Request a Proposal
Compliance Council Location


11 February 2019
Quality Management, Featured Articles

Guide to getting certified to ISO 9001

Guide to Getting Certified to ISO 9001

Companies that want to define the rules and systems they use to consistently produce specific results can rely on a quality management system (QMS). Quality management systems include things like processes, resources, documents, planning, and more, which guide the way you reach your quality goals.
A company that wants to have formal recognition of their quality management system can achieve certification. Achieving ISO 9001 Certification means that you meet the requirements to deliver quality to customers time and time again. Read on to learn more about what it means to get certified to ISO 9001, the benefits of certification, and how your organisation can go the process of certification.

What is ISO 9001?

ISO 9001 is the international standard for quality management systems. It can apply to any business in any industry and of any size. ISO is governed by the International Organisation for Standardisation, which is the official governing body for quality management systems across the world, and according to them, more than 1,000,000 companies across the globe are certified to ISO 9001.

ISO 9001 was created in order to ensure that companies' products and services regularly meet customer requirements. According to the ISO, ISO 9001:2015 focuses on several major principles, including "customer focus, support of top management, and the dedication to continuous business improvement."

Why does certification matter?

If you run a business, you may wonder why getting ISO 9001 certified even matters. However, depending on the industry in which you work and your business goals, certification might be necessary in order for you to operate (or thrive). First, in some industries, it is required for you to be ISO 9001 certified if you want to sell a product. One of the most common industries is the construction industry.

Benefits of ISO 9001 certification

Even if ISO 9001 certification isn't required in your industry in order to operate, it can still benefit you to get your ISO 9001 certification, since many companies experience advantages from having a certification. Some of the most important benefits include:
  • Operations that are more efficient and cost-effective: ISO 9001 is designed so that a company uses the best business practices possible, with the most up-to-date technology and most efficient processes. This means that you use the least amount of money necessary for the best possible output, and reduce costs while improving the way that you work.
  • Oversight to ensure compliance: It may sound daunting, but it can actually be very helpful. ISO 9001 certification requires an audit of your organisation by a third party. This third party ensures your company is operating as well as it possibly can, which means that you're doing things right. Alternatively, if the certification body sees room for improvement, they can tell you how to improve, which can ultimately better your operations, improve your reputation, and increase your revenue.
  • Stand out to clients and customers: Companies that are ISO 9001 certified can let customers know this in their marketing and promotional materials. This boosts their trustworthiness and gives them a competitive edge over competitor companies who are not ISO 9001 certified.

What is a certification body, and who regulates them?

In order to get achieve ISO 9001 certification, businesses are audited by an independent third party. This third party is called a certification body, and they specialise in looking at a business and making sure it meets all of the requirements of the ISO 9001.
Third party certification bodies don't just operate independently. They're actually regulated by an accreditation body. That organisation in Australia and New Zealand is called the Joint Accreditation System of Australia and New Zealand (JAS-ANZ). JAS-ANZ is a non-profit international organisation that is funded by commercial activities, and it is overseen by a governing board. The accreditation body also has a technical advisory council and accreditation review board.

How can I find a list of certification bodies and certified organisations in Australia?

If you think that your business is ready to be ISO 9001 certified, you get in contact with a certification body. Choose a certification body based on its location, experience, payment options, or reputation for credibility. For a guide to certification bodies in Australia, check out an official list by JAS-ANZ. The organisation has a complete, searchable list that is accessible on their website by clicking here.
If you are interested in what other organisations across Australia are certified, you can see a complete list of certified companies in this online JAS-ANZ directory. The directory allows you to search by organisation name, country, suburb or city, the standard of certification, the certification type, the accredited body who did the certifying, and the type of certification.

How can I get certified?

If you want to get certified to ISO 9001, you can attempt to meet all the qualifications for certification yourself. You could create your own quality management system then ensure that it means all the standards of the ISO 9001. Consider how your company operates, what kind of leadership it has, how you can listen to and serve your customers, and how you can consistently improve operations to ensure you're functioning the best way that you possibly can.
Alternatively, you can buy a template for a QMS. There are many companies and organisations that have published existing QMS templates, and by using one of these templates, you can ultimately ensure that you adhere to the requirements in ISO 9001. If you follow these QMS templates, you will most likely create a QMS that will pass ISO 9001 certification.
Finally, you could also engage a consultant to help you in your certification process. A consultant is an expert on setting up a quality management system, and they can help you not only set up a system that works but also troubleshoot to ensure that you can overcome any hurdles.
When you hire a consultant, they will work with the people who hold relevant roles in your organisation (e.g. process owners or top management) to ensure that the necessary performance is in place to meet both the requirements of ISO 9001 and of your company. The consultant will provide input and guidance to ensure that the QMS is simple, easily understood, and actually helping you and your team perform tasks more effectively. They will also be able to ensure that the requirements, as written, are feasible to complete and that they do not conflict with laws or related regulations. The needed documented information should not create unnecessary paperwork for you or your team.
At the Compliance Council, we have an 8 step process to help any organisation on their journey to certification. These 8 steps include:
  1. A Gap Analysis
  2. A consultation workshop
  3. System documents that are drafted to suit your organisation
  4. Implementation planning (from planning to project completion)
  5. Awareness training for all employees
  6. Implementation Activities
  7. Internal Audits to asses readiness
  8. Third Party Certification Audits (stage 1 and stage, with a certification body), once you're ready

What is the certification process?

