20 steps to get ISO 9001 certification

You want to start on a quality approach or get ISO 9001 certification but don’t know where to start?

Optimiso Group reveals its strategy that has been successfully applied for over 15 years to companies of all sizes and sectors.

Through 20 steps, you will benefit from a turnkey project to implement your ISO 9001 certified Quality Management System.

certification iso 9001


1/ Presentation of the project to the employees

A certification process for ISO 9001 is a project in itself. As in any good project management, it is essential to communicate with the involved employees.

This presentation can be done in person, via videoconference, or possibly in writing and will cover the following points:

  • The objective of ISO 9001 certification
  • Explanation of the term “Quality Management System (QMS)”
  • The steps and timelines of the project
  • The involvement of each employee
  • The benefits for the company and employees
  • The support of the management in this project


2/ Description of the company’s context

The ISO 9001 standard requires defining the context of the company, which means describing the environment in which it operates.

You will define:

  • External issues: political, economic, legal, technological, etc. Several methods are possible to define external issues. We recommend using the PESTEL method.
  • Internal issues: values, company culture, knowledge, and performance.
  • Interested parties: shareholders, unions, customers, etc.
  • The scope of the standard: which activities of the company will be certified?

get iso 9001 certification


3/ Management of documented information

Numerous information will be documented during the implementation of ISO 9001 certification. You will describe how activities are carried out, who can do what in the company, etc.

The writing of a document, often called “Document Management Policy,” will formalize the rules to follow for the description and management of this information. This document will contain, for example: the types of documents (forms, operating procedures, directives, procedures…), who can update them, how they are communicated, how versioning and updates are managed, etc.

This policy will ensure that the documentation is well described, understood by the employees, and regularly updated.


4/ Activities inventory

To answer the question “What does the company do?”, it is important to identify and list the activities (or processes) carried out. You will see that this essential step will serve other steps of the project.

For better readability, this inventory often groups activities at several levels. Let’s take the example of the “Human Resources” process, which could be presented as follows:

Get ISO 9001 certification

Generally, companies identify between 100 and 200 processes that they consider necessary to follow as part of their quality approach.


5/ Identification of risks and opportunities

This step involves identifying operational risks only. These are the risks related to the quality of the product or service and customer satisfaction. For example:

  • Risk of computer breakdown
  • Risk of product delivery delay
  • Risk of stock shortage

In this step, it is also necessary to identify opportunities. For example:

  • Increase in customer demand
  • Improvement of productivity.


6/ Activities description

First, define what needs to be described, based on the inventory of activities and certain identified risks. Then, describe only what will be useful for employees and the company.

These descriptions can take different forms: work procedures, checklists, operating instructions, videos, etc. Some basic rules must be applied to ensure that your documentation is read and understood by employees.


7/ Process and process map

Thanks to the inventory of activities established in step 4, it will be easier to establish the process map and obtain a macro vision of the company’s activities.

To create the process map, one can start from customer needs (on the left) and aim for their satisfaction (on the right). In the middle, we will find the company’s mission, grouping together the main activities or core business. Management and support processes are often represented respectively at the top and bottom of the map.

get iso 9001 certification

For the main processes, it is also recommended to create process sheets that group the process steps, related risks, indicators, resources, or even stakeholders.


8/ Management of non-conformities and improvements

One of the objectives of ISO 9001 certification or quality management is to collect non-conformities to ensure that problems that have occurred do not recur.

It is essential to describe a procedure that explains how these non-conformities are managed, as well as for improvements. It is important to manage them well to ensure the continuous improvement of the company, whether they arise from a non-conformity, an audit, or a suggestion from an employee.

These procedures will be of great help to business employees, who are not always trained in quality management. They will encourage employees to report problems and be proactive in proposing solutions.


9/ Identification of indicators

The ISO 9001 standard requires measuring performance indicators. In other words, it means establishing indicators that answer the question “Are the company’s activities functioning well?”.

These indicators provide information on the company’s operations, such as:

  • Delivery time
  • Customer waiting time
  • Number of errors
  • Customer satisfaction


To ensure the proper measurement of these indicators, create a record for each of them with the following information:

  • Why is it measured?
  • How is it measured?
  • Who will measure it?
  • In what format will it be represented?


10/ Identification of knowledge

First, let’s show the difference between “knowledge” and “skills” through a concrete example.

  • I know how to assemble an IKEA furniture = knowledge
  • I have successfully assembled an IKEA furniture before = skill

The ISO 9001 standard requires identifying the knowledge necessary for the successful completion of activities. Again, based on the inventory of previously conducted activities, list the necessary knowledge for each process.

For the sales process, for example, the necessary knowledge could be:

  • Customer history
  • Proposed offers
  • Issued offers
  • Local market specifications
  • Customer specifications
  • Standards


11/ Identification and assessment of skills

For this step, ISO 9001 requires identifying and assessing the competencies necessary for a given position and to ensure the proper implementation of a process.

A matrix like the one below makes it easy to distinguish the required competencies for each position. A similar matrix can be created by crossing competencies and collaborators to identify any gaps.

