ISO 9001: The Ultimate QMS Guide (Basics, Implementation, ISO Templates)

Consumer Reports publishes an annual reliability survey, which includes data on over 470,000 cars.

In this report, owners of Tesla’s Model 3 experienced a number of problems, including chassis hardware, paint and trim related faults, indicative of a build quality that fell far shorter than expected standards set across the automotive industry. The Model 3 represents Tesla’s first real attempt at a mass-market electric vehicle, and the issues surrounding its launch created much frustration and controversy among electric vehicle enthusiasts.

This lack of quality assurance has lost at least one major $5 million order of Model 3 vehicles from a rental company, in relation to problems with the service and performance of previously purchased vehicles.

In an email, NextMove wrote:

“Tesla Model 3 vehicles, which NextMove was supposed to take over after payment and only a short examination, sometimes had serious defects: defective tires, paint and body damages, defective charge controllers, wrong wiring harnesses or missing emergency call buttons. Such quality defects would have endangered the safety of the customers and the profitability of NextMove.”

Stefan Moeller, Managing Director of NextMove, went on to say:

“We had to insist on compliance with general quality standards and processes in order to protect our renters and our business model.”

Why did Tesla have so many problems? Crucially, Tesla made the decision to deliver the product to market and sort out the issues later.

Basically, they didn’t have a strong enough system for managing quality.

We call these Quality Management Systems (QMS) – and they work.

The rest of the auto-industry follows a specific quality management system structure. It’s called ISO/TS 16949:2009 and it’s a variant of ISO 9001.

People follow quality management systems for various reasons; they improve quality first and foremost. But they also have a positive impact on the bottom line.

The return on investment (ROI) of a quality management system is typically impressive:

As a guide, a recent study undertaken through the American Society for Quality (ASQ) showed that for every $1 spent on your QMS, you could expect to see an additional $6 in revenue, a $16 reduction in costs, and a $3 increase in profits. On average, they saw that quality management reduced costs by 4.8% – ASQ

In this Process Street article, we’ll be looking at how ISO 9001 can be used to assure quality control across all types of organizations, with benefits like improved company performance, higher demand for products, and a competitive advantage towards increasing market share.

What we’ll cover:

For the uninitiated, what is ISO 9001, as simply as possible?

ISO 9001: A simple explanation for normal people

ISO deals in “standards”. That means sets of requirements, decided by experts, for doing things. ISO 9001 happens to be a standard for how to set up and maintain a QMS (quality management system) in your business.

It helps give you direction in how to write your company processes, how to structure them, organize them, check them, and improve them.

It’s about systemizing your approach to your processes across your whole company. That’s it. Don’t be intimidated.

In this article, we’re going to go through step by step and explain the technical stuff. Let’s jump right in with some of our free ISO 9001 templates which cover the basics. You can click through to navigate any of the templates embedded in this article if you want to know more.

ISO 9001: Free templates!

The best way to get started with ISO 9001 is to take a look at some of our custom ISO 9001 templates, so you know what implementing ISO 9001 looks like right off the bat.

This first couple of templates offers a great jumping-off point to start understanding how successful quality management systems look in practice.

If you want to try any of the templates mentioned in this article, all you have to do is sign up for free at Process Street (it only takes two minutes!) and simply add the templates to your account.

ISO 9001 Structure Template

This ISO 9001 structure template offers a concise and easy-to-follow framework for creating a quality management system (QMS) mini-manual that complies with ISO 9001 requirements.

Despite being named “ISO 9000”, this template is in fact built with the ISO 9000 family for quality management systems in mind, and as such can be used for ISO 9001.

The purpose of this mini-manual is to provide you with an organized overview of your company’s policies and procedures that can be distributed amongst your team.

ISO 9001 Marketing Procedures

This ISO 9001 Marketing Procedures template was built following the structure of the ISO 9001 structure template mentioned above, but from the perspective of a marketing company.

It can be used as a guide to follow when creating your own mini-manual; it’s basically the structure template above, but fleshed out with example data, so you can understand what the structure template might look like in practice.

Other relevant ISO 9001 templates


To make things simpler for you, here’s a list of our ISO 9001 templates:

For templates related to other ISO standards, simply scroll to the bottom of the article.

What is ISO 9001? The leading QMS standard

ISO 9001 is an international standard developed to help organizations build and optimize their quality management systems (QMS) to run more efficiently and better meet their customer needs.

The standard is used by organizations as a kind of badge of honor to show that their products and services are consistently meeting industry quality standards. This is achieved by following the standard requirements and obtaining an ISO 9001 certification.

ISO: International Organization for Standardization

ISO (International Organization for Standardization) is the largest and most well-known standards network in the world.

The organization began in Geneva, Switzerland and has, at this point, been adopted by companies throughout 164 countries around the world.

ISO doesn’t actually certify organizations themselves, but rather it offers quality standard guidelines that certification agencies can reference when performing audits and in turn certifying a company’s QMS.

ISO 9000: The Quality Management Family

ISO 9000 can be defined as a family of quality management standards created to help organizations build and maintain an effective QMS. The ISO standards are not restricted to any specific industry and can actually be used by any kind of organization of any size.

Some goals of the ISO 9000 standards include: boosting a company’s customer satisfaction, helping meet regulatory specifications, and encouraging continuous improvement. These standards are meant to act as the foundation for an organization’s QMS.

While ISO 9000 is a family of standards, ISO 9001 is an individual standard within the ISO 9000 family. It’s important to note that there also exists a single ISO 9000 standard that covers the basics and glossary for QMSs, but in this article, the term “ISO 9000” is used in reference to the family of standards, not the individual standard.

The ISO 9000 family is made up of the following standards:

  • ISO 9001:2015: Quality Management Systems – Requirements
  • ISO 9000:2015: Quality Management Systems – Fundamentals and Vocabulary
  • ISO 9004:2018: Quality Management – Quality of an Organization – Guidance to Achieve Sustained Success
  • ISO 19011:2018: Guidelines for Auditing Management Systems

Management System Standards (MSS): A quick look

ISO’s Management System Standards (MSS) are a bunch of standards that share a similar structure, designed to work together to make managing complex systems simpler, and more easy to integrate.

They set out specific requirements that companies of any size can use to build various different management systems, like quality management systems, or environmental management systems.

MSS were developed by international experts in knowledge fields like leadership strategies, international business management, and efficient business practices.

The three main ISO Management System Standards are:

There are also ISO MSS that offer requirements and guidelines for management standards within specific sectors, such as:

Some MSS also serve as guides on highly specific sections of a company’s management system, in order to help strengthen the understanding and implementation of the ISO standards.

These standards include:

Annex L
Annex L (formerly Annex SL) is the 10-part structure that specifies how ISO management system standards should be written.

The goal of Annex L is to encourage unity and consistency within the MSS. ISO is currently updating its standards with this structure, and eventually all standards will share this core structure to make integration and interoperability more streamlined.

The Annex L MSS structure is as follows:

  • Scope
  • Normative references
  • Terms and definitions
  • Context of the organisation
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance evaluation
  • Improvement

Anatomy of ISO 9001:2015 for Quality Management

In 2015, ISO 9001 was revised to be more agile and have the ability to adapt to any organizational environment.

As the most famous standard, ISO 9001 is always under revision, but currently, ISO 9001:2015 is the most recent version.

The review cycle is typically every four years, at which point ISO will assess whether or not any given standard needs to be updated. If no updates are deemed necessary, the current standard will be renewed.

What is ISO 9001:2015 (Current Version)?

ISO 9001:2015 is the most recent version of the ISO 9001 standard which specifies requirements for companies to follow in order to build and maintain their QMSs and attain ISO 9001 certification.

