ISO 9001 - Everything You Need to Know

You can expect to obtain ISO 9001 certification in 3 to 6 months if you follow a proven project plan.


ISO 9001

ISO 9001 History & Definition

ISO 9001 is defined as “the international standard that specifies requirements for a quality management system (QMS).” (Source: American Society for Quality) It is one of the most implemented quality management systems for processes in the world.

The ISO 9001 standard was first introduced in 1987 by the International organization for Standardization (ISO), an agency that is made up of a collection of national standards organizations from over 160 countries.

Although the first version of the ISO 9001 standard dates back to the 1980s, it has seen a few revisions since its inception, the latest being in 2015. For this reason, you may often see the updated ISO 9001 standard referred to as ISO 9001: 2015. Many of these new updates include:

  • New terminology
  • Reorganized information
  • Emphasis on risk-based thinking
  • Improvements in service applicability
  • Increased leadership requirements

ISO 9001 Methodology

ISO 9001 also follows a “plan-do-check-act” methodology and uses a process-oriented approach to recording and reviewing a company’s structures, responsibilities, and procedures to achieve and improve quality management. It involves following these necessary steps:

  1. Design – Planning the QMS structure
  2. Build – Developing the QMS structure
  3. Deploy – Educating staff on the new QMS
  4. Control – Performing routine audits of the QMS
  5. Measure – Assessing the QMS and its impact
  6. Review – Analyze the results of audits
  7. Improve – Use information from the results to maintain and improve QMS

ISO 9001 Principles

The ISO 9001 standard, since its formation, has been built on the idea of seven quality principles:

  1. Customer Focus – Understanding customer needs and striving to meet those needs and exceed expectations.
  2. Leadership – organizational leaders that create a goal-driven environment and embrace the principles outlined in a quality management system.
  3. Engagement of People – Equipping employees with the tools they need to learn more about improving systems to perform at their best.
  4. Process Approach – Creating and maintaining processes that will enhance efficiency.
  5. Improvement – Making improvement a continual objective and using audits to keep moving in the right direction.
  6. Evidence-Based Decision Making – Using data to improve performance and processes.
  7. Relationship Management – Selecting businesses that prioritize quality and improvement to collaborate with.

In order to be certified, companies must follow these requirements. Those who do demonstrate that they can provide quality products and services that meet their customers’ needs and regulatory requirements, and continually improve their systems and processes to deliver these products and services consistently.

ISO 9001 building blocks

Choose Your Approach to ISO 9001

Be sure that you have someone on your team, or that you find someone who is an expert at ISO 9001. Contact another business owner who has been ISO 9001 certified or invite him in to lay the groundwork.

It is imperative that if you have never completed an ISO 9001 certification before, that you don’t go at it alone. There are many small steps involved, and if even one is missed, your process at being certified for quality management will be delayed.

Firstly, you’re going to want to choose your own approach to obtaining ISO 9001 certification. There are three possible options, and one extra resource to help you get there.

Each approach differs. The one you choose depends on the expertise of you, your leader, and your employees. Other factors to consider when choosing an approach is cost, efforts, and time.

In-house implementation

The first approach comes at a low cost for you, the owner, and your ISO 9001 leader. However, the effort required for your employees will be intense, and the whole process will be significantly longer. This is to ensure that your ISO 9001 system fits every aspect of your business.

This first approach is called in-house implementation. This is for a company whose inside resources are well-equipped to set up and sustain the ISO 9001 platform. The responsibility of training would be thrown on your in-house resources. If you have no inside resources, this might not be the best choice.

Consultant Hands-On

The second approach has a really quick turnaround and requires minimal effort. Unfortunately, this approach usually leads to collapse due to the lack of time spent on training and implementation.

This approach is the Consultant Hands-On approach. If it weren’t so unstable, it would be for internal ownership that is ill-equipped to conduct the process. This is why the time frame is short and the efforts are minimal. Due to that, the platform tends to collapse rather quickly once certification is set in place.

Choosing an ISO consultant

Consultant Hands-Off

The third approach is for a company whose internal resources are either ill or well-equipped, but they hold a strong sense of personal responsibility. The sustainability of this approach is very high and very dependable, but it requires the most amount of time and money.

This approach is also the Consultant approach but from a "Hands-Off" angle. Efforts from employees are significant and the time it takes to complete is completely dependent on the amount of personal responsibility from employees. It can range from moderate to long.

The third approach is specifically for business owners who want to improve internal operations while obtaining an ISO 9001 certification.

Use a Template

The final resource you can use before choosing an approach is using a Template for your documentation.

A Quality Manual Template is invaluable to any business owner beginning the certification process. It contains everything you need for the documentation and provides information regarding everything you need to do to set up and approach your quality management system. While the efforts required are still high, the technical logistics of setting up are already spelled out for you.

Roles & Responsibilities - the Project Manager

After determining your approach, you need to appoint someone as your ISO 9001 Project Manager. This person must be knowledgeable in the quality management standards that you are to set in place for the future of your company.

The main job of your Project Manager is to push the certification project ahead consistently. This role is formally referred to as the “ISO 9001 Management Representative”. He or she must hold superior knowledge about your company, serve as a manager for any department, and have a history of self-responsibility.

This is the person who will be in charge of implementation. He or she will create specific plans to apply your new quality standard to each department or section of your company.

In the event that your company has multiple locations, you may appoint several leaders to head up each location. If this is the case, you must also appoint a “corporate” or “overall” manager to oversee the training and implementation process. This may be the case for more mid-size companies.

ISO Training

ISO Training

Once you have appointed your leaders, it will be time to actually conduct training and awareness for your team. Proper training is absolutely and unquestionably required for ISO 9001 certification. Not only that, but proper training will boost the sustainability of your platform.

Top Management training

The first place you’ll want to start is with your Top Management or executive team. If any of this is going to work, everyone involved must be on board.

Hold an informational meeting with your executives. Explain to them what ISO 9001 is at its basic form and its benefits. Its benefits are vast, including improved function internally and operationally and marketing advancements.

It is also important that you inform your Top Management of the approach you have chosen to obtain ISO 9001 certification. Show them what exact resources you will be using, the amount of time in addition to normal work it will require, and the overall estimated costs.

Some of your executive team might be involved with Management Reviews. If so, choose carefully who would be a good fit for the project.

Finally, inform your executive team what would be expected of them during this process. Without their support and contributions, none of this is going to be possible. They are expected to dedicate the same amount of time, effort, and personal responsibility as everyone else.

Employee Training

After you have informed your executive team, and gotten their approval, it is time to hold the same kind of meeting with all of your employees. This meeting has a slightly different purpose than the previous meeting you held with your executives.

With your executives, you were simultaneously searching for approval and buy-in. With your employees, searching for approval is no longer a concern. At this point, you are looking to get them on board with the whole project. In other words, you want to “generate buy-in”. Your goal is for them to buy into the whole process.

One of the most common mistakes in the ISO 9001 implementation process is the failure to inform employees properly and early enough. It is essential that you inform all employees and managers of your intentions.

Share with them the planned approach and why you are seeking ISO 9001 certification. Tell them what they will benefit from it and what you expect from them during the process. Make sure you highlight the amount of time it will take, the effort that is required and how you suggest they juggle their daily work this new process.

ISO 9001 offers an educational introduction video. This could be a useful resource to show your employees. It will give them a concise view of this new project you’re bringing into their workplace.

The final step in the initial training and awareness part of your ISO 9001 process is to educate your leader. While your leader may already be instructed in quality management standards, he specifically needs to be educated on the implementation process.

Take your implementation approach and your certification kit and show your leader exactly what he must do in order to lead effectively.

ISO 9001 Project Plan

Construct a Project Plan

The last thing you need to do before jumping into your ISO 9001 certification process is creating an actual plan. A clear, achievable plan complete with steps and target dates is a good idea. Also, include a checklist. This will help you stay on track.

Once you select an approach that is best for your company, appoint a leader, and create a plan for training, you’re well on your way to becoming ISO 9001 certified.

Take a look at our tried and testing ISO 9001 project plan

Learn the Basic Requirements

After you have solidified an approach, appointed a well-qualified and trustworthy Project Manager, and created an achievable plan for training and implementation, it’s time to tackle the actual requirements for ISO 9001 certification.

These requirements include proper documentation, evidence of successful implementation, and an official internal audit from an ISO 9001 certified auditor.

The basic requirements for ISO 9001 Certification

  • Proper and official documentation
  • Evidence of successful implementation of ISO 9001 quality standards
  • An external audit conducted by an ISO 9001 certified auditor

The very first requirement of being officially ISO 9001 certified is writing all of the necessary documentation. You must write your company’s quality policy, objectives, procedures, and other ISO 9001 documents that meet the platform’s requirements. Essentially, you must translate ISO 9001 technical jargon into your own company’s purposes. Using a Template will greatly help with this.

The reason this translating is important is that many companies simply re-write the technological jargon into their company’s policy, failing to apply its individual operation to the document.

You’ll want to avoid getting to the end of the road, and not being able to be certified because you failed to apply the standards to your company’s mission.

A specific situation in which this error may occur is if you choose to hire an outside consultant to write the ISO 9001 policies and procedures for you. This consultant may not be familiar with your company enough to speak on its behalf or determine what it needs. If you want to be thorough, write your policies and procedures yourself.

Overall, your ISO 9001 documentation must fit the needs and circumstances within your company.

It is also important that you don’t have too much or too little documentation. Too much will leave your reader confused and overwhelmed; too little may leave them with unanswered questions. Be concise yet thorough.

Your policies and procedures will eventually be read by the ISO 9001 auditor. This is the person who will, upon successful completion of your process, hand you your official ISO 9001 certification.

Learn more about the ISO 9001 requirements here

ISO 9001 files

The Documentation You Need to Write

  • Quality policy
  • Quality objectives
  • Scope of the quality management system
  • Procedures
  • Process maps (flowchart)
  • Forms & Checklists
  • Work Instructions

You have plenty of flexibility with these documents. The quality policy, procedures, scope, process map, and quality objectives are completely based on what your company does, who you have, and what you need.

Work instructions detail every position in your company step-by-step. You should outline exactly what each position’s purpose is and steps for daily work. Then, apply your new quality standards to it. Outline what it would look like if the employee lived up to those standards every day.

The forms and checklists that come along with our Quality Manual Template are not specifically required, but they save a lot of time during the auditing process. Creating legitimate forms and checklists and keeping them on hand only boost your legitimacy as a company.

These forms and checklists are not generally able to be dispersed among different kinds of companies. It isn’t a one-size-fits-all situation. Each ISO 9001-certified company should have documents that have completely different content.

The formatting and organization should be clean and professional. All of those required technical elements are included in your certification kit. But as far as content goes, it should be as unique and individualized as your company is.

There is no required format but taking the time to create a creative and easy-to-read format would behoove you in the long run.

When it comes to choosing a template, there are four things to consider:

  • Efficient processes
  • Clarity
  • Layout
  • Customization

Efficiency covers the need for your documentation to be concise. Choosing an efficient template will ensure that your documentation will not be too large. Clarity also technically assists with the need to be concise. Clarity means that the template will be easy to read and free from words the reader won’t understand.

The layout ensures that the documents are not just glorified lists. Your purposes must be outlines and flushed out, not just listed. Finally, customization solidifies your individuality as a business owner. You don’t want your documentation to look like another business. You must stay true to your company and its mission.

ISO 9001 lightbulb idea


After you complete all of the necessary documentation, it’s time to physically apply your new quality standards to your business. The new policies, procedures, and work instructions from your documentation helps immensely in this part of the process because you will be handing it out to your executives, management, and employees.

This is why it is especially important that your documents are clear and understandable. Your employees must be able to read it and implement it to their own work.

It is widely recommended that you hold another meeting with your whole company and show them a digital version of the documentation. Outline the benefits one more time, and what specifically is expected of them now that your standards are on paper.

Distribute the new work instructions to the respective departments. Encourage your employees to pin their new instructions near their workspace to ensure that they are following your new quality standards.

It is guaranteed that your employees are going to have to adjust the way they work. The adjustment period could either be long or short, but it is imperative that your employees find a new rhythm that accurately fits your new quality standards.

Offer more training and an open-door policy for any employees that are struggling with the adjustment. This is especially true if interns are a part of your employee population.

They may be entry-level or new to a workplace atmosphere. Provide some resources for them to ensure success for all parties.

internal audit elements

The Internal Audit

The last step in the implementation process is allowing a certified ISO 9001 auditor to your workplace to oversee you conduct an internal audit. The reason it is called an internal audit is that your company will basically be evaluating itself while an ISO 9001 representative is present.

Typically the ISO 9001 Project Manager performs the audit. The PM would use an audit checklist.

You have a couple of options when it comes to audits. You can either complete it one time or spread it out over several days. This is essentially a one-time audit as opposed to a partial audit.

A partial audit will basically break up your requirements, allowing you to focus on one area at a time. A one-time audit is an all-day event and requires that you be ready to demonstrate every aspect of your documentation.

External Audit (from Registrar)

In order to complete certification, an outside representative must conduct an ISO 9001 audit. An independent, third-party ISO 9001 auditor must physically come to your company and perform an audit. This is an external audit as opposed to the internal audit that was previously conducted.

This official certification audit should occur after all your documentation is composed and collected, and about two months into your new quality standards have been functioning.

Independent auditors come from an ISO 9001 Registrar. This registrar is basically a list of independent auditors that are available to come to your business to conduct the audit. If your employees become certified in auditing, they will join this list. Take caution when choosing your registrar: some auditors are not accredited.

You’ll want to search for a registrar that will understand your company best.

The actual audit is something like an evaluation. The auditor will observe all departments of your business and determine whether or not it is up to the ISO 9001 standard. If there are no issues, and all the standards observed by the auditor measure up, you will be given your official ISO 9001 certificate following the audit.

However, if the auditor still has some concerns about how parts of your company operate, you will be given specifics regarding what needs to be fixed. Once these problems are solved, then you will be given your certificate.

A Template will help you prepare for the external audit. It might include a list of typical questions the auditor may ask and tips for your staff.

Make sure your staff is relaxed and just continues on with the work day like they normally would. Being evaluated can be pretty nerve-wracking, but by remaining calm and not paying any mind to the auditor, your employees will have nothing to worry about.

Once you have obtained certification, the process does not end there. This is why the ISO 9001 commitment is most definitely a long-term one. A third-party auditor is required to visit and conduct 1-2 audits every year to ensure that you are still operating at the standard you agreed to.

Getting Started with ISO 9001


Updated: 17th April 2024
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard