Home Resources Blog October 2017

Introducing ISO 9001: A Practical Summary

28 October 2017
There are a number of reasons why an organization might pursue ISO 9001 certification. Most often, it’s because a client requests it, or a contract requires it. But why would a client impose the standard?

There are a number of reasons why an organization might pursue ISO 9001 certification. Most often, it’s because a client requests it, or a contract requires it.
But why would a client impose the standard? Well, it’s because ISO 9001 certification demonstrates your ability to consistently provide products and services that meet customer and legal requirements. It provides confidence in the abilities of your company. And it’s not just you saying you can do this – read on to learn about the benefits of 3rd party certification.
More and more companies are requiring ISO 9001 certification as a prerequisite for doing business around the world. In fact, more than one million organizations now hold ISO 9001 certificates. The ISO 9001 standard is applicable to all industry sectors and organizations, regardless of their type, size, product, or service.
The standard is interpretative, not prescriptive; it specifies control requirements that must be addressed; it does not specify what methods to use. Organizations seeking certification must demonstrate that they have documented and implemented an effective system. And, it is the system that is evaluated, not product quality, service quality, or the performance of individuals.
With certification, along with improved quality, organizations gain a competitive advantage. Without satisfied customers, any company is in danger. So keep customers satisfied, the organization needs to meet their requirements.
The ISO 9001 standard provides a tried and tested framework for managing processes so they consistently deliver products and services that satisfy customers.
If you are going to embark on the ISO 9001 journey – do it right! Too many organizations want a quick win and implement a system according to the standard and not the company. It might just achieve a certificate, but they soon realize that the system isn’t representative of the business, and too difficult to maintain. Take your time, use your resources wisely and don’t hesitate to engage with an expert.
Read on to learn about managing the ISO 9001 process and achieving certification.


The implementation schedule for an ISO 9001-based system, in my experience, ranges from 6 months to 12 months. Occasionally this is longer, depending on the work to be done and the resources that can be devoted by the company. The first month or two are typically spent understanding how the company operates and the processes that are currently in place.
The next couple of months are allocated to process definition, creating the necessary documents, performing a gap analysis and selecting the certification body. After six months, the system is usually ready to be implemented and operated. Records are kept as evidence of conformity and after a month of operation, the stage 1 audit can be held, followed by corrective actions, then the stage 2 audit, and submission of an action plan to the certification body.


The implementation process is important in achieving the full benefits of the quality management system. Most new users obtain measurable payback early in the process.
First, you need to fully engage top management to define why they want to implement an ISO 9001-based quality management system. Next, review the mission, vision, and values of the organization. Then, you are ready to define your quality policy and quality objectives, and identify the key processes and interactions needed to meet your quality objectives.
Document, monitor and improve the processes that drive the business and contribute to achieving the objectives. Perform a gap analysis of the current system to determine where the requirements are fulfilled and where they are not. Then, use the results of the gap analysis to develop an implementation plan that describes the activities, deliverables, responsibilities, and due dates.


Firstly, certification is not mandatory. I have many clients who use the standard as a framework for quality improvement but have never needed to be certified. However, when external pressures (such as customers, contracts, tenders, etc.) are evident, certification is needed.
You need to be sure, through your own internal audits, that your system is ready for certification before you ask a 3rd party to assess it. Certification organizations, or registrars, such as NQA, are independent and accredited by UKAS to provide their certification services.
Stage 1 Audit After your system is implemented, the certification body conducts a stage 1 audit to assess your documentation and verify key practices are in place, e.g., internal audits, management reviews, and performance tracking. Stage 1 audits are typically a day in duration. If you pass this audit without any major issues, the certification body will deem your system ready for the full system audit.
Stage 2 Audit About one or two months after a successful stage 1 audit (you agree the timescale), the certification body will return to assess the entire system. They will look for conformity to customer, legal, and organizational requirements, as well as to the requirements of the standard.
The audit duration will depend on the size of your company, the number of sites, and the functions included in the system. For example, a small organization with 10 or fewer employees might receive an audit of only two days. The number of audit days continues to grow as the size of the organization increases. If no major nonconformities are identified during the audit, the audit team can recommend certification based on your submission of an acceptable corrective action plan for any reported minor nonconformities.
The certificate will be issued a few weeks later following UKAS approval of the audit report. If one or more major nonconformities are found, the certification body either conducts a special visit in a month or two to verify the major issues have been resolved, or it conducts another full certification audit when you say the major nonconformities have been corrected.
Surveillance Visits Depending on the size of your company, the certification body will establish an annual or semi-annual surveillance program. The total surveillance days each year will be about one third the duration of the stage 2 certification audit. Each visit will always assess certain key elements of the system, for example, internal audit, management review, customer satisfaction, and corrective action. A sample of the other areas of the system will be examined during the visit, with all the areas being assessed over the three-year life of the certificate.
Recertification Audit Every three years, the entire system will be assessed again. The recertification audit duration will be about two-thirds as long as the stage 2 audit. Assuming the assessment doesn't find any major nonconformities, the audit team can recommend the company for continued certification. And, after receipt of an acceptable corrective plan for any minor nonconformities, the certification body will reissue the ISO 9001 certificate.


There are obviously costs associated with becoming certified to ISO 9001. The rates for certification companies do vary, but average at about £700 per day. The number of auditor days is based on the size of your organization, the number of sites, and the functions included in the system scope. You may want to obtain 2 or 3 quotes to compare fees and services. Ensure your certification company of choice is UKAS accredited, and they focus on developing the relationship rather than simply auditing.


Certification will help your organization gain expanded access to world markets. And, potential customers may require certification as a prerequisite to bid on contracts. With the certificate in place, your organization will be ready. In addition, the ISO 9001 certificate may differentiate your organization from others in the marketplace and provide a competitive advantage.
The certification mark recognises a quality accomplishment that you continue to earn through successful surveillance audits and you will be able to display it with pride.
Due to its prevention focus, disciplined approach, and better controls, your organization will see an extra benefit of improved operational performance, better communication, transparency, housekeeping and fewer accidents.
All my clients report benefits from defining and documenting their processes, as it requires you to examine exactly how work is done, across all departments, and how value is provided to your customers. Process improvement is a natural benefit, as you will start to question ‘why’. Mitigation of risks and permanent correction of problems (and therefore less fire-fighting) provides other tangible benefits from implementing an ISO 9001 quality management system.