What’s the state of your Quality Management System (QMS)? Is it as efficient and customer-focused as it could be? Moreover, does it help you achieve your intended quality objectives consistently?
The ISO 9001:2015 is a set of standards related to honing your QMS for greatness. They are generic and open-ended so that any business (including and especially small businesses) can use them.
In their own words, “An ISO 9001 quality management system is one which is established, implemented, maintained and continually improved, including the processes needed and their interactions, in accordance with the standard.”
The ISO doesn’t ask you to impose something new or upend your current way of working. Rather, it provides a strategic way for you to improve your QMS as well as offers opportunities like the ability to enter new markets (e.g., the public sector, global supply chain).
Back to Table of ContentsThe International Organization for Standardization (ISO) is a non-governmental organization dedicated to promoting standardization. It boasts a membership of 164 national standards bodies who share knowledge and publish consensus-based international standards that support efficiency and innovation.
Each participating body shares a common goal. They all want to help industries create and deliver products that are good quality, reliable, and above all, safe.
Since its founding, the ISO has published 22,808 International Standards and documents for almost every industry operating across the globe. The ISO 9001 is part of ISO’s attempt at promoting quality management through Quality Management Systems (QMS).
The ISO 9001:2015 is the only standard in the ISO 9000 Quality Management family that offers a certification system. It’s available to any organization in any field and of any size. Wherever you operate and whatever you do, applying the ISO 9001:2015 standard can help you achieve greater efficiency along with a long list of other tangible benefits.
Although the system provides a list of criteria, it is also open to interpretation. It doesn’t define quality or customer needs for you. Instead, it asks your organization to identify them and provides guidance for continual improvement.
The ISO 9001:2015 replaces the 2008 publication. So, if your company considered the standards before but found they weren’t a good fit, then the newly updated standards are worth investigating.
The ISO updated the 2015 version with the goal of making them both more applicable and accessible to enterprises of different sizes and in different industries.
The ISO standards are available to buy directly from the ISO website. You can read the front matter and informative content free of charge, but you have to purchase the document for full access.
Alternatively, you can purchase the standards from an ISO member body.
Once you purchase the text, you can access them through the ISO Online Browsing Platform. However, the ISO doesn’t make the 9001:2015 standards available offline.
Other products are available in paper or CD format. They ship directly from the ISO Central Secretariat in Switzerland. Delivery takes 2-10 business days depending on your shipping preferences.
The ISO 9001:2015 includes 10 sections or clauses. They are:
Each clause has between three and eight sub-clauses. You get full access to the contents when you purchase the standards.
The ISO 9001:2015 is not a legal requirement, but it does include standards that may be legal requirements in some countries (if not your own).
Your business does not need it to operate. However, the standard does help organizations maintain compliance with both national and international laws and conventions that are legal requirements.
In addition to simplifying some regulatory compliance, pursuing the ISO 9001:2015 certification also demonstrates your enterprise’s commitment to high standards of quality assurance.
The industries that benefit most from ISO 9001:2015 include:
Quality management, quality control, and quality assurance are essential processes in every project. Your team’s ability to meet key objectives and performance indicators depends not on your goals but mostly on these three processes.
According to ISO 9000:2015, the definition of quality “is the degree to which a set of inherent existing characteristics fulfills requirements.”
Quality management involves overseeing the activities and tasks that make sure your product meets and maintains your organization’s predetermined quality goals. It involves creating several programs, including quality assurance and quality control.
All of these exist in your quality management system (QMS). Quality management is a long-term program that uses short-term projects to accomplish its goals. The ISO 9001:2015 is an example of a QMS.
Quality control is a product-based approach to quality that exists both on its own and within your QMS. It includes inspecting and testing products and services against the standards listed in your QMS.
Quality assurance refers to a relationship of trust or surety. It guarantees product quality. However, it also guarantees that the finished product meets the requirements set by a company’s quality and development team. It also often includes standards set by state, national, or international law.
