What’s Really Required for a Small Company to Get ISO 9001 Certification? (Part 2)

By Scott Dawson
April 17, 2019

ISO 9001 Requirements (part 2) – 2023 Update

In part one of our ISO 9001 Requirements article, we debunked some myths surrounding the procedure for obtaining ISO certification. In this section, we’re taking a specific look at the documentation organizations must provide to prove they comply with ISO 9001 standard requirements.

Rise Above your Competition

Before we dive in, we want to reiterate our belief that ISO 9001 certification is worth the extra effort put in by small businesses to ensure they are performing at their highest level. When you achieve ISO certification, you often rise above your competitors, creating processes to better serve your customer and grow your business. When you approach the process with questions other than “how much does it cost to get ISO 9001 certified?” or “how long does it take” you allow yourself to focus not only on a quick and affordable solution but on the true improvement of your whole business.

ISO 9001 Guidelines

A common myth we addressed in part one was the misconception that ISO 9001 requires a lot of extra paperwork that ultimately lands in a never-again-touched binder. With the updates made to the standard in 2015, the ISO Technical Committee (ISO/TC 176) acknowledged the success organizations were having without the prescriptive directives of the standard, and removed many of the unnecessary and cumbersome documentation requirements.

What they left were guidelines to help organizations demonstrate that they have embraced and applied the world-class business practices that ISO is known for.

ISO 9001 Documentation Requirements

So, what are the ISO 9001 standard requirements for documentation? Whether you are renewing your certification or obtaining certification for the first time, you’ll find that the standard allows organizations plenty of flexibility in the way they choose to document their quality management system (QMS). Each organization can determine for itself the adequate amount of documented information needed to demonstrate effective planning, operation, and control of their processes, and the implementation and continual improvement of the effectiveness of their QMS. The documented information is used to communicate a message, provide evidence of what was planned and what has been done, and for the general sharing of necessary business knowledge.

In preparing for the ISO 9001 audit, keep in mind that the standard does address documentation in two groups:

  • Documented information required by the standard;
  • Documented information determined by the organization as being necessary for the effectiveness of the quality management system.

Organizations should note that while documentation is required, piles of paper and binders of records are not. The standard allows for flexibility in medium, including paper, magnetic, electronic, or optical computer discs, photographs, and master samples. Each company is given the autonomy to determine what format is most appropriate for their organization to demonstrate processes and compliance with the standard.

The Specifics of Documentation

The standard outlines specifics regarding documents to be maintained (plans, policies, and documents that are subject to change) and documents to be retained (records that are not changed after release).

The documented information that organizations must maintain includes:

  • The scope of the quality management system (4.3).
  • Documented information necessary to support the operation of processes (4.4).
  • The quality policy (5.2).
  • The quality objectives (6.2).
ISO 9001 requirements

The documented information that organizations must retain includes:

  • Monitoring and measuring equipment calibration records* (7.1.5.1)
  • Records of training, skills, experience, and qualifications (7.2)
  • Product/service requirements review records (8.2.3.2)
  • Records about design and development (8.3)
  • Product and Service requirements (8.5.1)
  • Records about customer property (8.5.3)
  • Change control records (8.5.6)
  • Record of conformity of product/service with acceptance criteria (8.6)
  • Record of nonconforming outputs (8.7.2)
  • Results of the quality objective data that is monitored and measured (9.1.1)
  • Internal audit reports (9.2)
  • Management review meeting minutes (9.3)
  • Results of corrective actions (10.1)

ISO 9001 standard requirements related to documentation can seem lengthy, but, upon close review, likely, your organization is already maintaining and retaining these types of records. The procedure for obtaining ISO certification simply guides organizations toward consistent collection and attention to the required information.

Additionally, you will notice that procedures are not included on the required documentation list. Each organization is, again, given the autonomy to determine the best method of organizing and communicating their business conduct practices from top executives to the people who affect how the business runs daily.

Developing Documents and Records to Meet ISO 9001 Certification

For organizations that already employ standardized processes, cohesive teams, and consistently deliver desired outputs, very little will be required regarding documentation. Newer businesses (and those new to the standard) will benefit from the close and careful examination of their business practices as they develop the documents and records needed to meet ISO 9001 certification standards.

ISO Consultants for 9001 requirements

ISO 9001 Certification Consultants

Consultants (like those at Core Business Solutions) can help organizations strategize and determine the minimum amount of documentation required to ensure that the full team understands their roles and responsibilities while also helping businesses use their quality management systems to achieve (and record) consistency in desired outputs.

In addition to the careful examination and documentation of required processes, the standard allows businesses to align strategic business goals with the implementation of their ISO-certified QMS. In developing the context of the organization (4.1), companies will examine their strengths, weaknesses, opportunities, and threats (SWOT) as well as the risks specific to their industry that could negatively affect their business.

Furthermore, the evaluation of employee awareness (7.3) ensures that the entire team understands the organization’s Quality Policy and how they fit into the processes defined therein. Creating awareness of how each team member affects outputs and deliverables helps create buy-in and participation in the new QMS.

Business Performance

Ultimately, ISO 9001 certification is about business performance. When the auditor and management representatives dig into the system you have built, they want to see that the effort has been driven by your top management, is understood by your team, and is documented in a way that supports long-term growth, continuity, and success for your business. They want to see that your world-class operations are truly the way of life – not just a pile of carefully organized documents that you keep on a shelf for show and tell.

Consultants discussing ISO 9001 requirements

At Core Business Solutions, our goal is to help you navigate the standard and make your journey to certification simple. We’ll dig into your existing systems and help you outline a path to success with ISO 9001 certification.

Related Articles:

ISO 22301 Certification Explained

ISO 22301 Certification Explained

What is ISO 22301? ISO 22301 is an international standard for Business Continuity Management Systems (BCMS) developed by the International Organization for Standardization (ISO). It provides a...

The O-TTPS Certification Explained

The O-TTPS Certification Explained

O-TTPS Certification In an era where technology supply chains face growing threats from counterfeit and maliciously tainted components, the O-TTPS (Open Trusted Technology Provider Standard)...