The Ultimate Guide to ISO 9001

  • Guides

Not sure what ISO 9001 is, why you need it, what the benefits are and how much it costs? We’ve built the ultimate guide to ISO 9001 to answer those questions.


ISO 9001 Overview

  1. It’s a Quality Management Standard (QMS)
  2. Published by the International Organization of Standards (ISO)
  3. Provides guidelines for the development, implementation and management of a QMS
  4. It’s the world’s most popular ISO Standard
  5. 6 million ISO 9001 certificates have been issued across 178 countries
  6. It’s updated every 5 years, and 2015 is the most up-to-date Standard
  7. It’s applicable to any business, of any size, anywhere!

Why is ISO 9001 so Popular?

Quite simply, because the standard has the reputation of being the way that an organisation proves its quality credentials. That’s why ISO 9001 is requested in so many public and private sector tender situations and is so important to become certified, especially in the UK.


The British Assessment Bureau’s (BAB) own research in the 2016 Client Satisfaction Survey revealed that ISO 9001 had in fact over-delivered. When asked for their motivation for implementing the standard, 43% of clients said their motivation for ISO 9001 certification was to win more business. Having achieved certification, 62% said ISO 9001 had successfully led them to winning work.


A breakdown* of the benefits of ISO 9001 is below:

  • 76% improved internal processes and efficiency
  • 62% qualified for, or won new business
  • 24% could tender for more new business
  • 13% retained contracts with existing clients

*Percentages equal more than 100% as some clients cited more than one benefit

ISO 9001 – the facts

Many have heard about ISO 9001, but still aren’t sure about the relevance to them. Simply put, it can improve your management systems and help you win new business! ISO introduced ISO 9001 in 1987 to replace British Standard BS 5750.


It’s a truly international standard, having had input from 159 national standard institutes. Committees within these institutes have representatives from all sectors and industries. Their aim is to keep standards fresh and, on average, ISO standards are updated every 5 years – requiring 75% support from the world network to make changes.


RECOMMENDED READ: Business growth tips

ISO 9001 is a QMS and is a generic Standard. This means it can be applied to any organisation, across any sector, large or small and irrespective of whether it produces products or is a service related business.


It has already been implemented by more than 1.6 million organisations across 178 countries. Unlike many industry or national standards, ISO 9001 is recognised worldwide and is especially popular with public sector and large companies.


Why choose ISO 9001?

It would be fair to say that most organisations’ motivation for gaining ISO 9001 is to win new business. But once organisations start, they quickly find huge benefits in terms of improved internal processes, more consistent delivery and less re-work. Successful implementation can result in a dramatic reduction in costly errors and the resulting consequences for clients.


“We sought ISO certification to improve the quality and consistency of the services we offer to the people we serve.” – Stephen Hawkins, Age Concern Hounslow
“Implementing ISO certification has improved our internal processes and awareness of how we operate.” – Peter Keast, ADA Network


We find a lot of organisations apply for ISO 9001 certification because it is a stipulation for public contracts. It’s government policy to define standards in central and local government tenders to make sure that the supplier is fit for purpose. As you’d expect, it’s particularly important that government bodies are able to show they are spending taxpayers money wisely.


ISO 9001 is often a requirement in the private sector too, particularly when applying to become part of a large supply chain, where the main contractor has ISO 9001 in place. It’s clear that many organisations, who originally sought ISO 9001 to qualify for work, are pleasantly surprised to find just how much of a positive influence it had on their whole organisation.


“The value that our clients hold of ISO is really quite huge – in all of our tenders there is now a requirement for ISO certification and some quite specifically ask for ISO 9001. Although we previously had quality systems in place, there were processes that were often ‘lost’ and we maybe weren’t as organised as we could be. ISO 9001, in particular, has allowed us to really develop our existing processes and as a result we are much more organised and ready for our planned growth.” – Lawrence Hargreaves, Nicoll Curtin.


