What is the ISO 9001 Certification Process?
GettiWhen you commit to getting ISO 9001 certified, you commit to meeting the needs of customers and other stakeholders regarding your product or service through a comprehensive quality management system (QMS). But it’s not enough to meet the standard—you have to get ISO 9001 certified, which involves an initial certification audit, further surveillance audits, and recertification in order to maintain an accredited certification.
As an experienced ISO Certification Body with accreditation from ANAB for multiple management systems, we’ve guided many organizations through to successful ISO 9001 certification and so over the years, we’ve gained a very complete understanding of what you should expect from this process.
In this blog post, we’ll detail the entire ISO 9001 lifecycle, including brief outlines of important preparatory steps and breakdowns of the three types of audit you’ll need to undergo so that you can set more accurate expectations for your ISO 9001 journey.
5 Key Steps Ahead of Your ISO 9001 Certification Audit
As with any ISO certification, the effort required to stand up your chosen management system—in the case of ISO 9001, a QMS—will be extensive to reflect each framework’s holistic requirements. And though every organization’s approach will be different, some key steps are required for everyone standing up their QMS:
- Initial Gap Assessment: As with any new endeavor, it helps to know where you’re at before you begin, so your first step is evaluating your current processes and systems against the ISO 9001 requirements—this should reveal the gaps where you still have work to do to obtain conformance, and you can prioritize and address those areas accordingly with further implementations/documentation.
- Leadership and Support: ISO 9001 requires an organizational commitment to quality—not only does a culture of quality start from the top down, but the standard also requires top management to create related policies and assign relevant roles and responsibilities.
- Training and Awareness: In the same vein as the above, employees at all levels within the boundaries of the QMS must be trained and made aware of their assigned roles and responsibilities regarding the maintenance of the QMS, as well as any changes being implemented to support it.
- Internal Audit: Before bringing in a Certification Body, have trained personnel who are independent of the processes being audited assess the effectiveness of your QMS and identify any areas for improvement—this is required for ISO 9001 certification.
- Management Review: Once your internal audit is complete, senior management must review the results and ensure that the system effectively meets your organization's previously defined quality objectives while identifying any necessary corrective actions.
The ISO 9001 Certification Audit Lifecycle
Once these steps and the others you’ll take to get your QMS to a place where you believe it’s in conformance with ISO 9001, you’re ready for your initial certification audit. You’ll contract with an external Certification Body to perform this evaluation and you’ll sit down with them to determine audit dates, scope, and what access they’ll need to relevant personnel and facilities as well as when.
With all those details squared away, your initial certification audit can begin, and it’s broken into two stages.
Initial Certification: Stage 1
First, your Certification Body will review your organization's relevant policies and procedures regarding the design of your QMS—items such as manuals and work instructions, among others.
ISO standards—ISO 9001 included—are very documentation-heavy, and so your auditors will determine whether your records meet specific requirements for a QMS. They’ll also determine whether the documented design and processes have been implemented in a way that aligns with ISO 9001 requirements.
Initial Certification: Stage 2
Once your Certification Body verifies that you have the necessary documentation, processes, and procedures in place, you’ll move to Stage 2 of initial certification—or on-site inspections.
While Stage 1 focuses on whether your QMS is well-designed and documented, Stage 2 centers on its operating effectiveness, which your auditor will evaluate through firsthand observation of your:
- QMS processes;
- QMS operations; and
- QMS activities in action.
More specifically, they’ll review whether you’re adhering to your previously documented procedures and whether those processes are successful in delivering your desired quality product/service.
Throughout the audit, your Certification Body will note their findings, including any non-conformities with the ISO 9001 standard, which may include significant systemic issues that threaten your certification or more minor opportunities for improvement that could enhance the effectiveness of your QMS. They’ll submit these findings to you in a formal report following the end of Stage 2, and you’ll be required to develop and implement corrective actions addressing any noted non-conformities.
Based on those findings—which will reveal whether your organization meets all the requirements of the standard—your Certification Body will make a decision on whether to grant you ISO 9001 certification and you’ll receive a related certificate that you can leverage with your customers and will remain valid for three years.
Annual Surveillance Audits
However, ISO 9001 certification requires not only ongoing compliance but the continuous improvement of your QMS. To ensure that, you’ll have to undergo annual surveillance audits.
While less intensive than the aforementioned initial certification audit in that not every element of your QMS will be reviewed, your assessor will still be looking at a decent sample of your conformance with the key clauses of ISO 9001, as well as a selection of your controls and processes.
Recertification Audit
And then, at the end of three years, you’ll need to renew your ISO 9001 certification, and that required audit experience will be similar to that which you underwent for initial certification. At this point, your assessors will be gauging if you have:
- Effectively maintained your QMS in the time elapsed;
- Properly implemented any changes in your QMS; and
- Addressed any previously identified nonconformities and opportunities for improvement.
Get ISO 9001 Certified
As a framework, ISO 9001 can help any organization demonstrate its commitment to quality management practices through the implementation of a QMS that is validated by a cyclical certification process that involves three separate types of audits in order to maintain conformance. Given the holistic nature of the standard’s requirements and the ongoing nature of certification, it won’t be an easy undertaking to become ISO 9001 certified, but now that you understand more about what to expect from the overarching process, you can begin to plan for this advantageous initiative.
To learn even more about ISO 9001 and other ISO standards—including the benefits of possibly integrating more than one—make sure to check out our other articles that provide further useful information:
About JORDAN HICKS
Jordan Hicks is the Manager of Content at Schellman. As the owner of content marketing initiatives across all digital platforms and formats, she is responsible for the ideation of content, the authoring and development of the content, as well as developing and managing the editorial calendar to ensure the marketing goals are met as it relates to content.