How to get ISO 9001 Accreditation
Released On 18th Jan 2023
There are five main steps to getting accreditation:
1. Making the decision to go for it
2. Reading the standard
3. Identifying the changes you need to make to your business processes
4. Making those changes
5. Assessment by a UKAS recognised body
Making the decision to go for it
Are you looking for new customers? Are they familiar with ISO 9001? Is there an expectation you’ll hold the accreditation? Are you keen to increase customer satisfaction? Do you need accreditation to get through a tender process? Are you planning to get your business ready for sale? Do you want to make significant improvements to your business process? Are you keen to de-risk your business? These are all good reasons for going for ISO 9001 accreditation.
However there is a cost to gaining and maintaining the certificate, so you should take this into account when making your decision. You can of course do your own business improvement projects without going for a certificate!
Reading the standard
The ISO 9001 standard is surprisingly readable. The full document is 44 pages long. However the key content is only 20 pages, with the rest made up of foreword, introduction and annexes.
We recommend you purchase and look at the document for two reasons.
Firstly you’ll need a copy of the standard to be able to demonstrate you know what the requirements are and that you’re committed to following them.
Secondly, even if you buy in help to implement changes, you’ll have a clearer understanding of how your consultant is supporting you.
Identifying the changes you need to make to your business processes
When people decide to implement ISO 9001, they often think they need to put in place a ‘system’.
Well, chances are you already have a system in your business. It just needs to be tweaked to comply with the requirements.
How should you make those tweaks?
Most consultants and the accreditation bodies will offer you a gap analysis or review. The purpose of the gap analysis is:
- check what you do against the each of the requirements
- identify any requirements you aren’t meeting
- recommend steps you can take to meet the requirements
A good gap analysis or review will provide you with an action plan. It will show you how to get from your current position to one where you’re ready for assessment.
It’s worth bearing in mind that the ISO 9001 standard is actually not very prescriptive. It used to be, but the 2015 edition adopted the concept of ‘risk based thinking’. That increased the flexibility to do things in whichever way suits your business, provided you achieve the specified outcome.
Both auditors and consultants get used to seeing the same ‘solutions’ put in place for specific requirements. They may consistently recommend the same approach. However the right solution is the one which meets your business needs.
In fact, ISO 9001 is explicit that the documented information should be appropriate for ‘the complexity of processes’ and ‘the competence of persons’.
Make sure your management system will be one you can stick to, day in, day out. Choose the simplest solution which meets your needs.
Making those changes
ISO 9001 is a system which needs everyone’s commitment to get it right. In fact, the standard demands ‘top level’ commitment, and awareness across your organisation. However when change is imposed it tends to fail. I’ve seen this too many times.
For these reasons, it’s important that everyone who might be affected is involved in making the required changes.
Implementing changes required for ISO 9001
Here are some approaches:
1.Buy a paper-based ‘off the shelf’ system. You can implement it yourself and get fast results. However, chances are it will clash with your existing work practices. It may be over the top for your needs. And you’ll need to maintain compliance with your system year-on-year.
2. Buy a digital compliance tool. You’ll probably need a consultant to implement this for you. There will be ongoing software charges. This will be another app you have to manage, but can be a great way to go digital.
3. Do it yourself! Read the standard. Identify the processes you need to implement, and check you have the ‘documented information’ required.
4. Ask a consultant to help you. They can recommend the simplest solutions, drawing from their experience of a wide range of businesses and sectors. They can look at the software you use already, and identify ways to use it to meet the requirements.
The 3 changes most small businesses need to make
Here are the top three areas which businesses with up to £5m turnover usually have to change.
1. Introduce an internal audit (at least once a year). You’ll need to find someone who is sufficiently independent. You shouldn’t audit your own work! An outside consultant can be your ‘internal’ auditor.
2. Document your management review. Chances are you already do the management review activities. However businesses controlled by one or two people are unlikely to record this. The standard contains a checklist of items for you to consider. You’ll need to keep a record of decisions and actions arising from your review.
3. You already informally evaluate your suppliers and subcontractors. (ISO 9001 calls them ‘external providers’). Now you need to document your evaluation. Find an easy way to do this as you make decisions and receive feedback from your team.
How long should you have implemented your quality management system before your external assessment?
You’ll need to be able to show documented information for all of the relevant criteria. Most businesses need at least 3 months of evidence. That gives you the chance to demonstrate that all parts of your quality management system are working.
Assessment by a UKAS accredited body
Who are UKAS?
UKAS are the government appointed agency who monitor the accreditation bodies. They say they ‘check the checkers’.
Who are the accreditation bodies?
They’re organisations like NQA, BSI etc who check you meet the requirements of ISO 9001:2015 and issue your certificate. They’re monitored by UKAS.
It’s possible to get a certificate which says you comply with ISO 9001 from a non-UKAS accredited body. It costs less to do so. However UKAS accredited bodies carry more authority. It’s particularly important to use a UKAS accredited authority if your customers are in the public sector.
What’s the process?
Get a quote from one or two accreditation bodies. Check they’re UKAS accredited. Confirm their fees. Look for fixed fees, and check there won’t be any hidden expenses such as travel or accommodation costs as these are not in your control.
They’ll typically offer you:
- a Stage 1 assessment, which will look at your management system and documented information, e.g. a quality manual or process maps and digital forms – they’ll check it covers all of the clauses and content of the standard
- a Stage 2 assessment, which will involve checking how you implement your management system – they’ll typically look at a sample of customer orders from enquiry to delivery, as well as other sample documented information
What happens if we don’t meet all the requirements?
During external audits you may receive a ‘non-conformance’. The auditor may also identify ‘opportunities for improvement’. Your accreditation may be delayed if it’s a major non-conformance, for instance if you’ve missed a whole set of requirements, such as you’ve not done an internal audit. If it’s a more minor requirement, for instance there’s a problem with some of your training records, you’ll be able to put in place a plan to address it. Your auditor will tell you how long you have to resolve the issue.
How long does the certificate last?
Your certificate will be valid for 3 years. You’ll typically have a surveillance visit every year before your re-accreditation visit. It’s important to address any issues raised, and keep improving your management system.
Ready for the next step?
At Wessex Commercial, we’re ready to help you gain ISO 9001 certification. Get in touch today to book a meeting, and let’s look at the steps you need to take to get accredited.