreting, and applying these requirements to your company.
As these documents directly impact your business operations, it's imperative to accurately craft and tailor them to the unique needs and circumstances of your business. If outsourcing the certification process, ensure that the consultant becomes well-acquainted with your company before commencing documentation writing. If using templates, pay close attention to flexibility and customization instructions to ensure they align with your specific requirements.
Which Documents Do I Need?
While ISO 9001 has become less prescriptive regarding the number of required documents, several key components must be part of your quality management system:
Quality policy
Quality objectives
Scope statement
Procedures
Work instructions
Forms
Process maps (flowchart)
Although specific requirements exist for the quality policy, objectives, and scope, there is flexibility in the number and content of procedures, work instructions, forms, and process maps.
We recommend creating as many procedures as necessary to adequately address every requirement of ISO 9001. You are not obligated to follow the structure of the ISO standard; instead, your procedures may combine or split up ISO 9001 clauses according to the needs of your business.
In addition to high-level procedures, detailed steps for performing work processes need to be described through work instructions, a topic that will be addressed in Step 3.
Forms and checklists are not explicitly mentioned in the standard. However, they can function as both work instructions (before completion) and records (after completion), both of which are addressed by the standard. Creating forms and checklists where they can save time and effort in meeting ISO 9001 requirements is advisable.
Process maps are utilized to provide insights into workflows and will be covered in Step 3.
Records
Records provide evidence that your organization meets the requirements stated in the procedures, quality policy, quality objectives, and work instructions. ISO 9001:2015 specifically requires records in 16 clauses.
How to Create Documentation
Your ISO documents must be tailored to fit your business and cannot be effectively written by someone unfamiliar with your company. Even a company insider should not undertake this task in isolation.
In larger companies, a multi-functional team could be involved in writing high-level documentation. However, for small or midsize businesses, developing procedures and supporting forms can be done after obtaining staff input. Here's a suggested approach:
Tackle one clause at a time – study the requirements and generally accepted interpretations
Determine the organizational functions that are impacted
Establish the current level of compliance (based on gap analysis)
Explain the requirements to affected management and discuss possible ways the requirements could be adopted
Once consensus on the optimal process is reached, put it in writing
Documentation Tips
The standard does not prescribe any particular format, structure, or numbering system. However, the following tips can guide you:
DO look for the simplest way to meet a requirement and adapt it to your business
DO use your company's vernacular and avoid "ISO language"
DO use diagrams and illustrations rather than long-winded text
DO use a visually appealing and easy-to-understand layout
DON'T include time-consuming references to other documents
DON'T include bureaucratic requirements or requirements that are not suitable for your company's circumstances or culture
Where to Start
The requirements on document control in the ISO standard's clause 7.5 have an impact on how you write, identify, and approve documents. Commencing with this procedure before addressing the remaining requirements is ideal. When you encounter record-keeping requirements, consider the potential usefulness of forms or checklists.
Shortcuts
Preparing all ISO documents can be time-consuming, complicated, and prone to mistakes. However, there's a solution – documentation templates. These pre-written documents are designed to be tailored to your company's needs, with included customization instructions to guide you.
Templates are a core component of certification toolkits, and consultants often utilize them. When evaluating templates, pay particular attention to the extent of the customization instructions and ensure they align with your specific needs.
Step 3: Implementation
Now that you've carefully designed your quality management system in line with ISO 9001 requirements, it's time to translate your plans into action. The implementation phase is critical, as it involves introducing your procedures to your workforce and guiding them through necessary adjustments to improve their work processes.
During ISO 9001 implementation, it's vital to recognize that virtually all employees will need to modify the way they work to some extent, for instance, in how they handle documents. To ensure the success of your quality management system, it's imperative to create a compelling incentive for adopting these new work processes. Additionally, the new procedures should be designed to be efficient, non-bureaucratic, and user-friendly, encouraging seamless integration into daily operations.
Introduce the Quality Policy
Initiate the implementation phase with top management communicating the quality policy, outlining its significance, and illustrating how the company will put it into practice. Crucially, staff members must comprehend this policy and be able to connect it to their individual job responsibilities, as this understanding is a mandatory part of the ISO 9001 certification requirements.
Provide Manager Training
Department managers and team leaders play a pivotal role in making the ISO 9001 system an integral part of daily operations. It's crucial to equip them with the knowledge and skills to leverage ISO 9001 for tangible benefits and involve them actively in the implementation process. Our specialized online manager training is tailored to effectively support this crucial aspect of the ISO 9001 certification process.
Introduce the Procedures
A key step in the implementation process is to introduce procedures gradually, beginning with document control. The method of communicating these requirements can vary based on the size of your organization, ranging from staff meetings to a trickle-down approach where explanations are delegated to department managers.
Achieve Process Improvement
Implementing these procedures presents an opportunity for process improvement. Empower your staff to redesign their work processes to align with the new ISO 9001 requirements. This approach fosters motivation, leads to enhanced processes, and facilitates the automatic adoption of ISO procedures.
Teams can initiate this by visually mapping their existing work processes on a whiteboard, using flowcharts to identify interconnections between different functions and pinpointing bottlenecks, repetition, and delays. Once a consensus on improvements is reached, the redesigned workflows should be documented.
Have Them Develop Their Work Instructions
Work instructions – offering detailed step-by-step guidance for various activities – are essential under the ISO standard, particularly where they add business value or pertain to rarely-performed or high-risk activities.
These instructions should be authored by staff members directly involved in the work, using any format, from text to flowcharts to visual media, as long as it's beneficial to the end user. Initially, a review of these work instructions should be conducted to ensure compliance with ISO 9001 and your newly established procedures.
Keep Records
ISO 9001 necessitates comprehensive record-keeping. As you integrate ISO requirements into your operations, records are being created and kept on file. These records will be subject to review by auditors when assessing compliance with the standard.
Reap Early Marketing Benefits
Although your company is not yet certified, the implementation of ISO 9001 can already yield marketing advantages. It may even position you to fulfill the requirements of potential customers who consider accreditation a prerequisite.
Inform your customers proactively about your pending accreditation. Enhance this communication by describing your Quality Management System, summarizing your procedures, and announcing your intended certification date. Our certification toolkit includes a unique template designed to facilitate this important communication process.
Step 4: Internal Audit
In your journey to obtain ISO 9001 certification, internal audits play a critical role in ensuring the effectiveness of your quality management system. These self-inspections involve observing work processes, interviewing management and staff, and examining records. The objective is to verify compliance not only with ISO 9001 requirements but also with your own procedures and work instructions. Internal audits must be conducted before seeking certification and periodically thereafter.
Typically, internal audits are performed by employees who take on the additional responsibility of being auditors. However, some companies prefer to outsource the audit program to external professionals. The choice depends on the resources and expertise available within your organization.
Set Up the Audit Program
To establish an effective audit program, you need to develop an audit schedule and methods for planning and preparing your audits. This includes creating documents, forms, and checklists that support the audit process. Fortunately, with the right tools and resources, such as an audit toolkit, setting up your audit program can be a straightforward task.
Appoint Auditors
When it comes to selecting auditors, small businesses often rely on their ISO 9001 point person, quality manager, or even a safety inspector to perform internal audits. In contrast, larger companies may form an audit team to distribute the workload. In most cases, being an auditor is an additional responsibility to their regular job duties.
Provide Auditor Training
Auditors must be familiar with the ISO 9001:2015 standard to accurately verify its effective implementation. They should possess strong auditing skills, be capable of reporting audit findings, and following up on any necessary corrective actions. Ideally, auditors should also have the ability to promote best practices and add operational value to the organization.
Consider enrolling your audit team in our accredited online auditor training. This course equips auditors with the necessary skills to perform their duties effectively. Solo auditors, as well as the leader of the audit team, should become a Certified ISO 9001 Lead Auditor.
Start Your Audits Early
Internal audits can serve as valuable training tools to support the implementation of ISO standards. You can use them to familiarize management and staff with the new processes. Therefore, it is advisable to commence auditing during Step 3 – Implementation. Initially, you can focus your audits on specific requirements or procedures. As the system matures, you can expand the scope of your audits to cover entire work processes.
Conduct a Complete Audit
To be eligible for ISO 9001 registration, your organization must successfully complete a comprehensive internal audit. This audit must encompass your entire ISO quality management system. However, not every department needs to be checked for compliance with every requirement. The audit can be divided into multiple partial audits, allowing you to focus on specific departments or processes at a time.
An alternative option is to outsource the internal audit to our experienced lead auditors. This ensures that all issues with your quality management system are identified and addressed, providing you with the confidence that you will pass your subsequent certification audit.
