Home Resources Blog December 2018

Preparing for ISO 9001 Implementation

11 December 2018
Implementing ISO 9001 can be an intimidating task, especially if you haven’t sought certification before.

If you have a 2008 certification, you had until September 14, 2018 to transition to the new version of the standard. That date marked three years after ISO published its 2015 revisions.If you achieve ISO 9001:2015 certification, it will be valid for three years — at which point you'll need to renew it.

How To Transition To ISO 9001:2015

If you need to upgrade to ISO 9001:2015, you can do so during a routine surveillance audit visit. If you select this option, please let us know ahead of time. We will add additional time to the surveillance visit to allow for a full evaluation based on the revised standards.

The visit will last at least as long as a re-certification audit, but it may require additional time depending on the results of the audit. If you are successful, you will receive a 2015 certification, and your three-year cycle will reset to the date you become certified.

You can also schedule a special visit to attain your 2015 certification. You might choose to do this because of the timing of your typical annual sequence. Some companies choose this option because they want to beat their competitors to compliance with the 2015 version to show customers their dedication to meeting quality standards. Because this is an additional visit to a company's regularly scheduled ones, it will require extra time and costs.

Changes To Focus On

If you plan to move from 2008 certification to 2015, you need to focus on what's changed between the two versions so that you meet compliance requirements and attain certification.

NQA created several tools and documents to help its clients identify changes between the two versions of the standard and compare their QMS to ISO 9001:2015. The documents include Transition Guidance, the Transition Checklist and an ISO 9001:2008 - ISO 9001:2015 comparison. These documents highlight what changed in the revisions.

NQA also created a Gap Analysis Tool, which enables you to compare your QMS to ISO 9001:2015 standards. It contains two tables. The first covers the new concepts that ISO introduced in its 2015 revision and explains the related clauses, processes and activities. The second section deals with requirements that ISO introduced or amended. You can use the results of your latest audit to complete the tables. We ask that you do so before your transition assessment.

The most significant change in the 2015 standard is the introduction of Annex SL. ISO now uses this document across all of its standards. This common structure, text and shared terms and definitions allow for greater interoperability and are designed to make the implementation process easier for of all of ISO's standards. Annex SL organizes the standard into 10 sections:

  • Scope
  • Normative references
  • Terms and definitions
  • Context of the organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance evaluation
  • Improvement

Another notable difference is that ISO 9001:2015 requires fewer documents than the previous version did. When preparing your documented information for compliance, you may change wording to meet the new standards. You should not, however, delete procedures required by the 2008 version but not the 2015 until your transition is complete. This is because you must maintain complaint with ISO 9001:2008 until you have fully transitioned.

The Transition Process

The transition process includes four major steps:

  • Developing a transition plan
  • Pre-assessment
  • The audit
  • Certification

Businesses can use the documents and tools mentioned above to identify the new requirements in the 2015 standard and determine what they need to do to reach compliance. Using these tools, you should create an implementation plan that you will use to transition to the new standard. The plan will focus on the changes from the 2008 version.

You may opt to have an auditor evaluate your transition before your audit. You will then have an idea ahead of time of how well your revised QMS meets 2015 standards and have an opportunity to adjust your plan.

When you are ready for your audit, you can contact NQA to schedule it or prepare for it to occur during a regular visit. If you pass the audit, you will become certified to the latest version of the standard, ISO 9001:2015.

Preparing For ISO 9001 Implementation

Implementing ISO 9001 can be an intimidating task, especially if you haven't sought certification before. Following an organized process and working with a professional organization like NQA can make it doable. It's a rather long process, so breaking it down into more manageable steps can help as well. That's what we'll do in the next few chapters, starting with preparing for ISO 9001 implementation.

Gap Analysis

The first step you should undertake when seeking ISO 9001 certification is completing a gap analysis. This differs from the gap analysis tool mentioned earlier, but it operates on a similar concept. The gap analysis, also known as a needs assessment, helps to uncover what a business must do to reach compliance.

This analysis goes beyond a simple checklist that compares a business' operations to the standard. The checklist method is often not adequate for developing an effective QMS and may overlook certain requirements as well as other aspects, such as how successfully a process is executed. A gap analysis, on the other hand, offers a "comprehensive and composite picture of all the gaps between the organization's methods of operation compared to each requirement of the ISO standard."

An organization might uncover three types of gaps through its analysis:

  • It might discover that it never implemented or planned some requirements of ISO 9001.
  • It may realize that it implements a requirement but does so informally or inconsistently, or it does not document the process as ISO 9001 requires.
  • It might come across requirements that it implements but doesn't do so effectively.

