What’s Really Required for a Small Company to Get ISO 9001 Certification?

By Scott Dawson
September 10, 2015

What’s Really Required for a Small Company to Get ISO 9001 Certification?

2023 Update: ISO 9001 certification for small businesses can seem complex and difficult at first glance. But the standard’s ill-fitting reputation is simply a misunderstanding of the requirements of ISO 9001 compliance and certification. The practical use of a quality management system for small businesses simply uses what a company has already developed, documents it appropriately, and improves it if necessary.

When handled properly, the process of becoming certified to ISO 9001 allows businesses to take a holistic approach to process review and whole business improvement. And each year, hundreds of small businesses take the time to evaluate their systems to meet compliance and get ISO certification.

How does a company become ISO 9001 certified? Small businesses that commit to pursuing compliance often rise above their competitors, creating processes to better serve customers and grow the business. Continue reading to learn more about how to implement ISO 9001 for your small company so you can reap the benefits.



Key Steps for How to Get ISO 9001 Certification

When the process is approached with questions other than “How much does it cost to get ISO 9001 certified?” or “How long does it take to get ISO 9001 certification?” companies allow themselves to focus on true improvement to the whole business.

It is not hard to set up an ISO 9001-compliant quality management system for a small business — the key is simply taking time to understand the requirements and what is needed to satisfy each one. The most recent revision to the ISO 9001 standard (2015) created a more simplified process that makes it easier for small businesses to comply with ISO.

It shifts focus from paperwork to results, creates flexibility that allows the program to be tailored to small companies and those in service-based industries, and it provides general guidelines that can be applied to any organization.

From a 30,000-foot view, businesses simply need to follow these steps:

  1. Decide to become certified.
  2. Buy the standard and read it.
  3. If you need a consultant to help you implement the standard, select a consultant from an ISO 9001-certified firm.
  4. If you do not need a consultant to help you implement the standard, assign the project to yourself or another capable individual in your organization.
  5. Compare each requirement of the standard to the processes and systems you currently have in place. Our whitepaper, ISO 9001 IN SMALL BUSINESS, breaks these requirements down into digestible and applicable actions that drive quality, efficiency, and performance in an easy-to-digest manner.
  6. If your processes meet requirements, continue doing what you’re doing.
  7. If they do not meet requirements, make improvements to achieve compliance.
  8. Select a certification body or registrar.
  9. After the audit, address any non-conformance issues identified, if applicable, and receive your certification.

The requirements of the standard are incredibly autonomous. From documents and record-keeping to policies and processes to strategic growth plans, the standard allows companies to build a certified QMS that is fully customized, and specially designed to serve their specific business. It’s not about meeting cookie-cutter requirements – it’s about using the ISO 9001 standard as the guiding blueprint for continuous improvement and long-term success.


Getting ISO 9001 Certification

What’s Not Required When Implementing ISO 9001 for a Small Company?

Two important factors are NOT required to take on the pursuit of the standard.


1. You Don’t Need to Hire Anyone

First, it is not required to hire someone full-time to implement ISO 9001. However, it is helpful to have an individual assigned to the success of the ISO 9001 certification process. Choose a champion on your team to spearhead the effort — someone who is organized, process-minded, and focused on quality. If you aren’t sure that your team can completely handle the process, you may choose to partner with quality consultants to help develop understanding and ensure your QMS fulfills the requirements.


2. You Don’t Need to Do Extra Paperwork

Second, ISO certification doesn’t require added paperwork. While records and documentation are a big part of ISO compliance, the standard simply requires organizations to organize and document their existing processes and systems in a way that is controlled and easily accessible. As you move through the process to ISO 9001 certification, you may find that you already have all of the documentation you need to comply with the standard.

Necessary Documentation for ISO 9001 Certification

The standard addresses documentation in two groups:

  • Documented information that is required by the standard
  • Documented information determined by the organization as being necessary for the effectiveness of the quality management system
What it takes to get ISO 9001 Certified

Documented Information

Each organization can determine for itself the adequate amount of documented information needed to demonstrate effective planning, operation, and control of their processes, and the implementation and continual improvement of the effectiveness of their QMS. The documented information is used to communicate a message, provide evidence of what was planned and what has been done, and for the general sharing of necessary business knowledge.

Documents You Must Maintain and Retain

The standard lays out specifics regarding documents to be maintained — plans, policies, and documents that are subject to change — and documents to be retained — records that are not changed after they are released.

The documented information that organizations must maintain includes:

  • The scope of the quality management system (4.3).
  • Documented information necessary to support the operation of processes (4.4).
  • The quality policy (5.2).
  • The quality objectives (6.2).

The documented information that organizations must retain includes:

  • Monitoring and measuring equipment calibration records* (
  • Records of training, skills, experience, and qualifications (7.2)
  • Product/service requirements review records (
  • Records about design and development (8.3)
  • Product and Service requirements (8.5.1)
  • Records about customer property (8.5.3)
  • Change control records (8.5.6)
  • Record of conformity of product or service with acceptance criteria (8.6)
  • Record of nonconforming outputs (8.7.2)
  • Results of the quality objective data that is monitored and measured (9.1.1)
  • Internal audit reports (9.2)
  • Management review meeting minutes (9.3)
  • Results of corrective actions (10.1)


 ISO 9001 standard requirements related to documentation can seem lengthy, but upon close review, your organization is likely already maintaining and retaining these types of records. The procedure for obtaining ISO certification guides organizations toward consistent collection and attention to the required information.

What does it take to become ISO 9001 Certified?

And while this documentation is required, piles of paper and binders of records are not. The standard allows for flexibility in medium, including paper, magnetic, electronic, or optical computer discs, photographs, and master samples. Each company is given the autonomy to determine what format is most appropriate for their organization to demonstrate processes and compliance with the standard.

How Businesses Have Control During ISO 9001 Implementation

Specific procedures and processes are not included on the required documentation list. Each organization is given the autonomy to determine the best method of organizing and communicating their business conduct practices — from top executive function to day-to-day operations.

For organizations that already employ standardized processes, cohesive teams, and consistently deliver desired outputs, very little will be required regarding documentation. Newer businesses and those new to the standard will benefit from the close and careful examination of their business practices as they develop the documents and records needed to meet standard requirements.

With its deep-rooted approach, the standard allows businesses to align strategic business goals with the implementation of their ISO-certified QMS. In developing the context of the organization (4.1), companies will examine their strengths, weaknesses, opportunities, and threats (SWOT) as well as the risks specific to their industry that could negatively affect their business.

Furthermore, the evaluation of employee awareness (7.3) ensures that the entire team understands the organization’s Quality Policy and how they fit into the processes defined therein. Creating awareness of how each team member affects outputs and deliverables helps create buy-in and participation in the new QMS.

Consultants help organizations strategize and determine the minimum amount of documentation required to ensure that the full team understands their roles and responsibilities while also helping businesses use their quality management systems to achieve and record consistency in desired outputs.

If you choose to partner with a consulting agency, be sure to ask if they have successfully achieved ISO certification to the 9001 standards. Doing so will ensure their knowledge of the process and commitment to the theories, and you’ll rest assured knowing you’re working with a consultant who practices what they preach!


What Does the Third-Party ISO Audit Entail?

Once developed and implemented, your system must go through a required, third-party ISO audit. However, obtaining ISO certification is not a matter of passing or failing that audit. When the certification auditor comes and reviews your system, they measure the processes you have in place against the requirements set by the standard. 

ISO 9001 Certification

If they find areas of non-conformance, that does not mean that you have failed an audit – it simply means that you will need to address and fix those issues before you receive your certificate.

Your Business Can Benefit From ISO 9001 Certification

Ultimately, ISO 9001 requirements are tied to improving business performance.

When the auditor and management representatives dig into the system you have built, they want to see that the effort has been driven by your top management, is understood by your team, and is documented in a way that supports long-term growth, continuity, and success for your business. They want to see that your world-class operations are truly the way of life – not just a pile of carefully organized documents that you keep on a shelf for show and tell.

By implementing ISO 9001 standard requirements, your company will be better run, employees will better understand what is expected of them, and customers will be better served. With attention, care, and a little tenacity, you can take the steps to help your business stand out above your competition through ISO 9001 certification.


Core Business Solutions Can Assist You With ISO 9001 Certification

If you’re interested in implementing ISO 9001 in your business, Core Business Solutions can help. With years of experience helping businesses just like yours become ISO 9001 certified, our team has the tools and skills necessary to ensure you meet crucial standards. As a result, you can serve your customers and clients on a whole new level.

Reach out to us today to learn more about our ISO certification solutions.

Expert Assistance for ISO 9001 Quality Policy

Related Articles:

ISO Internal Audits Explained

ISO Internal Audits Explained

The ISO Internal Audit Process Explained The journey to achieving ISO 9001 certification is a meticulous process that ensures an organization’s quality management system (QMS) meets international...

How to Avoid False Claims Act Violations

How to Avoid False Claims Act Violations

Understanding How to Avoid False Claims Act Violations In today's highly regulated environment, understanding the intricacies of the False Claims Act (FCA) is imperative for organizations,...