ISO 9001 Project plan

Most certification bodies wish to see at least 3 months of record history before their audit, we recommend you follow this outline:

First month 1. Find out about ISO 9001:2008
2. Do a gap analysis
3. Get the backing of Top Management
4. Develop your project plan
5. Define the Quality Policy
6. Define the Quality Objectives
7. Start your Quality Manual
1 - 3 months of
keeping records
8. Document the mandatory procedures
9. Select internal auditors
10. Train internal auditors
11. Implement the Quality Management System (QMS)
12. Select Certification Body
13. Refine the QMS
14. Management review
15. Implement any system changes
Final month 16. Certification Body preliminaries
17. Certification Day
18. Maintain and improve your QMS

1. Find out about ISO 9001:2008

Buy a copy of the ISO 9001:2008 standard - this is essential!

Start reviewing:

Certification and Accreditation information

Generally, Certification Bodies audit small companies for 1 day, once per year. Bigger organisations are audited twice per year. To get information on potential auditors please see:

NOTE: you are audited and "certified" by Certification Bodies; Accreditation Bodies audit and "accredit" the certification bodies.

2. Do a gap analysis

The purpose of this gap analysis is to identify the areas in your company that require change in order to be compliant. 

Our Quality Manual Template includes a 56-page gap analysis template which:

  • presents each requirement as a question
  • allows space for evidence and comments
  • many questions are phrased to allow one word answers (yes, no, n/a)

Why should I start with a gap analysis?

A gap analysis will compare your current systems with the requirements of the standard. Where there is a shortfall, it is called a "gap". This will show the processes:

  • that are not currently in place
  • that do not comply with the standard and must be redesigned
  • that comply with the standard and must be documented
  • that comply with the standard and are documented

The gap analysis will give Top Management a steer as to the scope of effort and resources needed to gain certification.

3. Get the backing of Top Management

Every sub-clause of ISO 9001 Section 5, Management Responsibility, begins with the phrase, "Top management shall..."

Top Management commitment is essential.  Make sure they understand they must provide evidence of their commitment to developing and implementing the Quality Management System, as well as continually improving its effectiveness.

Unsure they understand they will be interviewed by the Internal Auditor and the Certification Body Auditor.

4. Develop your project plan

Develop your project plan based on your gap analysis and decide how much or how little documentation you need to demonstrate control.

5. Define the Quality Policy

It's important the Quality Policy is defined by Top Management.

The reason you need to define 'quality' is simply that, if you don't know what it is, you'll never know whether or not you are achieving it.

Not knowing where you want to get to also makes it difficult to communicate to other people what is to be achieved and why, let alone to motivate them to act.

6. Define the Quality Objectives

Your must define your Quality Objectives. These must reflect the quality policy, be coherent, and align with the overall business objectives, including customer expectations.

7. Start your Quality Manual

Use our Quality Manual Template to help document your Quality Management System (QMS).

View Quality Manual Template sample.

This includes MS Word Forms:

  • Master Document Index
  • Document Issue Sheet
  • Document Change Request
  • Master Record Index
  • Audit Schedule
  • Audit Plan
  • Audit Assignment
  • Audit Checklist
  • Audit Report
  • Audit Feedback
  • Non Conformance Report
  • Non Conformance Report Log
  • Corrective Action Request
  • Corrective Action Request Log
  • Preventive Action Request
  • Preventive Action Request Log
  • View sample Form

8. Document the mandatory procedures

Use the outputs of your gap analysis to document your processes. These must include:

All the mandatory procedures are explained in our Quality Manual Template.

9. Select internal auditors

Internal auditors should be people chosen from across the organisation that are inquisitive and open-minded.

Most certification bodies require at least three months history between the formal implementation date of the QMS and the certification audit.

Typically, they require that at least one internal audit covering all elements of the QMS are completed and followed by a management review before the certification audit. This enables the company itself to identify problems and to resolve them prior to assessment by the certification body.

