ISO 9001 Certification: 20 frequently asked questions answered

Questions and AnswersWe've gathered in this post all the commonly asked questions about ISO 9001 Certification together with expert answers. 

Here are those questions: 

Click on the question to go directly to the Answer.


What is ISO?

The International Organization for Standardization (ISO for short) is the world's largest developer of voluntary International Standards. Their collection of 21,000+ standards offers solutions and best practice guidance for all types of technology and businesses, helping companies and organizations to increase performance while protecting consumers and the planet.

While most are product and technical standards, the ISO has developed 40+ management system standards.

The best known of these include ISO 9001 (quality), ISO 14001 (environment), ISO 45001 (Health & Safety) and ISO 27001 (information security management). The feature they all have in common is that they are auditable. They are written to facilitate auditing by an independent third party (e.g., CAB) to confirm compliance with the standards’ requirements.

For more visit ISO 9001 on the ISO website.

What is ISO 9001?

ISO 9001 (or to give it its full title ISO 9001:2015, Quality management systems - requirements) is an internationally-recognised standard that sets out the requirement for a Quality Management System (QMS).

It was initially developed by the British Standards Institute and known as BS 5750. It became an international standard in 1991 when published under the auspices of the International Standards Organization (ISO).

While originally product-focused (and mainly of interest to manufacturing businesses) it has evolved through several iterations into a standard focused on managing the processes that make up an organization’s activities. As suchit is now globally applicable to all kinds of organizations.

What is the purpose of ISO 9001?

The purpose of the Standard is to provide a framework for an organization to develop a management system that will …

  1. Consistently meet customer requirements, that is, consistently provide a product or service that meets specification or other agreed/recognized criteria, and
  2. Enhance customer satisfaction through continual improvement of the management system.

Fundamental to fulfilling achieving these objectives are two features …

  1. A Quality Policy - the intentions and direction of an organization as formally expressed by its top management and consistent with the context of the organization, and
  2. Quality Objectives – measurable targets, generally specified for relevant functions, levels and processes in the organization – focused on improvements.

External Auditors will persistently pay great attention to these four issues.

For more visit ISO 9000, Quality management systems – Fundamentals and vocabulary



What is a Quality Management System?

An ISO quality management system (QMS) is defined as a formalized system that documents processes, procedures, and responsibilities for achieving quality policies and objectives. It is expressed as the organizational goals and aspirations and the resources needed to implement and maintain them.

What is the Purpose of a Quality Management System?

A QMS helps coordinate and direct an organization’s activities to meet customer and regulatory requirements and improve its effectiveness and efficiency on a continuous basis.

Who needs a Quality Management System (QMS)?

Whether you realise it or not, you’ve already got an informal QMS. You look after your customers, don’t you? You strive to consistently provide customers with good products or service. You are always trying to improve to stay ahead of competitors?

So, you have a QMS, and the fundamental question is, do we need to formalise the system? Most organizations asking themselves this question say yes. And currently, there are more than 1 million organizations globally that have a formal QMS, which is certified to ISO 9001.

What are the benefits of a formal Quality Management System?

There are at least sixteen benefits that organizations with a quality management system in place can enjoy such as:

  1. Immediate benefits: Management systems are designed to a) Get it right the first time, b) Be consistent and reliable, c) Seek out the root causes of problems, and, d) Not to repeat mistakes.
  2. Immediate benefit #2: Continual Improvement is driven by reliable metrics (statistics)
  3. Organized management: An organization certified to the Standard is managed in a standard and structured way
  4. Clarity of Purpose: Staff are clear as to their responsibilities, authorities, and accountabilities
  5. Processes and procedures suited to the Mission and strategic objectives you have set for the organization.
  6. Internal audits to monitor compliance with requirements and highlight deficiencies.
  7. Corrective actions to prevent recurrence of errors - try to make mistakes only once, if at all.
  8. Informed Board of directors knowing that the organization is focused on strategic objectives while satisfying customers, and planning and acting to address future challenges.
  9. Management satisfaction knowing that the organization is functioning in line with strategic objectives and satisfying customers.
  10. Minimal costs for maximum gain: the costs of maintaining certification are minimal compared to the potential created by having an ISO 9001 compliant Quality Management System.
  11. Reduce errors: Fewer costly errors, less rework, replacement of goods and/or services, and increased productivity.
  12. Fewer customer complaints as fewer errors occur.
  13. Better retention of customers: again, a consequence of reduced errors.
  14. Management performance improved as less time spent apologizing to customers and managing the unnecessary repetition of work.


ISO 9001 Lead Auditor CertificationWhat is ISO 9001 Certification?

An ISO 9001 Certificate is recognition from a Certification Body – CAB (usually, an accredited Certification Body) that an organization has implemented and is maintaining a quality management system that meets the requirements of ISO 9001:2015.

