What is an ISO 9001:2008 Quality Management System?

It is the international standard that sets out requirements for a quality management system. It is intended for use by any organization, whether a business, nonprofit, government agency or other, that:

  • needs to demonstrate that its services or products consistently meet customer requirements, and any applicable statutory, regulatory or contractual ones
  • wants to enhance customer satisfaction.
  • Note the use of the word ‘demonstrate’. Anyone can use this standard and get value from it, but if you want to get ISO 9001 certification you must satisfy a certifier/registrar that you meet all its requirements.
  • The full title of the document is ISO 9001 Quality Management System – Requirements, it’s most commonly just known as ISO 9001.

The ISO 9001 standard is the most widely known and internationally accepted model for a quality management system, used by organizations across the globe for some highly effective quality systems. ISO 9001 is a set of universally understood and accepted quality business practice standards which, when well implemented, give customers confidence that suppliers of products and/or services can consistently meet their needs and requirements.

Who develops the ISO Standards?

ISO is not an acronym. It is a short-form name for the International Organization for Standardization. The International Organization for Standardization (ISO) is a non-governmental, worldwide federation of national standards institutes that has developed the most widely implemented and respected quality standards in the world.

ISO standards are developed by groups of experts, within technical committees (TCs). TCs are made up of representatives of industry, NGOs, governments and other stakeholders, who are put forward by ISO’s members. Each TC deals with a different subject, for example there are TCs focusing on screw threads, shipping technology, food products and many, many more. ISO has over 250 technical committees. Details of the technical committees and links to the secretariat and chairman contact details can be found in the list of technical committees.

What’s in ISO 9001?

Basically, it consists of a set of requirements for managing quality. The requirements are not arcane, definitely not impossible but simply good business sense, as agreed by a group of people drawn from across the world.

In a Standard, a requirement is something you must do or have. Examples of requirements in ISO 9001 include:

  • you must know what your customers want; if something’s unclear, you must clarify it with them
  • you need to have processes to get the results you want
  • you must control, manage and improve your processes suitably
  • if people work at something that would affect the quality of your services or products, they must be competent for their work
  • you must periodically review how you are performing
  • when something goes wrong, you need to review what and why, and fix things so that it doesn’t come up again.

Most Standards are very specific; ISO 9001 isn’t. All its requirements are generic, which means they can be applied to any organization, regardless of type, size or whether in a private or public sector.

How does ISO 9001 interact with other standards

ISO 9001 is the standard for a quality management system that closely resembles many other management systems. These other systems, based on health, safety, the environment, and business continuity, can be integrated into an overarching business management system. Benefits of this system include aligned interests, reduced costs, and improved efficiency. With one of these systems in place, it is easier to implement any of the others; many documents required for a different standard are already prepared, and personnel are already accustomed to the audit process. Using multiple standards will not only increase the efficiency of an organization, but increase the integrity of its operations.

Where can I obtain information on ISO 9001:2008?

There are a number of sources of information on ISO 9001:2008 quality management system standards, including, of course, the Standards Group web site at http://standardsgroup.asq.org, which carries detailed information on the revision program and is updated on a regular basis. The ISO Central Secretariat in Switzerland also maintains a web site at http://www.iso.ch that carries general information on the revision program. There are also a number of publications available that focus on the ISO 9000 quality management system standards.

What are the basic principles of ISO 9001 Quality Management System?

The standard is built upon eight fundamental principles of quality management, embedded into its various requirements. It’s worth spending time thinking about them. Because regardless of you are or want to get an ISO 9001 certificate, applying them will help improve any organization including yours, no matter its size or type. They are:


