Can someone explain the ISO certification process in plain English?

[William davis]

I recently took over operations for a small packaging company, and one of the goals this year is getting ISO 9001 certification because a few larger clients have started asking about it during supplier reviews. I’ve spent the last couple of days reading articles and watching videos, but most of the explanations either sound overly technical or skip over important details.

What I’m struggling with is understanding what the actual process looks like from beginning to end in a real business environment. I keep seeing terms like gap analysis, internal audit, stage 1 audit, corrective actions, surveillance audits, and management review, but nobody really explains how all of this fits together in practice.

Right now we already have some procedures documented, but they’ve grown organically over time and aren’t formally structured. I’m trying to figure out whether companies usually build everything from scratch before contacting a certification body, or if the auditor helps identify what needs to be fixed during the process.

I’d also like to know how long certification realistically takes for a smaller company that’s never done this before. Some consultants say it can happen in a couple of months, while others make it sound like a year-long project. I’m not looking for a sales pitch from consultants or registrars. I just want to understand the real-world flow of the ISO certification process from people who’ve actually gone through it.

If anyone here has experience with first-time ISO implementation, I’d really appreciate hearing how it worked step by step in your company and what parts ended up being more difficult than expected.