Do I Need ISO 9001 Certification?

Yes and No. In many cases, ISO 9001 Certification is not mandatory but can be a useful tool to add credibility, by demonstrating that your product or service meets the expectations of your customers. For some industries, certification is a legal or contractual requirement.

Who can benefit from ISO 9001 Certification?

Organizations globally, both public and private spheres, and from every economic sector can benefit from maintaining an ISO 9001 compliant Quality Management System (QMS).

What are the Benefits of Having ISO 9001 Certification?

The effective implementation and maintenance of ISO 9001 certification come with at least six benefits, similar to those that come with having a formal Quality Management System. These include:

  1. Customer satisfaction: First and foremost, ISO 9001 Certification is about satisfying customers and then improving and enhancing their experience in doing business with you. Isn't that what it's all about?

  2. Reputation: be taken seriously as a prospective supplier as the holder of ISO 9001 Certification, which is based on the independent assessment of an accredited certification body.

  3. Qualify for pre-tender and tender opportunities, especially from the public sector.

  4. Status: On equal terms with the ‘big’ boys’ – the size of your organization won’t hold you back.

  5. Risk management, while not a requirement, is implemented by most certified organizations as the basis of quantifying threats of all kinds to the business and then proactively dealing with them.

  6. Objectives and improvement obligation focus’ you on setting targets for improvement and then planning and implementing them in a timely manner.


You’ll find a further ten benefits at ‘Why ISO 9001 Auditor Training Matters to SMEs’.

ISO 9001 Gap Analysis Tool

How much does ISO 9001 Certification Cost?

The cost of ISO 9001 certification varies hugely based on the size of the organization, geographical location and on economic prosperity.

Let’s take the example of an SME with 10 employees. Here are some typical prices from the UK for 2021 where we consider three scenarios …

Scenario (1)

Do-it-yourself (2)

Minimum Consultancy Support (3)

Maximum Consultancy Support (4)

Develop QMS (8 days)




Implement QMS (8 days)




Maintain QMS (2 x 3 years)




Certification Year 1




Year 2




Year 3




Total 3-year Cost




Typical duration to Certification

11 months

5 months

4 months


    1. It is necessary to examine a 3-year horizon as CABs play games with their quotations that can be confusing. What is a given, however, is that CAB Audits and the associated contract must, under IAF rules, be based on a 3-year cycle.
    2. No outside help. The project leader would need ISO 9001 Lead Implementer Training.
    3. Four days of consultancy support included here. Priced at £ 500 p.d., consultancy costs range from £300 to £700 per day. Essential that satisfactory references are obtained for previous ISO 9001 projects.
    4. Maintenance here includes 2 days annually for internal auditing and Management Review support.


The best advice in controlling costs is to shop around and recheck the competitiveness of your chosen CAB regularly.

For more visit ISO 9001 Lead Implementer Certification Course. Also, visit 33-steps to ISO 9001 Certification.

e-Book Implementing ISO 9001

Who Issues ISO 9001 Certification?

The ISO develops International Standards, such as ISO 9001 and ISO 14001, but is not involved in their certification. It does not issue certificates. ISO 9001 certification is performed by external certification bodies; so, a company or organization cannot be certified by the ISO organization itself.

How to Get an ISO 9001 Certificate?

Certificates are issued by CABs after they have gone through an ISO Certification process. This is based on a comprehensive 2-stage audit (itself based on the auditing standard, ISO 19011), that involves a review of documentation and an independent on-site audit.

The CAB gathers and documents objective evidence of compliance with the requirements of ISO 9001. After the CAB has confirmed that all the requirements of the ISO 9001 Standard have been implemented and are being maintained, a Certificate is issued as is permission to use logos to publicise the fact.

For more visit Expected outcomes for accredited certification …. ISO 9001 …

Choose an ISO 9001 Course

How to Choose a Certification Body?

The choice of CAB is important. An accredited CAB (e.g. BSI) should be used wherever possible and with ISO 9001 one won’t be difficult to find.

Accreditation, which is issued by a nationally recognized Accreditation Board (e.g., UKAS) is an important confirmation as to the legitimacy of the CAB. To help ensure an international ‘level playing field’ for CAB auditing standards, National Accreditation Boards have their own international organization, the International Accreditation Forum (IAF), which oversees an ongoing programme of witnessed self-assessment of IAF Members of each others’ activities.

A Certificate from an accredited CAB will carry three logos. #1 the CAB’s own logo and #2 the Accreditation Boards logo and #3 the IAF logo. If you present an ISO 9001 Certificate to a customer or potential customer that does not carry all three logos, expect to be challenged. Without a plausible explanation, you can expect your approach to be rejected.

Are £600 ISO 9001 Certificates That You Can Get Within 7 days Legitimate?