The Benefits of ISO 9001


Benefits can be huge; improving internal processes, achieving greater consistency and happier customers! These benefits mean improved profitability as efficiency and productivity increases.


Virtually all businesses point to dramatic changes for the better. Even small companies benefit from implementing ISO 9001. It helps their growth, as it lays the ideal foundations for the future.


Improving your processes and the way your organisation works boosts not only productivity, but employee motivation too. Replacing bad, or even non-existent methods with functional, documented processes invariably leads to a more confident and driven workforce. ISO 9001 instils a model for continuous improvement.


Apart from bidding for public sector work, the credibility of ISO 9001 throughout the business world gives a clear competitive advantage to companies who have the standard. It’s not just about winning new business, it’s about added value to your clients too. Attracting and keeping hold of clients is more important than ever.


Did you know that ISO 9001 is part of a group of management standards? As well as quality, covered by ISO 9001, there is a standard for Environmental Management (ISO 14001), Information Security Management (ISO 27001) and Health and Safety Management (OHSAS 18001). They share many principles, so choosing an integrated management system can save you money as well as provide across-the-board benefits.


RECOMMENDED READ: Make time for ISO 9001

“We have received recognition from business partners on the quality of our products and services and feel our reputation has been enhanced as a result!” – Mario Theodosiou, Omega Lettings
“In more and more commercial situations, having ISO certification has helped us to differentiate ourselves from competitors.” – Peter Keast, ADA Networks


Choosing a Certification Body


When you achieve ISO 9001 certification through a Certification Body, you have proven that an independent third party has verified that you meet all requirements of the standard. This is a powerful message to both new clients and current clients.


RECOMMENDED READ: Relax with guaranteed certification


Not all Certification Bodies are equal. It’s important to compare costs carefully. Pay particular attention to ongoing fees. Some will charge ‘annual management or administration fees’, others don’t. An annual re-audit is mandatory but some Certification Bodies may insist on visiting (and charging) you more than once a year.


Certification Bodies, like BAB, carrying out certification to ISO management standards will be following ISO 17021:2011 – requirements for bodies providing audit and certification of management systems. In order to remain objective and impartial, this means they cannot write documentation for you or provide consultancy in conjunction with certification. What they can do is provide ISO training, which can be a useful exercise before committing to the implementation of a standard.


How Long Does Certification Take?


  • As you might expect, implementation of ISO 9001 can take longer depending on the size of the organisation
  • You’ll need a designated representative who takes responsibility within the organisation and will drive you to success
  • You don’t have to appoint a designated ‘Quality Manager’; just someone who is the main coordinator
  • In most cases, the principles of ISO 9001 will soon become integrated within the organisation
  • Before you know it, the processes in ISO 9001 will just become the way you do things
  • For most organisations, the process will take 3 – 6 months from the first visit to the awarded certificate

What’s Involved in Certification?


The process starts with what’s known as a ‘Stage 1 Audit’. This is where your Lead Auditor will review your business and prepare a gap analysis report. This identifies the actions required to meet the standard. This becomes your helpful action plan, so don’t worry if you think you’re under prepared.


Some organisations find they already have lots of required processes in place; they just need better documentation and communication of what processes are mandatory and who has responsibility for what.


“Externally we’ve built a better reputation with clients. Internally we have a much stronger structure, and valuable processes to find areas to improve the business.” – Martyn Redstone, G4S Policing Solutions


Once you’ve filled the gaps highlighted in the Stage 1 report, your Auditor will come back to carry out the ‘Stage 2 Audit’. This will reveal the effectiveness of your QMS and whether it meets all the requirements of the standard. If you are fully compliant, you will be recommended for certification by your Auditor. The Auditors’ report will then be checked via an approvals process and if no anomalies are identified, certification is officially awarded. If you’re not quite ready, you’ll receive a free re-audit from BAB.


Ongoing Certification


Now you’ve worked hard to get your certification you’ll want to make sure you keep it! It is mandatory to have at least one surveillance audit visit per year to ensure you are continuing to meet the requirements. They sample the ongoing effectiveness of your quality management system. You’ll receive a written report with the results. These might include major or minor non-conformities and observations. Should a major non-conformity be identified, you’ll be given a set time period to rectify the situation.


Every 3rd year a full re-certification audit is undertaken. This will identify key strengths and weaknesses, and we will work with you to identify opportunities for improvement. These third year audits are more extensive than annual surveillance audits and some certification bodies may charge extra to undertake them.


Whilst we work with our clients, UKAS – the United Kingdom’s official, government approved accreditation service – insists we maintain our objectivity and impartiality. So, we can’t undertake improvements for you but we can, and will point you to recognised best practice and answer questions with sensitivity and understanding.


Ultimately, BAB want to help you gain the most from certification and reap the benefits that a commitment to continuous improvement can offer.


10 Reasons to Have Certification




Government bodies continue to stipulate Quality Management Systems in their tenders. ISO 9001 is an internationally recognised standard, with certification ensuring organisations meet a high level of quality. By asking for ISO 9001 from contractors, the public sector can prove it is spending taxpayers money wisely, whilst not having to waste time checking an organisation’s credentials. With ISO 9001 certification from a UKAS accredited body, the certificate does the talking!


ISO 9001 is revered within government. It’s no surprise that without ISO 9001, many clients simply wouldn’t have won the work.




It’s not just the public sector that deems ISO 9001 so important. As major organisations realised the benefits of ISO 9001, they started to demand it of their suppliers too. By making ISO 9001 a requirement throughout the supply chain, it ensures quality is at a consistent high level, reducing risk.




Many industries have specific legal and regulatory requirements that you must adhere to; some you may not be aware of. Going through ISO 9001 implementation ensures you meet all current legislation, saving any potential embarrassment.




Complying with legislation of course lowers your potential risks. Many companies find that their insurance premiums are therefore reduced when they have ISO 9001, partly thanks to the additional aspect of having third party verification for their quality management.




An integral aspect of ISO 9001 is customer satisfaction. It focuses on the customer instead of purely business goals by gaining feedback and analysing it. The standard will help you improve the quality of your service, adopting a ‘right first time’ attitude.


The message ISO 9001 certification sends out to customers is an important one too. An independent verification of your quality management system demonstrates your commitment to quality, customer service and continuous improvement.




Over the years, organisations can develop a variety of processes and ways of doing things. ISO 9001 encourages well defined and documented procedures that improve the consistency of your organisation’s output, by replacing any current practices that are obsolete or inefficient. With procedures in place for when problems occur, corrective action is then taken. Over time, this efficiency of process leads to fewer mistakes, and those that do occur, are caught earlier.




Greater efficiency means fewer errors, which means less re-work, product scrap and rejections. You may find you already had processes in place for many business functions, but ISO 9001 helps improve or eradicate obsolete processes that are counter-productive. The standard introduces better process control and flow, improves documentation of processes, and creates awareness of quality amongst employees.




A fundamental part of all ISO management standards is continual improvement, challenging you to strive to make regular improvements.




With improved management processes, the greater efficiency gained from implementing ISO 9001 can lead to an improvement to the bottom line. With improved processes leading to less overall work, this results in cost savings when delivering the product/service.




It is fair to say, that with proper processes in place, staff will feel more at ease with their job roles, leading to greater job satisfaction and motivation, especially when they are made aware of how quality and overall success depends on them.


Of course, achieving certification to an internationally recognised quality management standard is something to be proud of, so becoming certified should be celebrated! Including your staff throughout the process is key to getting both buy-in and motivation.


10 Steps to Certification



The first step for any organisation is making sure that the standard you’ve chosen is the right fit for your organisation, right now. It’s worth noting that you must have been operating for at least 3 months to become certified. This is so you have some processes in place that can be assessed.


