A company that makes the decision to become certified under the ISO 9001 process has committed to formalize its quality management system to international standards and agreed to let outside organizations audit its processes for compliance on a periodic basis.

ISO 9001 certification can help companies win business with Tier 1 suppliers, as well as put them on their way to becoming Tier 1 suppliers themselves. Whether done completely internally, or with the help of outside consultants, ISO 9001 certification is possible for every business to attain if they have or can develop the necessary management procedures.

Certifying to ISO 9001 standards means complying with the requirements set forth in ISO 9001:2015, the latest version of the standard and the only document used for certification. Overall, the standard is a formalized version of sound quality management programs, and includes a commitment to the program by the top management of an organization, customer focus, a process approach to quality management, and the commitment to continuous improvement.

Verifying that the system works is vital to the success of ISO 9001, and requires an organization who has fulfilled the other requirements of the program to perform audits to verify compliance. These audits can be done either internally or by third-party certification auditors, or by some combination of the two.

ISO 9001 contains ten sections.  A certification body will assess whether an organization has properly implemented the requirements found before certifying the program. A program that has satisfied the requirements of ISO 9001 will have documented procedures for the control of documents and records, internal auditing, nonconforming product, and corrective actions.

The First Step

Since ISO 9001 is based on a process approach to quality control and management, the first step in implementation requires that the organization identify its key processes. These will be processes that affect the quality of the final product in some way, and will include the quality management process itself, as well as resource management, training, awareness, procurement, design and development, production, product service, product management, customer relationship management, internal auditing, and management review.

Create a Plan

Once all of these key processes have been identified, the next step is to create an organizational plan for each one of them. If any of them have not yet been developed, that becomes the first step. If all of the processes exist already within an organization, they must all be analyzed to document the work flows, and then have plans written as to how each process is to be maintained, monitored, measured, analyzed, controlled, and continuously improved. They must all then be implemented based on this written assessment and plan. Often, an organization can take advantage of the personnel already assigned to these areas to build an effective implementation plan.

Develop Objectives

The next phase of implementing ISO 9001 is to develop the quality policy and objectives that will serve as the guiding policy for each of the processes identified and implemented. The quality policy must address the eight quality management principles, which are: Customer Focus, Leadership, Involvement of People, a Process Approach, A System Approach to Management, Continual Improvement, a Factual Approach to Decision Making, and Mutually Beneficial Supplier Relationships. The Quality Policy will define the roles and responsibilities of key positions within the organization, state the objectives of the program based on market and customer needs, stress the importance of meeting customer requirements, highlight the methods used to communicate the policy to employees, and describe the inter-relationships and functional ties between all of the key processes identified.

Put Things in Their Place

The final step in preparing for ISO 9001 certification involves ensuring that all of the required documentation is in place and that all required policies, procedures, and records are written and being kept, maintained, and controlled as documented in the Quality Policy. Specifically, ISO 9001 requires an organization to have written policies that address document control, records control, non-conforming products, internal audits, and corrective actions, but most organizations will have many more as a result of the key process identification and implementation analysis performed early on.

In addition, the ISO standard lists many forms that must be developed and maintained as part of the program, including management reviews, competence, awareness, and training records, a variety of design and development records, identification and traceability of materials forms, and data analysis, among many others.

The final step in the ISO 9001 certification process requires an organization to be audited based on its working policies and procedures against the ISO 9001 Standard requirements. This can be done internally, but for an accurate assessment and added validity, a third-party certification team should be used to conduct the audit. They will ensure that all of the elements required by ISO 9001 are in fact in place and being utilized by the organization, and verify and record any non-conformities found during the audit.

The final audit is typically presented to management, who must then work to remedy the non-conformities to come into compliance with ISO 9001. Once those deficiencies have been corrected and re-audited, the certification body will issue a certificate of compliance, which is valid for three years.

During that period, internal audits and management reviews must continue in order to expedite the re-certification process at the end of the three year period.