Some changes between the current (2015) and previous (2008) included:

  • Integration of the Annex L structure for more consistency with other ISO standards (ISO 45001, ISO 14001, etc.)
  • Strengthening the connection between companies and their QMSs
  • Less binding requirements compared to the previous version to promote more agility
  • Greater emphasis on customer satisfaction
  • More simplified terminology throughout the text for better accessibility
  • Promotion of a process approach for achieving better quality results
  • Newly established requirements for quality performance for use during company planning stages
  • An emphasis on top managers to take the reins on their QMS

So what does ISO 9001 look like, exactly?

In the newest version of the ISO 9001 standard, it was structured following the Annex L MSS and broken up into 10 sections. The first three sections serve as introductions and the following seven sections offer the main core principles of ISO 9001.

The main seven sections include:

  • Context of the organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance evaluation
  • Improvement

Context of the organization

The context of the organization section established the requirement that the organization should take time to evaluate itself and its place in the industry.

The means the organization must take note of information, such as: organization influences, how the influences manifest in their QMS, the company culture, its goals, the organization’s size, its market and customer base, etc. It’s also important to record any potential business risks.

Leadership

The leadership section requires that top-level management take the lead in implementing their QMS.

Top managers must show a commitment to the success of the QMS by performing tasks, such as: developing and applying a quality policy, assigning employee responsibilities at all levels of the organization, and emphasizing the importance of customer satisfaction.

Planning

The top-level management is also required to develop plans for the ongoing maintenance of the QMS.

They should assess any risks and possibilities regarding the QMS and identify quality goals and later create the strategy plans needed to reach these goals.

Support

The support section includes various requirements centered around resource management for the company’s QMS.

It encompasses things like employee awareness, human resources, company-wide communication, the monitoring of assets and resources, infrastructure, employee competence, and the handling of all records needed for company processes.

Operation

The operation section’s requirements focus on the development and production of the company’s product or service.

It includes requirements on: initial planning stages, product design, manufacturing, supplying the product/service, managing nonconforming products.

Performance evaluation

The performance section covers the requirements necessary to ensure that there is an effective monitoring system in place for the company’s QMS.

This system should allow for top management to easily monitor and assess company processes, measure customer satisfaction, perform internal audits, and provide regular QMS reviews to make sure everything is running smoothly and efficiently.

Improvement

The improvement section is the last section and it includes the requirements necessary to improve the company’s QMS as time goes on. Top management should review and evaluate any process nonconformity and develop solutions for these processes.

Quality management: What is it & why does it matter?

Quality management can be summarized as the process necessary to ensure that a company’s products and services are consistently up to quality standards.

Quality management is composed of four components:

1. Quality planning
The planning component covers the process of defining your product/service’s quality standards and determining how to meet these standards.

2. Quality improvement
The improvement component involves the optimization of your company processes to better help achieve quality standards.

3. Quality control
The control component emphasizes the importance of regular maintenance of your company’s quality standards to ensure ongoing quality consistency.

4. Quality assurance
And the final assurance component includes any actions necessary to determine whether the system you have in place is providing consistent product/service quality.

What is a quality management system (QMS)?

A quality management system (QMS) is a set of standards and procedures that define the rules that determine how your organization will produce and provide your product or service to the customers.

While every organization’s QMS should be written specifically to meet their own needs, following the ISO 9001 standard provides a strong foundation for the QMS, making sure that nothing important is overlooked.

Benefits of a quality management system

A strong and reliable quality management system can offer organizations many benefits, such as:

  • Boosting product efficiency
  • Minimizing excessive waste (materials, profit, time, etc.)
  • Greater customer satisfaction
  • More effective marketing
  • Faster and more reliable employee onboarding
  • More efficient growth management
  • Continuous improvement of products, services, and processes
  • Better product/service quality consistency

Key principles of a QMS

iso 9001 for quality management

All of the ISO standards related to quality management are based on these seven quality management principles:

  1. Practicing a truly customer-driven approach when manufacturing and selling your product
  2. Top level management must commit to providing quality
  3. All company employees should be involved in the achievement of quality
  4. Quality standards should be met using a process driven approach
  5. Company decisions should be made based on evidence
  6. An ongoing commitment to continuous improvement of quality
  7. Open communication and good relationships between suppliers and customers

Utilizing all of these QMS principles is central to developing a reliable system for your company that meets general ISO objectives.