Like anything related to quality, quality assurance is proactive.
It doesn’t happen without your help. You need to plan and document quality processes and guidelines before you can develop a plan to meet quality requirements. All this happens in your QMS, and it is the core focus of the ISO 9001:2015 standards.
Both the ISO 9000 and ISO 9001 are based on seven ISO quality management principles (QMPs). These seven QMPs are:
The customer focus principle aims to place the focus of quality management on customer requirements. Its goal is not simply meeting a customer’s expectations but creating a product that surpasses their minimum requirements. When an enterprise is customer-focused, it creates sustainable success. Why? Because it can hold onto customer confidence and find opportunities to create more value for the customers. When you generate more value for customers, you, therefore, generate more valuable customers.
ISO’s leadership principle says that an organization’s leadership should all be pulling in the same direction. In other words, everyone should work according to a specific and agreed-upon purpose. When your organization has aligned leadership, it can then align everything else (policies, processes, etc.) to ensure everyone is working towards the same objective.
When the ISO describes the engagement of people principle, it means giving everyone a chance to create value for the organization. The ISO recommends using tools that recognize, empower, and enhance competence among all staff. In other words, your mission is to invest in your people.
The fourth principle, the process approach, requires your organization to focus on building a system with interconnected processes. You won’t find consistent or predictable results when you approach each system or objective as individual items. Instead, everything in your system should be one part of a greater whole.
When following the ISO’s improvement principle, you set your organization’s sights on constant improvement. Improvement is a core competency among organizations who want to both maintain your strengths and create new opportunities for growth.
Principle Six, the evidence-based decision-making principle, asks you to use data and information. While data analysis doesn’t get rid of uncertainty, it does better prepare you to understand the cause-and-effect relationships that exist. You also learn about the potential outcomes associated with each decision. Using data means you are more likely to produce the results you wanted in the first place.
Finally, the relationship management principle suggests that you should proactively manage your relationships. When you have a well-managed supply chain, you create stability. You also increase your ability to create value for yourself and everyone else. You can view the whole PDF here. In addition to expanding on the ideas listed above, it also provides actionable steps to take.
Back to Table of ContentsThe ISO 9001:2015 is not a legal requirement, but it does include standards that help organizations maintain compliance with both national and international regulations.
When you comply with the ISO 9001:2015 standards, you use a QMS that offers tangible benefits to your organization. Some of the advantages common across all sectors include:
In other words, companies that pursue ISO 9001:2015 standards benefit from greater productivity and higher operating efficiency at a lower cost than possible without the compliant QMS.
What is the difference between ISO 9001:2015 and ISO 9000:2015? The ISO 9000:2015 is a group (or family) of quality management systems. It concerns itself with the fundamentals of quality management systems based on eight management principles.
The principles are: customer focus, leadership, involvement of people, process approach, system approach to management, continual improvement, factual approach to decision making, mutually beneficial supplier relationships.
The ISO 9001 exists within the ISO 9000. The ISO 9001 identifies a set of standards and requirements. The entire ISO 9000 family contains these documents:
Quality control is vital to maintaining a safe and efficient factory floor. What is more, dips in quality standards show up in your products. Both your employees and customers notice, and in a world where production processes are increasingly automated, quality issues turn up in thousands of product batches at a time. The result is huge amounts of waste and poor customer relationships.
The ISO 9001:2015 standards help your team identify, explore, and optimize the processes that directly relate to product quality and customer satisfaction. Above all, they focus on both consistency and continuous improvement through safety, functional specifications, and environmentally-friendly processes.
The ISO 9001:2015 standards help construction businesses reach new levels of safety and efficiency. Because there are so many moving parts in any construction contract, the standards help you document processes for each component to help your business do things like comply with legislation and regulations and win public sector clients.
Implementing the standards also helps you manage your supply chain, which improves your overall service. It can help you train your team and improve both employee retention and engagement.
