Menu Close

ISO 9001 | Steps to Certification

What’s it take to get ISO 9001 Certified?

I remember when I first set to getting ISO 9001 Certified, I just wanted a clear path, some sense of direction. Short version of my story, I was given an opportunity to get the company ISO 9001 Certified, OSHAS 18001 Certified, and ISO 14001 Certified, all in less than 12 months…. I learned a LOT that first year.  All of this shaped what I would do and the company we would build later.  First, a little about Texas Quality Assurance and myself to help you know where I’m coming from.

Our core competencies are:

  1. Cloud Based Quality Management Software | TQA Cloud
  2. Consultation Services 
  3. Internal Auditing
  4. ISO Training

I am personally a 3rd Party Auditor with other Registrars (the folks who issue the certification so you can be ISO 9001 Certified).  I find it’s a great way to always be 100% up to date with the requirements for certification, and really gives us an edge to help our clients maintain compliance to the standards and business requirements.

If you are looking at a ground up implementation, this is what the process will generally look like.

  1. GAP Analysis – This is a short audit intended to gauge where you are, what your business processes look like, and make a plan to get you certified and compliant to your customer and regulatory requirements
  2. Consultation –  We will be with you step by step, every procedure, every form to make sure you’re headed in the right direction.
  3. Internal Audit – Similar to the GAP Analysis the Internal Audit is a full assessment for your entire Quality System, and will be conducted annually to verify conformance, identify gaps and needs for corrective action.
  4. Management Review  – We will develop the management review together and present it to the entire management team as a formal method of assessing the suitability of the Quality Management System to meet internal and external needs.  During the review the results of the Internal Audit are reviewed and assessed as well.
  5. Stage 1 Audit – This will be your first 3rd Party Audit, and a Registrar (an organization accredited to perform certification audits) will come and perform what most call a “readiness review” to assess how well you’re implementing the requirements of ISO 9001.  Generally this is a 1-2 day audit.  If nonconformities are identified, you will be required to issue a Corrective Action and resolve these nonconformities before the stage 2 audit.
  6. Stage 2 Audit –  This is your official “Certification Audit”.  The same registrar will visit again about 4-6 weeks after the Stage 1 Audit to conduct a full audit to assess your compliance to all aspects of ISO 9001. If nonconformities are identified, you will be required to issue a Corrective Action and resolve these nonconformities before the certification can be issued.  You will usually have 30-60 days to resolve any nonconformities.
  7. Certification – Generally you will receive your certification about 4-6 weeks after the Stage 2 audit, it takes time to get all of the appropriate sign offs on their end.

Now you’re ISO 9001 Certified.  You’ll contract or hire someone like Texas Quality Assurance to conduct your Internal Audit each year and that first year.  Its very hard to avoid “auditing your own work” for internal audits, and an outside party can see your blind spots better than you.  You’ll hold your management review each year, take time to really develop it and use it as a crucial tool for the management and continual improvement of your QMS.  On the first anniversary of your certification you’ll be audited by your Registrar again, but this will be your Surveillance Audit 1.  Surveillance audits only audit ½ of the standard (or roughly) each time.  Then on the 2nd anniversary you’ll have you Surveillance 2 audit (hitting what was missed on Surveillance 1).  On the 3rd anniversary you’ll have a full cycle audit conducted again to assess the entire QMS against the standard.

This process will repeat itself as long as you remain certified.  Most registrars and most 3rd party auditors will tighten their requirements for you with each audit for the first two to three years.  Its not a written rule, but it is what happens.  Make sure you have a great relationship with your auditor, and he can be an amazing asset to help you drive continual improvement and better customer satisfaction.

This may sound like a lot, but these events occur only once a year, and you’ll have our team down here ready and able to support you every step of the way.  It’s really an amazing way to drive improvement and maintain compliance to existing requirements.  Add our based software and you’ll wind up spending less time managing everything than you are today.


We value your time and energy, and hope you can find something useful in these posts.  If you have a question, a suggestion for a new post so you can learn more, or just stuck on a problem, click the button below for more information.

      Got a Question?  Need some help?     

Thank You!

Leave a Reply

Your email address will not be published.