Legally speaking? Yes. But the Certificate is worthless. There are ‘cowboy’ CABs (whom you should ask to explain how an organization can create 3-months of records, the minimum needed to prove maintenance of a QMS, in 7 days) and even ‘cowboy’ Accreditation Bodies.

With ISO 9001 Certificates, making sure you have the real thing fundamentally means choosing a CAB that will get you an IAF logo of your Certificate. Ask about it by name and accept nothing else (for Labs seek out the IAF’s sister organization ILAC – International Laboratory Accreditation Cooperation).

Why is it Important to Get Certified by the Proper Certification Body?

Remember that those reviewing tender documents are unlikely to be inexperienced. They will recognise a phoney Certification instantly. And your offering will go directly into the rubbish bin with the hard work you’ve expended to develop products and services you are proud of totally wasted. Most importantly, you wouldn't want an ISO Auditor to find such bogus Certificates when checking your evaluation of external providers (suppliers).

For more visit Is IAF Accreditation possible for all ISO Standards? and Your Accreditation Body must follow IAF Guidance.

How does the ISO 9001 Certification Process Go?

As you will have seen in the cost data above, there are two stages in securing ISO 9001 Certification:ISO 9001 Implementation Infographic

Stage 1. Develop, implement and maintain a suitable QMS for your organization and

Stage 2. Engage the services of a CAB to undertake the necessary evaluations and ISO Certification Audits.

Stage 1. Develop, implement, and maintain a suitable QMS for your organization:

Our Infographic shown here nicely illustrates the multi-step process involved in preparing for Certification (click on the infographic image to get a copy for yourself). Whichever of the three approaches you choose (or variants thereof) you will benefit from our ISO 9001 Lead Implementer Course in managing and directing your ISO 9001 Project.

Stage 2. Engage the services of a CAB to undertake the necessary evaluations and audits:

When choosing a certification body, you should:

  • Evaluate several certification bodies.
  • Check if the certification body auditing activities include ISO 9001:2015.
  • Check if it is accredited. Accreditation is not compulsory, and non-accreditation does not necessarily mean it is not reputable, but it does provide independent confirmation of competence. To find an accredited certification body, contact the national accreditation body in your country or visit the International Accreditation Forum.

Note: the terms certification and accreditation cannot be used interchangeably, though it is not uncommon to do so. The difference between certification and accreditation are as follows:

Certification – the provision by an independent body of written assurance (a certificate) that the product, service, or system in question meets specific requirements.

Accreditation – the formal recognition by an independent body, generally known as an accreditation body, that a certification body operates according to international standards.

For more visit International Accreditation Forum/about us/ and 10 Reasons to change your ISO Certification Body.

How to check the ISO 9001 Certification of an organization?

The IAF, after struggling with the issue for many years, launched IAF CertSearch. This is an exclusive global database for accredited management system certifications. Other databases, irrespective of the organization publishing them, should be treated with scepticism or, better still, ignored.

Currently, CertSearch has over 400,000 valid certifications across more than 150 economies covering a range of sectors, 4000 certification bodies and 68 IAF MLA signatory accreditation bodies. While highly dependable, this database is a long way from being complete when one considers that there are 1 million plus organizations certified to ISO 9001:2015 alone.

Businesses and governments can digitally validate an organization’s certification(s), in order to determine if a certificate is valid and if the Certification Body issuing the certificate is accredited to issue certifications to that standard.

The direct route is, of course, always open to you – ask the organization for a copy of their current Certificate. Many will have their Certificate on display on their website.

For more visit IAF CertSearch

Do Management Representatives or others responsible for a QMS need training?

The training of a Management Representative or others with day-to-day responsibility to maintain a QMS is NOT mandatory. Training is implied as part of developing competence but not a specific stand-alone requirement. So, unless you determined to outsource this support indefinitely (and technically that’s not permitted), you need to train your Management Representative. And you’re in luck. We’ve got exactly the Course you need.

For more visit ISO 9001 Lead Implementer Course.

ISO 9001 Lead Implementer Certification

Do Internal Auditors need training?

Again, training here is not mandatory. But effective internal audits are essential to doing a professional job in maintaining your QMS and in avoiding nasty surprises at your next Certification Body audit. Also, if you don’t train them, your auditors won’t have any of the skills necessary to ‘harvesting’ those improvement suggestions from the people in your organization who actually do the work.

For more visit ISO 9001 Internal Auditor Course.

ISO 9001 Internal Auditor Certification

Got a Question we haven't answered?

We'd love to hear it and, if possible, answer it for you.  Just use our Support Ticket System.  You'll find a Knowledge Base there that might have an immediate answer for you. Otherwise, fill in a Ticket.

For more visit deGRANDSON Support Ticket.


Written by Dr John FitzGerald

Director & Founder of deGRANDSON Global. He spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems

Subscribe to Email Updates


Recent Posts

Posts by Topic