10. Train internal auditors

The internal auditors need to understand how the clause structure and requirements will affect their audit plans. Instead of auditing by clause, your organisation may decide to audit by functional area.

Develop a Management Review schedule of the internal auditors, ensure this is in your project plan.

11. Implement the QMS

Monitor and measure process performance and start internal audits.

View our Quality Manual Template sample.

Our Quality Manual Template comes complete with all necessary Forms, including:

    • Master Document Index
    • Document Issue Sheet
    • Document Change Request
    • Master Record Index
    • Audit Schedule
    • Audit Plan
    • Audit Assignment
    • Audit Checklist
    • Audit Report
    • Audit Feedback
    • Non Conformance Report
    • Non Conformance Report Log
    • Corrective Action Request
    • Corrective Action Request Log
    • Preventive Action Request
    • Preventive Action Request Log
    • View sample Form

12. Select Certification Body 

Select your Certification Body and agree the Scope of Registration.

13. Refine the QMS

Make any necessary changes to the QMS and Quality Manual. Most certification bodies wish to see at least 3 months of record history.

View our Quality Manual Template sample.

14. Management Review

The Management Review is your final check to ensure that everyone is happy therefore you should review the business, not just "quality". This vital step is traditionally represented by a minimal, typically annual, senior management review of the QMS.

ISO 9001:2008 requires that the review generates decision on key matters such as process improvement, resource allocation, product improvement driven by customer requirements, and the establishment of new improvement objectives.

Bearing in mind the importance of these sorts of topics, it is best not to hold a separate review, knowing that this sends signals to people in the organisation that quality is outside the normal activities of management.

Summary of Management Review actions and benefits

  1. Define 'quality' in the form of objectives to help internal communication of what is to be achieved (product and service requirements, process effectiveness and efficiency, customer perception etc.)
  2. Show that the business is central to the system: use your normal business language, not 'quality' or ISO 9001 terms.
  3. Produce a simple top-level, "big picture" of your business processes to show how the system improves results by focusing on the improvement of processes.
  4. Demonstrate your commitment to continual improvement by focusing on the next improvement and by taking it seriously.
  5. Show that the 'quality' approach is becoming instituted by integrating reviews into normal management cycles.
  6. Ensure that records are turned visibly into management information so that people keeping them understand their importance.

15. Implement any system changes

Implement any changes to the Quality Management System that might have arisen from the outputs of previous steps.

16. Certification Body preliminaries

The Documentation Audit

The Documentation Audit is a desk-based exercise carried out by auditors either in their own offices or at the company being audited. The audit is restricted to the quality manual and related systems. Its' aim is to ensure that the documentation addresses the elements of ISO 9001. If the auditors identify major gaps in your QMS, there is little point in proceeding with the assessment until these are rectified.

The Pre-Assessment Audit

The Pre-Assessment Audit (optional, also know as the ISO 9001 Pre Accreditation Audit) is a mock audit in preparation for the real thing. A pre-assessment identifies problems and enables the company to benefit from the advice of the auditor on how to eliminate those problems.

You may pay extra, but it is often worthwhile to arrange a pre-assessment visit. Make sure you understand and agree any non-conformances. If not, ask for a second opinion.

Arrange certification date.

17. Certification Day

The Implementation Audit

This is an on-site audit. It involves a systematic examination of the company's QMS against the ISO 9001 standard.

The emphasis is placed on finding objective evidence that demonstrates it has been implemented effectively and that any procedures are being followed.

The first areas generally examined are management commitment (quality policy and communication), management reviews, corrective actions taken, quality objectives, continual improvement and changes made as the result of the pre-assessment audit.

Make sure you understand and agree any non-conformances. If not, ask for a second opinion.

18. Maintain and improve your QMS

Processes can always be more efficient and effective, even when they're producing conforming products. The aim of a continual improvement program is to increase the odds of satisfying customers by identifying areas needing improvement. After setting improvement objectives, an organisation searches for possible solutions, selects and implements the appropriate one and evaluates results to confirm that objectives are met.

Useful external links