1300 366 272

ISO 9001 Certification

20 Sep 2022

ISO 9001 is the best known global quality management system standard. We explain what it involves, what it means to get ‘certified’ and how to go through the process.

What is ISO 9001?

ISO 9001 is an international standard for quality management systems. It is made by the International Organization for Standardization.

In the simplest possible terms it is a list of general requirements for what a quality management system should include. ISO 9001 certification is where you have implemented a quality management system in your organisation that meets all the requirements set out in the standard, and an independent external auditor has checked that your system meets all the requirements. If they are satisfied that it does, they will certify you as ISO 9001 compliant.

The idea is that you can show this certificate to any customer, supplier or regulator, anywhere in the world and they will know that you have good quality assurance in place, without having to look into it deeper. This is why so many governments or large organisations will only deal with ISO 9001 certified suppliers – they may have hundreds of suppliers and demanding ISO 9001 certification is a quick and easy filter to ensure that they only use good quality suppliers. In theory you can deal with a company on the other side of the world, and if you know that they are ISO 9001 certified then you can assume that their products or services will properly meet your requirements.

The history of ISO 9001 dates back to standards established for UK and US government procurement from defense and armament companies in the 1950s. Attempts were made to rationalise US and UK military quality standards so that they were equivalent between the two countries, allowing for interchangeability and ease of trade for companies that supplied both militaries. BS5750 was developed by BSI (the British Standards Institute) in 1979, which extended the theory into a broader standard for quality management systems applicable to any industry. ISO took things further in 1987 with the release of the first ISO 9001 standard, which has been regularly updated since, most recently as ISO 9001:2015.

ISO 9001 Certification in Australia

ISO 9001 was introduced to Australia in the early 90s by the Standards Australia committee, which released the first edition of the standard, AS/NZS ISO 9001.

The body responsible for overseeing ISO certification in Australia is JAS-ANZ, which stands for Joint Accreditation System of Australia and New Zealand. The organisation’s main role is in relation to ISO 9001 is liaising with the International Standards Organisation itself, as well as similar institutions from other countries, whilst on a practical level handling the accreditation of certification bodies. JAS-ANZ can also and offer advice to businesses considering becoming certified.

The 9001 standard has been widely implemented in Australia, becoming by far the most popular quality management standard in the country.

How to get ISO 9001 Certification

To get certified the process is quite straightforward. Even if you haven’t started preparing for certification, your organisation may already be doing a lot of the things which are required. Essentially the process can be broken down into 4 stages:

  1. Planning and Preparation: Firstly your organisation will need to research the requirements of the standard, and design and develop a quality management system that complies with ISO 9001. If you have no quality management system then you will need to create one from scratch, or if you have an existing system you will need to perform a gap analysis to determine what needs to be added to the system to comply with the ISO 9001 requirements.
  2. Implementation and Internal Audit: The next step is to implement the system which you have designed, and then perform an internal audit. The internal auditor will do a practice run of an audit to check that your system is working correctly and compliant with the standard, and to try to iron out any non-conformances found prior to the external audit.
  3. Certification: The third step to getting certified is to have an external audit. This should be performed by an independent, JASANZ-accredited certification body, as only these bodies can issue a certification that will be recognised by all government and private entities, nationally and internationally.
  4. Post-certification: The fourth stage is after you are certified – keeping the system running. Every year you need to do internal audits, and you will also need to have an annual surveillance audit by the external auditor, with a more detailed recertification audit after 3 years. Your organisation will need to continue with the ongoing maintenance requirements to make sure that you pass the audits and keep your certification.

How we can help with ISO 9001 Certification

An ISO 9001 consultant from the Australian Productivity Council can help with every step of the process. We can help on a once-off basis or an ongoing basis at whatever level you require. We can provide a fixed-price quotation, and we never have lock-in contracts, so you have full flexibility at any stage of the process.

In relation to the stages of getting certified noted above, we can help as follows:

Stage 1: We can perform a gap analysis and make a system for you, and if you wish we can formulate whatever processes and documentation is necessary to comply with the standard. We can help you write a quality policy, a quality manual, and all the other documentation required. We can help train your staff on what they need to do including how to control processes they interact with.

Stage 2: We can assist with training and implementation, and perform internal audit for you. Many of our customers who have built and maintained their own system engage us just for the discrete task of doing internal audits, either because they don’t have an internal staff member with this training, or as an independent pair of eyes to look over their system before the real audit.

