Three Steps to ISO 9001 Certification

By Scott Dawson
January 11, 2014

3 Steps to ISO 9001 Certification – 2023 Update

Faced with the task of completing ISO 9001 certification, owners and managers of small businesses often find themselves in a challenging position. They understand the importance of obtaining this certification to enhance their business reputation, improve customer satisfaction, and potentially gain a competitive edge.

However, they also have to balance this endeavor with the daily demands and time constraints of running a small business.

ISO 9001 certification meeting

As a result, they need to carefully consider how to prepare for and pass the certification audit while fitting it into their already busy schedules.

First and foremost, small business owners and managers must recognize that ISO 9001 certification is not something that can be achieved overnight or without effort. It requires a systematic and comprehensive approach to quality management, involving various aspects of the organization’s operations, processes, and documentation. Understanding this, they can plan and allocate resources accordingly, ensuring that they have sufficient time, personnel, and expertise to dedicate to the certification process.

What Is ISO 9001 Certification?

ISO 9001 is a structured approach to improving a company’s internal processes, so that performance for its customers gradually improves, and customers and stakeholders take notice. Put simply, ISO 9001 is the global standard for helping businesses incorporate practices for quality management.

While the focus is on improving company processes, the QMS is a process in itself. When a company is certified, an effective QMS ( a process for continual improvement) is in place and has been successfully demonstrated to an auditor.

ISO 9001 is not a quick fix, nor does it require that every problem you face is solved. It is an ongoing process of improvement that requires planning and dedication over time. During an initial certification audit, the Registrar will not expect perfection. Instead, evidence that shows a QMS that works will pass the audit. I’ve often said that certification is the starting line for continual improvement, not the finish line.

So, our focus for certification should be on setting up the quality management system and showing that it works. Many small businesses looking into ISO 9001 are surprised by this approach due to past experiences or misunderstandings about the ISO process. Misunderstandings and mistakes are the biggest hindrances to achieving ISO 9001 certification. Watch our video below to learn more about the mistakes you should avoid making:

What Is ISO Certification Preparation?

While there are three basic steps for the ISO 9001 certification process, you need ISO preparation before jumping into those. Tactics to consider include the following.

Gaining Support for the Process Within Your Organization

You need to get your employees on board to start the certification process. How can you do that? Tell them how it will benefit your team overall. Inform them of the advantages.

The ISO 9001 Certification Advantages:

Streamlining processes:

ISO 9001 helps reduce disruptions and optimize your operations to eliminate extra work. Even if a problem occurs, ISO 9001 makes it easier for your team to find the source and start fixing the issue. Overall, the processes are cleaner and have fewer mistakes, lowering the need for rework.

Expanding your company:

The ISO 9001 certification provides the opportunity for scaling. This benefit helps your company as a whole and your employees. Scaling can equate to new customers and more work opportunities. It may also influence how positions grow and expand. Your employees can take on new responsibilities or move up within the company. They’ll feel prideful of their work at your business.

Enhanced communication:

Certification focuses on internal communication on all fronts, ranging from outlining project steps to company policies. More communication allows workers to feel more confident because of increased access and open collaboration.

Placing power in their hands:

Employees work directly with your processes, giving them an advantage in spotting problems. ISO 9001 certification encourages them to speak out on these issues so they can work on a way to solve them.

Setting Goals for the ISO Certification Process

Goal-setting is an important aspect in any workplace and for any employee. Set defined parameters to make ISO 9001 certification worth your time and determine the benefits you want to achieve. You’ll want to consider how you can enhance operations and create objectives.

Ask yourself how you want to apply ISO 9001 — in specific areas or gradually across all processes. Ask yourself what you want to achieve and determine a plan to reach those goals.

company setting goals for ISO 9001

Choosing How You Will Get ISO 9001 Certified

Most companies either outsource the ISO 9001 certification process to a qualified consultant or try to do it independently. Other companies try a combination approach. In many cases, outsourcing the ISO 9001 certification process helps reduce the strain on your workflows. You can focus on day-to-day matters at your company while your consultant handles the certification process.

You’ll need to consider your budget, urgency, and staffing to decide which is the right choice. Outsourcing is the way to go if you lack expertise, time, and staffing.

