ISO 9001 Clauses 4–10: What Certification Bodies Look For
If you’re preparing for ISO 9001 certification, you may wonder what auditors look for during your audit.
At CertFast, our goal is to make the certification process clear and straightforward—especially for small and growing businesses. Below is a simple breakdown of ISO 9001 clauses 4 through 10, what they mean, and what we look for during an audit. Please note that Clauses 1-3 are not audited, they are for reference only.
Clause 4: Context of the Organization
What we look for: Do you understand your business and its environment?
We want to see that you’ve taken time to define:
- What affects your business (internal and external factors)
- Who your key stakeholders are (customers, suppliers, employees)
- The scope of your quality management system
- Your main business processes
In short: You should be able to clearly explain what your business does and how your processes fit together.
Clause 5: Leadership
What we look for: Is leadership actively involved?
Certification isn’t just about documentation—it starts with leadership.
We expect to see:
- A defined quality policy
- Clear business and quality goals
- Leadership involvement in the system
- Employees who understand their roles
Strong leadership involvement is one of the biggest indicators of a successful system.
Clause 6: Planning
What we look for: Are you planning ahead?
We’re not expecting perfection—but we do expect proactive thinking.
During an audit, we look for planning:
- Identification of risks and opportunities
- Defined quality objectives
- Plans to address potential issues
It’s about showing that you’re managing your business intentionally, not reacting to problems after they happen.
Clause 7: Support
What we look for: Do your people and processes have the support they need?
Your system relies on having the right foundation in place.
We’ll review:
- Employee training and competence
- Availability of resources and equipment
- Internal communication
- Documented information (procedures, records)
Your team should be equipped to do their jobs effectively and consistently.
Clause 8: Operation
What we look for: Are you doing what you say you do?
This is where we spend much of our time during an audit.
We will review Clause 8:
- Observe your processes in action
- Speak with employees
- Review records like orders, production documents, or service records
The key question: Are your processes being followed as planned?
Clause 9: Performance Evaluation
What we look for: Are you measuring your system?
We expect businesses to regularly evaluate how things are going.
This includes:
- Monitoring performance (KPIs, metrics)
- Conducting internal audits
- Holding management reviews
You don’t need complicated systems—just clear evidence that you’re checking performance.
Clause 10: Improvement
What we look for: Are you improving over time?
An ISO 9001 Quality Management System builds on continual improvement.
We look for:
- How you handle issues or mistakes
- Corrective actions taken
- Efforts to improve processes
We don’t expect zero issues—we expect you to address them effectively.
How These Clauses Work Together
From a certification body perspective, these clauses form a simple cycle:
- Understand your business
- Lead and plan effectively
- Support your team
- Run your operations
- Measure performance
- Improve over time
During your audit, we’re verifying that this cycle is working within your organization.
ISO Certification Audit Steps
What to expect during your certification audit
Understanding the audit process can help reduce stress and ensure you’re prepared. Here’s how a typical ISO 9001 certification audit works from start to finish:
1. Audit Planning
Before the audit, your auditor will develop an audit plan outlining:
- Which processes will be reviewed
- When will the activities take place
- Which ISO clauses apply
This helps ensure your audit is organized and efficient.
2. Stage 1 Audit (Readiness Review)
This is a high-level review of your system to determine if you’re ready for certification.
We will:
- Review your documentation
- Evaluate your system structure
- Identify any potential gaps
You may receive “concerns” to address before moving to Stage 2.
3. Stage 2 Audit (Certification Audit)
This is the full audit where certification is determined.
We will:
- Interview employees
- Observe processes
- Review records and evidence
This step confirms that your system is implemented and effective.
4. Audit Findings (If Any)
If issues are identified, they will be documented as:
- Minor nonconformities (small gaps)
- Major nonconformities (more significant issues)
You must address these before you can issue the certification.
5. Corrective Actions
If findings occur, you will:
- Identify root cause
- Implement corrective actions
- Provide evidence of resolution
Our team will review your response and make sure your company addresses the issue properly.
6. Certification Decision
After the audit:
- Your audit report is reviewed by technical experts
- A final certification decision is made
Once approved, your ISO 9001 certificate is issued.
7. Ongoing Audit Cycle
Certification is not a one-time event.
After certification:
- Year 1: Certification audit
- Year 2: Surveillance audit
- Year 3: Surveillance audit
- Year 4: Recertification audit
This ensures your system continues to meet requirements over time.
How These Clauses Work Together
From a certification body perspective, these clauses form a simple cycle:
- Understand your business
- Lead and plan effectively
- Support your team
- Run your operations
- Measure performance
- Improve over time
During your audit, we’re verifying that this cycle is working within your organization.
Final Thoughts from CertFast
Our role as a certification body is not to “catch” problems. It is to verify that your system works as intended.
For small businesses, the most successful audits happen when:
- Processes are clearly defined
- Employees understand their roles
- Records are available and accurate
- Communication is open during the audit
If you can show how your business operates and share proof to support it, you’re on the right path to certification.
