Frequently Asked Questions – ISO FAQs

ISO Certification cost depends on a range of factors including internal resourcing capabilities, pre-existing management system documentation as well as organisation size and scope of products and services offered. Key costs involved are the cost of the Certification Body and the cost of the ISO Consultant. See HERE for more information.

A three-month timeframe is ideal and consists of three phases:
Month 1 – Development
Month 2 – Implementation
Month 3 – Internal audit & management review
Fast ISO Certification may be possible if required (eg tenders due) but there are a range of factors that can affect timeframes – See HERE for more information on fast ISO Certification.

To get ISO 9001 Certified you need to complete three simple steps as follows:
Step 1 Development – build the Quality Management System documentation to meet ISO 9001 requirements.
Step 2 Implementation – Implement the Quality Management System as documented.
Step 3 Internal Audit – Complete an internal audit and management review meeting.
Once that has been completed you can engage an accredited Certification Body to conduct your certification audit. See HERE for more information.

An ISO 9001 Certification is a certificate that is awarded to a company that has successfully completed a third-party assessment audit of its Quality Management System against the requirements of ISO 9001:2015 Quality Management Systems.

ISO Certifications are issued by companies called Certification Bodies. Legitimate Certification Bodies are authorised by an overarching organisation called an Accreditation Body who is there to make sure they are auditing to the required standard. There are dodgy Certification Bodies in the marketplace who aren’t Accredited and still issue certificates. See HERE for more information.

Yes. There are plenty of shadowy operators in the certification industry so it is important to ensure the Certification Body that you engage to complete the independent, third-party certification audit of your management system is accredited and your certificate is authentic. See HERE for instructions on how to check if your ISO Certificate is genuine.

ISO 9001 is a list of rules that have been developed by a group of experts from around the world. The rules state what requirements a business must have in place to have an effective Quality Management System which ensures:
1. You can provide products and/or services that meet all applicable requirements (customer specifications, price, timeframes).
2. You can provide products and/or services without breaking any laws.
3. If something goes wrong, you have a system of continual improvement whereby you don’t just fix problems and move on, you identify the root cause of the situation and take action to make sure it doesn’t happen again.

ISO Certificates are generally valid for three years. The Certification Body will complete an initial Certification Audit for the first year of certification, and then undertake a Surveillance Audit for the second and third year. Certificates can be revoked by the Certification Body if a number of Nonconformities are raised at an Audit. See HERE for more information.

To pass an ISO Audit the Certification Auditor will sight objective evidence to support conformity with each of the sub-clauses (clause numbers 4-10) of the ISO Standard eg ISO 9001 Quality Management Systems.
If you received a non-conformity it means there has been a significant deficiency identified in the structure and/or the implementation of the quality management system and you will need to take Corrective Action. See HERE for more information.

An Integrated Management System (IMS) is the general term for a documented management system that addresses more than one standard.
Standards often have significant cross-over – similar clauses and requirements. Hence from a management system design perspective, and a system user perspective it is more efficient, consistent and a better approach to address each of the requirements in one integrated management system rather than separate silo systems for each standard.

No ISO 9001 is not a legal requirement. Companies can choose whether or not to be certified to ISO 9001 or not. That said, Government and Private Request for Tenders (RFTs) often include criteria related to Quality, Safety, and Environmental Certification. Depending on whether you have a Quality Management System that has been certified to ISO 9001 by an Accredited Third-Party Certification Body may mean the difference between winning the tender and going to contract, or losing the tender to a competitor. See HERE for more information.

ISO 9001 is not mandatory to have, but it may be a client-imposed mandatory requirement. For example, you may need to have ISO 9001 certification to be eligible for tenders and work. See HERE for more information.

ISO 9001 provides a framework for businesses to establish a quality management system to ensure conformity of products and services, and processes to facilitate continual improvement of the organisation.

ISO Consultants are engaged by companies to facilitate the development, implementation and external audit preparation prior to ISO Certification. The ISO Consultant is a role that is dedicated to helping organisations to build practical, efficient management systems that add value to the organisation and guarantee certification to the relevant ISO Standards.

No. The ISO Consultant cannot be the certification auditor as the requirements of ISO 19011 explicitly states a requirement for independent assessment: “[the] systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” – ISO, from ISO 19011:2018 – Guidelines for Auditing Management Systems

When you have implemented a QMS, and achieved certification to ISO 9001 or certification to some other quality standard you are deemed to be a Quality Assured company. See HERE for more information.

Quality control is retrospective – a final check or lagging indicator of performance. It doesn’t take into account the whole quality management system framework. See HERE for more information.

Quality Management relates to the wholistic quality management framework that has been established and implemented to ensure process performance, quality of products and services and continual improvement. See HERE for more information.

An Internal Audit (also called a first-party audit) is an assessment of whether the management system meets the requirements of the applicable standards AND is effectively implemented and maintained. Organisations usually set their own internal audit schedule and the frequency of internal audits should be based on risk and importance.

A Gap Analysis Audit is similar to an internal audit however it is usually undertaken in the early stages of management system preparation, prior to certification. It is an assessment of whether the management system meets the requirements of the applicable standards AND is effectively implemented and maintained, and provides a Gap Audit Report which includes deficiencies identified and associated improvement recommendations.

Many Australian businesses are actually eligible for help with ISO 9001 Certification through a government-funded Business Growth Grant? Click HERE for more information.