ISO 9001 for continuous improvement

Continuous improvement can be defined as a perpetual effort to make improvements to your company’s products/services and processes.

There are generally two types of continuous improvement efforts:

  • Gradual, also known as “incremental”, improvement over a period of time
  • “Breakthrough” improvement, that takes place all at once.

When a company practices continuous improvement, they are constantly self-evaluating their ability to satisfy their customers and looking for ways to improve and perform more efficiently overall.

Continuous improvement is one of the key components of the ISO 9001 QMS. The ISO 9001 standard requires that all feedback is regularly reviewed and weighed against the company goals.

Understanding continuous improvement

As mentioned above, continuous improvement is typically categorized into two types: incremental and breakthrough improvements. The best way to implement continuous improvement would be to utilize both types of improvements so that you’re able to deal with more trivial problems and also tackle the larger issues your company may be dealing with.

Incremental improvement
Incremental improvements involve continuously tweaking your company’s processes in order to make small improvements along the way.

These improvements are typically lower in cost and faster than breakthrough improvements, but there are some risks involved when making incremental improvements. This is because incremental improvements don’t call for reviewing entire operations, and it’s possible that some small changes could result in bigger consequences afterward.

Breakthrough improvement
Breakthrough improvements refer to making larger changes to your company’s processes. This is typically done by assessing the company issue with your team and together deciding on the solution.

These improvements usually involve more time and money spent than its incremental counterpart, but result in more significant and worthwhile improvements at the end of the day. Breakthrough improvements can sometimes be necessary to make, for example, in companies where their systems in place are outdated or slow and may need a total revamp.

Though it may take longer than simply making the necessary changes yourself, involving your team in the process ensures that everyone is on the same page and the transition is seamless.

PDSA/PDCA

ISO 9001 was developed based on the plan-do-check-act (PDCA) methodology, AKA plan-do-study-act (PDSA). This methodology encourages a more process-oriented approach when recording and assessing company processes to achieve a reliable QMS.

Some topics covered in this methodology include:

  • Specific QMS requirements
  • Management responsibilities
  • Resource management
  • The process of developing, manufacturing, and releasing products
  • Methods of QMS improvement, such as, performing internal audits and practicing corrective actions

Plan
The first step of the PDSA methodology entails figuring out what your goals are and deciding what needs to be done to achieve those goals.

This step could involve tasks like:

  • Figuring out what “quality” means for you and your company
  • Assessing how your company is structured and how that influences quality
  • Defining a concise quality policy
  • Developing your QMS goals
  • Understanding what processes need to be involved and how they will work
  • Assessing any potential risks within your QMS
  • Outlining a plan for continuous improvement

Do
The second step for this methodology involves putting all the plans you made in the last step into action.

It’s important to make sure that you’ve documented and planned through any new processes before moving forward. This is so that it’s easiest for you and your team to follow and can help figure out what exactly went wrong if something does go wrong.

Study/Check
This next step can only take place once all of your new processes have been set into motion. It involves closely monitoring them and determining what is and isn’t working well.

You’ll need to record all of your findings and organize them in a manner that can easily show others how your new processes are performing. It’s important to keep in mind the importance of practicing open communicating and transparency when building your QMS.

Act
For the final step of the PDSA methodology, you’ll need to assess all of the recorded information from the previous step and apply corrective changes.

The goal is to perfect your company processes until they’re running effectively and efficiently. This step also involves adopting the philosophy of continuous improvement to monitor and assess all your company processes to determine whether they can be improved and how, even if they seem fine.

Other frameworks for continuous improvement

There have been many tools and systems developed over the years to help companies improve their processes. These frameworks are built so that management doesn’t have to spend unnecessary time and effort developing their own from scratch and can instead, just get started. These tools also allow them to take what has been already proven effective by others and apply it to their own company for the best chances of positive outcomes.

