The ISO 9000 family of quality management systems standards is designed to help organizations ensure that they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product. ISO 9000 deals with the fundamentals of quality management systems, including the eight management principles upon which the family of standards is based.
ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill.
Third-party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over one million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today. However, the ISO certification process has been criticized as being wasteful and not being useful for all organizations
ISO 9001:2008 Quality management systems — Requirements is a document of approximately 30 pages which is available from the national standards organization in each country. It is supplemented by two other standards: ISO 9000:2005 Quality management systems—Fundamentals and vocabulary and ISO 9004:2009 Managing for the sustained success of an organization—A quality management approach. Only ISO 9001 is directly audited against for third party assessment purposes. The other two standards are supplementary and contain deeper information on how to sustain and improve quality management systems; they are therefore not used directly during third party assessment.
International Organization for Standardization (ISO) does not certify organizations itself. Numerous certification bodies exist, which audit organizations and, upon success, issue ISO 9001 compliance certificates. Although commonly referred to as "ISO 9000" certification, the actual standard to which an organization's quality management system can be certified is ISO 9001:2008. Many countries have formed accreditation bodies to authorize ("accredit") the certification bodies. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies (CB) are accepted worldwide. Certification bodies themselves operate under another quality standard, ISO/IEC 17021, while accreditation bodies operate under ISO/IEC 17011.
An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services and processes. The auditor presents a list of problems (defined as "nonconformities", "observations", or "opportunities for improvement") to management. If there are no major nonconformities, the certification body will issue a certificate. Where major nonconformities are identified, the organization will present an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it will issue a certificate. The certificate is limited by a certain scope (e.g., production of golf balls) and will display the addresses to which the certificate refers.
An ISO 9001 certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually once every three years. There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.
ISO 9001 Spring Manufacturer