How to maintain your ISO 9001-based QMS after certification

Implementing ISO 9001 is not an easy task and once the certification is passed successfully, it might appear that the biggest part of the job is done. But, don’t rest on your laurels for long because the real job with your QMS is about to start. Once you start maintaining the QMS, you will see that passing the certification is not a problem or stressful if all activities required by the standard are performed.

Very often, companies are not sure what needs to be done prior to the surveillance audit, and therefore don’t gather the necessary information or perform the required activities. This usually results in calling the consultant to make a fix and help them formally pass the certification audit. This is only a quick fix and doesn’t really bring the company any value except having the certificate for formally complying with the standard. But, after having the certificate for several years and harvesting no real benefits for the company, people start wondering how to put their QMS to work.

Go from Plan to Do phase

Developing procedures is easier than implementing them. Ensuring that the procedures are followed takes more time than writing them. Once the procedures are written, it will take some time to train employees to follow them. Of course, the majority of the activities were already performed even without the standard, but those new ones need time to be adopted by the employees. That is why it is important to raise awareness of the process owners first in order to ensure that they will enforce the procedures among the employees.

This will definitely require filling in some additional records and keeping track of activities, but in the end, you will have more data to analyze during the management review and this will help you make decisions based on facts rather than assumptions.


As mentioned above, the new activities will definitely require additional training of the employees. The good thing is that the standard provides the organization with the framework on how to identify the needs and plan the training along with the requirements to measure training effectiveness. The systematic approach to competence will help the organization not only to achieve it regarding the standard requirements, but also for other processes as well. Also, measuring training effectiveness will provide you with information on how people are really competent instead of just collecting certificates. For more information, see: How to ensure competence and awareness in ISO 9001:2015.

Control of outsourcing partners and suppliers

This may seem like reinventing the wheel, but there are not many companies that have a structured approach to this topic. In most cases they rely on gut feeling and price, but these aren’t the only criteria for deciding which supplier to hire or which supplier to hire again. Sometimes it is good to stop for a second and define what you really expect from your supplier, and if it is already transformed into the procedure, you only need to evaluate the suppliers at planned intervals. Some of them left a good impression a few years ago, but are they still up to the task? For more information, see: How to evaluate supplier performance according to ISO 9001:2015.

Monitoring and measuring

Monitoring and measuring should provide you with information on the status of a system, process, or activities within your QMS. If you set up the monitoring and measuring process correctly, it will provide you with information about the performance of your processes. If not, this is something that needs to be considered during the next management review. For more information, see: Analysis of measuring and monitoring requirements in ISO 9001:2015.

Customer satisfaction

Being one of the most important principles behind ISO 9001, customer focus is demonstrated through monitoring and measuring customer satisfaction. The company must define how and how often it will conduct surveys to determine the level of customer satisfaction. Having relevant information on how the customers perceive the organization is a valuable input for further development of the products and services and the company itself. For more information, see: Main elements of handling customer satisfaction in ISO 9001.

Check and Act phases

Gathering relevant information about the system through monitoring and measuring and following the process procedures will enable top management to exercise the last principle of ISO 9001, and that is evidence-based decision making. A detailed and thorough internal audit will provide you with additional information not only about the level of compliance, but also about the condition of your entire system. Together with other information gathered along the way, the top management will be able to conduct good, value-added management review and make decisions that lead to continual improvement of the system and the company.

External audit without stress

Having all these elements of the system in place means having the real QMS, the one that really works in favor of the company. All these elements are also the first place where the auditors will be looking, so having this covered will prepare you for the audit better than any consultant.

Enroll in this free online training: ISO 9001 Foundations Course to learn more about maintaining your certification.

Advisera Strahinja Stojanovic
Strahinja Stojanovic

Strahinja Stojanovic is certified as a lead auditor for the ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.