  1. Customer focus
    Successful organizations do this. It’s critical to understand what your customers want, what they need and meet their requirements. You also need to have ways of keeping in touch with how they perceive your performance, that is how well they (not you!) think you’ve met their requirements. Most importantly, these efforts will be recognized by the customer, creating customer loyalty. And customer loyalty is return business.
  2. Leadership
    Leaders provide clear direction to an organization, pointing the way and being clear about its purpose (or mission/vision). They should lead, encourage, and develop a culture and environment in which people do what needs to be done to satisfy customers. A team of good leaders will establish unity and direction quickly in a business environment. Their goal is to motivate everyone working on the project, and successful leaders will minimize miscommunication within and between departments. Their role is intimately intertwined with the next ISO 9001 principle.
  3. Involvement of people
    The inclusion of everyone on a business team is critical to its success. This is the most way to achieve quality. Everyone contributes to the success (or otherwise) of an organization and has a part to play in it, as well as a responsibility for quality. Involvement of substance will lead to a personal investment in a project and in turn create motivated, committed workers. These people will tend towards innovation and creativity, and utilize their full abilities to complete a project. If people have a vested interest in performance, they will be eager to participate in the continual improvement that ISO 900 facilitates.
  4. Process approach
    A process is a sequence of related activities that is organized to achieve a particular purpose. Efficiency is better achieved when things are managed as processes, rather than as individual tasks or separate departments. Process approach is you decide what resources and inputs you need, and how to do things in order to arrive at the result you want.
    This process approach to quality management can lower costs through the effective use of resources, personnel, and time. If a process is controlled as a whole, management can focus on goals that are important to the big picture, and prioritize objectives to maximize effectiveness.
  5. Systems approach to management
    If leaders are dedicated to the goals of an organization, they will aid each other to achieve improved productivity. Some results include integration and alignment of key processes. Additionally, interested parties will recognize the consistency, effectiveness, and efficiency that come with a management system. Both suppliers and customers will gain confidence in a business’s abilities.
  6. Continual improvement
    The importance of this principle is paramount, and should a permanent objective of every organization. Through increased performance, a company can increase profits and gain an advantage over competitors. If a whole business is dedicated to continual improvement, improvement activities will be aligned, leading to faster and more efficient development. Ready for improvement and change, businesses will have the flexibility to react quickly to new opportunities.
  7. Factual approach to decision making
    Effective decisions are based on the analysis and interpretation of information and data. By making informed decisions, an organization will be more likely to make the right decision. As companies make this a habit, they will be able to demonstrate the effectiveness of past decisions. This will put confidence in current and future decisions.
  8. Mutually beneficial supplier relationships
    An organization and its suppliers depend on each other. It is then important to establish a mutually beneficial supplier relationship; such a relationship creates value for both parties. A supplier that recognizes a mutually beneficial relationship will be quick to react when a business needs to respond to customer needs or market changes. Through close contact and interaction with a supplier, both organizations will be able to optimize resources and costs. Work with your suppliers wherever possible, so that you can both benefit.

Are these standards specific to some organizations?

No. The ISO standards are generic. The requirements of the standards can be applied to any organization providing any product or service anywhere in the world. No matter small or big, any organization that has a desire to improve its management can use the quality management system of ISO 9001. And if an organization wants to get the maximum investment returns from implementing ISO 9001, it should implement the system in the whole organization, rather than in special locations, or a certain department.

Why do we need ISO 9001?

Currently, the requirement for ISO 9001 registration is clearly market-driven. But there is growing evidence of almost universal acceptance of ISO 9001 as a truly international standard. Officials in the EU are considering mandatory regulatory requirements relative to registration. This is especially true in regulated industries, such as medical device manufacturing and telecommunications. For example, as of the summer of 1998, a business is not allowed to sell medical devices in the EU, unless a Notified Body certifies their quality management system and / or products.

Most companies that undertake the effort to implement ISO 9001 quality management systems are better prepared to satisfy their interested parties, including their customers. Some of the advantages of an effective quality system include:

  • Formalized systems ensure consistent quality and punctual delivery of products to the customers
  • Fewer rejects result in less repeated work and warranty costs
  • Errors are detected at the earliest stages and not repeated
  • A simplified environment for managing periods of change or growth
  • Improved utilization of time and materials
  • An improved awareness of company objectives
  • Improved relationships with customers and suppliers
  • The benefits of use of a recognized logo on marketing materials, if the system is registered
  • An improved corporate quality image
  • Responsibilities and authorities clearly defined
  • A reduced number of customer audits
  • An improved record management system

What are the top 3 reasons for getting ISO 9001 certification?

