How Would I Implement ISO 9001?

A Bit of Background

A friend of mine recently reached out to ask for help in crafting a plan to implement ISO 9001 at her new job. Vicky had previously worked for me and while the task was daunting, I knew that she would be able to handle the project if she approached it as she had every project I had assigned to her while we worked together… with diligence, attacking the problem straight forward and having a solid plan before heading into the void!

A Guide to the ISO Standard

I did a bit of digging and found the latest David Hoyle book on the ISO 9000 process. He has released his 7th edition which covers ISO 9001:2015. The title of the book is “ISO 9000 Quality Systems Handbook – updated for the ISO 9001: 2015 standard: Increasing the Quality of an Organization’s Outputs”. You can also find the book by using ISBN-13: 978-1138188648. I highly suggest you obtain a copy. The reason I like Hoyle’s books so much is that he breaks down each section & clause and provides clarity by detailing; what the standard says, what the standard means, why the clause is necessary within the standard and finally, how you can provide objective evidence that you conform to the standard. The underlined portions are what make the book a much needed resource for me as the standard alone can be quite unhelpful.


You should try to understand what resources will be available to you. Does the company you work for have a common application or system that they use for documentation? Do they use Word & Excel documents on a local server? Do they have a quality system in place to house internal audits, corrective actions, or other records that might need to be kept? If yes, are they in place now or need to be installed. If needed, you should be able to find example documents, like 8D templates, on the internet that could become your corrective action response or other documents.

A Project Management Approach

A colleague at my previous employer was fond of saying “if there is no gap, there is no project”. So I would suggest your first task in this endeavor is to define the specific gap(s) that you are facing. There is a typical phrase found in the latest standard, “documented information”. I would suggest that you comb through the entire standard and highlight each time it says “documented information”. Essentially those words are telling you that you have a need to be able to show a process procedure or record. You’ll want to identify all of the procedures that you feel will be necessary to address the various ISO 9001 clauses and compare those to the documented procedures that exist today. In some cases, you may need to generate a completely new process document (keep in mind that the various ISO areas, purchasing, internal auditing, etc… are all processes that must be documented). Once you identify all of the necessary documents, you can then begin to focus on each one, and map the various clauses within the standard to one of your process procedures.

It Takes a Village

As you begin to review documents for needed modification. If at all possible, have the process owners participate… otherwise, you may find it difficult on the back end of the project to show that the organization is actually following the documented procedures. You have likely had the experience of both active participation and passive resistance. When you experience the later, be thinking about how you will need to handle the situation. Do this beforehand so that you are prepared. Knowing that the head of the organization is fully invested in getting this project done and not just rubber stamping this to get the ISO certification as a piece of paper is critical.

The Diamonds

Though all of the internal business processes are important, there are a few specific processes, referred to as diamonds, that will draw more attention from auditors as they assess your facility. The diamonds are; Quality Manual, Management Review, Internal Audit, Corrective Action, & Training. These will be audited every time you are assessed and may deserve your attention sooner rather than later.

The Quality Manual

If your organization does not currently have a Quality Manual in place. I found several templates online by simply googling “example Quality Manual ISO 9001:2015 templates”. There should be many out there for free. It is often better to start with something that doesn’t quite fit, that you can update to meet your needs, vs. trying to create a document from scratch.


Do you know which organization will be used to provide your registration? Typically, you can arrange for an preparatory audit prior to the full compliance audit. The preparatory audit should be set several months in advance of your full audit. It will give you valuable feedback on areas that are not yet considered fully ready to go and can potentially save you trouble if you were to wait until the full compliance audit and then face additional pressure to fix what may be lacking. You may want to ask if your company will support such a preparatory audit.

How is ISO 9001:2015 Different?

Biggest changes to the ISO 9001 standard in the 2015 version;

  • QMS Representative Role – this really doesn’t exist anymore within the standard. It’s likely a company will still desire someone to manage the QMS between audits, but the managers within the various process areas will be expected to be the main auditees in the final & future audits.
  • Risk Assessment – this new standard is asking that every organization use risk assessment throughout the various business processes to identify potential risks and address those that are deemed potentials for problems in the future.
  • You cannot exclude any clauses in the standard now. When I worked in a smaller manufacturing facility, we excluded Design & Development, as that aspect of the business was not handled on-site.

Project Management: More Thoughts

This project probably looks pretty big and maybe a bit scary as you begin to consider everything coming at you. Just focus on identifying what needs to happen and determine timelines for when things need to happen. Don’t let the project run you, if you lay it out appropriately, you can see and prepare for when things are coming at you.

Keep in mind throughout this process that the ISO 9000 system was written to allow for organizations that include just a single person or self owned business, to organizations that contain many thousands of employees. When you are deciding how to implement a process, keep it simple. Think about how what you are putting into place can show conformity to the standard… not everything needs to be computerized and have auto-look up features. As long as you can create a system that allows you to find and produce records in a reasonable amount of time, that there are reasonable reviews in place to make sure that process documents are “approved for use”, you meet the standard. The simpler, the better!

Final Thoughts

When I moved from a manufacturing site to the division level of my company, I maintained a presence on the audit team for several years and it amazed me how everyone audited considered the ISO process outside of what they did day-to-day. They referred to procedures as ISO documents. If at all possible, keep your organization from thinking along these lines. Meeting the ISO 9001 Standard should flow organically from our day to day activities. Our documents should be thought of as Business Process documents. It’s how we run our business.

Take a deep breath… don’t freak out. When you feel a bit overwhelmed, count to 5 and then think about what’s required to address the problem sitting in front of you.

Leave a Reply