Stage 3: We can attend the external audit and manage what needs to be done on the day, liaising with the auditor and your staff as needed to ensure the audit goes smoothly.

Stage 4: We can take care of the ongoing maintenance of your system through regular visits – weekly, monthly, quarterly or annually depending on the size and complexity of your business.

We have a staggering amount of experience in ISO 9001 Certification. If you are unsure what you need, or if you need a very specific type of assistance, we can more than likely help. We aim to provide the best service, for the best price, so our assistance is very competitively priced.

Summary of the ISO 9001 Standard:

The ISO 9001:2015 standard idea is focused maximising customer satisfaction. The way to do this is by assessing the customer’s requirements for the product or service, and designing and implementing a system to consistently meet those requirements. The thrust of the standard is to look at delivering products or services as a series of processes that need to be worked through to achieve the outcome desired.

Clause 4.4.1 of the standard provides a fairly comprehensive list, based on the process approach, of what an organisation must do to comply with the standard, as outlined below:

  • Determine what processes are needed;
  • Determine the inputs and outputs of these processes;
  • Determine the sequence and interaction of the processes;
  • Determine the monitoring and measuring methods and criteria for the processes;
  • Determine the resources needed for the processes and availability;
  • Assign responsibilities and authorities relevant to these processes;
  • Address the risks and opportunities as determined by following 6.1;
  • Evaluate the processes in an ongoing way and evaluate the results and implement any changes to get the intended result better;
  • Improve the processes and the QMS.

At clause 0.3.2 of the Introduction, the standard outlines how the process-based approach is intended to work within a Deming style ‘Plan Do Check Act’ (PDCA) cycle. The requirements of the subsequent clauses can be seen as fitting into this PDCA framework. 


The need for planning is specifically addressed in clause 6 of the standard, although it is also required under other clauses. Clauses 4 and 6 discuss requirements to establish and document quality objectives for the organisation’s functions and processes and clauses 5 and 6 discuss the responsibility of the organisation’s leadership to identify the risks and opportunities, and require the organisation to plan how to address whatever risks and opportunities are identified.

Leaders within the organisation are heavily involved at this stage, with planning necessarily linked to consideration of the context of the organisation – it is impossible to plan without contemplating what the organisation does, how it does it, where it does it, who the stakeholders are, what their needs are, and in particular who the customers are and what their requirements are.

Planning is also required under clauses 7 and 8 in relation to determining the resources and organisational knowledge the organisation needs and designing processes to deliver products and services which meet the determined requirements.


  • Clause 8 of the standard discusses the steps to implement, perform, and control all the processes which were deemed necessary during planning. All of the processes need to be performed correctly. This includes the design and development of the actual products or services, the sourcing of anything needed necessary external suppliers, communicating with customers, the actual production and delivery of the products or the actual performance and delivery of the services, and the rectification of any products or services found to be non-conforming.
  • All of these steps need to be part of a process, and be controlled to make sure that they are being performed correctly.


  • This stage relates to monitoring and validating the outputs of the processes at necessary stages to check that the processes are in fact operating as planned. To check that what is happening at the ‘do’ stage accords with what was envisaged at the ‘plan’ stage. The requirements for how, when, and by whom the processes should be monitored are discussed in detail in clause 9 of the standard.
  • Steps discussed in clause 9 include the need for an internal audit and management review of the system to check that the processes are working correctly, as well as means to ascertain whether customers are satisfied – since this is the goal of the whole system.


  • The final step of the cycle is to act on any problems and potential improvements encountered or observed during monitoring so as to further improve customer satisfaction. Of course to act on any potential improvements, the organisation must embark upon another PDCA cycle – make a plan on how to improve, do what they have planned, check the outcome and once again act to make improvements. In this way the PDCA cycle is perpetual, the intention being ‘continuous improvement’.

The above is very much an outline of the requirements, and the detailed process of actually creating an ISO 9001 system which meets the requirements for certification involves a lot of professional rigour. Our consultants stand ready to assist, as much or as little as you require. We can provide a face-to-face solution, operating throughout Melbourne, Sydney, Brisbane, Adelaide and Perth. If you would like to learn more, please feel free to contact us.


Our team of consultants at the Australian Productivity Council specialises in ISO standards such as ISO 9001, ISO 14001, and ISO 45001. To learn more about how our experts can assist you in obtaining certification, please contact us today.