ISO 9001 is an internationally recognized standard for quality management; it proves that a company matches the international standards set for quality. This certification brings about many benefits to the certified company. And here are the top 3:

  1. Improves Efficiency
    ISO 9001 is designed to improve the quality of your internal processes. An initial assessment of your business is made to pinpoint the areas in which you fall short of the international standards. Amendments are suggested by the assessor and once these changes have been made an immediate difference will be seen in the efficiency of your internal processes. One big advantage of this improved efficiency is that it will save time and money meaning that less resources and energy need to be spent on complex internal processes and can instead be put to better use developing the company.
  2. Builds Customer Trust
    An ISO 9001 Certification instantly marks you as a company who cares about quality. This is likely to improve your reputation which will eventually drive profits. If a customer is happy with a product or service they have received they are more likely to tell others about this service, through these recommendations the reputation of the company grows and with it profits increased.
  3. Helps Growth
    As well as freeing up resources to help develop your company an ISO 9001 Certification allows you to stand out from your competitors. It is a sought-after status and many ISO 9001 certified companies prefer to work with others with the certification because they know that their quality standards will be upheld.

ISO 9001 is a whole lot more than a certificate on the wall; it can bring great benefits to your organization and drive you forward into a better future.

Why companies are strongly encouraged to implement the ISO 9001:2008 quality management system?

Most companies that have implemented ISO 9001 or similar systems report significant improvements in productivity due to an increase in customer satisfaction and reduction in field returns and internal failures. Effectively implemented quality systems help to define processes and develop discipline, which in turn, helps to “do things right the first time.” A published survey showed that companies that implemented a quality system for QS 9001 reduced failure rates by 40 percent and customer returns by 54 percent, reducing total cost of non-conformance by 53 percent.

What are the benefits of ISO 9001?

Many organizations initially implemented ISO 9001 because they had to! Either their customers demanded it, or their competitors had it, making it imperative that they do the same to stay competitive. As time went by, however, these companies soon realized that if properly implemented, ISO 9001 gave them many significant and noticeable benefits.

For management, an important benefit has always been improved financial performance. Many studies have shown that companies implementing a quality management system have realized cost savings through improved process effectiveness and efficiency. In addition to benefiting the bottom line, companies also realize many other advantages, including improved employee and customer satisfaction, resulting from better defined and implemented business processes.

Some of the direct benefits achieved by ISO 9001 certified companies include:

  • Improved financial performance – studies have consistently shown that ISO 9001 certified outperform non-certified companies
  • Motivated staff, who understand their roles and how their work affects quality
  • Improved product and service quality, leading to satisfied customers
  • Improved management and operational processes, resulting in less waste (both time and materials), increased productivity, efficiency and cost savings

The derivative benefits are no less important, and include:

  • Enhanced reputation
  • Repeat business
  • Ability to compete more effectively globally, both on quality and price
  • Access to new markets
  • Improved customer and supplier relationships
  • Improved employee morale
  • Improved management control

Which steps must be used in implementing a quality management system?

For a successful implementation of your quality management system, these steps are recommended:

  1. Fully engage top management
  2. Identify key processes and the interactions needed to meet quality objectives
  3. Implement and manage the QMS and its processes (using process management techniques)
  4. Build your ISO 9001-based quality management system
  5. Implement the system, train company staff and verify effective operation of your processes
  6. Manage your quality management system that focus on customer satisfaction and strive for continual improvement.

What does it mean to be ISO 9001 registered or certified?

Registration or certification is objective and documented evidence that an organization’s quality management system meets the requirements of ISO 9001:2008. Registration is carried out by independent companies called Registrars that are authorized to issue certificates after the completion of comprehensive audits of the QMS against the requirements of ISO 9001.

How long is the ISO 9001:2008 certificate in effect?

Registrars limit registrations to three years. During this period, the registrar ensures continuing compliance with the standards by checking the system via on-site surveillance audits every twelve or six months. After that, it must renew its registration by undergoing another complete systems audit.

How many companies have been ISO 9001 certified?