Some gaps will be obvious, but others will be harder to spot. Those that are less concrete, such as the last two types, will also be harder to identify due to their more qualitative nature. To get the most out of a gap analysis, someone who is familiar with your industry and is a competent quality systems auditor should conduct it.

Creating A Plan

Once you've completed your gap analysis, you can use what you learned through the report to formulate your plan for implementing ISO 9001. Creating your plan will involve defining the actions you need to take to close the gaps you've identified.

The more detailed your plan is, the easier it will be to implement, and the more successful it will be. The plan should include the actions to be taken, who is responsible for what tasks, how long each action will take and the order in which staff should complete them. The plan should also identify key milestones and the intended objectives of each action, so all employees can measure progress.

When preparing for ISO 9001 implementation, it can be helpful to keep the big picture in mind so that you can plan for what's ahead of you. A business might use the five-phase approach for how to implement ISO 9001, which includes:

  • Planning
  • System design
  • System implementation
  • Audits, review and improvement
  • Certification

During the planning phase, you should primarily focus on planning. However, it's helpful to know what's ahead so that you can incorporate that into your plan. When you create your plan, make it so that it can accommodate audits and improvements, for example.

Just as the overall implementation process breaks down into steps, break down each activity into steps as well. This creates a clearer path forward and establishes reasonable expectations.

As a part of your ISO 9001 implementation plan, you also need to create a communication plan. Seeking ISO 9001 certification will impact virtually all of your company's employees, as well as other stakeholders. Everyone affected should be informed about the changes that may occur.

The communication plan should include what you need to communicate, what medium you will use, when you will get the message out and who will communicate it. You may want to explain why you're seeking certification, how it will benefit employees, the changes employees will need to make and how to prepare for audits. You could communicate these things via a newsletter, emails or an in-person meeting.

Designing Documentation

In previous versions of ISO 9001, especially the very earliest, documentation was a central requirement. ISO explicitly laid out what to document and how to do it, and it became second nature for many complying companies to record every procedure they implemented. As time went on, ISO gradually decreased the requirements for documentation. The 2015 revision saw the most significant departure from mandated documentation yet.

In ISO 9001:2015, the standards organization replaced the requirement for documented procedures with one for documented information. ISO has emphasized recently that ISO 9001 requires “a documented quality management system” rather than a "system of documents."

This change comes with benefits, but also challenges. Businesses implementing the standard now have more flexibility in what they choose to document. This enables the standard to apply more readily to a wider range of organizations and lets the organization choose what documented information it feels are best for its operations. It also presents a challenge, though, as businesses must now put more effort into determining what to document and what documented information to use.

How should a business decide what to document? It might be helpful to review the purposes of documentation. According to ISO, these purposes include:

  • Communicating information
  • Providing evidence of a completed activity
  • Sharing knowledge
  • Preserving or dispersing an organization's experiences

Your organization might also use documentation for other reasons.

When deciding what to document, review your current documentation and determine whether it adequately meets your needs and whether it serves a suitable purpose. Based on this evaluation, you might choose to continue your documentation processes as they are, add new procedures, discontinue certain practices or revise the processes you currently use.

For any changes in documentation procedures, you should create a detailed plan in a manner similar to how you created the implementation and communication plans. The plan should:

  • Describe the changes to be made
  • Establish a timeline for completion
  • Assign responsibilities
  • Define benchmarks for measuring progress
  • Create a strategy for evaluating effectiveness

Steps to Implementing ISO 9001

Once you've adequately prepared for ISO 9001, you can begin implementing it into your business. One of the first things you should do is assess the scope of the changes you need to make to reach compliance. Whether you need to make a few small changes or many wide-reaching ones will impact how you move forward.

When Few Changes Are Needed

If a business was already operating in a manner consistent with a majority of ISO 9001 requirements, implementation of the standard will likely involve relatively few changes. In fact, most businesses find that they were already complying with around 80 percent of ISO 9001 requirements before seeking certification.

If this is case, the implementation will be less demanding and may move more quickly. It serves more as validation that their processes are effective and that they were producing quality products than an as agent for change. In these cases, added formalities may be the most significant adjustment. You may need more documentation, people's responsibility may become more clearly defined or operations may be held to a stricter schedule.

Although in these situations, the organization's processes are adequate, they sometimes fall behind on implementing their QMS. This is because formalities seem to be less important than more concrete changes, making employees less likely to follow through on them. Management can remedy this by using the communication plan to explain the value of the formalities, their role in ISO 9001 compliance and the benefits of certification.

When More Extensive Changes Are Needed

In other cases, organizations find that they need to change more about their operations to achieve compliance. These situations will require more extensive use of resources, greater effort and a longer amount of time, but the company will also see a more pronounced improvement once it becomes compliant.

