Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Learn More
866.254.0000
Contact Us
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
Build Your Compliance Roadmap
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

What is the ISO 9001 Certification Process? Blog Feature
JORDAN HICKS

By: JORDAN HICKS

Print/Save as PDF

What is the ISO 9001 Certification Process?

ISO Certifications | ISO 9001

GettiWhen you commit to getting ISO 9001 certified, you commit to meeting the needs of customers and other stakeholders regarding your product or service through a comprehensive quality management system (QMS). But it’s not enough to meet the standard—you have to get ISO 9001 certified, which involves an initial certification audit, further surveillance audits, and recertification in order to maintain an accredited certification.

As an experienced ISO Certification Body with accreditation from ANAB for multiple management systems, we’ve guided many organizations through to successful ISO 9001 certification and so over the years, we’ve gained a very complete understanding of what you should expect from this process.

In this blog post, we’ll detail the entire ISO 9001 lifecycle, including brief outlines of important preparatory steps and breakdowns of the three types of audit you’ll need to undergo so that you can set more accurate expectations for your ISO 9001 journey.

 

 

5 Key Steps Ahead of Your ISO 9001 Certification Audit

As with any ISO certification, the effort required to stand up your chosen management system—in the case of ISO 9001, a QMS—will be extensive to reflect each framework’s holistic requirements. And though every organization’s approach will be different, some key steps are required for everyone standing up their QMS:

  • Initial Gap Assessment: As with any new endeavor, it helps to know where you’re at before you begin, so your first step is evaluating your current processes and systems against the ISO 9001 requirements—this should reveal the gaps where you still have work to do to obtain conformance, and you can prioritize and address those areas accordingly with further implementations/documentation.
  • Leadership and Support: ISO 9001 requires an organizational commitment to quality—not only does a culture of quality start from the top down, but the standard also requires top management to create related policies and assign relevant roles and responsibilities.
  • Training and Awareness: In the same vein as the above, employees at all levels within the boundaries of the QMS must be trained and made aware of their assigned roles and responsibilities regarding the maintenance of the QMS, as well as any changes being implemented to support it.
  • Internal Audit: Before bringing in a Certification Body, have trained personnel who are independent of the processes being audited assess the effectiveness of your QMS and identify any areas for improvement—this is required for ISO 9001 certification.
  • Management Review: Once your internal audit is complete, senior management must review the results and ensure that the system effectively meets your organization's previously defined quality objectives while identifying any necessary corrective actions.

The ISO 9001 Certification Audit Lifecycle

Once these steps and the others you’ll take to get your QMS to a place where you believe it’s in conformance with ISO 9001, you’re ready for your initial certification audit. You’ll contract with an external Certification Body to perform this evaluation and you’ll sit down with them to determine audit dates, scope, and what access they’ll need to relevant personnel and facilities as well as when.

With all those details squared away, your initial certification audit can begin, and it’s broken into two stages.

 

Initial Certification: Stage 1

First, your Certification Body will review your organization's relevant policies and procedures regarding the design of your QMS—items such as manuals and work instructions, among others.

ISO standards—ISO 9001 included—are very documentation-heavy, and so your auditors will determine whether your records meet specific requirements for a QMS. They’ll also determine whether the documented design and processes have been implemented in a way that aligns with ISO 9001 requirements.

 

Initial Certification: Stage 2

Once your Certification Body verifies that you have the necessary documentation, processes, and procedures in place, you’ll move to Stage 2 of initial certification—or on-site inspections.

While Stage 1 focuses on whether your QMS is well-designed and documented, Stage 2 centers on its operating effectiveness, which your auditor will evaluate through firsthand observation of your:

  • QMS processes;
  • QMS operations; and
  • QMS activities in action.

More specifically, they’ll review whether you’re adhering to your previously documented procedures and whether those processes are successful in delivering your desired quality product/service.

Throughout the audit, your Certification Body will note their findings, including any non-conformities with the ISO 9001 standard, which may include significant systemic issues that threaten your certification or more minor opportunities for improvement that could enhance the effectiveness of your QMS. They’ll submit these findings to you in a formal report following the end of Stage 2, and you’ll be required to develop and implement corrective actions addressing any noted non-conformities.

Based on those findings—which will reveal whether your organization meets all the requirements of the standard—your Certification Body will make a decision on whether to grant you ISO 9001 certification and you’ll receive a related certificate that you can leverage with your customers and will remain valid for three years.

 

Annual Surveillance Audits

However, ISO 9001 certification requires not only ongoing compliance but the continuous improvement of your QMS. To ensure that, you’ll have to undergo annual surveillance audits.

While less intensive than the aforementioned initial certification audit in that not every element of your QMS will be reviewed, your assessor will still be looking at a decent sample of your conformance with the key clauses of ISO 9001, as well as a selection of your controls and processes.

 

Recertification Audit

And then, at the end of three years, you’ll need to renew your ISO 9001 certification, and that required audit experience will be similar to that which you underwent for initial certification. At this point, your assessors will be gauging if you have:

  • Effectively maintained your QMS in the time elapsed;
  • Properly implemented any changes in your QMS; and
  • Addressed any previously identified nonconformities and opportunities for improvement.

 

Get ISO 9001 Certified

As a framework, ISO 9001 can help any organization demonstrate its commitment to quality management practices through the implementation of a QMS that is validated by a cyclical certification process that involves three separate types of audits in order to maintain conformance. Given the holistic nature of the standard’s requirements and the ongoing nature of certification, it won’t be an easy undertaking to become ISO 9001 certified, but now that you understand more about what to expect from the overarching process, you can begin to plan for this advantageous initiative.

To learn even more about ISO 9001 and other ISO standards—including the benefits of possibly integrating more than one—make sure to check out our other articles that provide further useful information:

About JORDAN HICKS

Jordan Hicks is the Manager of Content at Schellman. As the owner of content marketing initiatives across all digital platforms and formats, she is responsible for the ideation of content, the authoring and development of the content, as well as developing and managing the editorial calendar to ensure the marketing goals are met as it relates to content.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Read delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.