According to surveys conducted by ISO:

  • As of 2007, there were 951, 486 certified companies globally; 25,000 of these companies are in the United States.
  • As of 2009, China made a huge leap and became the country with the greatest number of ISO 9001 certifications issued. The country amassed 257,076 certificates (a quarter of all the ISO 9001 global certifications issued).
  • As of 2010, the worldwide total of ISO 9001 certificates was 1,109,905; 36,632 of these certificates were issued to the companies in North America.

1. We are looking to get ISO 9001 accreditation and are seeking information to achieve that. At this stage we do not have many systems in place. What do we need to do and how to go about getting ISO 9001 accreditation, including costs and time involved?

Send the person in your company who is in charge of your quality management system (QMS) certification to an ISO 9001 fundamentals training course and an ISO 9001 internal auditor course. Start by getting them educated in what needs to be done. A suitable one day ISO 9001 introduction course from an ISO 9001 American Society of Quality or Certifying Body is a good place to start. The ISO 9001 Internal Quality Auditor Course training is a 2-day course.

Your Quality Manager will also need to go to the introduction to ISO 9001 training and do an Internal Quality Auditor Course as proof that they are trained and qualified to be an ISO 9001 Quality Manager.

Once your own person is knowledgeable in the needs of ISO 9001 accreditation, understands what comprises an ISO 9001 QMS, and knows how to build one, it is very likely that they can develop a complying ISO 9001 QMS for you. They will take longer than an ISO 9001 Consultant because it is their first ISO 9001 QMS, but they will be capable of developing a compliant ISO 9001 QMS.

Whether you use an ISO Consultant to develop your QMS, or you use your own internal resources, normally is a matter of what you consider to be the most cost effective decision. ISO 9001 Consultants cost much more than an hourly rate employee, but will complete the QMS much faster and it will be built correctly. Most importantly, a good ISO 9001 Consultant will build into your QMS system the expertise and knowledge they know about world class business management systems. That is something that your employee can never know and will never do for you.

I find that if a company is driven by money-conscious management they get their own people to do their own QMS (and thus lose fortunes and countless successes in future). Those companies driven by long term success who want to build a business that will last get the best ISO 9001 Consultant that they can afford to build their QMS and happily pay the price.

2. Buy the ISO 9001 Standard and do a ‘gap analysis’ table top audit of your business processes and documents (you can use our ISO 9001 tabletop audit matrix at ISO 9001 Compliance Table) and identify what is missing from your current business management system.

3. Develop your document management framework, document numbering and document controls so that your QMS complies with ISO 9001 requirements for managing your business documents and records. Eventually you will need to update all your QMS documents with the QMS document numbering so that you can populate the document management framework and manage your paperwork.

Write the Quality Manual (an example of the top QMS document from which all the other QMS documents cascade is at Quality Manual Lead Document) and lastly backfill the tables at the end of the Manual with the documents that you use in your business to achieve the intent of each of the ISO 9001 clauses. When you come across necessary processes and documents needed by ISO 9001 that you do not yet have, you create them, you teach them to your people and you make them part of your future business practices forevermore.

If you want the consultant has to build the system from the documents that you already have allow two to three weeks to compile the framework, populate the framework with documents, develop new processes and write missing documents. (For a small business it should take less than two weeks if you have a good business management system already and up to three weeks if you have an average business management system.) The Consultant will be paid based on their hourly rate.

To these costs you need to add the cost for the Certifying Body preliminary audit and full accreditation audit, plus the certificate issuing costs. Once you are ISO 9001 accredited you have an ongoing annual certification fee to pay the Certifying Body and an annual audit from them to pay for too.

If you want the consultant to build the system from scratch, depends on how big your company is, typically it will take about 6 – 12 months.

What does quality management system documentation look like?

Documentation’ means anything written down or captured in some form: written procedures, policies, checklists, forms, or graphics, drawings, flowcharts, diagrams, even IT systems. ‘Quality documentation’ means the documents that describe your quality system and say how it should operate. A system must be documented to achieve ISO 9001 certification, because it’s one of the mandatory requirements of the standard.

The requirements in ISO 9001 for documentation are that it must include:

  • A quality policy – the position or approach that your organization takes on quality.
  • Measurable ‘quality objectives’ – what you plan to achieve, and how you will assess or measure if you did or not
  • Documents that you need to control how things are done, such as procedures. This must include procedures for 6 mandatory areas.

