Steps to achieving ISO 9001 certification
Gap Assessment
ISO 9001 is an international standard of requirements used to structure a quality management system. ISO 9001 requirements are non-prescriptive, meaning the standard focuses on what outcomes and controls a company must achieve, but it does not dictate the exact methods or procedures for how processes must be carried out. This is an important distinction because it means that you often have the flexibility to make the process work for you, while meeting the requirements of ISO 9001. Many companies find ISO 9001 burdensome and restrictive. This is almost always because they do not fully realize the flexibility they have.
A “Gap Assessment” is a commonly used term for describing the activity of assessing the current processes and practices of a company and identifying the ISO 9001 requirements that are not yet being met. Companies should hire or contract people with significant knowledge or experience with implementing ISO 9001 at a variety of companies to perform a gap assessment. The knowledge and experience is critical at this stage. In many cases personnel performing the gap assessment may have had ISO 9001 experience at their last job, and will unknowingly audit the current company’s processes against the methods used by the last company. In these cases, the current company is often told that they are in much worse shape than they really are because they (of course) operate differently from the persons previous company. The person performing the gap assessment should have a strong knowledge of the ISO 9001 standard requirements, as well as implementation experience at several companies. If you are a larger organization it may be necessary to hire a full time person or team with this knowledge and experience. If you are a smaller organization and it does not make sense to hire a full time person or team, with significant experience, it may make more financial sense to contract a consultant to perform this activity over a few days.
QMS Planning & Documentation
The quality management system is a system made up of interacting processes. These processes work together and flow in a way that helps the company to achieve its overall goals. Once the gap assessment has been completed, knowledge should now be available to document these processes in a format that is useable for persons performing the process work. Persons writing the procedures should have an understanding of:
- The requirements of ISO 9001 that apply to the process being written
- The requirements that customers and other interested parties have for the process being written
- The conformance gaps identified in the gap assessment
- The process methods that do conform with the requirements of ISO 9001.
- The preferences of the process owners and users for performing their day-to-day work
Implementation
- Once the Quality Management System has been written, the company needs to begin using the practices specified in the QMS documentation. Effective ISO 9001 implementation requires putting the documented processes into daily practice through employee training, consistent execution, collection of records, performance monitoring, and management support, and continual improvement activities. Organizations must ensure procedures are followed, records are properly maintained, management review is completed, internal audits are conducted and corrective actions are used to drive continual improvement. Companies implementing ISO 9001 for the first time often struggle with employee resistance to new methods and process adoption across departments, lack of accountability, and the tendency to treat the QMS as paperwork rather than a working management tool. This is where the early efforts made, during the documentation phase, to adapt the preferred process methods of process owners to conform to ISO 9001 requirements is critical. In many cases, process owners are told they must start performing work the way it is done at another company and resistance to adoption can significantly increase. When a process owner helped to design the process and chose the method of adaptation the resistance to adoption reduces significantly.
Internal Audit
ISO 9001 requires internal audits to be performed, prior to certification. Upon implementing the Quality Management System, the company must begin using the processes and collecting records as defined in the QMS processes. These records will provide the objective evidence needed for both the internal audit and external certification audit.
- The internal audit must be performed per the requirements of section 9.2 of the ISO 9001 standard.
- Auditors must be adequately competent or trained to perform audits.
- The standard requires the audit program to maintain objectivity and impartiality when selecting auditors. A common practice is to have auditors who are external to the department or external to the company performs the audits.
- While not required, it often adds value to consider the internal audit as a practice audit, or preliminary assessment that helps prepare for the certification body audit. In many cases it adds significant value to have an auditor from a completely different department, company site or even external to the company perform the audit the way a certification body auditor would. This creates a realistic simulation of the certification audit and prevents the comfort or awkwardness of being audited by a nearby coworker.
- Bringing in outside auditors also adds value by providing new ideas, feedback and suggestions. Having an “outside-set-of-eyes” can often provide improvement opportunities that would never have been thought of before.
Management Review
One of the last things to do, prior to performing your certification audit is to complete your management review. An ISO 9001 management review is a formal meeting in which top leadership (the top decision makers within the defined scope of the quality management system) evaluates the overall performance and effectiveness of the Quality Management System. During the review, management examines key information such as audit results, customer feedback, process performance, nonconformities, corrective actions, and opportunities for improvement. These meetings are held at planned intervals with the intent of taking a step back from the day to day meetings, analysis and problem solving to assess QMS performance data over set periods of time. This is often different from other daily, weekly or monthly meetings where quick feedback are prioritized to deal with bottlenecks and other operational issues. For example, instead of looking at a machine downtime occurrence and solving it, the management review might look at a dataset of machine down occurrences across a planned period and determine whether they are increasing or certain trends can be identified. Analysis can be performed to identify long term solutions to improve the process overall.
How Long Does ISO 9001 Certification Take in Southern California?
Typical timelines:
| Company Type | Timeline |
| Small business | 4–6 months |
| Medium-size | 6–9 months |
| Large enterprise | 9–18 months |
Working with a consultant dramatically shortens the process.
Why Choose Innovative Quality Partners?
Innovative Quality Partners has been helping companies implement and maintain Quality Management Systems since 2000.
Led by Jeremy Browne, an experienced ISO 9001 and AS9100 auditor, the company provides:
- Full ISO 9001 QMS development
- Internal audits
- QMS maintenance
- Step-by-step certification guidance
If you’ve been thinking about achieving ISO 9001 certification—or improving your current system—now is the right time. Competitors in Southern California are strengthening their systems and attracting more clients through quality-driven operations.
Whether you’re just starting or need help maintaining your existing certification, Innovative Quality Partners is ready to guide you every step of the way.