What Are the ISO Certification Steps?

Once you’ve gained support, set goals, and determined your approach, you can start working on the primary steps for certification. Follow the steps below to start getting ISO 9001 certification.

Step 1: Define the Quality Management System

The starting point for ISO 9001 certification is to define how the company appropriately applies the ISO 9001 requirements. As we have mentioned in a previous blog, you must prepare specific documents to determine your company’s QMS. These documents explain how your business uses ISO in a language your managers and employees can understand.

All ISO 9001 certified companies have the following documents in place:

Quality Manual – Describes the overall QMS and how the company applies the ISO 9001 requirements.  Typically about 20 – 25 pages for a small company.

Control of Documents Procedure – Explains the process for developing, approving, revising, and maintaining company documentation.

Control of Records Procedure – Defines policies for storing and maintaining company records.

Control of Nonconformance Procedure – Lays out how products or services that do not meet requirements (“nonconforming”) are identified, controlled, and corrected.

Corrective Action Procedure – Explains how you investigate and resolve problems by making necessary changes in company processes.

Preventive Action Procedure – Walks through how you identify and learn to avoid potential problems.

Internal Audit Procedure – Defines the company’s audit process (separate from the certification audit conducted by the 3rd party auditor) that helps identify weaknesses or gaps in the QMS so they can be corrected.

These seven documents define the company’s quality management system. By preparing this documentation, company management must think through how best to implement the ISO requirements to fit their business.

In some cases, you may need to prepare additional documents beyond those required to define how the process will work. Added documentation is at the discretion of management and is only necessary if there is a need for further clarification.

ISO 9001 Documents

Often, additional documentation should be considered after the QMS is implemented as part of your continuous improvement efforts.

Step 2: Implement the Quality Management System

You must implement any QMS documents you create. Implementation essentially means that the requirements are communicated and followed. ISO 9001 certification affects all employees. For some processes, changes would be expected. Everyone must support the effort.

Top management must provide direction, support and oversight through a formal management review to oversee the implementation and maintenance of the QMS. As one of the requirements of ISO 9001 certification, a management review is a regular meeting led by the company’s senior executives.

This allows management to monitor how well the QMS is working, track performance issues that need to be addressed and determine necessary changes. The management review, often set up as a monthly meeting, is what supports the implementation of the QMS and makes it work. Top management must consider this time commitment and plan to fit it into their schedules before and following certification.

Step 3: Verify the Quality Management System

The final step to prepare for ISO 9001 certification is to conduct a full internal audit in order to verify that the QMS is in place and is effective.  The internal audit is a tool of top management to help evaluate how well the QMS is implemented and working.

The internal audit is different than the Registrar’s certification audit because it is conducted by company internal auditors on behalf of management.  Internal auditors may be trained company employees or a subcontractor, such as a qualified consultant.

management review for ISO 9001 certification

Part of management’s responsibility is to decide the best resources to use for internal auditing.

The internal audit is often more thorough than the Registrar’s audit because management may want specific processes or problems to be reviewed carefully.  The agenda for the internal audit is flexible and should be reviewed by management during the management review.  The results of internal audits are presented during management review to ensure proper corrections are made.

You’re Now Ready for the Certification Audit

In summary, there are three basic steps to prepare for ISO 9001 certification:

  1. Define the QMS by preparing the required documentation
  2. Implement the QMS by establishing the management review
  3. Verify the QMS by completing the internal audit

For most small companies, it takes three to four months to complete these steps effectively for demonstration during the certification audit. Most initial certification audits require follow-up actions to correct minor issues found by the Registrar. But a successful certification audit is one where the QMS is in place and can be demonstrated. It does not require everything to be perfect. After all, ISO also requires continual improvement. That means there will always be something to be improved. That’s the point, after all.

–Scott Dawson, President of Core Business Solutions, Inc.

Related Articles:

Cyber Attacks Explained

Cyber Attacks Explained

Cyber Attacks Explained Cyber threats constantly evolve, and new attack pathways and variations on existing attacks emerge regularly. In response, cybersecurity measures, such as implementing robust...