ISO 9001

Quality Management System

Business and Quality Management


  1. Introduction
  2. Overview
  3. Global adoption
  4. Benefits
  5. Auditing
  6. Choosing a registrar
  7. Route to registration
  8. Costs
  9. Contributing editor


The ISO 9000 family of standards relate to quality management systems and are designed to help organizations ensure they meet the needs of customers and other stakeholders. The standards are published by ISO, the International Organization for Standardization and are available through National standards bodies.

ISO 9000 deals with the fundamentals of quality management systems, including the eight management principles on which the family of standards is based. ISO 9001 deals with the requirements that organizations wishing to meet the standard have to meet.

Independent confirmation that organizations meet the requirements of ISO 9001 may be obtained from third party certification bodies. Over a million organizations worldwide are independently certified making ISO 9001 one of the most widely used management tools in the world today.

ISO 9001 specifies the basic requirements for a quality management system (QMS) that an organization must fulfil to demonstrate its ability to consistently provide products (which include services) that enhance customer satisfaction and meet applicable statutory and regulatory requirements.

The standard can be used for certification/registration and contractual purposes by organizations seeking recognition of their quality management system. ISO 9001 has been organized in a user-friendly format with terms that are easily recognized by all business sectors.


The ISO 9000 family of standards represents an international consensus on good quality management practices. It consists of standards and guidelines relating to quality management systems and related supporting standards.

The newly published ISO 9001:2008 is the standard that provides a set of standardized requirements for a quality management system, regardless of what the organization activity is, its size, its location or whether it is in the private, or public sector. It is the only standard in the family against which organizations can be certified – although certification is not a mandatory, certification provides an independent opinion of the effectiveness.

It helps organizations to improve customer satisfaction and to continually improve its management system through internal audits and management reviews.

The ISO 9001 series of standards consist of:

  • ISO 9000 – Fundamentals and Vocabulary: this introduces the user to the concepts behind the management systems and specifies the terminology used.
  • ISO 9001 – Requirements: this sets out the criteria you will need to meet if you wish to operate in accordance with the standard and gain certification.
  • ISO 9004 – Guidelines for performance improvement: based upon the eight quality management principles, these are designed to be used by senior management as a framework to guide their organizations towards improved performance by considering the needs of all interested parties, not just customers.

The diagram alongside (click image to enlarge) represents the basic methodology for the implementation of a Quality Management System in an organisation based on ISO 9001.

Is ISO 9001 relevant to your organization?

ISO 9001 is suitable for all organizations looking to improve the way it is operated and managed, regardless of what sector. However, ISO 9001 is designed to be implemented throughout the organization rather than at particular activities within a department or division.

The ISO standards are structured to be integrated into any organization's existing management  system with the goal  of meeting and exceeding customers’ expectations. In addition, ISO 9001 is closely aligned to other management standards such as ISO 14001 (Environmental), ISO 27001 (Information Security), ISO 20000 (IT Service Management) and OHSAS 18001 (Occupational Health and Safety).

Global adoption

Following the ISO Survey of Certifications in 2009, there are now over 1 million certificates in issue for ISO 9001. An 8% increase in certification in 2009, compared with the 3% increase in 2008 confirms the importance and adoption of ISO 9001 in the global supply chains as the pioneering model on which management system standards have been built.

As of December 2009, the total number of ISO 9001 certificates issued stands at 1,064,785 issued across 178 countries around the world.


  • Implementing a Quality Management System will motivate staff by defining quality terminology, processes their key roles and responsibilities.
  • Staff will gain more quality knowledge and be better trained due to documented policies and procedures
  • Internal quality processes will improve productivity and efficiency
  • Cost savings can be made through improved efficiency and productivity, as product or service deficiencies will be highlighted.
  • Improvements can be developed, resulting in less waste, inappropriate or rejected work and fewer complaints
  • Communication, resource planning and  quality administration continually improve
  • Increasing customer  expectations and confidence can be achieved through improve productivity, efficiency and communication
  • Implementing continual quality improvement initiatives will improve the organizations’ quality management systems
  • ISO certification can be a positive marketing tool in a competitive marketplace
  • Enables quality measurement


Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it's supposed to, find out where it can improve and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgements.

