Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

10 Steps to ISO9001 Certification

The ISO9001 standard is recognized worldwide as probably the foremost quality framework, with around a million organisations certified to it globally. Adopted by organizations small and large across a wide variety of industries, certification to ISO9001 is increasingly seen as a defacto requirement in competitive tendering situations, and as an assurance to stakeholders that the quality of an organisation’s products and services is taken seriously.

Implementing the ISO 9001 framework can be a complex process, especially if you’re new to the world of ISO management systems, so as a starting point we’ve put together 10 key steps to a successful ISO 9001 certification.

ISO9001 certification certificate

1. Implementation Project

Starting right is the first step to success, ensure you have management buy-in and an idea of how you’re going to complete the project with what resources and tools. Perform an initial gap analysis to identify your starting point and begin to get familiar with the structure and content of the standard.

2. Scope, Context and Interested Parties

Define what needs to be in the “scope” of the management system and have this documented. Identify your interested parties, both internal and external. Think about the context of the QMS in terms of what your organization does and how it is affected by internal and external factors such as the economy, technology and legislation.

3. QMS Policy, and Roles and Responsibilities

Create a QMS Policy and get it approved and published internally. Define the roles in your management system and what they are expected to do. Identify who will fulfil the roles and any immediate training needs for those people.

4. QMS Risk, Opportunities and Objectives

Define a risk assessment process and get the right people involved to carry it out to produce an action plan to address your risks. Don’t forget to consider opportunities too, which may be thought of as “good risks”. Set your objectives for the QMS so that you’ll be able to tell if it’s having the desired effect.

5. Competence, Awareness and Communication

Evaluate any competency gaps for the people involved in your QMS and how they might be filled using methods such as training, on the job learning or recruitment. Put in place an awareness training programme, particularly for employees, and define how you will communicate to interested parties about the QMS.

6. Documented Information

Decide how documented information will be created and controlled within the QMS. Develop a set of policies, procedures and other relevant documents to support the QMS and its operation. Make sure your version control and approval methods are fit for purpose and that everyone has access to the documents they need.

7. Operational

Ensure you have the QMS processes in place, for areas such as requirements, design and development, and production and service provision, and that the interactions between them are fully understood. Manage your risk action plan to ensure it is delivering results. Run the QMS to work towards achieving your objectives, whilst accumulating records that will act as evidence for your certification audit.

8. Performance Review

Make sure you have independent auditing resources in place and put an internal audit programme in place to cover all aspects of the QMS. Define how nonconformities raised during audit will be addressed and managed through to completion. Hold a management review to assess how your QMS is performing so far.

9. Update Gap Assessment Plans and Actions

Revisit the gap assessment to see what still needs to be done, and by whom. Check that you have all of the necessary documentation in place and that your QMS processes are working as intended. Address any remaining areas of nonconformity in preparation for ISO 9001 certification.

10. Plan Your Certification Needs

Choose a certification body to carry out your audits, arrange your Stage One assessment, and check that everything is prepared for their visit. If the certification auditor agrees you’re ready, proceed with Stage Two and achieve certification, addressing any nonconformities raised as soon as possible after the audit.


Written by Ken Holmes, CertiKit’s Managing Director and Lead Toolkit Creator. Ken is a CISSP-qualified security and data protection specialist who also holds the internationally-recognised Certified Information Privacy Professional – Europe (CIPP/E).

Download a Free Guide on 10 Step to ISO9001 Certification

There you have our 10 steps to ISO 9001 certification, for more guidance, download our free 10 Steps to ISO9001 Certification Guide. 

We also have an ISO9001 Toolkit and ISO9001 Consultancy Services to help make the process even easier.

We’ve helped more than 4000 businesses with their compliance


The structure is excellent, clear, precise and easy to digest. The content is professional and the guidance is extremely helpful. I cannot fault it!


View all Testimonials