ISO 9001 Certification Process

Overview

The ISO 9001 certification process follows a set of general stages, from preparing your quality management system (QMS) through to the certification audit and ongoing surveillance. The current edition of the standard is ISO 9001:2015. The stages below outline what to expect.

Preparation (before the audit)

Preparation is carried out by your own organization, often with help from a qualified internal lead or a third-party consultant – not by the certification body. (The certification body’s role is to conduct the formal Stage 1 and Stage 2 audits, and it cannot also provide consulting.) Key preparation steps include: 

• Gap analysis: review your current QMS against the requirements of ISO 9001 and note any gaps to address before the certification audit.
• Documentation: ensure your quality manual, procedures, and records are complete and meet the requirements; resolve any discrepancies between the standard and your documents.
• Training: review your ISO 9001 training records to confirm employees understand the requirements, and evaluate how effective the training has been.
• Resources: check that the materials your people use – policies, forms, records, guidelines, and manuals – are up to date and meet the requirements.
• Implementation: prepare a project plan and a risk-management plan based on the standard and your customer and regulatory requirements, then implement the quality management system.
• Internal audit: once the system is in place, conduct an internal audit to assess how well it has been implemented. The results are documented in a report that is shared with the certification body before the external audit.

The certification audit

The certification audit is where an auditor from the certification body reviews your documentation, talks to employees and management, and checks that the requirements are being met. It has two stages:

Stage 1 (preliminary audit): the auditor reviews your documentation to confirm the requirements are documented. Any gaps must be addressed before Stage 2.

Stage 2 (implementation audit): the auditor confirms the requirements are being met in practice, reviewing documentation, interviewing staff, and auditing the system. The results are documented in a certification audit report.

Certification decision

Once you pass both stages of the external audit, the certification body issues your ISO 9001 certificate.

Surveillance audits

After certification, the certification body conducts surveillance audits – typically two within the three-year validity period – to confirm your organization remains compliant with ISO 9001 throughout the cycle.

Recertification audit

At the end of the three-year cycle, a recertification audit extends the validity of your certification, confirming your QMS continues to meet the standard.

How long does it take?

The process generally takes around six months when a consultant is involved, though this depends on your organization’s readiness. An organization already largely compliant with ISO 9001 will be certified faster than one that has not yet implemented a quality management system.  

What does it cost?

The cost depends on factors such as the certification body you choose, any consultant fees, document preparation, and audit fees. Consulting fees add to the total, so you can reduce costs by preparing in-house – which means having competent staff who understand the requirements. Costs are usually quoted in Canadian dollars.

Contact IAS today to learn more about the ISO 9001 certification process, or visit our frequently asked questions page.

Explore more

• How to Get ISO 9001 Certified – a step-by-step guide
• ISO 9001 Certification in Canada – quality management certification
• ISO 9001 Certification Cost – what drives the price