Some of the most famous frameworks for continuous improvement, apart from the PDSA methodology, include:

  • Gemba walks
  • 5 why’s
  • 3M’s

Gemba walks
Gemba walks is unique in that it focuses on the value of a company’s employees.

It’s rooted in the idea that some of the most original ideas for improvement come from front line employees who are working with the flawed processes on a daily basis. This first-hand experience with their processes means that the employees gain a deeper understanding of their effectiveness and are able to offer real solutions.

Gemba walks encourage more open communication and informal interactions between management and staff at the location where they work, rather than a designated meeting room. This allows for management to observe company processes first-hand and in turn, gain a better understanding of how things are working.

This method was specifically developed to effectively gather feedback and allow management to access their employees’ experience on the floor. Gemba walks don’t provide a framework for how to utilize this feedback though, so it’s best used in combination with other methods.

5 why’s
The 5 why’s framework was designed to pinpoint the root cause of issues companies may be struggling with. It allows managers to be able to see past the symptoms and actually recognizes the deeper source of the issue, simply by asking ‘why’ multiple times in a row.

This technique makes it simpler to actually address issues and helps minimize superficial conflict, such as employees passing blame around. It enables management to identify cause and effect relationships and is an easy tool to implement because there’s no real need for in-depth data analysis.

But, the 5 why’s method is also not an all-encompassing solution. It can help identify the root issues, but doesn’t offer much beyond that. So as with gemba walks, this method is best used when in combination with other frameworks.

3Ms (Muri, Mura, and Muda)
The 3Ms framework refers to three different categories of underlying issues that typically are the cause of problems for businesses.

The 3Ms stand for three Japanese words that can be translated to mean:

  • Muri – an overwhelmed feeling caused by insufficient resources, an excessive removal of waste, and lack of planning.
  • Mura – misconduct or instability that can be the root cause of ‘muda’ waste problems.
  • Muda – general waste, such as: defected products, overproduction of products, excessive fuel use, or even wasted employee time.

This framework is one of the most effective tools for tackling the deeply rooted issues that cause excessive waste. It encourages the implementation of lean manufacturing, which means identifying what truly provides value for the customer and getting rid of anything that doesn’t.

Working through the 3M’s sequentially is one of the most effective ways to apply this method. For example, beginning by identifying any instances of Muri in your company, sourcing Mura in your products to then reduce your company’s overall Muda.

Agile ISO

Standard operating procedures (SOPs) can often be inefficient and clunky to follow, especially when using traditional paper SOPs. Because of this, ISO standards have recently made efforts to streamline these procedures by encouraging the implementation of digital SOPs.

The use of digital tools for SOPs allows for these processes to be much faster to follow and convenient to update if needed. It also makes it much easier for businesses to make sure their processes align with their goals and values because their QMS is merged into the business, rather than being just a side note.

And the most obvious of the benefits of a digital SOP tool is the convenience of storing company procedures and policies digitally, which inherently improves organization and overall communication.

Basic principles of agile ISO

The 12 basic principles presented in the Agile Manifesto are as follows:

  1. Regularly providing timely and quality work to achieve customer satisfaction
  2. Taking large work and breaking it down into manageable tasks
  3. Self-organization in teams is key to achieving high quality work
  4. Trusting and supporting driven employees to get the work done.
  5. Promoting sustainable outcomes within company processes.
  6. Working at a consistent pace in order to reliably complete work.
  7. Always accepting and anticipating changes in requirements.
  8. Holding daily meetings with top level management and the project team to maintain open communication.
  9. Allowing the team to provide feedback regularly and making adjustments to the processes accordingly.
  10. Monitoring the team’s progress by their finished work.
  11. Practicing continuous improvement
  12. Embracing change and utilizing it to gain a competitive advantage.

Fake agile

Agile is more of a school of thought than it is a methodology, so there isn’t an exact science to measuring whether or not a company is “true” agile.

Being agile can take many forms, as long as the agile principles are at the core. Upholding these principles is generally all that it means to be truly agile, so any framework that follows these values is fine to adopt and just as agile as the other.

Fake agile, however, is not truly abiding by the agile principles. It is a form of rebranding of the traditional, hierarchical structure in efforts to be more appealing, but it isn’t actually a well-performing process.

An example of this could be a team spending a significant amount of time and effort developing a number of working builds to later show to the customer and receive feedback, but as a result, this means much of their work will need to be either reworked or trashed to then start from scratch. This is because the customer wasn’t made much a part of their working progress as a truly agile company would have made them.

At the root, fake agile is a wasteful, inefficient process.

How Process Street fits in

A flexible team is key to achieving agility. They need to be self-reliant and organized, without the need for a strict and unwavering company structure. One way to improve your team’s agility is to implement a BPM tool like Process Street to give your team more independence and control over their own processes.

Process Street is all about streamlining your company’s processes by using super-powered checklists to effectively and simply communicate your processes to any of your team members. This means that, for example, you’d simply create a single checklist with all the necessary information and instructions and be able to easily share it with everyone on your team to ensure open and clear communication.

It’s also very easy to quickly edit your checklists whenever necessary, with our template editor tool. Using a BPM software makes following processes more efficient and consistent, and allows for your team to take control of their own processes.

Here’s a great introduction video to Process Street’s capabilities:

And if you’d like to read more about the agile methodology, here are some more resources on the subject:

What does it mean to be ISO 9001 certified?

When an organization is “ISO 9001 certified”, it means they have met the ISO 9001 QMS requirements.

It’s fairly common to hear the term “ISO certified” being thrown around, but it’s not exactly accurate. This is because ISO 9001 is the only standard within the ISO 9000 family of standards that actually requires certification, so the correct terminology would be “ISO 9001 certified”.

An ISO 9001 certification is usually attained by entire companies, but could also be adjusted for specific departments within companies. It’s also open to companies of any size and industry sector and is internationally recognized as a valuable QMS standard.

Do I need to be ISO 9001 certified?

The short answer is no, you don’t need to be officially certified.

But it doesn’t hurt.

As mentioned earlier, the ISO 9001 standard is internationally recognized for developing, applying, and enhancing the QMS for organizations and companies of any industry or size.

The standard is honored as the foundation for any organization to build a QMS that guarantees customer satisfaction and overall quality improvement, and because of this, many companies require an ISO certification from their potential suppliers to ensure they’ll meet quality standards.

An ISO 9001 certification has become almost a necessity for companies and organizations to succeed in a competitive market, because obtaining that certification means your organization has gone through several auditing processes, and your customers wouldn’t need to audit your organization themselves. They can rest assured that your QMS is strong and dependable because it follows the seven quality management principles of ISO 9001.

Let’s talk about ISO 9001 certification

When achieving ISO 9001 certification, you should make clear what your goals are and what benefits your company will gain by achieving this certification, and be ready to implement your improved QMS into all aspects of your business.

You should also make efforts to communicate with your team what their new expectations and responsibilities will be, when implementing the changes necessary to achieve ISO 9001 certification.

In order to attain certification, ISO 9001 requires you to document your QMS.

The documentation should include:

  • General company structure
  • Name of the individual tasked with recording information and what kind of information will be recorded
  • Employee responsibilities
  • Company’s framework for internal communication
  • Required actions
  • System in place for maintaining workflow in the event that valuable staff leave the company

Defining your QMS

In order to define your company’s QMS, you’ll need to compile feedback from every department.

You should:

  • Identify the customer base for each department.
  • List the tasks involved in each department.
  • Look over the ISO 9001 standard and assess whether the requirements have been met.
  • Take note of any issues and address them.

Management of documents and records

A reliable and strict system for managing your documents is an important part of ISO 9001. It will be necessary to communicate with your team the significance of practicing proper record-keeping and following this new system.

Your record-keeping system should make sure that any old versions of procedures and policies are replaced with their updated versions and sent to all of the appropriate departments.

When establishing this new system, you should figure out what records should be kept to meet ISO 9001 requirements and which your company needs to achieve success.

Preventive and corrective actions

There are no perfect processes, but you can take measures to mitigate any damage from potential mistakes.

You should take time to carefully review your processes and identify any potential problem areas and then, develop preventive and corrective systems for each potential issue to minimize consequence or hopefully, just nip them in the bud.

Regular staff training

Though it may seem obvious, your staff needs to be properly trained in order to perform well at their job. You should also keep a record for each of your employees, including information such as, previous education, experience, and on-the-job training. This makes it easy to refer back to when deciding what tasks are appropriate to assign to your team members.

This documented information also makes it easier to spot any gaps in experience within your team and allows for better consistency of work overall.

Recurring internal quality audits

Performing regular internal quality audits of your QMS is a requirement for the ISO 9001 certification. These audits can be performed by anyone within your company, as long as they’re not directly involved with the department being audited.

You should develop a specific procedure for how internal audits are performed, including the planning stage, how it should be carried out, and documented. The auditor should then refer to this procedure when performing the audit to ensure accuracy and consistency of results.

ISO 9001 audit: Quick rundown

Apart from the internal quality audit, ISO 9001 also requires regular external audits in order to achieve certification.

ISO 9001 audits should help you:

  • Make sure your QMS is in line with the ISO 9001 standard
  • Pinpoint any problems with your QMS and solve them
  • Offer new ideas for improvements to your QMS
  • Make sure your company is continuing meeting quality standards

What is an ISO audit?

Simply put, an ISO audit is a systematic and objective procedure designed to gather and record feedback. These audits are performed to help bring to light any problem areas within your QMS and make sure you have the data necessary to make improvements.

As you know, one of the key requirements of ISO 9001 is the practice of continuous improvement, so it’s important to perform these internal and external audits regularly.

Different types of ISO 9001 audit

ISO 9001 internal audits
Internal audits, or first-party audits, are performed by an internal team member to establish whether or not a company’s QMS complies with the ISO 9001 standard requirements, as well as other company policies.

These audits should be objective, unbiased, and conducted following your company’s pre-established internal audit procedures. The auditor should review your company’s processes and policies and determine whether they comply with what’s been recorded within your company’s QMS.

Usually, checklists are used by auditors to help ensure consistency from audit to audit and allow for them to quickly and easily assess how well the company processes align with their QMS standards.

The audit results should be recorded and reviewed as a team regularly throughout the year, so that everyone can be kept on the same page and solutions to any issues found can be brainstormed together as a team.

ISO 9001 external audits
Rather than using a company employee, external audits are conducted by a third-party auditor (or team of auditors) who are sent by your organisation’s ISO 9001 registrar.

As with internal audits, these audits are used to ensure that your QMS complies with the ISO 9001 standard and is running smoothly, but guarantees a level of objectivity based on the fact that the auditor is from a third-party source. This then allows your registrar to provide you with your ISO 9001 certification.

Implement ISO 9001 with Process Street

Process Street makes following processes easy. With an intuitive, no-code editor, your employees will have no trouble building and managing their recurring processes.

All it takes is creating a template, and then simply running a checklist from those templates. You can think of templates as the process sketch, and the checklist as the finished, working process.

In order to use Process Street for ISO 9001 compliance, you’ll need to:

1. Build your Process Street processes
Decide on which processes you and your team use, and simply have each employee build their own processes themselves within the software. This way, they’ll gain a sense of ownership over their processes and customize them to their own particular needs. Start simple, and work your way up to more complex processes as time goes on.

2. Organize your folder library
Make use of folders, subfolders, and tags to keep track of all of your processes and keep it easy to access. We have a great post on process libraries that might help inspire some ideas for your own setup. You can also use our Permissions feature to protect any sensitive information and easily move your employee processes into their corresponding folders.