When an organisation is ready to go through the certification process with a third-party certification body, there are several stages to the process. The first is called stage 1. During this stage, the certification body reviews all documented information from your quality management system in order to make sure it aligns with ISO 9001. They'll point out flaws or weaknesses then give you time to improve. This stage doesn't yet involve assessing your actual implementation of a quality management system.
The second part of the process is called stage 2. During stage 2, the same certification body will come back and see if you've made necessary changes or improvements. Stage 2 is also when the implementation of a quality management system is assessed, to ensure that what the organisation says is happening is actually happening. If so, then you'll be able to get your certification. If not, you'll have more time to make the changes and fixes you'll need to make. You won't be certified until your company has been able to make all necessary improvements or fixes, and once you do, you may then get re-audited and achieve certification.
Once your QMS is certified, you will go through the surveillance audit process and re-certification process. The point of a surveillance audit is to make sure that your QMS still meets ISO 9001 requirements. You will have two surveillance audits in the two years post your initial certification, and these audits are less intense than your initial certification audit. At the end of the three years post-initial certification, you'll have a full, comprehensive re-certification audit.

What are the requirements of ISO 9001?

If you are ready to get ISO 9001 certified, it can help to first learn about the requirements of the QMS. That way, you can make sure that you achieve certification when your business is audited. Here are some of the most important requirements of the ISO 9001.

Understanding the Context of the Organisation

The organisation must understand internal and external issues that could affect its purpose and direction. These issues could interfere (or boost) its ability to achieve the desired outcome of the QMS. For example, an organisation should look into and monitor any external policies that could affect the way it operates, like governmental guidelines for imports and exports.


Top management of an organisation should be invested in leading the organisation and committed to upholding the values of the QMS and a customer focus. Within the organisation, everyone should understand who holds the leadership roles (and their responsibilities). Leaders can take accountability for the effectiveness of the QMS, ensure that all procedures all followed, and consistently ensure that objectives align with the strategic direction of the organisation.


An organisation that is planning a QMS should keep in mind any risks or opportunities that the QMS could encounter. They should also establish quality objectives for the QMS, then create a plan to monitor if those objectives are being reached. If changes need to be made to the QMS, they should be planned over time and implemented. Planning can be key for smooth and smart operations. If the client of a company wants to change course mid-project, the company shouldn't just agree but sit down and assess how the change will affect the process, what shifts will need to be made, new costs (and changes in costs), effects on timeline, and more.


An organisation should determine what's needed to establish, implement, maintain, and improve their QMS. They should also establish which people at the organisation are responsible for managing the above functions. They should also ensure they have the proper infrastructure and environment to reach their laid out objectives. When a company lands a big project, they should always gauge whether they're properly equipped (in terms of manpower, technology, space, etc.) to handle the project properly (to meet pre-determined quality standards). If not, they should consider adding new people or tools to the space.


To provide products and services, an organisation needs to lay out and execute specific processes to produce their intended output. They should commit to communicating with customers in a way that is beneficial and informative in regards to what they should expect and determine the requirements to consistently deliver a certain quality of products and services that they'll offer to customers. If a product doesn't meet the output they've committed to, they should make sure it doesn't reach the customer and revisit production processes. If you manufacture products, an important part of the operation is thinking about ways you can ensure your output is consistent and high-quality, including considering things like storage, transportation, setting and monitoring expiration dates, and more.

Performance Evaluation

Organisations should determine how to monitor and measure their performance. Then, they should regularly audit to ensure that they're meeting their own standards. The QMS should also be monitored and reviewed regularly to make sure it's adequate and effective. For example, companies can get in contact with customers to see if they are happy with the products and services they've received. They can do an audit of customer complaints to reflect on processes that aren't working and how they can improve.


One of the most important parts of a QMS is continual improvement. Organisations should look at places that there have been noncomformities or complaints, then figure out how to address those issues directly. They should consistently look at the effectiveness of the QMS, and determine if there are areas to make it more sustainable or efficient. If a client experiences a problem with how a project is being executed, an organisation should sit down and review the plans and processes to see where the breakdown happened, then review the rest of the project in order to ensure that that issue won't happen again. Active steps should be taken to repair any issues and to regularly review the project so that no problems arise again.

ISO 9001 Certification: A Step Towards Excellence

To commit to your organisation's sustained success, one strategic decision to make is to implement a QMS—especially one that conforms to the international standard, ISO 9001. By following a systematic approach to meet your company's goals and aims, you can operate as efficiently and affordably as possible. To ensure you're obtaining the best results possible from your QMS, you can rely on Compliance Council. Compliance Council has a proven methodology for helping Australian companies grow through compliance with industry standards.