If competencies are missing, then the employees concerned will need to be trained, supervised, recruited, or outsourced. All of these actions must, of course, be monitored and documented.

Get ISO 9001 certification


12/ Evaluation of suppliers

The evaluation of suppliers (and subcontractors) is one of the key elements of your quality approach. Indeed, if the quality received from a supplier is poor, the quality of your delivered product or service will be affected.

It is then necessary to identify the key suppliers who have a direct impact on the products or services you offer. For each of them, you will then define quality criteria, an evaluation frequency, and whether it is necessary to directly audit the supplier.


13/ Customer satisfaction evaluation

The objective of ISO 9001 certification and a quality approach is to ensure customer satisfaction, so it is essential to evaluate and monitor it. So how do you know if your customers are satisfied with your products or services?

There are many methods for measuring this satisfaction: satisfaction questionnaire (paper or online), survey kiosk, customer interview, analysis of customer losses or gains, etc.


14/ Quality Policy

The quality policy is a document that formalizes the following elements:

  • The commitment of the management
  • The purpose of the company
  • The commitment to customer satisfaction
  • The commitment to continuous improvement

It is important that this policy is communicated to employees and stakeholders. It must be known and understood by everyone.


15/ Customer and external partner property

The ISO 9001 standard requires that the company identifies the property of customers and external partners. Sometimes, to produce its product or service, the company receives something from its customer. Customer property may include materials, components, tools and equipment, premises, intellectual property, or personal data.

For example, in a real estate agency, the company manages the rental of apartments or buildings that belong to the customer. In this case, it is important for the agency to identify these properties and describe their condition in order to protect and safeguard this property.


16/ Awareness of employees to QMS

This step involves training and informing employees as they will be the ones implementing the quality management system and ensuring the success of the process.

These information or training sessions should be regularly conducted for existing employees and for each new employee joining the company.

They may include the following topics:

  • Project progress
  • Quality policy
  • Document management
  • Participation in continuous improvement (how to report incidents and improvements)
  • Internal quality audit
  • ISO 9001 certification audit


17/ Internal quality audit

Internal quality audit allows to verify that the work is carried out as defined.

To do this, the company must train one or more employees in internal quality audit. These employees will develop an audit plan to identify the activities, positions or products that will be audited throughout the year. Then, the auditors will interview some employees to ensure that the activities are functioning properly. They will also collect their suggestions for improvement or incidents that may have occurred.

Subsequently, the results of these internal audits must be transmitted to the management, who will undertake corrective actions if necessary. It is important to keep the audit reports properly, which will serve as evidence during the certification audit.

get iso 9001 certification


18 / Management review

At least once a year, the Management must carry out a review of the QMS to ensure that it is still appropriate, relevant, and effective.

During this management review, the following topics will be discussed:

  • Progress made on actions decided upon during the previous review
  • Changes in external and internal issues
  • Information on quality performance: non-conformities and improvements, indicators, internal quality audits, customer satisfaction, evaluation of suppliers, resources allocated to the QMS, and objectives.
  • Effectiveness of the actions implemented regarding risks and opportunities
  • Opportunities for improvement.


19/ ISO 9001 certification audit

It’s the big day! After all this work, the project is finally coming to fruition. The ISO 9001 certification audit takes place in three main phases.

Phase 1: This phase is also called the “pre-certification audit”. The auditor meets with the internal project manager and the general management to ensure that all necessary documentation is present and that the company has fully embraced the concept of continuous improvement. The auditor then gives approval to move on to phase 2 and submits an audit plan.

Phase 2: This phase is the actual certification audit. After submitting an audit plan, the auditor will interview the internal project manager, general management, and a few employees to verify the following elements:

  • Management commitment
  • Compliance with ISO 9001 requirements
  • Proper functioning of continuous improvement
  • Implementation of a risk-based approach
  • Employee involvement in the QMS

At the end of the audit, the auditor will orally provide their position on the certification decision and share any deviations detected. The auditor will then recommend your company to the certification body, and a few weeks later, you will receive the audit report and your certificate.


20/ After certification

Congratulations, your company is now ISO 9001 certified! This is the beginning of a new adventure to maintain and improve your quality system.

You will need to regularly:

  • Maintain the certification with the certification body
  • Manage documentation and ensure it is up-to-date and accessible
  • Re-evaluate risks
  • Monitor indicators
  • Conduct internal quality audits
  • Re-evaluate competencies
  • Re-evaluate suppliers
  • Ensure customer satisfaction
  • Handle non-conformities
  • Implement improvement projects
  • Communicate your SMQ-related actions internally and externally
  • Organize a management review once a year

ISO 9001 certification is organized in a 3-year cycle. After the certification audit, surveillance audits will take place each year (years 1 and 2) followed by a renewal audit every 3 years.

In conclusion, these 20 steps structure the implementation of a quality approach and the obtaining of ISO 9001 certification. They should enable you to take advantage of a QMS that is useful for both employees and management.

With ISO 9001 software such as Optimiso Suite, you benefit from a reliable and centralized quality system, improved employee participation and easier audits.

Updated at 21 April 2023

Share this article