Perhaps the most important way that you can implement ISO standards is thin your management of subcontractors. When you document processes, you are better able to control both the procedures and the caretakers. The ISO 9001 standard also requires you to monitor suppliers through an approved supplier list, which prevents crises from appearing unnecessarily.
ISO 9001:2015 standards aim to improve efficiency and consistency, and both of these also require you to consider worker safety. By documenting your processes, you are better able to see where safety issues pose a threat to your workers and organization as a whole.
In addition to the items addressed in the ISO 9001:2015, you can also turn to the ISO 45001, Occupational health and safety management systems – Requirements with guidance for use.
The management standards addressed in the document attempt to reduce the risk of harm and poor health caused by the working environment. ISO 45001 incorporates the International Labour Organization’s standards (OHSAS 18001) as well as well-placed national standards and international conventions.
The ISO 9001:2015 is a helpful tool because it represents the accumulation of international quality management standards as agreed by consensus by over a hundred international bodies. It offers a chance for enterprises of all types to create a QMS that makes them competitive locally, nationally, and globally. Embracing the QMS standards also enables participating organizations to fit themselves naturally into quality-focused supply chains.
Back to Table of ContentsISO develops hundreds of International Standards like ISO 9001:2015. Most of these standards are blueprints that don’t offer a chance for certification.
The ISO 9001:2015 (and the previous 2008 version) are rare departures from the norm. They offer certification processes. However, while you can apply for ISO 9001:2015 certification, you must do so through an independent body.
The ISO does not get involved in certification. It also doesn’t issue the certificate. As a result, you can pursue ISO 9001 certification, but you cannot be certified by the ISO.
When you display your certificate or refer to it in a formal setting, you must say “ISO 9001:2015 certification” or “ISO 9001:2015 certified.” To say you are “ISO certified” or you have an “ISO certification” is incorrect. You’ll learn more about displaying your status later in the guide.
Keep in mind: you can comply with the ISO 9001:2015 standards without seeking certification. The difference lies in whether you seek an external certification audit to independently confirm that you meet the requirements.
Back to Table of ContentsAudits are a core part of the ISO 9001:2015, particularly if you want certification.
During the process, you will go through internal and external audits. An internal audit is performed by your team members. It examines your organization’s QMS.
These audits help you prepare to start the ISO 9001:2015 standardization process and help you prepare for the external certifying audits. Remember: internal auditors must be independent of the project because they can’t audit their own responsibilities.
Your nominated auditor may also benefit from ISO internal auditor training to help guide them.
You will also have external audits. These can come from suppliers, customers, or certification bodies. All external audits are important, and you should hope to perform equally well on each. However, only the certification audit can grant you the ISO 9001:2015 standard certificate.
Most certification audits occur over two stages. During the first, the auditor examines your readiness for the second stage. It may also occur remotely because it is largely a review of your documentation.
Once you pass into the second stage, you receive a visit from a certified external auditor. They review your documents again, interview staff, and generally ensure that the processes documented in your submission match what happens on the ground.
To maintain your certification, you need to go through the external certification audit once every three years.
In the meantime, your certification body will check up on you. They use “surveillance audits” to make sure that you didn’t abandon the requirements in the intervening period. Most surveillance audits are annual. Surveillance audits aren’t something to fear. If anything, they create less work because you don’t need to worry about playing catch-up to prepare for re-certification in three years.
The ISO uses its Committee on Conformity Assessment (CASCO) to create standards related to certification. However, it is other certification bodies that apply these CASCO standards.
You can apply to whatever certification body you prefer, and ISO recommends evaluating several different organizations before landing on a decision. To make certification easier, you should also check the organization uses the CASCO standard.
The certification body you choose doesn’t need accreditation. Not having accreditation does not mean it isn’t reputable. However, it does provide an independent stamp of approval, which gels well with the theme of the ISO standard certification process.