We recommend engaging with any industry or professional associations that you may be actively involved in, to see how ISO certification has worked for other members. You could also speak to certified clients or suppliers, as well as using local and national government resources for a wealth of information on ISO standards.




As part of the standard requirements, you’ll need to purchase a copy of the standard from ISO themselves, which includes all of the requirements you must adhere to. Along with the support from your Account Manager and Auditor, this will help you on your way to learning the internationally recognised quality management system.




Implementing an ISO quality management system needs to be an organisation-wide target developed by senior management. Ongoing effort will be needed to ensure good habits are maintained throughout the process, so a ‘champion’ will be needed – or a dedicated team if you work in a larger organisation. This person or team will also need to be responsible for developing the actual Quality Management System.


Getting buy-in is one of the biggest challenges whilst on the route to achieving certification. We have published numerous articles focusing on the benefits of all of the main standards which can help communicate exactly why your organisation is taking these steps.




If you’re completely new to ISO standards, then a training course could be beneficial to improve confidence and skills to help in the implementation process. Even if you are fairly experienced, a refresher course ensures you’ll get the most out of the standard. External and bespoke in-house courses are available. Our open ISO training courses are held throughout the UK on a monthly basis.




We cannot provide consultancy services as it would affect their impartiality. It is acceptable to independently source a consultant to help you along the process. They can help on an implementation strategy, and a good consultant should increase the value of the process. The use of a consultant doesn’t remove your responsibility for establishing and implementing your ISO standard. It is in your own interest that you and your management are actively involved with the consultant throughout. Beware of any ‘ready-made’ management systems which may not suit your organisation.




It’s important to know what you’re signing up to when agreeing to proceed with a Certification Body. The popular ISO management standards are based on a 3-year cycle. Some CB’s will expect you to sign up to a minimum 3-year contract to suit. Whilst only an annual visit is required, there are some who will insist on seeing you more frequently. It’s important you clarify this when obtaining quotes and check for other hidden costs such as ‘registration’ and travel fees.




The ISO management standards are designed to be generic, applicable to organisations of all sizes and industry sectors. While the standards provide a framework for good management practice, specifying things that need to be included, they do not tell you how to do them.


The fundamental part of achieving certification to an ISO standard is forming a Management System; a Quality Management System (QMS) for ISO 9001. The Management System is formed of processes for management activities, provision of resources, production realisation, measurement, analysis and improvement.




The process starts with a ‘Stage 1 Audit’. This is when your Auditor reviews your business and provides a gap analysis report identifying the actions required to meet the standard. This can be used as a helpful action plan, so don’t worry if you think you’re under prepared. Some organisations find they already have some required processes in place; they just need better documentation and communication of them. It’s important to remember, with BAB you can’t fail!




Once your organisation is ready and has filled the gaps highlighted in the Stage 1 report, your Auditor will visit you again to carry out the ‘Stage 2 Audit’. This will reveal the effectiveness of your management system and whether it meets all the requirements of the specific ISO standard you wish to be certified to (e.g. ISO 9001). If you are fully compliant, you will be recommended for certification. The auditor’s report will then be checked via an approvals process, and if no anomalies are identified; certification is officially awarded.




The maintenance of your management system is where the hard work really starts. Continued buy-in from everyone is important for implementation to succeed, and for you to gain the true benefit of becoming certified.


In-house communication and training should be carried out regularly to ensure ongoing awareness and engagement with staff. More formally, internal audits should also be carried out to ensure the requirements of the standard are continually met. A management review should then be held to set out corrective actions as required.


MARK0001 | V1 | 01.06.2016 | ISO 9001: The Ultimate Beginners Guide


profile image of Derrick Ross
Written by Derrick Ross

QMS Scheme Manager - International Register of Certificated Auditors (IRCA) Lead Auditor providing support to national Assessor team for Quality Management System and Senior Lead Assessor/Auditor, providing third-party certification to businesses in a variety of sectors. Including ISO 9001, ISO 14001, OHSAS 18001 and ISO 27001.