How to get certification to ISO 9001

An overview of the process for ISO 9001 certification

  1. Make the decision to get it.  
    This is a decision that must come from the top.  What the Standard itself refers to as 'top management' - the person (or people) in charge, the decision-makers.  Don't overlook or skip the importance of this step.  The commitment has to be real, it will have to be demonstrated (beyond just paying the bill) and it will have to be backed up with specific management actions.  It's a management system, remember? 

  2. Appoint someone senior to manage the project.
    Getting ISO is a project, so someone must have the responsibility and the authority to manage it internally.  Allocate resources to the project: you'll need to decide whether to use a consultant, or do it yourself.  See this section for how to choose a consultant

  3. Do a gap analysis. 
    This means you systematically assess the status of your current system against what it needs to be, in order to find your baseline and estimate the scope of work. You'll have some kind of a quality system in place already (even if you think you don't, unless you're a completely new business), but you won't be meeting all requirements of the Standard at this point.  You use the results of the gap analysis to identify your gaps, and what's needed to fill them. 

  4. Create a plan: what needs to be done, who will do what and when. 

  5. Develop, implement and improve your quality system.
    Work through the plan you created, and bring your system up to the required level. This means you fill the gaps from the Gap Analysis, revising, adding or improving where you need to. It means identifying your main processes and seeing if they're currently meeting requirements (or not). It means making all the improvements necessary to meet the requirements of the Standard.  And it probably means some documentation of your system.  Throughout this, you'll use the PDCA continuous improvement cycle to do it.

    This stage takes the most time & effort.  You should take care to get people involved throughout, so that your people help build it, and thus they understand and use the system and have opportunities to participate and contribute.  A system developed by a single person and imposed on others is not a good one.

  6. Review your system to see how well it's working.  Do internal audits to see if you're doing what you think you are.  You will find some problems.  (If you don't, you aren't reviewing or auditing properly!)  Fix the issues you find, using your corrective action process (one of the requirements) to do this.

  7. Choose a certifier and agree dates for the external audit.

  8. Undergo the external audit. At this, the external auditor/s provided by your certifier will audit your quality system against all of the specific requirements of ISO 9001. 

  9. Once the results of the external audit are verified by the certifier, you get the certificate and celebrate!
    Assuming you are successful, of course, you can now get that coveted certificate from your certifier.  The certificate will arrive a bit later, after the audit. Its exact format varies according to your certifier (type of logo, etc ).  Your certifier enters you onto the official world-wide register of certified organisations - see the Links (in Resources) for more info.

Now you are officially 'registered (or certified) to ISO 9001' or 'have ISO 9001 certification'.  Note that people often refer to this as 'ISO 9001 accredited', though this term isn't actually correct.

That's a summary of the process, but of course there's a little more to it.  There are traps for the inexperienced and yes, some 'inside knowledge' is needed.  Without it, you'll find it hard going and of course you'll make mistakes. My exclusive free report on the most common mistakes will help you avoid them.