What can confuse people is that actually you can choose what your documents look like, what format and structure you use, and what to put in them. Provided you meet these minimum mandatory requirements. You can use one or many formats, from checklists and flowcharts to intranets, wikis or workflow embedded into IT systems. You can use any media, hardcopy or soft, including intranet, online, internet or wiki. And you can write your document in various ways, but it is strongly recommended to have them and user-friendly.

The best documentation system is the one that looks simple. Clear, concise, well-written documentation is essential if the system is to work properly. Documents should be short – no one reads long ones. Documents should be accessible – if people can get at them easily, they will be more likely to use them.

How much documentation should there be?

The ISO 9001:2008 standard requires a Quality Manual and six procedures. The six mandatory procedures are:

  1. Control of documents (clause 4.2.3)
  2. Control of records (clause 4.2.4)
  3. Internal audit (clause 8.2.2)
  4. Control of nonconforming product (clause 8.3)
  5. Corrective action (clause 8.5.2)
  6. Preventive action (clause 8.5.3)

Note that it is permissible to combine procedures so it is common to see the Corrective Action and Preventive Action procedures combined. This means you only need five procedures. Some creative companies have combined Control of Documents and Control of Records to reduce the number of required procedures to four!

Do we need to write down everything we do?

Beyond the quality manual and the six required procedures it is really up to the individual company to define where additional procedures or work instructions are necessary to ensure effective planning, operation and control of the processes of the organization. If a process or task is very complex, it may need additional documentation. You need to determine what these additional procedures or work instructions look like; they could be flow charts, pictures, work flow diagrams, process maps, or text. Whatever form you use, they should be clear, easy to read, and define the activity as it is performed. They should be verified by someone familiar with the activity. The Job Travelers can be work instructions if they contain the necessary information like what material to use and the steps in the process.

What records do we need to keep?

Records required by ISO 9001:2008 are:

  1. Clause 5.6 (Management review) – Records from management reviews
  2. Clause 6.2.2 (Competence, training and awareness) – Appropriate records of education, training, skills and experience
  3. Clause 7.1 (Planning of product realization) – Records to provide evidence that the realization processes and resulting product meet requirements
  4. Clause 7.2.2 (Review of requirements related to the product) – Records of the result of the review and actions arising from the review
  5. Clause 7.3.2 (Design and development inputs) – Records of inputs relating to product requirements
  6. Clause 7.3.4 (Design and development review) – Records of the results of the reviews and any necessary actions
  7. Clause 7.3.5 (Design and development verification) – Records of the results of the verification and any necessary actions
  8. Clause 7.3.6 (Design and development validation) – Records of the results of validation and any necessary actions
  9. Clause 7.3.7 (Control of design and development changes) – Records of the results of the review of changes and any necessary actions
  10. Clause 7.4.1 (Purchasing process) – Records of the results of supplier evaluations and any necessary actions arising from the evaluation
  11. Clause 7.5.2 (Validation of processes for production and service provision) – Records as per requirements according to established arrangements
  12. Clause 7.5.3 (Identification and traceability) –Where traceability is a requirement, record of unique identification of product
  13. Clause 7.5.4 (Customer property) – Records of reporting to the customer, if any customer property is lost, damaged or otherwise found to be unsuitable for use
  14. Clause 7.6 (Control of monitoring and measuring equipment) – (i) Records of the basis used for calibration or verification, where no international / national measurement standards exist (ii) Records of the results of calibration and verification (iii) Validity of the previous measuring results when equipment is found not to conform requirements
  15. Clause 8.2.2 (Internal audit) – Records of the audits and their results
  16. Clause 8.2.4 (Monitoring and measurement of product) – Records indicating the person(s) authorizing release of product for delivery to the customer
  17. Clause 8.3 (Control of nonconforming product) – Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained
  18. Clause 8.5.2 (Corrective action) – Records of the results of action taken
  19. Clause 8.5.3 (Preventive action) – Records of the results of action taken

In addition, you might give careful consideration to other records you might need to include in your QMS to ensure effective planning, operation and control of the processes of the organization and provide you an important evidence or historical reference for critical areas. Some examples of additional records are maintenance (6.3) and customer satisfaction (8.2.1). You need to define how long they are kept.

