Skip to main content
Quality management in control

ISO 9001

ISO 9001 is the international standard for quality management and provides guidelines for the determination, implementation, execution, maintenance, monitoring and continual improvement of a Quality Management System (QMS). An ISO 9001 certificate emphasizes that your organization has implemented the necessary controls that demonstrate that it is able to consistently deliver products and services that comply with the customer requirements and applicable laws and regulations. It aims to increase customer satisfaction by effectively implementing and applying a QMS.


Process approach

Align individual processes to the quality management system to create unambiguous results.



Continuous improvement

Achieve continuous improvement by effectively monitoring, analyzing, and handling risks and opportunities.


Customer focus

Create added value for customers by meeting customer requirements and increase customer satisfaction.


Quality management principles

The ISO 9001 standard is based on the principles of quality management that are described in the ISO 9000 standard. This standard describes the key elements of each principle and explains the importance of the principle in relation to effective quality management. In addition, reference control measures have been described for each principle and key benefits of implementation thereof. The quality principles are Customer focus, Leadership, Engagement of people, Process approach, Improvement, Evidence-based decision making and Relationship management.

Risk-based thinking

Risk-based thinking a key element of the ISO 9001 standard. Handling risks and opportunities is the foundation for increasing the effectiveness of the quality management system, which means that better results are achieved and negative effects are prevented. In dealing with opportunities the associated risks must also be taken into account. Risk is the effect of uncertainty and any uncertainty can have positive or negative effects. A positive deviation that results from a risk can be an opportunity, but not all positive effects of risks lead to opportunities.


The QMS is prepared for both customers as well as the internal organization and the provided products and services. The standard requires a management policy based on the High Level Structure (HLS), which is in accordance with the PDCA (Plan-Do-Check-Act) model. The management policy is based on the organization's current business strategy, corporate objectives and applicable laws and regulation. The management policy is consistently reviewed each period to ensure the applicability, effectiveness and adequacy. 

High Level Structure

The High Level Structure (HLS) is a set of seven mandatory management themes that all new ISO management system standards, such as ISO 9001 and ISO 27001 are required to use. Specific additional requirements are applicable for each management standard if necessary. The HLS enables practical integration between management systems of different disciplines and provides a link between the strategic and operational level. The HLS structure is easy to align with existing management models and procedures within an organization and easy to align with other ISO standard. Therefore, the HLS is often referred to as the "plugin model".


The HLS starts with a Context Analysis in which a mapping of the internal and external issues is prepared and a mapping of the stakeholders and their requirements and expectations. Organizational roles, responsibilities and the management policy are described in the section Leadership, with explicit attention to the link between the management system and the overall strategy of the organization on the one hand and the 'normal' business processes on the other.


The next step is to describe the Planning for actions to address risks and opportunities and drafting the quality management objectives. The resources necessary for the establishment, implementation, maintenance and continual improvement of the QMS is described in section Support. The next step, Operation, is to prepare the operational planning and describing the process for preparing requirements, the design, development and release of products and services. During the Performance Evaluation, procedures to monitor, measure, analyze and evaluate are prepared, including the internal audit and the management review. To ensure Continual Improvement, procedures for identifying and handling corrective actions are prepared in the final section.

The plug-in model

The certification process

The core attributes of our approach are efficiency and minimizing the disruption of operational processes during the certification procedures. This requires effective planning and open communication with your organization throughout the entire engagement and particularly during the reporting and audit phase. Our approach is focused on delivering quality throughout the entire process and is subject to our quality standards. Our services focus on the project management leading to an ISO 9001 compliant Quality Management System (QMS). Find out more.


ISO 9001 Implementation?

Need assistance implementing ISO 9001? Our group company Risklane provides governance, risk management and compliance services. Risklane supports organizations with the ISO 9001 implementation with the Cloud Reporting Solution ControlReports. This application supports with the implementation of an Quality Management System (QMS). ControlReports supports in the process of establishing the management structure (HLS) and the control framework using a structured and agile step-by-step approach.


Professional and cost saving

Enjoy the benefits of the in-house risk management- and compliance experts in a single online tool. ControlReports is 87% more efficient than hiring external risk consultants to advice on the implementation.


Best Practice Database

Implement you management system based on the most recent and up-to-date best practices and standards in the field of information security, risk management and internal control. 

Check out ControlReports

Check out ControlReports

Check out ControlReports