Home · Insights · ISO 9001 in 9 Sprints — the sprint plan to certification

ISO 9001Lean-QACertificationSprint plan

ISO 9001 in 9 Sprints — the sprint plan to certification

08 May 2026 · 7 min read · by Andreas Linder

Nine two-week sprints — 18 weeks from kick-off to recommendation for certification. Realistic for small and mid-sized companies that don't yet have a QMS and need one that is audit-ready and actually lived.

Why 9 sprints?

This plan isn't copied from a textbook — it's distilled from projects that started with small teams (3–8 people in the QM core). Eighteen weeks is the typical span between "we go for ISO 9001" and "the certification body recommends certification". Faster is possible — when the organisation already has a lot in place. Slower is usually not more efficient, but a symptom of missing prioritisation.

The nine sprints

Sprint 1 — Context and kick-off

Workshops with management. What do we want from ISO 9001? Which interested parties matter? What is the scope? Outcome: context document (ISO 9001, 4.1–4.3) and kick-off with the core team.

Sprint 2 — Process map and owners

Visualisation of all core, management and support processes. Each process gets an owner. We use an A3 template that has to stand up in daily life as well as in the audit (4.4).

Sprint 3 — Leadership, policy, roles

Quality policy (5.2), top-management responsibilities (5.1), function descriptions for the quality officer and process owners. RACI matrix for the key processes.

Sprint 4 — Planning, risks and opportunities

Risk assessment per business area (6.1). Quality objectives derived from policy (6.2). Both not as paper, but as working documents management uses quarterly.

Sprint 5 — Support: resources, competence, communication, document control

Clause 7 in one sprint — doable when you focus on essentials. Workforce planning, training planning, competence records. Document control (7.5) as a cross-cutting process in the DMS. Communication guideline for customers and internally.

Sprint 6 — Operation: product development, requirements, realisation

Clause 8 part one — requirements for products and services (8.2), design and development (8.3 if applicable), production and service provision (8.5). This is where most of the subject-matter work happens — real processes are described.

Sprint 7 — Operation: procurement, suppliers, external providers

Clause 8 part two — externally provided processes, products and services (8.4). Supplier evaluation, audit programme, incoming goods, performance monitoring. Often the hardest clause because data has to be pulled together that isn't yet systematically captured.

Sprint 8 — Performance evaluation

Clause 9 — customer-satisfaction measurement (9.1.2), analysis and evaluation (9.1.3), internal audit programme (9.2), management review (9.3). This sprint also runs the first real internal audit against the processes built in sprints 1–7.

Sprint 9 — Improvement and audit prep

Clause 10 — nonconformities and corrective actions (10.2), continual improvement (10.3). Working through findings from the internal audit. Preparing the stage-1 review by the certification body. Briefing key personnel.

After sprint 9: the external audit

The stage-1 review typically follows 2–4 weeks after sprint 9, the stage-2 review another 4–8 weeks later. These external windows aren't part of the sprint plan because the certification body schedules them — but they should be planned in sprint 1 so stage 2 doesn't fall into summer holidays.

What carries this plan

Plan capacity honestly. 25–40 % of the core team's working time for the 18 weeks.
Clear responsibilities. One sprint owner per sprint, from the team, not the consultancy.
Strict Definition of Done. A story isn't done because it's written. It's done because it's audit-ready (see the article on the agile QM method).
Live the backlog. What doesn't fit in the sprint goes to the backlog — never into a shadow list.

What trips up the plan

Hidden side-projects (certifying two sites simultaneously without capacity adjustment).
Sponsor changes in management mid-flight.
No DMS — documents scattered, versions colliding.
"Documentation first, audit training later" — wrong order; the internal audit team must run alongside from sprint 6.

Conclusion

ISO 9001 in 9 sprints isn't a marketing promise — it's a workable path, when the method fits and the team pulls. The biggest effect isn't speed — it's that the system at the end was built by the organisation itself and is therefore owned by it.

Don't survive the audit. Win it — because the system works in daily operations.

More from the insights section

14 March 2026

FSSC 22000 v6 — what changes for manufacturers

The new version tightens requirements on food loss management, allergen control and quality culture. What you specifically need to change — and which topics we already see as critical in audits.

Continue reading →

10 February 2026

MES selection for mid-market — 7 criteria that really matter

Between SAP DMC, Werum, Critical Manufacturing and smaller providers, a sober comparison pays off. Seven criteria we consistently weight in selection processes.

Continue reading →

May 2026

Structured problem analysis & problem solving — 4-day intensive training

An inhouse training for production, quality management and engineering. Four days, 10–15 participants, with a consistent methodological thread: from the 8D process through root-cause analysis to FMEA and Poka Yoke. Coaching on real cases from your own production.

Continue reading →

22 May 2026

Agile QM: Epics, Features and User Stories for ISO 9001 and FSSC 22000

A QMS built in a 12-month waterfall ends up as a stack of files — and a team that doesn't own it. We translate clauses into Epics, sub-processes into Features and individual requirements into User Stories. The result: a QMS in 2-week sprints — audit-ready and effective in daily operations.

Continue reading →

16 May 2026

Minimum Viable QMS — the five core building blocks for startups

A QMS that passes its first audit doesn't need 200 documents. It needs five building blocks designed properly and lived consistently. The other 195 — if ever — come later, driven by real demand.

Continue reading →

Bring these topics into your operation?

A 30-minute free initial consultation — with no commitment to follow up.

Book Initial Consultation