Those businesses that already complied with 80 percent of ISO requirements may also find that the other 20 percent requires significant overhaul. Even companies with relatively few or minor changes may need to apply the following strategies for how to implement ISO 9001.

Every business will need to make its own unique revisions to its processes, but you may run into one of these typical kinds of changes. You may find that you need to:

  • Improve design control requirements to encourage more consistent results
  • Update internal audits and system performance review processes
  • Take corrective actions to stop a problem from re-occurring
  • Plan and take actions to stop a potential problem from beginning

Making these alterations is not simply a matter of writing down a goal or outlining a new process, nor is it sufficient to focus purely on directly changing the action. You also need to concentrate on supporting processes and related considerations. Business leaders need to take a more big-picture view of the issue.

Many businesses turn to coaches or consultants to help them implement necessary changes. While tasking someone within the organization with implementing the changes may be a less expensive strategy up front, it could cause the implementation to take longer and become more expensive in the long run. If the employee doesn't have the necessary expertise, for example, they might make mistakes along the way, delaying certification.

A consultant or coach can also offer actionable advice for improving processes, which can serve as valuable evidence of compliance. A consultant can provide verification that employees successfully completed process improvements. While NQA does not offer consulting services, we do have a referral program for consultants to help you find a qualified professional that can meet your company's needs.

Internal Audits

Internal audits offer a way for organizations to verify whether their QMS meets requirements and expectations and, importantly, the effectiveness of the implemented QMS. An auditor can check the implementation of the QMS against the requirements of the ISO 9001 standard and company policies as well as determine whether it meets customer and employee needs.

A well-conducted internal audit can serve as a valuable tool for ensuring policies are followed, improving processes and preparing for external audits. Based on the evidence collected during an audit, the auditor will typically suggest actions to be taken. If the auditor finds that a process is meeting objectives, they might suggest a process improvement in line with the principle of continual improvement. If they determine that it's not meeting goals, they will suggest a corrective action be taken.

The fact that internal auditors are independent makes them a valuable resource. Being independent means that, although they are a part of the organization, they are set apart from the activities they audit. Organizations achieve this independence through status and objectivity. Internal auditors should remain separate from the activities they audit. For example, they should not take part in writing policies. This separate status allows them to be objective because the results of the audit do not reflect on them. Maintaining independence and objectivity are critical to successful internal auditing.

To get the benefits of an internal audit, it's crucial to make sure the individual conducting the audits has the proper qualifications. A quick research or training session will not be enough to prepare someone to audit for the first time, as an effective audit must consider a host of related factors — rather than just determining whether employees are following a standard or procedure. It's also important to consider when audits will be performed and to identify the criteria that the auditor should assess.

Management Review

The results of internal audits serve as one of several valuable tools that can be used during the management review process. The management review needs to take into account evidence, such as what's provided by internal audits, to evaluate whether the QMS is still adequate. Typically, management will also meet with people responsible for process implementation to review progress as well as the effectiveness of the policies themselves.

The review should also consider changes in regulations, customer demands, updated company goals and other new developments. Based on these considerations, management must decide whether processes are sufficient as they are or whether they might need to be updated, either because they are inadequate or because of changes in conditions.

Corrective action can take place if you use tools to build a reliability program. Some trusted tools to systematically build that system include:

  • Shainin System
  • FRACAS (Failure Reporting And Corrective Action System)
  • 5 Whys
  • Kepner/Tregoe Process
  • 7 or 8 steps

Management reviews help to ensure that a company's QMS remains effective, that progress toward objectives continues and that processes are improved. It's typical that, based on the results of these reviews, adjustments need to be made to processes throughout their use to fulfill the continual improvement principle of ISO 9001.


Improvement is a critical aspect of implementing ISO 9001 for organizations that want to get the full benefits. While achieving certification produces some advantages on its own, the companies that really work to use it to improve their processes on a regular basis will get the most out of it. This is an aspect that NQA focuses on when conducting audits.

One common point of discussion surrounding improvements deals with a subtle difference — the difference between continuous and continual improvement. Continuous brings to mind a more constant stream of improvements, which may be accomplished through small changes to daily actions. Continual improvements may be less pervasive and take place on a larger scale over a longer period of time.

Whichever method an organization uses, improvement is a central tenet of ISO 9001 that any organization implementing the standard must consider. Most likely, some of both forms of improvement will appear in an organization. Management should seek to improve all aspects of their business and should identify improvement actions related to refining the QMS, meeting resource needs and improving the product to better meet customer needs.

However enhancement is accomplished, management has the responsibility to direct the process of achieving it. Management should create a detailed plan for every improvement to be made and provide the necessary time and resources to those responsible for executing that plan. The improvement strategy should always include a way to measure progress and create tangible results.