Can we put the records online?

Records can be both electronic and paper, unless there are legal requirements. Hardcopy (paper) is certainly not the only way to do it; you can put some or all of it online as an intranet or internet website, for example, or in an IT system. And online documentation makes many things easier, such as distribution and update.

How does a small organization adapt to the requirements of the standard? What flexibility is allowed?

The requirements of the revised ISO 9001 are applicable to small, medium, and large organizations alike. Provisions have been made to exclude non-applicable requirements through clause 1.2 “Application”. It is, however, up to the individual organization to determine the complexity of the system needed to demonstrate its capability to meet customer and applicable statutory/regulatory requirements for its products. My organization provides services. How are the ISO 9001 standards applicable to us? The standards are applicable to all types of organizations. The standards are equally appropriate to all sectors, including service providers.

I am a qualified quality management practitioner (consultant, auditor, or trainer). What do I need to do?

As a minimum, you should familiarize yourself not only with the requirements of ISO 9001:2008, but also with the content and philosophies of ISO 9001:2008, ISO 9004:2000 and the quality management principles. You must clearly understand your client’s activities and processes and appropriately interpret the requirements of the standards to add value to their operations.

What does ISO 9001 mean to me and my company?

ISO 9001 is a standard created to make the attainment of quality, consistent products easier by providing specific steps for development of an organization’s quality management system. This quality management system is meant to monitor the progress of a product or service as it goes through each stage of production, from development to testing to assembly to customer feedback.

One cornerstone of ISO 9001 is continual improvement. No company should ever be satisfied with the conditions of a process at the given moment; they should always be looking for ways to make these processes more efficient and effective. ISO 9001 was written with the business world’s insatiable desire for excellence in mind. This is why continual improvement is a requirement of the standard – to inspire progress and the pursuit of perfection.

ISO 9001 is an internationally recognized standard, and that may seem daunting for some smaller businesses. How are they going to implement the same standard adopted by multi-national corporations? Quite easily, actually. ISO 9001 is a flexible standard that lays down requirements for an organization to follow, but allows the organization to fulfill these requirements any way they choose. This increases ISO 9001′s scope of effectiveness, allowing a wide range of companies to create quality management systems that match their needs.

ISO 9001 is seen in every sector of the business world, and its success is a testament to its worth. With a focus on customer satisfaction, products and services improve and flourish under ISO 9001′s quality management system. With a combination of continual improvement and corrective actions – tenets of ISO 9001 – a business will create processes that run smoothly and efficiently.

How will ISO 9001 benefit my small business?

A good foundation builds a good business, and ISO 9001 is a good foundation for small businesses that want to expand their market. By introducing a quality management system like ISO 9001 to a small business, the quality of processes will increase and costs due to inefficiency will decrease. In addition, a small business will be able to advertise their use of the internationally recognized ISO 9001. This may create business opportunities that were not available before an objectively verified quality management system was in place.

Having management systems in place, such as ISO 9001, will also help when selling a business. The integrity and value of a small business will be apparent with well-documented processes and proof of quality. ISO 9001 will ensure the reputation of your business in any situation.

26. How long does it take to get ISO 9001?

It depends. For a small to medium-sized firm, it will probably come in the range of 6 – 12 months or so. If you are a large organization, have a complex system, or are starting from a very low base line, you may require longer.

Some companies have got there in 6 months or less, but they were already in pretty good shape. And while a period of 3 months is just maybe possibly feasible in theory, such a case only happens rarely.

Some of the factors that will most influence “how long to get ISO 9001?”

  • The commitment and leadership of your senior management
  • Your current status – where are you now?
  • What kind of ‘quality culture’ exists currently
  • The gaps: what gaps you have (against the requirements of ISO 9001), where they are and what’s needed to fill them
  • How or if your system is documented
  • The resources and skills you can apply.
  • But while we’re on the topic of ‘how long’, do note that the process of getting there is important. The learning and changing and improving that come along the way is part of the whole process, and trying to short cut it drastically isn’t a good idea.

