A guide to implementing QMS certifications for small businesses and start-ups

A guide to implementing QMS standards for small businesses

Resident quality expert Andrew Milner (#AssuranceWithAndrew) begins a 4 part series to explain why and how small businesses should seek certification in relevant quality standards and implement a QMS system.

Starting with: Why?

Part 1: What exactly is third-party certification, why bother with it, and how to get YOUR organisation into the right mindset for implementation

Hello, and welcome to the first part of this short series on Quality Certification for small businesses and start-up companies. In this 4 part series, I will be explaining exactly what third-party certification involves and how you can level up your business through this process.

The standard I will be focussing on is ISO9001:2015, as this is the most popular certified Quality Management System standard worldwide, with more than a million estimated certifications.

What is third-party certification?

First of all, let’s dial things back to basics and understand what a ‘standard’ actually is. Standards are recognised methods, norms and best practices that provide a reliable basis for people to share the same expectations about a product or a service.

In the context of this series, I shall focus on Quality Management System standards.

If you’re here reading this, you have most likely heard of ISO9001:2015 and you may be aware of other more industry-specific variants.

The intent of using any Quality Management System standard is for an organisation to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.

The ISO9001:2015 standard itself is developed by the International Organisation for Standardisation (ISO) and provides a framework for principles and recognised best practices in managing Quality and customer satisfaction.

Whilst ISO9001:2015 is a useful tool for many businesses, just following the requirements alone is not sufficient, and third-party certification is usually necessary to demonstrate credibility.

This involves being assessed by a competent independent body to confirm the requirements are being met. The term ‘third-party’ is used to illustrate that the assessing body is independent of the organisation being certified.

There are many different certification bodies to choose from that can provide this service, but I will discuss that more in a future article…

Why bother?

For a lot of organisations, having ISO9001:2015 certification is often a customer-mandated requirement so that they can be included as part of a tender process or can be included as an approved supplier of goods or services.

This is clearly a good reason on its own for becoming certified, but I am a strong believer that this should not be the sole reason why and there are other great reasons for becoming certified.

From my time as an external third-party auditor, I can attest that there are many other benefits on offer, including:

  • Greater scalability
  • Greater efficiency
  • Greater self-awareness

Greater scalability – ISO9001:2015 goes beyond corporate governance and also applies within the operational side of the business. The requirements in clause 8 will touch on processes such as receiving customer orders, stock control, purchasing and general planning and control of work. Documenting these processes internally through the implementation of workflows, written procedures and work instructions in-line with the ISO9001:2015 requirements can be an opportunity for small business owners to standardise how these tasks are performed and make them a lot easier to delegate. In turn, this allows them to dedicate more time to business development and technical activities relating to the product or service they provide, where their skills as a founder are likely to be better applied.

Greater efficiency – A by-product of the point above is likely to be improved efficiency, as there will be less variation in how operational tasks are performed, therefore increasing the potential to identify (and remove) non-value-adding work. Many of the principles within ISO9001:2015 are derived from industry consensus and expert opinion, so save the organisation from having to “reinvent the wheel” when it comes to Quality. Small businesses can save a considerable amount of trial and error when setting up a system to manage Quality and customer satisfaction by just following the suggested guidelines.

Greater self-awareness – Upon implementing ISO9001:2015 and choosing to become certified, the organisation would then be subject to annual audits to maintain certification. Having somebody impartial to the organisation, who isn’t a direct customer, checking things over once in a while can be a useful opportunity for improvement, as they may highlight unknown areas of weakness in the business. It can be difficult to see the wood from the trees sometimes when you are working in the same environment every day. I am always keen to hear the perspective of auditors in my current role, as they might pick up something we could be doing a lot better that I hadn’t noticed.

Getting over the negative perception of being audited

If all of the aforementioned points sound appealing and you think that certification might be worthwhile for your business, one of the biggest challenges you are likely to face internally is probably going to be the inherent fear of audits.

Most people get a little anxious over having somebody else scrutinise their work, but the trick is not to overthink it and certainly not to take it personally.

If a finding does come up, it’s best to see it simply as an opportunity to improve the design of the system, or improve the competence and awareness of the people working within the system.

In the event that you end up with a finding that seems unjustified, every accredited certification body will have an appeals process that can be used as a means to contest this. Ultimately, it is the certification body that is endorsing the certification, not the individual auditor. Therefore, contrary to popular belief, the auditor’s decision is not absolute and can be challenged if you think something has been raised unfairly.

One of my pet hates is the mentality that an audit is something that needs to be carefully prepared for. Yes, of course you need to make sure that the right people are available on the day, and ensure documentation is readily available, but I am a strong believer in the notion that the Quality Management System works for the business and not the other way around.

A well-implemented system should work as a matter of course all year round, and not be something that’s taken out and polished once a year to satisfy an external auditor.

It’s vital to keep pushing this message right from the start if you are tasked with implementation!


So there we go. There are many benefits to third-party certification, no matter what the size of your organisation.

Naturally, there are some challenges that go with achieving certification, but I hope that this first article has provided some inspiration to those looking at implementing a third-party certification within a small- to medium-sized enterprise.

In the next article, I will look some more at the practical side of implementation, and I’m excited to share my views on this topic, having been on both sides of the fence, so to speak.

As always, thanks for reading and feel free to reach out to me on LinkedIn.

Connect with Andrew Milner on LinkedIn and find out more about Conflux Technology, the pioneering additive manufacturing and thermal technology company that he works for, by visiting their website: www.confluxtechnology.com

About the author

Latest articles

Featured article

Get notified when we publish new articles!

Want to feature in the next edition?