Guide · Certification
How to get ISO 9001 certified, step by step
The path to ISO 9001 is more predictable than it looks. There are six clear stages, and the same process works for ISO 14001 and ISO 45001. Here's what happens at each one, and where the effort actually goes.
1. Build your management system
You need the documented system a certification body audits against: your quality policy, the procedures for how you work, and the registers and records that prove it (risk, legal obligations, training, corrective actions, and so on). This used to be the slow, expensive part — writing everything from scratch or wrestling generic templates. It's now the part software does fastest.
2. Implement it
A system on paper isn't a system. Roll it out to your team, put the procedures into daily use, and start generating records — inductions, inspections, incident reports, acknowledgements. Auditors care that the system is used, not just written.
3. Run an internal audit
Before anyone external turns up, audit yourself against the standard with a clause-mapped checklist, and raise corrective actions for anything you find. This is a mandatory requirement (clause 9.2) and your single best chance to fix gaps on your own terms.
4. Hold a management review
Top management formally reviews how the system is performing — audit results, customer feedback, objectives, compliance status, corrective actions. It's a required input (clause 9.3) and demonstrates leadership is actually engaged.
Practise the audit before it counts
A mock audit is the difference between walking into Stage 2 confident and hoping. BigTick's AI auditor reviews your live system and hands back the findings a real auditor would raise, with a readiness score — so you close the gaps before they become findings.
5. Stage 1 audit
You engage an accredited certification body (in Australia and New Zealand, a JAS-ANZ accredited body). Stage 1 is a readiness check — they confirm your system is documented, complete and ready for the full audit, and flag anything missing.
6. Stage 2 audit
The main event: the certification body audits your system in operation, sampling records and interviewing your team. Clear it (any minor findings are closed out) and your certificate is issued. From there you're on a three-year cycle with annual surveillance audits to keep it.
Start at step one, today
BigTick builds the management system, runs the internal audit programme, and lets you rehearse with an AI mock audit — everything up to the certification body, in one place.
Start a free trialFrequently asked questions
What are the steps to get ISO 9001 certified?
Build a management system that meets the standard, implement it and keep records, run an internal audit, hold a management review, then pass Stage 1 and Stage 2 with an accredited certification body. After that you maintain it through annual surveillance audits.
Who issues the certificate?
An accredited certification body — in Australia and NZ, one accredited by JAS-ANZ. Consultants and software help you prepare, but only an accredited body can audit and issue the certificate.
What's the difference between Stage 1 and Stage 2?
Stage 1 is a readiness check that your system is documented and complete. Stage 2 is the full audit of the system in operation. Pass Stage 2 and the certificate is issued.
Related guides
General information about the ISO certification process, not certification advice. Certificates are issued by accredited certification bodies.