ISO 9001 Certification

For companies, ISO 9001 certification is influenced by the complexity of the business model and the expected risk profile. Typically, an organization’s IT infrastructure will reflect its business model and corporate philosophy. The more complex the constellation of software, hardware and business processes, the more complex an ISO9001 audit will be.

How does a company obtain ISO certification?

In order to receive ISO certification as a company, you must submit standard-compliant documentation about the management system used in your company to the certification body. You can submit your own documentation for each standard or cover several ISO standards (e.g. Integrated Management System ISO 9001 + ISO 14001) with an integrated management system. We will discuss the advantages and disadvantages of an integrated management system in our separate article.

How is the plausibility check carried out according to ISO 9001?

The pre-inspection checks the certifiability of your QMS. Location-specific framework conditions are also compared with the expected documentation. The necessary information on the scope is also determined.
The following will be investigated:

  • Is there conformity and completeness of the documents submitted with regard to the ISO 9001 standard?
  • Is the implementation of the management system actually present in the company?
  • Can the level of implementation of the management system be determined?
  • Are relevant documents missing from the submitted QMS?

Based on the findings from audit level 1, the auditors can create an audit plan. This requires appropriate knowledge of the organization and the management system.

How is the certification audit carried out according to ISO 9001?

The purpose of the audit is to examine the effectiveness of the management system introduced. Auditors take targeted samples along the process chains. The random samples help to clarify whether the requirements of the standard are being met.

Audit planning provides the roadmap for the lead auditor and his co-auditors. The auditors also check organization-specific documents for compliance with general and industry-specific principles (laws, industry-specific, required standards, etc.).

As part of the final discussion, the auditors explain any deficiencies or deviations that may have been identified to the audited company. They show how these points affect the audit result. In the event of deviations, the company management undertakes to initiate the necessary corrective measures. Root cause analysis can help better understand what needs to be done. If necessary, the audit team later checks whether the proven measure made the expected correction possible.

Who needs ISO 9001 certification?

Both B2B and B2C companies need one or more certifications according to certain ISO standards. Where there are high risks for employees or customers, companies are often forced to acquire at least an ISO 9001 certificate. However, there is no legal obligation that forces companies to carry out ISO certification. Insurers, banks and major customers in particular indirectly force companies to introduce a certified management system.

The following risks force companies to introduce:

  • Occupational safety risks (e.g. risk of accidents at workbenches)
  • Product safety hazards (e.g. danger to children due to defective toys)
  • Cyber risks (e.g. data breaches, theft of customer lists, industrial espionage)
  • Environmental risks (e.g. transport accidents, toxic discharges, seeping machine oil)

What ISO certifications are there?

The following ISO standards exist that can be most important for many companies:

  • ISO 9001: Quality management
  • ISO 14001: Environmental management
  • ISO 27001: Information security
  • ISO 30001: Risk management
  • ISO 45001: Occupational health and safety management
  • ISO 50001: Energy management


It is important to note that not every certification body is accredited for a specific standard or the latest version of the standard. As a result, an outdated standard would otherwise result in high costs due to an early transition audit. Especially in Germany, not all certificate providers are accredited for the ISO 9001:2015 standard. They are therefore allowed to carry out audits to a limited extent, but are not allowed to issue an accredited certificate according to the 2015 standard.

ISO 27001 Regelwerke können komplex oder schlank gestaltet werden

What advantages do ISO certifications offer?

The organizational processes are not left to chance, but are specifically documented and improved. This reduces operating costs, claims, insurance costs and risks. The value added returns, margins, sales figures and company valuations increase.

The main external impact of an ISO certificate is the quality signal to the market in which suppliers and customers can be found. The company stands out from the rest of its competitors. Customers see certified companies as established and professional companies. This creates an appreciation in the buyers’ minds: the supplier appears reliable, sustainable, high-quality and efficient enough to guarantee long-term cooperation.