3. Design your meta-processes
Meta-processes involve creating processes to help manage other processes. This can be for things like how to build new processes, processes for optimizing other processes, or processes for assessing risk.

Some examples of meta-processes are:

4. Record your company policies
The quickest and most effective way to do this is by jotting down a straightforward structure with information such as, Context of the Company, Support, Operations, etc. and then ask your team for feedback on it.

5. Create your official document
Your Process Street process library will have a folder in which you can keep track of your policy templates. These templates probably won’t be run as checklists, but it’s good practice to keep everything organized in a single system. You’re able to easily export templates and checklists to PDF, if you also would like to keep a physical copy of these processes.

And that’s all it takes to get started using Process Street for ISO!

There’s no need to have to make physical updates to your procedure and policy documents every time you make a small change. You can make these changes quickly by editing your processes and creating improved versions that are easy to use and distribute.

ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist

This ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist was built to streamline the process of merging your existing EMS and QMS procedures into a single document.

It will keep you from having to do more work than necessary and allow you to ensure that your policies are in line with your environmental objectives while maintaining a synergistic relationship between the two systems.

This template provides you with a strong foundation to get started integrating your systems, as well as clear steps to follow in order to complete your IMS.

ISO 9001 Internal Audit Checklist for Quality Management Systems

As ISO’s most recognized standard, ISO 9001 offers the framework for building, maintaining, and optimizing quality management systems.

This ISO 9001 Internal Audit Checklist for Quality Management Systems template was built to use as a supplement when conducting internal ISO 9001 audits, to make sure all of the basic requirements are being met and all necessary information is being recorded.

ISO 9004:2018 Self-Audit Checklist

Conducting a self-audit can help to pinpoint any potential problem areas in your management systems and offer objective perspective, while also maintaining sights on company goals and standards.

This ISO 9004:2018 Self-Audit Checklist was built to strengthen the self-auditing process and ensure it complies with ISO 9004:2018 standards. It provides a jumping off point for making improvements to your QMS based on ISO 9004 principles.

More ISO 9001 resources

Here are some more ISO and standard operating procedure related resources if you’re interested in reading more:

And here are some our other ISO checklists we’ve built:

Related ISO standards

ISO 14001 for Environmental Management

Out of the 14000 family of standards, ISO 14001 is the most well known and establishes the requirements and principles for an efficient and effective environmental management system (EMS).

So, in a way, it’s comparable to the ISO 9001 standard, but instead of focusing on quality management, it focuses on requirements for environmental management.

ISO 14001 EMS Structure Template

This ISO 14001 EMS Structure Template was specifically designed to help you build and utilize SOPs for EMS that comply with ISO 14001 standard.

It offers concise, step-by-step instructions for working through each ISO 14001 section and when finished, you’ll have the ability to export your document as a PDF to keep everything organized.

Here are a few other articles we’ve written regarding ISO 14001:

ISO 19011 for Management System Audits

Unlike ISO 9001, you can’t get an ISO 19011 certification because it isn’t a set of requirements.

ISO 19011 offers guidelines designed to help organizations build audit programs to then use to audit management systems such as, QMS, EMS, etc.

ISO 19011:2018 Checklist for Auditing Management Systems

This ISO 19011:2018 Checklist for Auditing Management Systems template was created to help guide auditors through the internal audit process for ISO management systems, including:

  • ISO 9001:2015 (quality management systems)
  • ISO 14001:2015 (environmental management systems)
  • ISO 27001:2013 (information security management systems)
  • ISO 45001:2018 (occupational health and safety management systems)

How are you implementing ISO 9001 in your company? Do you consider yourself agile? Let us know in the comments below! We’d love to feature you in an upcoming article.

Get our posts & product updates earlier by simply subscribing

Oliver Peterson

Oliver Peterson is a content writer for Process Street with an interest in systems and processes, attempting to use them as tools for taking apart problems and gaining insight into building robust, lasting solutions.


Leave a comment

Your email address will not be published. Required fields are marked.

Get a free Process Street account
and take control of your workflows today.

No Credit Card Required