Resources
Learn more about ISO 9001 certification with our free guides and checklists.
How ready are you for ISO 9001 certification? Use this assessment tool to get an estimate.
Locate independent, third-party ISO 9001 consultants around the world.
Access a comprehensive guide to important certification terms and definitions.
Get the latest updates and information on ISO 9001 certification.
Click to get a quote and start your certification journey
Step 1 of 20
You should be able to demonstrate that you have considered internal and external issues, and that they are monitored and reviewed. These issues can include both positive and negative factors, and can be (e.g.): legal, technological, competitive, market trends and industry, cultural, social, political and economic environments, international, national, regional or local (etc). You may have done this by completing exercises such as a SWOT analysis or a PESTLE analysis, or you may have listed them or maintained them in an internal document.
You must be able to demonstrate that you have considered interested parties, and their needs and expectations. Interested parties are people or entities that have an interest in your organization—for example, customers are an interested party, and their needs and expectations include value for money, on time delivery, and quality products/services. The Government and Industry Regulators are also interested parties, and their needs and expectations include compliance with regulations and other statutory requirements. You may have done this as part of exercises such as a SWOT analysis or a PESTLE analysis, or you may have listed them or maintained them in an internal document.
The scope of your management system will be recorded on your ISO certificate, and identifies what areas your certification covers (i.e. the 'boundaries' of your certification). This scope needs to state the types of products and services that are covered by your management system, and justify any non-applicability (e.g. clauses and/or locations that are not included).
You must be able to demonstrate that you have determined the processes that are needed to support your management system, and identified how these interact with each other. You must also be able to demonstrate how these processes have been applied throughout your organization.
You must be able to demonstrate that you have a quality policy that is appropriate to the purpose and context of your organization, that provides a framework for setting quality objectives, and that includes commitments to continual improvement and to satisfying applicable requirements. Your quality policy must be available, documented, and be communicated both internally and to relevant interested parties.
Top management must ensure that responsibilities and authorities for all relevant roles are assigned, communicated, and understood within your organization. Sometimes this is completed using an organizational chart or similar document.
You must be able to demonstrate that you have determined any risks and opportunities that need to be addressed to ensure that your management system can: - Achieve its intended results; - Continually improve; - Enhance desirable effects; and - Reduce or prevent undesirable effects. These risks and opportunities should consider relevant internal and external issues, interested parties, and all areas that are in scope of your management system. You can address risks by (e.g.): - Avoiding the risk; - Taking the risk in order to pursue an opportunity; - Eliminating the risk source; - Changing the likelihood or consequences; - Sharing the risk; - Retaining risk by informed decision (etc). You can address opportunities by: - Adopting new practices; - Launching new products; - Opening new markets; - Addressing new customers; - Building partnerships; - Using new technology (etc).
You must be able to demonstrate in a document that your organization has determined appropriate quality objectives that consider all relevant functions, levels, and processes needed for your quality management system. Quality objectives must: a) Be consistent with the quality policy; b) Be measurable; c) Take into account applicable requirements; d) Be relevant to conformity of products and services and to enhancement of customer satisfaction; e) Be monitored; f) Be communicated; g) Be updated as appropriate.
You must be able to demonstrate that your organization has determined, provides, and maintains its infrastructure and any monitoring/measurement equipment that it uses. Infrastructure can include: - Buildings and associated utilities; - Equipment, including hardware and software; - Transportation resources; - Information and communication technology. Monitoring/Measuring equipment includes equipment that requires regular calibration such as: - Torque wrenches; - Electrical testing equipment; - Thermometers etc.
You must be able to demonstrate that you ensure that persons doing work for your organization have the competence to do so. This competence could come from education, training, or experience. You must also keep up-to-date records of competence required for and held by anyone that can affect your management system.
You must be able to demonstrate that you have determined all internal and external communications that are relevant to the management system, and that you control: - What will be communicated; - When and to whom it will be communicated; - How information is communicated; and - Who communicates it. You must also ensure that all persons working under your organization are aware of the policy, its objectives, and their contribution to the effectiveness of the management system, and that they are aware of any relevant compliance obligations and of the implications of not conforming to the policy.
You must be able to demonstrate that you have a documented process for managing all information that is necessary to support the effectiveness of the management system. This policy/procedure must include: - How documented information is created and updated; - How documented information is controlled to ensure it is available and suitable for use; - How documented information is protected (e.g. from improper use, loss, damage, or illegibility); - How documented information is distributed and accessed; - How documented information is retrieved and stored; - How long documented information is stored for and when documented information is deleted; and - How documented information is preserved, handled, and disposed of.
To conform to ISO 9001, your organization must consider how it will design and develop any products/services that it intends to supply. This requirement encompasses: - The manufacturing of any product; - The supply of any services; - The introduction of any new product/service; and - The modification of any current products/services. Your process must include: - All relevant inputs (e.g. what you want to achieve, drawings, specifications, etc); - Controls (periodic checks to verify that things are going the right way); and - All relevant outputs (how you will ensure that the products/services meet your standards and inputs).
A process description or 'quality plan' can provide a clear overview of how your organization manages its job functions from initial customer enquiry through to order processing, purchase of resources, job execution, delivery and commencement of warranties, issue of invoices, and collection of feedback.
You must be able to demonstrate how your organization monitors, measures, and reviews customer perception to determine if their needs and expectations have been fulfilled. You can monitor customer perceptions using (e.g.) customer surveys, feedback on delivered products/services, meetings with customers, market-share analysis, compliments, warranty claims, and dealer reports (etc). This information should be used to analyze and evaluate the conformity of your products/services, to measure the degree of customer satisfaction, and to measure the performance of your quality management system to determine if planning has been effective.
You must carry out internal audits of your management system to ensure that it conforms to both its own requirements, and the requirements of the ISO standard. You must have also developed a program/plan that outlines how these audits will be carried out.
Internal audits must be carried out in accordance with your internal audit plan, and the results from each audit must be retained as documented information.
A 'management review' is a meeting held at planned intervals (at least annually). It must contain specific agenda points required under the ISO standard, and include both inputs and outputs. You must record the minutes of your Management Review Meetings and keep these as documented information.
You must be able to demonstrate that you maintain documented information about risks, non-conformities, and opportunities for improvement for both your management system and your products/services. This documentation must include: - The nature of any risks/non-conformities/opportunities; - Any actions taken to correct/enhance them; and - Assessments of the effectiveness of corrections/enhancements. Note that: - A ‘Non-Conformity’ is an issue, problem, or the identification of a failure to meet the standards or requirements that have been imposed by either your organisation, your ISO Standard, or relevant third parties. These can relate to a product, a service, or an activity that your organization provides or undertakes. When a non-conformity occurs, actions must be taken to control, correct, and deal with the consequences of the non-conformity. You must also take action to identify and (where possible) eliminate the root cause to prevent reoccurrence, make updates to any relevant risks and opportunities, and make changes to the management system as necessary. - A ‘Risk’ is the effect of uncertainty (i.e. the likelihood of an event occurring) and its severity, often in a negative context. - An ‘Opportunity for Improvement’ is a situation or condition where actions can be taken to enhance performance. These are imperative to ensure that continual improvements are made to the management system to enhance its performance and improve its suitability, adequacy, and effectiveness.
Thank you for answering our questions. Please provide your details below, and we'll send your results to your inbox.
Fields marked with * are required.