Choosing a registrar

There are over 1000 certification bodies globally. It is important to select an approved certification body and to ensure they comply with the following criteria:

  • Ensure the company is accredited to ISO/IEC 17021:2006, and the certification body accreditation is issued by a recognised competent body
  • Receive quotations from several certification bodies
  • Do not select the cheapest as their auditing or service may be below standard
  • Ensure the certification body is recognised by your customers and they relevant sector experience for your industry sector
  • You are not obliged to use the services of an accredited certification body, in some countries you may find a certification body that recognised in your country, your customers, delivers a high level of service and operates under strident accreditation guidelines and rules

Route to registration

There are various phases to registration:

  1. Pre-audit Assessment
    • Check documentation with Lead Assessor
      Together, you and your Lead Assessor will review your documentation. This will ensure that all documented procedures cover the requirements of ISO 9001.
    • Determine date of assessment
      Together with your Lead Assessor you will determine the best timetable for your registration and agree on a date for initial assessment. Many organizations benefit from our pre-assessment "dry run" of the formal assessment.
  2. Initial Assessment conducted
    • An initial assessment will be conducted by your auditor. You will be informed of his recommendation at the closing meeting.
  3. Registration Confirmation
    Following your auditors recommendation, your registration will be confirmed by the technical reviewers.
    • Certificate Issued
      Your certificate of registration will arrive soon after your registration has been confirmed.
  4. Continued Assessment
    After registration your nominated auditor will visit your organization every 6 months or annually to ensure that your management system continues to meet the requirements of ISO 9001.
  5. Reassessment
    Your registrar is required to perform a reassessment of your management system every 3 years. This is normally 2/3 of the initial assessment duration at the end of the closing meeting your auditor will confirm the outcome of the reassessment.


The answer depends on a number of factors. There are costs to both implement and to maintain your certification.

In terms of costs to implement, if you choose a full do-it-yourself approach, the only real costs will be the time for resources dedicated to the implementation process and in time spent writing documents and training your staff. If you have little experience with ISO 9000, or have limited internal resources, you might choose to get some outside professional help through a management system consultant. There are advantages by recruiting a consultant as you are able to guarantee your registration within a given period.

Certification Costs - Costs of registration are dependent on the size of your organization. Most registrars charge a certain rate per day to be on-site at your facility. This day rate will vary depending on your country. The typical day rate in the United Kingdom will vary between £300 - £800 per auditor day depending on the registrar. Small companies with less than 20 staff could expect one auditor on site for 1-3 days; Large companies can expect several auditors on site for up to up to 10-15 days.

Other fees include application fees, certificate fees or annual licence fees.

To maintain your certification, the Registrar must return annually to audit a portion of your system. These costs will be less than the original visit, since the time spent will be shorter. Once every three years, the Registrar returns to audit your entire system.

Contributing editor

Jasmina Trajkovski, MBA, CISA, CMC

With over 10 years of experience with implementation of various international standards including ISO 9001, ISO 27001, ISO 20000, ISO 31000 and a postgraduate degree in Information Security from Syracuse University in USA, Jasmina is been focused on governance, compliance and risk in both public and private sector organizations. As one of the key experts in Trajkovski & Partners Consulting, she has contributed to development of their strategic direction for IT Governance and their proprietary methodology for implementation of management system standards.

As a qualified Lead Assessor for ISO/IEC 9001 “Quality Management Systems” and ISO/IEC 27001 “Information Security Management Systems” she frequently performs second party audits and assessments for organizations in IT-intensive sectors. As a consultant she regularly delivers advisory services to customers regarding implementation and compliance with international standards and related national legislation for quality, information security, business continuity management, and IT governance.

Over the past 5 years, Jasmina has delivered various trainings tailored to the specific needs of the clients regarding quality of services, information security in telecommunication sector, business continuity and risk assessment.

Find a Standard

Find a Consultant