27. How much will it cost to get ISO 9001?

This ‘depends’ too. There are 2 kinds of costs:

  1. Costs for the certification itself.
    You must get actual quotes from the registrar. They will first ask for some specific information from you.
  2. Costs associated with getting ready for it.
    Various factors come into question;
    Will you hire someone?
    Do it yourself with existing personnel?
    Use a consultant?

In order to adequately assess the work involved and scope the tasks and costs with some degree of confidence and accuracy, a gap analysis is required.

Factors That Influence Cost and Time are;

  • How committed and ‘quality aware’ your business owner/senior management are – usually the single most important factor
  • The current culture of your organization: its level of ‘quality awareness’, how much change will be required, and whether people are willing and open to change
  • Why you want it
  • The size and complexity of your business or organization
  • The gaps between you now and the requirements of the standard. For example, do you already have a structured and disciplined system in place to manage your business and deliver services/products consistently?
  • Whether any of your system is documented, and how well. Do you have any procedures, flowcharts, checklists, forms, policies or job descriptions? You definitely don’t have to ‘document everything’ but you do have to have some documentation of your system.
  • Whether your business activities include ‘design’ of services/products or not. If so, how complex they are (which in turn affects what documentation you need)
  • What resources you have: the skills, experience and time available
  • Schedule: when do you want certification by?

Can I do it myself?

Yes you can. You can start to do the gap analysis yourself. However for efficiency and makings sure it covers all aspect, I would recommend to engage with a consultant to do so. What you get from the consultant: An assessment by an expert, delivered as a succinct and clear report that summarizes your current status against the relevant requirements of ISO 9001, identifies the gaps, and lists all the tasks required to fill your gaps and achieve ISO 9001 ready status.

What are the roles ISO 9001 Consultants?

The roles of ISO 9001 consultants and auditors are different. What do consultants do?
Consultants help and advise. Good consultants are similar to trainers and coaches. Good consultants work with you to help you understand what is required and do what is necessary for your quality system to reach the required level. Good consultants prepare and coach you. Help you get your system ready. Advise you where you have gaps (a gap analysis) plus explain and show you how to fix the gaps, or even do it for you. Advise, teach, guide and help you throughout the process. Prepare you and show you how to meet the various requirements. They can also do internal audits for you (a requirement before your external audit).

Consultants do not do an external audit for certification purposes or award certificates to ISO 9001 or any other standard.

Is a consultant worth it?

We think so. A good consultant will add enormous value. Because of our knowledge, skills and experience, we can guide you and shorten the whole process. And make your quality system work more effectively and efficiently. Good consultants save you time and money. They will make sure you avoid the most common mistakes. And a good consultant will make sure you get a system that suits you, not just impose something on you ‘to get ISO certified’.

Ultimately only you can decide whether it’s worth it, because it’s your company, your time and your money. But do take care in selecting a consultant because it’s an important decision. And just because someone takes on the title of consultant does not mean that they should, or that they are any good at it.

What are the roles ISO 9001 Auditors?

ISO 9001 Auditor is someone with the skills and experience to audit a quality management system. Where a consultant is like a coach, the auditor is the examiner. And never the twain shall meet: certifiers cannot consult or advise you.

Auditors work for registrar; the companies who award the certificates. Registrars are private organizations (not government bodies) who are accredited to award certificates and are service providers. Only properly accredited certifiers can award certificates to an ISO Standard.

What they do: Audit quality management systems. Decide if the system meets all the requirements (complies with) of the relevant Standard. If so, recommend that a certificate be awarded. Issue the certificate. Return and re-audit the system at intervals to make sure it remains compliant.

They don’t: Coach, help you prepare, give advice, tell you what to do or explain how to ‘pass’. That is consulting and they are prohibited from doing it; apart from other issues, it would be an obvious conflict of interest.

But good auditors understand they are specialized providers of services and take a ‘business partner’ approach, aiming to help and provide value through audits of their clients, rather than act like a quality cop or inspector.

Are all registrars the same?