To find an independent certifying body, you should contact the International Accreditation Forum. You can also contact the ISO national accreditation body in your country.
No one needs the ISO 9001:2015 certification. However, there are many positive reasons to consider making the transition from compliance to certification.
The benefits of certification for businesses of all types tend to include:
There are also some disadvantages to certification. First, the ISO based the standards on a military model. While the ISO 9001:2015 comes closer to plain language, some jargon remains. You may not understand some of the language in the documents, which some people find makes the whole thing more complicated.
Additionally, it is a long process. Even small organizations spend at least six months working towards certification. Organizations may find that the certification process causes it to deviate from critical or value-building operations.
It is important for you to be ready to spend both human and financial resources on the program. You should also know how the budget will impact your core operations before you start.
Finally, the process is expensive. There are several ways to complete it and potential grants available for qualifying organizations. However, you should expect to spend several thousand dollars at a minimum.
The cost of the ISO:9001:2015 certification varies wildly depending on:
There are three costs associated with ISO 9001:2015 certification. These include the registration audit, time spent by your employees, and the cost of outside tools or consultant fees (if needed). The full implementation-to-certification process could begin at $25,000.
Usually, the five-figure costs involve hiring a third party consulting service that guides your team as they:
The process is less expensive if you qualify and apply for grants available from the U.S. federal government’s Workforce Improvement and Opportunity Act, if and when they continue to become available.
Alternatively, you can create everything required for the standards on your own. In the past, following this route required you to create hundreds of pages of relevant documentation. While this is still largely true, the 2015 standards focus more on creating relevant documents and eliminating nonessential processes (and their corresponding documents).
Keep in mind that this will eat into your in-house staff hours. In many cases, it also means employees will not complete their normal duties at the same pace. So, even if you don’t cut a check to a consulting firm, you will still spend money.
Even still, you may find that hiring a consultant expedites the process and limits the number of hours your staff needs to dedicate to the team. In some cases, outside help can be less expensive than going it alone.
Back to Table of ContentsTo request certification, you need to implement a QMS that meets the ISO 9001:2015 standards. Once up and running, a certified external auditor must come in and approve your QMS. If your organization passes the audit, you receive a certification that lasts three years. After that, you need to re-apply through another external audit.
For most organizations, completing the ISO 9001:2015 certification process is a years’-long endeavor. Once you get on your way, there are multiple paths available to you.
You can complete the process in-house if you choose, but a cottage industry has also appeared to help businesses through the process. As a result, you have the option of going it alone or hiring a third-party consulting or training organization to walk you through the process.
Both options are popular, but each caters to different needs.
Would you prefer the help of an external team that makes the ISO 9001:2015 standards the bread-and-butter of their business?
Third-party consultants come in all shapes and sizes, including offering both hands-on and hands-off services. The consultant can play a direct role in the development of the standards and the QMS (hands-on) either initially in the project, during certain phases, or throughout the entire project.
These consultants work best with organizations who need an extra pair of hands but who are also able to complete the following tasks on their own:
However, it is important to remember that hiring help won’t solve all your problems.
While these consulting groups are experts in the standards, it is unlikely that they know your individual organization well enough to create a QMS custom-designed for your business. While they can spend time learning the ins-and-outs of your organization, keep in mind that these are billable hours.
The handover process can also be a sticking point. Even if you pay for a full custom QMS system, you need to take back the reins eventually. Your Quality Representative then needs to successfully run, maintain, and then improve a program that they were not fully involved in creating. What is more, you need to incentivize your other full-time staff to participate because it will undoubtedly add to their responsibilities.
If you don’t address these issues at the beginning of the process, you risk the QMS collapsing after your consultant leaves—and before you get audited. Plus, if your team doesn’t have the required knowledge and commitment to the standards, then the auditor may assume that your business isn’t ready for the certification even after you paid for and implemented the full QMS.
If you choose the consultant approach, it is very important that you see them as more than someone willing to do the work on your team’s behalf. You need to work with them to ensure that your organization doesn’t develop a dependency on the consultant. Becoming dependent on someone who will leave on a fixed date cripples you when it comes time for certification.
One way to avoid this is to choose a “hands-off” external consultant who provides the expertise and mechanisms but also requires you to take ownership of the QMS from the beginning.
There’s no requirement to hire third-party consulting and training to begin the process. Many businesses do it in-house. In fact, the approach works particularly well when the primary project facilitators:
However, without these tools, even well-intentioned and otherwise capable teams tend to stall, particularly when the employees assigned to the project must also manage certification responsibilities and their primary existing duties.
At the same time, the in-house experience alleviates the issue that faces organizations that choose the consultant route: ownership. When you develop it yourself, your QMS is far more likely to not only complement your organization but create new efficiencies as well as the other benefits that a QMS can offer your organization. Plus, you enjoy all the knowledge and skills developed during the process, which adds even more value to your business.
There are also drawbacks to trying it on your own. While a consultant will help you take off running, starting the process using only internal facilitators requires a warm-up and long jog before the race begins. It can take a huge amount of effort to set up all the components from scratch, and you may need to wait for external training to become available and then pay for it.
Whether you choose to complete the process in-house or hire a consultant, you benefit from ISO 9001:2015 training. Why? Because either way, strong knowledge of the certifications are essential for the initial and continued success of the project.
There are many third-party vendors that provide training courses on quality management systems. These courses range from foundational courses that introduce you to the standards and can even go as far as the training course to become an internal auditor or certified lead auditor.
Depending on your location and budget, you can choose to send a nominated employee to the training course or bring the training to you through an in-company training course.
The ISO provides some helpful publications to get you started. These are free and available to download from the ISO site.
Did you get certified under the 9001:2008 standards? Check out the Moving From ISO 9001:2008 to ISO 9001:2015 publication.
There are also around 2,000 documents published on the ISO website that you can find through the search tool.
In addition to ISO resources, there is a small cottage industry that popped up to help companies get certified. We talk more about tools like checklists and forms later in the guide.
Chemonics, an international development first based in Washington D.C., embarked on a journey to achieve the ISO 9001:2008 certification beginning in 2008. The team expected that the certification would identify Chemonics as an organization committed to quality management, customer service, and continual improvement.
It took two years for Chemonics to receive its certification in the standards. The biggest lesson learned was how much the standards changed the business. Chemonics experienced both benefits and growing pains both during the standards implementation process and in the five years post-certification.
Prior to certification, Chemonics already invested consistently in its leaders and teams as well as in knowledge and systems, which is one of the principles of the standards. The ISO 9001:2008 certification allowed them to continue “down a path of honing those values and realizing their full potential.”
Lauren Behr, the head of Global Operations and Improvement Department at Chemonics, described the learning process in a blog post: “The implementation of a quality management system afforded us the opportunity to look at our business practices in totality, and to set a standard of excellence for our core services. It has connected us around the concept of continuous improvement and pushed us to think about what exceptional looks like for those services, and then to set even higher goals for what we can achieve. It has laid the groundwork for creating global operations systems that support our technical and operational work in the field, and that build the capacity of our staff and partners worldwide.”
Achieving your ISO 9001:2015 Certification is a big deal, and you should be proud to let others know that you made it across the finish line. Some of the ways you can display your achievement include:
There’s no real limit. However, you can only share your certification if you follow the ISO’s acceptable identity standards.
First, you cannot refer to a specific product as being “ISO Certified.” You can only refer to your certification by the process itself. For example, you can say you have an “ISO 9001:2015-certified quality management system,” but you cannot say you have “ISO 9001:2015 certified product.”
You also need to refer to the certification by its full and correct designation: ISO 9001:2015. You can’t refer to it as the 9000 system because the ISO 9000 provides guidance, not certification standards. You also can’t say you are “ISO certified” in general because ISO doesn’t provide certification. Remember that the 9001:2015 standards are just one set of thousands of ISO documents for industries around the world.
Finally, you need to be clear about where you received certification. If your QMS impacts your entire company and you received ISO 9001:2015 certification for the entire company, then you can say so. However, if only one of your operating systems completed the audit, then you must be specific about which one that is and never refer to your whole company as an ISO 9001:2015 certified company.
There is a long list of nuances regarding word choice and language provided by the ISO. It’s a good idea to look these up before announcing your successful certification or printing any marketing materials.
Back to Table of ContentsKey takeaway: The ISO doesn’t offer certification, so don’t say you have ISO approval, certification, or endorsement.
So you want to use the ISO 9001:2015 logo? The process for using it simple: you can’t. The ISO provides clear guidance on the subject: “The ISO logo is a registered trademark and cannot be used by anyone outside of ISO unless authorized. If you wish to use a logo to demonstrate certification, contact the certification body that issued the certificate.” Your logo and display standards then differ according to the certification body you choose. Contact the certification body you intend to use to learn more.
If you considered ISO 9001 certification prior to the release of the 2015 standards, you probably noticed that it has very strict documentation requirements that included six procedures (as a minimum requirement). Thankfully, ISO 9001:2015 relaxed the minimum requirements.
You don’t technically need a Quality Manual. However, you will still need to follow the ISO 9001:2015 Processes, Procedures, and Work Instructions to document and implement the QMS. The difference is that you decide whether a document is needed.
If you think a procedure is critical enough for your process to be documented, then you must control it. If the procedure isn’t critical, then you should eliminate it. In some cases, fewer procedures provide more value to your QMS than a handbook that spans 5,000 pages.
If your industry allows it, consider relying on the “less is more” principle. As a refresher, a process outlines what needs to be done and where it fits into the system. Procedures describe how to complete the process successfully. Finally, the work instruction outlines step-by-step how the workers complete the procedure. The three components make up a hierarchy increases in detail as you work your way down.
Back to Table of ContentsThe primary components of quality assurance that you will address during the ISO certification process are procedures, talent, and software.
Procedures make up the bulk of the essential documentation needed for your QMS. Everyone’s procedures are different because they reflect your business, but there are some that pop up across most industries Some of the core procedures used might be:
To be complete, procedures must include:
Fortunately, you don’t need to come up with everything from scratch. You can purchase templates for procedures to either guide you in creating your own documentation or use them as your own.
There is a long list of third party resources that offer documentation both free and on a pay-as-you-go basis (usually per document). A quick search will bombard you with potential options in your region or language.
Although the big focus during certification tends to lie on documentation, your staff are an equally important part of the process. Not only are they the ones who have to implement the QMS, but there are several clauses that directly target them including:
For example, under Clause 7.2, you need to:
In other words, you need to identify the training required, deliver said training, and monitor the impact. Although you don’t need to document these processes for certification, if you intend to control training (and you should), then documentation is a good idea.
In addition to trained and motivated staff, QMS software is your greatest asset during the process—even if you don’t choose to get certified.
If you don’t already use QMS software (or an eQMS), this is a good time to invest. Imagine needing to make a single change in a QMS that includes hundreds of procedures and thousands of pages. The idea is frightening enough, so there’s no need to make it worse by trying to do it all on paper. What’s more, you can also find QMS software that specifically incorporates ISO 9001:2015 compliance.
The benefits of these solutions compared to the paper method include:
Following the ISO 9001:2015 standards requires a lot of paperwork and training, but it doesn’t ask you to change your business. Instead, the point of the certification is to help you identify your organizational objectives and then create the documentation to get you there.
It is the documentation and your team’s ability to follow the QMS that wins your certification and not a need to shoehorn your business into a set of pre-defined criteria.
If you want to take advantage of the benefits offered by ISO 9001:2015 certification, you can, regardless of the size or type of your business. To get started, you need to:
