Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

What is ISO9001?

This quick overview guide provides information on the ISO9001 standard and the main steps when implementing a Quality Management System.

We have also put together a list of some of our free resources available to assist your QMS implementation further. Download the guides, sample documents and read the blogs from the list below to learn even more about implementing a QMS and certification the ISO9001 standard.

Free ISO9001 Resources Links:

What is ISO9001?

The ISO9001 international standard for a Quality Management System (QMS) was published by the ISO in 2015 and is based upon the original British standard BS5750. It details the requirement for certification to the standard.

ISO9001 specifies the requirements that your QMS will need to meet in order for your organization to become certified to the standard. The requirements in ISO9001 are supplemented by guidance contained in ISO9000 and ISO9004 which were published in 2015 and 2018 respectively. ISO9004 is well worth reading as it fills in some of the gaps in understanding how the requirements in ISO9001 should be met and gives more clues about what the auditor may be looking for.

How does implementing a QMS benefit an organization?

There are several benefits of implementing a QMS to small and large organizations. It can help enormously in focusing attention on objectives and being able to base decisions on measured data, rather than rough perceptions.

Other benefits could include:

  • Increased customer trust
  • Continual business improvement
  • Increased business sustainability
  • Understanding critical processes and how they contribute to quality and customer needs

What is a QMS?

When looking at quality management the emphasis is usually on the processes used to define requirements, design products and services, and provide the things that the organization regards as its core business. These processes tell everyone what to do to deliver products and services to the customer and satisfy requirements.

The latest version of the standard also introduced the concept of “Risk based thinking”.

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, and gets you to think about a number of sources for potential risk such as:

  • External parties – such as customers, investors, suppliers
  • Internal parties – such as staff
  • Economic factors – changes in local & global markets, government investments & funding etc

Once you’ve identified the risks to the business, and ultimately the QMS, the standard requires you  put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise.

The ISO9001 standard proposes that we don’t just need a set of processes; we need a Quality Management System. The function of the QMS is to wrap itself around the processes and ensure (among other things) that:

  1. We know what the processes are supposed to achieve (objectives).
  2. We have thought about what could go wrong (risk and opportunity assessment).
  3. Everyone knows their part in operating the processes (roles, responsibilities and authorities).
  4. It is clear that this is the way we do things (leadership and commitment).
  5. We update the processes when things change (management review).
  6. The processes get better over time (continual improvement).

What are the contents of the standard?

The ISO9001 standard consists of major headings which are common across other standards:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

Sections 1 to 3 don’t contain any requirements and so an organization wouldn’t be audited against these. We do recommend reading through them as they provide useful background to what the standard is about and how it should be interpreted. Section 0 is the introduction to the standard.

It is sections 4 to 10 that set out the requirements of the standard. These are the compulsory requirements that must be met by an organization to be compliant to the standard in order to achieve certification. If any of these sections within the standard aren’t met, then your business could face a nonconformity raised by the auditor and the organization will need to address it to gain or keep their certification to the standard.

How to become certified

There’s no obligation to go for certification to ISO9001 and many organizations choose to simply use the standard as a set of good practice principles to guide them along the way to running their organization.

For certification, the steps to are similar of all the ISO standards, and involve:

  1. Implementing procedures and methods as requirements of the standard.
  2. Perform an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
  3. The final external audit to achieve certification is by an accredited Registered Certification Body (RCB). This is in two stages. Stage one is basically a review of how ready you are for the stage two certification audit. You may pick up a few pointers for improvement (known as nonconformities) at stage two but, if these aren’t too serious, your organization will become certified and can advertise the fact to anyone with an interest.

Once certified, you will then have an annual surveillance audit to confirm your compliance, and then every three years there will be a re-certification audit, which is when you will be re-audited against all areas of the standard and recommended for continued certification.

How can CertiKit help?

ISO9001 is recommended for organizations of any size and industry that want to ensure continual improvement. CertiKit’s ISO9001 toolkit includes more than 60 template documents and guides, and unlimited email support with a qualified consultant. Written by a QMS auditor, the toolkit will help you align to Quality Management System best practise fast and effectively.

We also offer ISO9001 consultancy and internal auditing services to organizations in the UK, EU and +/- five hours of the UK time zone. So if you need a bit of extra help with implementation, or your internal audit requirements need meeting, click the links to see how we can help.

We’ve helped more than 4000 businesses with their compliance


Thanks for saving me many, many hours of policy writing!

Le Rucher

View all Testimonials