What are the ISO 9001 certification requirements? There are five requirements to achieve ISO 9001 certification:
According to the American Society for Quality, a quality management system (QMS), is a “formalized system that documents processes, procedures, and responsibilities for achieving quality policies and objectives.” A QMS will allow a company to meet customer needs and continually improve its effectiveness and efficiency.
A quality management system should help an organization recognize and then address their needs, in addition to their customers’ needs. All quality management systems have similar elements which help achieve this goal:
Leaders in the organization will need to have the following:
Management will be required to provide resources to their employees across multiple departments to understand, implement, and maintain ISO requirements:
This section of the ISO 9001 is the only area where organizations can choose to opt-out of some of the requirements mentioned. For example, companies that do not provide design work or services can disregard the section outlining design requirements.
The remaining requirements that must be fulfilled by companies seeking ISO 9001 certification are related to planning for products and/or services:
This final section of the ISO 9001 outlines the tools needed to understand how effective your QMS is and whether or not it builds a foundation for continual improvement.
Leaders will also need to provide documentation and analysis reports about how to control non-conforming products and services, and any corrective and preventive actions required.
To become certified, organizations must first follow steps to begin implementing the ISO 9001 QMS. Once the QMS has been integrated into your systems and processes, a Certification Body (also referred as a CB or Registrar) will need to be invited to audit your company’s performance based on the most recent version of ISO 9001 (in this case ISO 9001:2015).
If your company passes this audit, then the Registrar will issue you a certificate that acknowledges your official ISO 9001 status. The certificate is valid for three years; the organization will need to be re-certified at the end of these three years in order to maintain its ISO 9001 certification.
If your organization is interested in getting started with ISO 9001 certification, it is best to follow the following steps to ensure a smooth transition into the new QMS — and your best chances of achieving official accreditation.
The first step in getting ready to integrate ISO 9001 into your company is to set your goals and objectives. How do you want to set up your ISO 9001 system? Create a plan and list what you wish your QMS to do to help improve existing systems and processes. Also, consider the time-line you want to follow: do you want to integrate ISO 9001 over the course of the next five months or five years?
How do you want to approach getting certified? There are four different methods you could pursue:
Carefully assess your company’s needs to see which approach is right for you. Every organization is different and will need to take different approaches to ISO 9001 certification.
The most popular approach by far is to implement ISO 9001 in-house. Whether or not you choose to purchase an ISO Template is up to you. These Templates are relatively inexpensive, and ideal if you do not have to have any type of prior experience, however, if you may feel you have a good enough grasp on the materials to be able to do it all yourself. By all means, go for it!
Who will be your ISO 9001 Management Representative? You will need to assign someone within your organization’s Top Management team to help drive the movement towards ISO 9001 certification. The ideal person would be anyone who is a Quality Manager, but anyone from senior management that has the ability to change operating systems and processes can be eligible.
If you have multiple locations, assign a local Management Representative for each site, with a corporate Representative to oversee and lead them.
You will need to set up training programs for your employees in order for process changes to start taking place. Start by providing information about the new ISO 9001 system to the following groups:
Although a detailed plan would be ideal for making sure your organization can develop and implement an ISO 9001 system successfully, a basic plan with just the steps for implementation and a time-line is an excellent place to start.
Many organizations find it useful to conduct a gap analysis in order to determine if they are already meeting any ISO 9001 requirements. If you find that your company already meets some of these requirements, you can spend more time concentrating on anything else left to implement.
You will need the following documents in order to fulfill this requirement for ISO 9001 certification:
When you’re creating the necessary documents for your organization, make sure that they are both specific to your company and fitting. A good ISO 9001 template to follow for creating documentation will integrate the following:
You can create as many procedures, work instructions, and forms as you feel is suitable for the QMS you are trying to implement. However, you have the flexibility to deviate from the standard of the ISO 9001 here by combining or splitting up the clauses most relevant to your business.
This is a crucial time for your organization; during this step of the process, you will be introducing new requirements from your ISO 9001 documentation to anyone affected, such as your employees and managers. You will need to help them adjust to the new ISO 9001 system by offering information about the new processes, and how such processes will benefit them.
Many organizations find that it is easiest to start with document control. Explain the new requirements of the ISO 9001 to your team either in a meeting or sent memo. Alternatively, you can also have department heads explain the new system to their respective teams.
As you begin to implement the new ISO 9001 QMS, most of your employees will have to adjust how they work in order to fulfill some of its requirements. The ISO 9001 also asks for improvements in work instructions and processes.
According to the ISO 9001 standard, you only need to have work instructions if they can add value to the business. Value can be added either by outlining the steps of a process not typically performed, detailing common processes, standardizing processes, or describing processes in a way that new staff can understand.
If you do decide to create or update work instructions, it is best to have that role assigned to someone who actually performs the work. Ask them to think about the best way they can do their work, and then document what the main steps would be. Documentation could be in the form of flowcharts, pictures, text, and even videos—anything that makes the information easy to understand and clear.
If you introduce new or updated processes to your team, make sure you have employees begin incorporating them into their work instructions.
Audits are essentially inspections where your company assesses itself to see if it is following all of the ISO 9001 requirements. These internal audits should not only take place while implementing the new QMS but also routinely after becoming ISO 9001 certified.
Audits are usually performed by an employee within your own organization who has ISO 9001 auditing training. Many small businesses usually have the ISO 9001 lead they chose to conduct audits. In this case, the lead would audit the entire company with the exception of their own work, while a second employee would audit the lead’s function. You could also use a subcontractor for an internal audit.
Other companies will train several internal auditors to aid in cross-training and spreading best practices to meet the ISO 9001 requirements. In fact, some organizations will begin training new ISO 9001 auditors even before beginning implementation so that they can assist in the transition.
Any auditor should verify that your organization does in fact meet the requirements of the latest ISO 9001 as they are described from your procedures and work instructions.
To achieve certification you will need to have an independent ISO 9001 auditor visit your company and perform the certification audit. This process can begin as soon as you have completed a successful internal audit and gathered approximately two months of records from your ISO 9001 procedures.
The ISO 9001 registrar will be the independent entity who sends an auditor and issues the ISO 9001 certificate. Make sure when you’re choosing a certification organization that they are officially accredited by a national certification body.
The official ISO 9001 certification audit will be quite similar to your internal audits. The independent auditor or team will visit some or all of your departments and randomly verify that the ISO 9001 requirements documented in your procedures and work instructions are being implemented and actively followed by both management and employees.
Unless the auditor(s) find significant problems with your new QMS in relation to ISO 9001 standards, you will then receive an ISO 9001 certificate after the site visit. If there are problems, you will have the chance to resolve them before a certificate is issued.
Achieving ISO 9001 certification is never a one-time event; you will need to continue performing internal audits regularly (monthly or quarterly) in addition to registrar site audits once or twice a year to verify that your business is continuing to comply to the ISO 9001 standard and is in fact improving. (If you implemented your new QMS correctly, then it will continually improve on its own as long as you stick to it.)
Although it seems like a complicated process, with a dedicated team and enough drive you can achieve ISO 9001 certification. And why pass up on an opportunity to improve your company and its products? It will make your customers happy, and your employees too!
Getting Started with ISO 9001
Updated: 5th April 2022
Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard