ISO 9001:2008 Quality management systems — Requirements is a document of approximately 30 pages which is available from the national standards organization in each country. It is supplemented by two other standards: ISO 9000:2005 Quality management systems—Fundamentals and vocabulary and ISO 9004:2009 Managing for the sustained success of an organization—A quality management approach. Only ISO 9001 is directly audited against for third party assessment purposes. The other two standards are supplementary and contain deeper information on how to sustain and improve quality management systems; they are therefore not used directly during third party assessment.
Before the certification body can issue or renew a certificate, the auditor must be satisfied that the company being assessed has implemented the requirements of sections 4 to 8. Sections 1 to 3 are not directly audited against, but because they provide context and definitions for the rest of the standard, their contents must be taken into account.
The standard specifies that the organization shall issue and maintain the following six documented procedures:
Control of Documents (4.2.3)
Control of Records (4.2.4)
Internal Audits (8.2.2)
Control of Nonconforming Product / Service (8.3)
Corrective Action (8.5.2)
Preventive Action (8.5.3)
In addition to these procedures, ISO 9001:2008 requires the organization to document any other procedures required for its effective operation. The standard also requires the organization to issue and communicate a documented quality policy, a Quality Manual (which may or may not include the documented procedures) and numerous records, as specified throughout the standard.