Once your business has undergone a thorough internal audit, addressing any identified nonconformities, you will be ready to proceed to the certification audit.
Step 5: Certification
To obtain ISO 9001 certification, your company must undergo a certification audit conducted by an independent, third-party auditor. This assessment is similar to your internal audits but with regulated scope and number of audit days. Once your company successfully completes the audit and addresses any identified nonconformities to the satisfaction of the auditor, the ISO 9001 certificate, valid for three years, can be issued.
Before the certification audit, it is crucial for your company to complete a full internal audit and gather sufficient records for the auditor to verify the effective implementation of your quality management system and adherence to all ISO 9001 requirements. Typically, 1-2 months' worth of records are sufficient.
Select Your Registrar
The ISO 9001 registrar is the independent entity responsible for sending the auditor or audit team and issuing your ISO 9001 certificate. Reputable registrars are accredited by a national accreditation board.
To begin your search for a registrar, utilize the internet or take advantage of our free registrar finder service to receive custom quotes. Compare the candidates and evaluate them against your company's criteria. Utilize a good DIY toolkit or consultant to assist you in the selection process.
Prepare Company and Staff
Preparing for the certification audit presents an excellent opportunity to assess work areas and ensure they are organized. Pay special attention to outdated or uncontrolled documents. Additionally, it is crucial to prepare your staff to face the auditor.
Reduce anxiety by explaining what to expect from the audit and the auditor.
Guide your staff on how to interact with auditors and answer their questions truthfully without volunteering additional information.
Rehearse typical auditor questions and how to answer them, such as:
"How do you know that you perform your work correctly?" – – The auditor wants to understand your performance criteria and measurements.
"How do you contribute to the objectives of your company's quality policy?" – – This question assesses understanding of the quality policy and its application in daily work.
These preparation activities should be conducted in the days leading up to the audit. Knowledgeable consultants can assist you with the preparation. If you choose to implement ISO 9001 on your own, consider showing your staff a short video. Additionally, a good certification kit should include preparation instructions and tips.
Pass the Stage 1 and Stage 2 Audits
The certification audit consists of two stages: the first is a review of your documentation, while the second is the actual audit of your work processes. The stage 1 audit is conducted remotely, while the stage 2 audit can be conducted on-site or remotely, depending on your registrar and your preference.
Most audits uncover a few minor issues. Unless there are severe nonconformities, you will only need to correct them and inform your registrar before your ISO 9001 certificate can be issued. In the case of major nonconformities, your registrar will likely conduct a follow-up audit before deciding whether your company can be certified.
Market Your Certification
Obtaining ISO 9001 certification offers numerous marketing benefits, including access to new customers and markets, as well as increased prestige.
Begin leveraging your ISO 9001 registration by issuing a press release, notifying targeted customers, and adding the certification mark to business cards, stationery, and advertisements. You can inform local customers of your success by displaying a flag or banner outside your premises. Lastly, remember to maintain motivation by rewarding your employees for their hard work.
Maintain Registration
Accreditation is not a one-off event that concludes after ISO 9001 certification. In fact, losing focus after the certification audit is a common mistake.
To ensure the continued implementation and continual improvement of your ISO system, your registrar will perform periodic surveillance audits, usually once or twice a year. If you have implemented your quality management system correctly, there is an automatic improvement mechanism in place. Simply ensure that your ISO processes remain implemented, continue your internal audits, and you will see improvements in your company's performance reflected in your bottom line.
Conclusion
Obtaining ISO 9001 certification can be straightforward and rewarding if approached correctly. By diligently following our five-step certification process, you will be able to implement an ISO 9001 compliant quality management system that not only meets the standard but also enhances your business operations.
Whether you decide to complete the certification process with our comprehensive toolkit or prefer to utilize our experienced consultants, always remember that the ultimate goal is to make ISO 9001 work for your business, not the other way around. Tailor the ISO system intricately to your organization's needs to streamline your business processes and increase efficiency.
Additionally, it is essential to recognize that attaining ISO 9001 certification is not a one-time event. Instead, it is a continuous journey that involves integrating the quality management system into daily operations and constantly seeking improvement.
To take the next step towards operational excellence on this journey, contact us for thoughtful advice or choose one of the implementation options below. We are here to guide you towards ISO 9001 certification and help you maximize its benefits for your business.