Updated: 8/26/2020

What’s Really Required for a Small Business to Get ISO Certification

2020 Update: ISO 9001 certification for small businesses can seem complex and difficult at first glance. But the standard’s ill-fitting reputation is simply a misunderstanding of the requirements of ISO 9001 compliance and certification. The practical use of a quality management system for small business simply uses what a company has already developed, documents it appropriately, and improves it if necessary.

When handled properly, the process of becoming certified to ISO 9001 gives businesses the opportunity to take a holistic approach to process review and whole business improvement. And each year, hundreds of small businesses take the time to evaluate their systems in order to meet compliance and achieve ISO certification. Small businesses that commit to pursuing compliance often rise above their competitors, creating processes to better serve customers and grow the business.

When the process is approached with questions other than “how much does it cost to get ISO 9001 certified?” or “how long does it take to get ISO 9001 certification?” companies allow themselves to focus on true improvement to the whole business.

It is not hard to set up an ISO 9001-compliant quality management system for a small business – the key is simply taking time to understand the requirements and what is needed to satisfy each one. The most recent revision to the ISO 9001 standard (2015) created a more simplified process that makes it easier for small businesses to comply with ISO. It shifts focus from paperwork to results, creates flexibility that allows the program to be tailored to small companies and those in service-based industries, and it provides general guidelines that can be applied to any organization.

From a 30,000 foot view, businesses simply need to follow these steps:

  • Decide to become certified
  • Buy the standard and read it
  • Decide if you need a consultant to help you implement the standard
    • If yes – select a consultant from an ISO 9001-certified firm
    • If no – assign the project to yourself or another capable individual in your organization
  • Compare each requirement of the standard to the processes and systems you currently have in place.
    • Our whitepaper, ISO 9001 IN SMALL BUSINESS, breaks these requirements down into digestible and applicable actions that drive quality, efficiency, and performance in an easy-to-digest manner.
  • If your processes meet requirements, continue doing what you’re doing
  • If they do not meet requirements, make improvements to achieve compliance
  • Select a certification body/registrar
  • After the audit, address any non-conformance issues identified (if applicable) and receive your certification.

The requirements of the standard are incredibly autonomous. From documents and record keeping to policies and processes to strategic growth plans, the standard allows companies to build a certified QMS that is fully customized, and specially designed to serve their specific business. It’s not about meeting cookie-cutter requirements – it’s about using the ISO 9001 standard as the guiding blueprint for continuous improvement and long-term success.

There are two important factors that are NOT required to take on the pursuit of the standard.

First, it is not required to hire someone full-time to implement ISO 9001. However, it is helpful to have an individual assigned to the success of the ISO 9001 certification process. Choose a champion on your team to spearhead the effort – someone who is organized, process-minded, and focused on quality. If you aren’t sure that your team has the capacity to completely handle the process, you may choose to partner with quality consultants to help develop understanding and ensure your QMS fulfills the requirements.

Second, ISO certification doesn’t require added paperwork. While records and documentation are a big part of ISO compliance, the standard simply requires organizations to organize and document their existing processes and systems in a way that is controlled and easily accessible. As you move through the process to ISO 9001 certification, you may find that you already have all of the documentation you need to comply with the standard.ISO 9001 What's Required

The standard addresses documentation in two groups:

  • documented information that is required by the standard;
  • and documented information determined by the organization as being necessary for the effectiveness of the quality management system.

Each organization is able to determine for themselves the adequate amount of documented information needed to demonstrate effective planning, operation and control of their processes, and the implementation and continual improvement of the effectiveness of their QMS. The documented information is used to communicate a message, provide evidence of what was planned and what has been done, and for the general sharing of necessary business knowledge.

The standard lays out specifics regarding documents to be maintained (plans, policies, and documents that are subject to change) and documents to be retained (records that are not changed after they are released).

The documented information that organizations must maintain includes:

  • The scope of the quality management system (4.3).
  • Documented information necessary to support the operation of processes (4.4).
  • The quality policy (5.2).
  • The quality objectives (6.2).

The documented information that organizations must retain includes:

  • Monitoring and measuring equipment calibration records* (
  • Records of training, skills, experience, and qualifications (7.2)
  • Product/service requirements review records (
  • Records about design and development (8.3)
  • Product and Service requirements (8.5.1)
  • Records about customer property (8.5.3)
  • Change control records (8.5.6)
  • Record of conformity of product/service with acceptance criteria (8.6)
  • Record of nonconforming outputs (8.7.2)
  • Results of the quality objective data that is monitored and measured (9.1.1)
  • Internal audit reports (9.2)
  • Management review meeting minutes (9.3)
  • Results of corrective actions (10.1)

ISO 9001 standard requirements related to documentation can seem lengthy, but, upon close review, it is likely that your organization is already maintaining and retaining these types of records. The procedure for obtaining ISO certification simply guides organizations toward consistent collection and attention to the required information. And while this documentation is required, piles of paper and binders of records are not. The standard allows for flexibility in medium, including paper, magnetic, electronic, or optical computer discs, photographs, and master samples. Each company is given the autonomy to determine what format is most appropriate for their organization to demonstrate processes and compliance with the standard.

Specific procedures and processes are not included on the required documentation list. Each organization is given the autonomy to determine the best method of organizing and communicating their business conduct practices – from top executive function to day-to-day operations.

For organizations that already employ standardized processes, cohesive teams, and consistently delivered desired outputs, very little will be required in regard to documentation. Newer businesses (and those new to the standard) will benefit from the close and careful examination of their business practices as they develop the documents and records needed to meet standard requirements.

With its deep-rooted approach, the standard allows businesses to align strategic business goals with the implementation of their ISO-certified QMS. In developing the context of the organization (4.1), companies will examine their strengths, weaknesses, opportunities, and threats (SWOT) as well as the risks specific to their industry that could negatively affect their business.ISO 9001 Requirements

Furthermore, the evaluation of employee awareness (7.3) ensures that the entire team understands the organization’s Quality Policy and how they fit into the processes defined therein. Creating awareness for how each team member affects outputs and deliverables helps create buy-in and participation in the new QMS.

Consultants help organizations strategize and determine the minimum amount of documentation required to ensure that the full team understands their roles and responsibilities while also helping businesses use their quality management systems to achieve (and record) consistency in desired outputs. If you choose to partner with a consulting agency, be sure to ask if they themselves have successfully achieved ISO certification to the 9001 standard. Doing so will ensure their knowledge of the process and commitment to the theories, and you’ll rest assured knowing you’re working with a consultant who practices what they preach!

Once developed and implemented, your system must go through a required, third-party ISO audit. However, obtaining ISO certification is not a matter of passing or failing that audit. When the certification auditor comes and reviews your system, they measure the processes you have in place against the requirements set by the standard. If they find areas of non-conformance, that does not mean that you have failed an audit – it simply means that you will need to address and fix those issues before you receive your certificate.

Ultimately, ISO 9001 requirements are tied to improving business performance. When the auditor and management representatives dig into the system you have built, they want to see that the effort has been driven by your top management, is understood by your team, and is documented in a way that supports long-term growth, continuity, and success for your business. They want to see that your world-class operations are truly the way of life – not just a pile of carefully organized documents that you keep on a shelf for show and tell.

By implementing ISO 9001 standard requirements, your company will be better run, employees will better understand what is expected of them, and customers will be better served. With attention, care, and a little tenacity, you can take the steps to help your business stand out above your competition through ISO 9001 certification.

Looking for a basic video on “What is ISO 9001?”, you can view it here along with other videos on our YouTube channel.