Blog 10 Steps to ISO9001 Certification

1. Implementation Project

Starting right is the first step to success, ensure you have management buy-in and an idea of how you’re going to complete the project with what resources and tools. Perform an initial gap analysis to identify your starting point and begin to get familiar with the structure and content of the standard.

2. Scope, Context and Interested Parties

Define what needs to be in the “scope” of the management system and have this documented. Identify your interested parties, both internal and external. Think about the context of the QMS in terms of what your organization does and how it is affected by internal and external factors such as the economy, technology and legislation.

3. QMS Policy, and Roles and Responsibilities

Create a QMS Policy and get it approved and published internally. Define the roles in your management system and what they are expected to do. Identify who will fulfil the roles and any immediate training needs for those people.

4. QMS Risk, Opportunities and Objectives

Define a risk assessment process and get the right people involved to carry it out to produce an action plan to address your risks. Don’t forget to consider opportunities too, which may be thought of as “good risks”. Set your objectives for the QMS so that you’ll be able to tell if it’s having the desired effect.

5. Competence, Awareness and Communication

Evaluate any competency gaps for the people involved in your QMS and how they might be filled using methods such as training, on the job learning or recruitment. Put in place an awareness training programme, particularly for employees, and define how you will communicate to interested parties about the QMS.

6. Documented Information

Decide how documented information will be created and controlled within the QMS. Develop a set of policies, procedures and other relevant documents to support the QMS and its operation. Make sure your version control and approval methods are fit for purpose and that everyone has access to the documents they need.

7. Operational

Ensure you have the QMS processes in place, for areas such as requirements, design and development, and production and service provision, and that the interactions between them are fully understood. Manage your risk action plan to ensure it is delivering results. Run the QMS to work towards achieving your objectives, whilst accumulating records that will act as evidence for your certification audit.

8. Performance Review

Make sure you have independent auditing resources in place and put an internal audit programme in place to cover all aspects of the QMS. Define how nonconformities raised during audit will be addressed and managed through to completion. Hold a management review to assess how your QMS is performing so far.

9. Update Gap Assessment Plans and Actions

Revisit the gap assessment to see what still needs to be done, and by whom. Check that you have all of the necessary documentation in place and that your QMS processes are working as intended. Address any remaining areas of nonconformity in preparation for ISO 9001 certification.

10. Plan Your Certification Needs

Choose a certification body to carry out your audits, arrange your Stage One assessment, and check that everything is prepared for their visit. If the certification auditor agrees you’re ready, proceed with Stage Two and achieve certification, addressing any nonconformities raised as soon as possible after the audit.

Written by Ken Holmes, CertiKit’s Managing Director and Lead Toolkit Creator. Ken is a CISSP-qualified security and data protection specialist who also holds the internationally-recognised Certified Information Privacy Professional – Europe (CIPP/E).

Download a Free Guide on 10 Step to ISO9001 Certification

There you have our 10 steps to ISO 9001 certification, for more guidance, download our free 10 Steps to ISO9001 Certification Guide. 

We also have an ISO9001 Toolkit and ISO9001 Consultancy Services to help make the process even easier.