All registrars assess you against the same Standard, and follow a similar process. But there are differences between them, so take your time to choose. Work out what you need first, ask questions and choose the one you think will best suit your business and your needs.

How to Choose an ISO 9001 Registrar?

When choosing a certification body for ISO 9001 certification, these are the aspects the organization needs to take into account. Cost is not the only consideration. Criteria to consider include:

  • Evaluate several certification bodies
  • Has the certification body has been accredited? Accreditation, in simple terms, means that a certification body has been officially approved to certify organizations.
  • Is there accreditation internationally recognized/accepted?
  • Does the Certification Body follow ISO/IEC 17021:2006? ISO 17021Conformity assessment – Requirements for bodies providing audit and certification of management systems. Read who is accredited.
  • Do the auditors have experience in your industry?
  • Is the Certification Body approved for certifications you may consider in the future business?

The most important factor in choosing a registrar is how well they can work with you. This includes how well they know your industry, how much experience they have with similar companies, and how well they communicate with you and your employees. There are many rules that a registrar must follow, issued by organizations like the ANAB (ANSI-ASQ National Accreditation Board)

Interview 3 or more registrars to get a good idea of the options available and differences between registrars. Look locally if you have good choices, it will save on costs, but if you do not find a good fit look farther. The benefits of your relationship with your registrar will pay off. Remember that these are experienced professionals that spend day after day evaluating how companies do business. The feedback you get from them is one of the best ISO 9001 certification benchmarking tools available.

When to select a registrar?

Organizations often wait until they feel their QMS is running smoothly before they select a registrar. However, we recommend choosing them earlier in the process – like when they are creating their documentation. Why?

1. This assures that you can find one who is able to meet your timeframe.
2. The advantage of interviewing them early is that they will ultimately be the ones who will evaluate your QMS.

A registrar CANNOT consult for a company who they audit, but they can explain (based on their experience) how they intend to audit your organization. So if you choose them earlier in the process you can ask them questions along the way. It’s like asking the teacher what you’re going to be tested on. This can be important because much is up to the individual’s discretion (like a referee in a sporting event) and you’d be wise to consider it.

Where to find the accredited registrars list?

See here http://www.iqrc.com/accreditedregistrars.htm

How to choose an ISO 9001 quality consultant?

Arrange a time to meet with the consultant candidate and ask your questions.

  • How long have you been in the field of quality management?
  • What’s their background?
  • What have they achieved?
  • How much experience do they have? And in what fields?
  • What do you see as the most important factors in getting ISO 9001?
  • What do they mean by quality?
  • What would they need from you? What can we do to make this project go smoothly and minimize the cost or time?
  • What’s been your best quality (or ISO 9001) job? And why?
  • What was their most difficult one?
  • Are their clients mostly in services or manufacturing?
  • Ask the consultant to show me some samples of their previous work
  • Ask the consultant to give you some references
  • Will they give you a written proposal?
  • If we do decide to use you, how will progress be tracked?
  • Are they willing to do a part of the project first, such as a gap analysis or a project plan to an agreed price?
  • Is there a guarantee of their services?
  • If we use them and don’t get the certification first time, what will they do?
  • How long will it take to get ISO 9001 certification?
  • How much is the cost?

How long will it take to get ISO 9001 certification?

This depends on where we are starting from. If your business is operating successfully with satisfied customers, you will probably have 90% of the requirements of ISO 9001 already in place. Addressing gaps that may exist in compliance with ISO 9001, producing your manuals and implementing any necessary improvements are typically carried out over a period of 3 to 4 months. This gives you time between consultant visits to review and try out the manuals and processes before you commit to assessment.

How much is the cost for ISO 9001 registration?

The costs for the audits and registration will be dependent on the size of your company, the number of locations, the accreditation that you need, and the distance between you and your Registrar.

The costs are typically dependent on the number of audit days required for the registration audit and the surveillance audits, the travel costs for the auditors, and the administration fees and accreditation fees for the registration;

  •  A good estimate is $1400/day + expenses, but contact a registrar for a quotation.
  • The number of days is based upon the size and complexity of your operation
  • Expenses include travel expenses for the auditor to your facility.
  • Number of auditing days a CB can assess is regulated by ISO 17021