Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it's supposed to, find out where it can improve and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance auditing":
- Tell me what you do (describe the business process)
- Show me where it says that (reference the procedure manuals)
- Prove that this is what happened (exhibit evidence in documented records)
The 2000 standard uses a different approach. Auditors are expected to go beyond mere auditing for rote "compliance" by focusing on risk, status and importance. This means they are expected to make more judgments on what is effective, rather than merely adhering to what is formally prescribed. The difference from the previous standard can be explained thus:
- Under the 1994 version, the question was broadly "Are you doing what the manual says you should be doing?", whereas under the 2000 version, the question is more "Will this process help you achieve your stated objectives? Is it a good process or is there a way to do it better?
The ISO 9001 standard is generalized and abstract. Its parts must be carefully interpreted, to make sense within a particular organization.Developing software is not like making cheese or offering counseling services; yet the ISO 9001 guidelines, because they are business management guidelines, can be applied to each of these. Diverse organizations—police departments (US), professional soccer teams (Mexico) and city councils (UK)—have successfully implemented ISO 9001:2000 systems.
Over time, various industry sectors have wanted to standardize their interpretations of the guidelines within their own marketplace. This is partly to ensure that their versions of ISO 9000 have their specific requirements, but also to try and ensure that more appropriately trained and experienced auditors are sent to assess them.
- The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade to suit the processes of the information technology industry, especially software development.
- AS9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major aerospace manufacturers. Those major manufacturers include AlliedSignal, Allison Engine, Boeing, General Electric Aircraft Engines, Lockheed-Martin, McDonnell Douglas, Northrop Grumman, Pratt & Whitney, Rockwell-Collins, Sikorsky Aircraft, and Sundstrand. The current version is AS9100.
- PS 9000 is an application of the standard for Pharmaceutical Packaging Materials. The Pharmaceutical Quality Group (PQG) of the Institute of Quality Assurance (IQA) has developed PS 9000:2001. It aims to provide a widely accepted baseline GMP framework of best practice within the pharmaceutical packaging supply industry. It applies ISO 9001: 2000 to pharmaceutical printed and contact packaging materials.
- QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford, Chrysler). It includes techniques such as FMEAand APQP. QS 9000 is now replaced by ISO/TS 16949.
- ISO/TS 16949:2009 is an interpretation agreed upon by major automotive manufacturers (American and European manufacturers); the latest version is based on ISO 9001:2008. The emphasis on a process approach is stronger than in ISO 9001:2008. ISO/TS 16949:2009 contains the full text of ISO 9001:2008 and automotive industry-specific requirements.
- TL 9000 is the Telecom Quality Management and Measurement System Standard, an interpretation developed by the telecom consortium, QuEST Forum. The current version is 4.0 and unlike ISO 9001 or the above sector standards, TL 9000 includes standardized product measurements that can be benchmarked. In 1998 QuEST Forum developed the TL 9000 Quality Management System to meet the supply chain quality requirements of the worldwide telecommunications industry.
- ISO 13485:2003 is the medical industry's equivalent of ISO 9001:2000. Whereas the standards it replaces were interpretations of how to apply ISO 9001 and ISO 9002 to medical devices, ISO 13485:2003 is a stand-alone standard. Compliance with ISO 13485 does not necessarily mean compliance with ISO 9001:2000.
- ISO/TS 29001 is quality management system requirements for the design, development, production, installation and service of products for the petroleum, petrochemical and natural gas industries. It is equivalent to API Spec Q1 without the Monogram annex.
The debate on the effectiveness of ISO 9000 commonly centers on the following questions:
- Are the quality principles in ISO 9001:2000 of value? (Note that the version date is important: in the 2000 version ISO attempted to address many concerns and criticisms of ISO 9000:1994).
- Does it help to implement an ISO 9001:2000 compliant quality management system?
- Does it help to obtain ISO 9001:2000 certification?
It is widely acknowledged that proper quality management improves business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation.The quality principles in ISO 9000:2000 are also sound, according to wade and barnes'",who says "ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive implementing ISO often gives the following advantages:
- Create a more efficient, effective operation
- Increase customer satisfaction and retention
- Reduce audits
- Enhance marketing
- Improve employee motivation, awareness, and morale
- Promote international trade
- Increases profit
- Reduce waste and increases productivity.
A common criticism of ISO 9001 is the amount of money, time and paperwork required for registration. According to Barnes, "Opponents claim that it is only for documentation. Proponents believe that if a company has documented its quality systems, then most of the paperwork has already been completed."
ISO 9001 is not in any way an indication that products produced using its certified systems are any good. A company can intend to produce a poor quality product and providing it does so consistently and with the proper documentation can put an ISO 9001 stamp on it. According to Seddon, ISO 9001 promotes specification, control, and procedures rather than understanding and improvement.  Wade argues that ISO 9000 is effective as a guideline, but that promoting it as a standard "helps to mislead companies into thinking that certification means better quality, ... [undermining] the need for an organization to set its own quality standards."  Paraphrased, Wade's argument is that reliance on the specifications of ISO 9001 does not guarantee a successful quality system.
While internationally recognized, most US consumers are not aware of ISO 9000 and it holds no relevance to them. The added cost to certify and then maintain certification may not be justified if product end users do not require ISO 9000. The cost can actually put a company at a competitive disadvantage when competing against a non ISO 9000 certified company.
The standard is seen as especially prone to failure when a company is interested in certification before quality. Certifications are in fact often based on customer contractual requirements rather than a desire to actually improve quality. "If you just want the certificate on the wall, chances are, you will create a paper system that doesn't have much to do with the way you actually run your business," said ISO's Roger Frost. Certification by an independent auditor is often seen as the problem area, and according to Barnes, "has become a vehicle to increase consulting services."  In fact, ISO itself advises that ISO 9001 can be implemented without certification, simply for the quality benefits that can be achieved. 
Another problem reported is the competition among the numerous certifying bodies, leading to a softer approach to the defects noticed in the operation of the Quality System of a firm.
A good overview for effective use of ISO 9000 is provided by Barnes: "Good business judgment is needed to determine its proper role for a company... Is certification itself important to the marketing plans of the company? If not, do not rush to certification... Even without certification, companies should utilize the ISO 9000 model as a benchmark to assess the adequacy of its quality programs."
- Conformity assessment—Containing ISO published standards
- ISO 10006—Quality management—Guidelines to quality management in projects
- ISO 14001—Environmental management standards
- ISO 19011—Guidelines for quality management systems auditing and environmental management systems auditing
- ISO/TS 16949—Quality management system requirements for automotive-related products suppliers
- ISO/IEC 27001—Information security management
- AS 9100 - aerospace industry implementation of ISO 9000/1
- List of ISO standards
- Quality management system
- Test management
- Verification and Validation
- ^ "So many standards to follow, so little payoff". Stephanie Clifford. Inc Magazine, May 2005.
- ^ a b c "Good Business Sense Is the Key to Confronting ISO 9000" Frank Barnes in Review of Business, