ISO 9001 Project Plan

This is a simple ISO 9001 Project Plan. It will give you an overview of the steps required for achieving ISO 9001 and the time involved.

Although you can certainly speed up the process and do it quicker, most certification bodies wish to see at least 3 months of record history before their audit.

First month 1. Find out about ISO 9001:2015
2. Do a Gap Analysis
3. Get the backing of Top Management
4. Develop your Project Plan
5. Define the Quality Policy
6. Define the Quality Objectives
7. Start your Quality Manual
1 - 3 months of
keeping records
8. Establish your Documented Procedures
9. Select Internal Auditors
10. Train Internal Auditors
11. Implement the Quality Management System (QMS)
12. Select Certification Body
13. Refine the QMS
14. Management Review
15. Implement any System Changes
Final month 16. Certification Body preliminaries
17. Certification Day
18. Maintain and Improve your QMS

1. Find out about ISO 9001:2015

Buy a copy of the ISO 9001:2015 standard - this is essential!

Start learning about ISO 9001:

  • The ten ISO 9001 clauses
  • The mandatory documents & records

Learn about the Ten ISO 9001 clauses

Certification and Accreditation information

Generally, Certification Bodies audit small companies for 1 day, once per year. Bigger organizations are audited twice per year. To get information on potential auditors please see:

NOTE: you are audited and "certified" by Certification Bodies; Accreditation Bodies audit and "accredit" the certification bodies.

2. Do a Gap Analysis

The purpose of this gap analysis is to identify the areas in your company that require change in order to be compliant. 

Our Quality Manual Template includes a 18-page gap analysis template which:

  • presents an overview of the requirements of each section
  • allows space for findings and noting implementation actions
  • questions are phrased to allow one word answers (yes/no)

Why should I start with a gap analysis?

A gap analysis will compare your current systems with the requirements of the standard. Where there is a shortfall, it is called a "gap". This will show the processes:

  • that are not currently in place
  • that do not comply with the standard and must be redesigned
  • that comply with the standard and must be documented
  • that comply with the standard and are documented

The gap analysis will give Top Management a steer as to the scope of effort and resources needed to gain certification.

3. Get the backing of Top Management

Every sub-clause of ISO 9001 Section 5, Management Responsibility, begins with the phrase, "Top Management shall..."

Top Management commitment is essential.  Make sure they understand they must provide evidence of their commitment to developing and implementing the Quality Management System, as well as continually improving its effectiveness.

Unsure they understand they will be interviewed by the Internal Auditor and the Certification Body Auditor.

4. Develop your project plan

Develop your project plan based on your gap analysis and decide how much or how little documentation you need to demonstrate control.

5. Define the Quality Policy

It's important the Quality Policy is defined by Top Management.

The reason you need to define 'quality' is simply that, if you don't know what it is, you'll never know whether or not you are achieving it.

Not knowing where you want to get to also makes it difficult to communicate to other people what is to be achieved and why, let alone to motivate them to act.

6. Define the Quality Objectives

Your must define your Quality Objectives. These must reflect the quality policy, be coherent, and align with the overall business objectives, including customer expectations.

7. Start your Quality Manual

Use our Quality Manual Template to help document your Quality Management System (QMS).

View Quality Manual PDF sample.

8. Establish your Documented Procedures

Use the outputs of your gap analysis to document your processes. These generally include:

9. Select Internal Auditors

Internal Auditors should be people chosen from across the organization that are inquisitive and open-minded.

Most certification bodies require at least three months history between the formal implementation date of the QMS and the certification audit.

Typically, they require that at least one internal audit covering all elements of the QMS are completed and followed by a management review before the certification audit. This enables the company itself to identify problems and to resolve them prior to assessment by the certification body.

10. Train Internal Auditors

The internal auditors need to understand how the clause structure and requirements will affect their audit plans. Instead of auditing by clause, your organization may decide to audit by functional area.

Develop a competence and training schedule for the internal auditors, ensure this is in your project plan.

Learn more about internal auditing

11. Implement the QMS

Monitor and measure process performance and start internal audits.

Our Quality Manual Template comes complete with all necessary Forms, including:

    • Master Document & Record Index
    • Document Issue Sheet
    • Document Change Request
    • Risk & Opportunity Register
    • SWOT Analysis Template
    • PESTLE Analysis Template
    • Competency Review
    • Training Attendance
    • Training Evaluation
    • Controlled Equipment Log
    • Calibration Log
    • Software Validation Log
    • Requirements Review Checklist
    • Design Change Request
    • Design Change Request Log
    • Approved Supplier Index
    • Supplier Evaluation
    • Receiving Inspection Log
    • Non-conformance Report
    • Concession Request
    • Concession Request Log
    • Corrective Action Report
    • Customer Satisfaction Survey
    • Customer Feedback Log
    • Internal Audit Report
    • Internal Audit Feedback
    • Management Review Agenda & Minutes
    • View sample Form

12. Select Certification Body

Select your Certification Body and agree the Scope of Registration.

13. Refine the QMS

Make any necessary changes to the QMS and Quality Manual. Most certification bodies wish to see at least 3 months of record history.

14. Management Review

The Management Review is your final check to ensure that everyone is happy therefore you should review the business, not just "quality". This vital step is traditionally represented by a minimal, typically annual, senior management review of the QMS.

ISO 9001:2015 requires that the review generates decision on key matters such as process improvement, resource allocation, product improvement driven by customer requirements, and the establishment of new improvement objectives.

Bearing in mind the importance of these sorts of topics, it is best not to hold a separate review, knowing that this sends signals to people in the organization that quality is outside the normal activities of management.

Summary of Management Review actions and benefits

  1. Define 'quality' in the form of objectives to help internal communication of what is to be achieved (product and service requirements, process effectiveness and efficiency, customer perception etc.)
  2. Show that the business is central to the system: use your normal business language, not 'quality' or ISO 9001 terms.
  3. Produce a simple top-level, "big picture" of your business processes to show how the system improves results by focusing on the improvement of processes.
  4. Demonstrate your commitment to continual improvement by focusing on the next improvement and by taking it seriously.
  5. Show that the 'quality' approach is becoming instituted by integrating reviews into normal management cycles.
  6. Ensure that records are turned visibly into management information so that people keeping them understand their importance.

15. Implement any System Changes

Implement any changes to the Quality Management System that might have arisen from the outputs of previous steps.

16. Certification Body preliminaries

The Documentation Audit

The Documentation Audit is a desk-based exercise carried out by auditors either in their own offices or at the company being audited. The audit is restricted to the quality manual and related systems. Its' aim is to ensure that the documentation addresses the elements of ISO 9001. If the auditors identify major gaps in your QMS, there is little point in proceeding with the assessment until these are rectified.

The Pre-Assessment Audit

The Pre-Assessment Audit (optional, also know as the ISO 9001 Pre Accreditation Audit) is a mock audit in preparation for the real thing. A pre-assessment identifies problems and enables the company to benefit from the advice of the auditor on how to eliminate those problems.

You may pay extra, but it is often worthwhile to arrange a pre-assessment visit. Make sure you understand and agree any non-conformances. If not, ask for a second opinion.

Arrange certification date.

17. Certification Day

The Implementation Audit

This is an on-site audit. It involves a systematic examination of the company's QMS against the ISO 9001 standard.

The emphasis is placed on finding objective evidence that demonstrates it has been implemented effectively and that any procedures are being followed.

The first areas generally examined are management commitment (quality policy and communication), management reviews, corrective actions taken, quality objectives, continual improvement and changes made as the result of the pre-assessment audit.

Make sure you understand and agree any non-conformances. If not, ask for a second opinion.

18. Maintain and improve your QMS

Processes can always be more efficient and effective, even when they're producing conforming products. The aim of a continual improvement program is to increase the odds of satisfying customers by identifying areas needing improvement. After setting improvement objectives, an organization searches for possible solutions, selects and implements the appropriate one and evaluates results to confirm that objectives are met.

Useful external links


Looking For More Detail?

This Project Plan is an overview — for Top Management.

Our ISO 9001 Implementation Guide is more detailed — for a Project Manager or Quality Manager.

ISO 9001 Implementation


Updated: 15th February 2020
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard