Process to get ISO 9001 Certified

Since ISO 9001 is a standard, there should be a process to get ISO 9001 Certified, however most consultants still don’t follow a defined process, with tangible actions and results that will be obtained in each step.

At ISO 9001 Malta, we do it different.

In this post, we will explain the salient steps to getting your business ISO 9001 Certified, fast, without any extra changes. By following this process, you will avoid having ‘random’ meetings with consultants with no clear goals. But rather, you will swiftly move from one next step to the next.

Step 1: ISO 9001 Familiarisation Training

The first step in getting ISO 9001 certified is to get all the employees within the company, including the management team, on board with the idea of why the business needs to get ISO 9001. The benefits of ISO 9001 are clearly explained, and can be summarised in the following:

  • Structuring business processes to ensure a standard way of delivering a service to the client
  • Defining the goals and objectives of the company, and creating a structured way of reviewing the attainment of these goals, so that the necessary actions can be taken.
  • Articulating the activities within the company, so that clear job descriptions can be crafted for each role within the company. This ensure continuation when employees leave the organisation, and new employees are hired.
  • A system of internal audits ensure that procedures are being followed at all levels within the company.
  • Getting an international certification synonymous with professional companies, who are committed to growth.

When everyone in the company is aware of the benefits, we can move onto the next step within the process to get ISO 9001 Certified.

Step 2: Gap Analysis & Process Mapping

ISO 9001 has an acute focus on processes. At ISO 9001 Malta, we like to start from understanding what the customer needs from our services, and moving backwards to identify the activities we need to do to deliver the service we had promised to our customers.

Any business has 2 main types of processes, as has been explained in the ISO 9001 process for a marketing company.

  • Key processes
    • Sales – understanding the customer requirements, issuing a quote, and getting the customer to sign-off the work as agreed.
    • Operations – delivering the actual service that was promised to the client.
    • Design – not always a requirement. In the case of companies tailoring their process to specific customer needs, the way the service is designed for each customer needs to be documented to ensure optimal delivery of service.
    • Purchasing – only relevant to outsourced activities that have a direct impact on the client. This doesn’t refer to your supplier for office equipment, and other mundane items. However, if you work is done on computers, that are connect to the internet and a server, it is important to ensure that the providers of both internet and the server offering a high quality service. This ensures a continuous deliver to your customers.
  • Supporting processes
    • People – including information such as job descriptions, training plans and employee appraisals
    • Equipment – identifying the key equipment needed to deliver a top quality service (including IT equipment), and ways to ensure optimal performance of critical equipment
    • Supplier management – ensuring that key suppliers are periodically evaluated, to be able to help suppliers improve their service offering to your business’ needs.
    • Information – service businesses are all about using their knowledge effectively. Managing risks & opportunities, and the knowledge within your organisation (especially the lessons learnt when mistakes are done – to ensure they are not repeated).
    • Reviews – the main element of improvement quality (which is delivering a service that meets customer expectations), is to actually ask your customers about what they think of your services. Honest customers will always find ways in which you can improve, and you’d be smart to listen objectively (and not be defensive) for any suggestions they might have.
    • Strategy – a growing business must have a vision to strive to achieve. The quality policy and quality objectives help in aligning all employees within the same company, to ensure that everyone is pulling the same rope.
    • Document Management – service businesses rely on information. Quickly and reliably accessing the right information at the right time is key towards effectively running your service business.
    • Incident Management – as humans we are bound to fail, and to make mistakes. Mistakes are fine as long as they are a one-time occurrence. After each mistake (that will inevitably end up in a complaint by a customer) we must have a structured way on how to mitigate the issue with that specific customer, and to implement ways to ensure that the mistake doesn’t happen again.
    • Internal Audit – having a defined process to monitor the processes within the organisation, leaves employees on edge (in a good way), knowing that the work they are doing will be randomly checked by someone else. This will drastically increase the level of caution that employees will exert in their day-to-day work.
    • Management Review – this is fulcrum of any growing company. Any company that is committed to growth will have a structured way in which they will review the work that was done in the previous period (typically a quarter), and identify ways in which goals can be reached.

Even though ISO 9001 has moved away from the idea of having piles of documents, there are still documents that required for ISO 9001 certification. Smart ISO 9001 consultants won’t try to shove as many procedures as they can within their clients. Rather, they will evaluate which small elements are missing, and seek to improve only that.

The process towards ISO 9001 Certification isn’t about doing as much work as possible (because that would impact your company in a negative way). Rather, it is to find and rectify the missing pieces within your organisation.

Step 3 – Reviewing the Process to get ISO 9001 Certified

In Step 2 we would have therefore defined the key and supporting processes within the company. At this stage, the ISO 9001 Consultant would be in a perfect position to carry out an internal audit to tackle all the clauses within the ISO 9001 Standard.

The length of the internal audit will vary, depending of the size of the company, and the complexity of their processes. An accounting firm, or a marketing agency employing between 5 to 15 people can expect their audit to take less than 1 day (8 hours). Larger companies, especially those with multiple offices, will take more time to audit.

Employees are to be advised that an audit is coming up. This might serve as an opportunity for employees to do some ‘tidying up’ of their work space (within their computer – not just their desk!).

The internal audit will start by the auditor picking up a random client, and then following all the processes of the company to review how work was done for that particular client. If more than 1 client is needed to cover all processes, the audit will naturally select as many clients as needed.

Train your employees to not fear audits. But rather to look forward to them, so they can showcase their work, with pride!

Step 4 – Getting a Certification Body

The final step towards getting ISO 9001 Certified involves choosing a certification body, and working with them to get certified. The price of the certification body depends on who you choose to work with. Local and international options exist, and each have their pros and cons.

In general, a certification body will go through 2 main steps:

  • Stage 1 Audit – commonly known as the desk audit. Here the auditor will be given access to the Quality Management System (QMS) for the company. From the comfort of their own office, the auditors will ensure that the QMS covers all the mandatory sections within the standard. Should they find some missing sections, they will advise accordingly, and you will have stipulated time-frame to rectify.
  • Stage 2 Audit – this is when the auditor will physically visit your offices. Just the process for doing an internal audit, the auditor will review clients’ processes from start to finish, to ensure that all self-created procedures are adhered to. Moreover, they will audit the internal audit.


The above 4 Steps highlight the Process to get ISO 9001 Certified with ISO 9001 Malta. Other consultants might have a more haphazard approach, but we believe in being efficient. This will save you time, and money.

If you’d like to know how far off you are from certification, download of 7-point ISO 9001 Self-assessment checklist by clicking this link. Alternatively, if you know that you need help from a certified, independent ISO 9001 Consultant, with over 8 years’ experience within the service industry, click here to get a Quote for ISO 9001 Certification.

Similar Posts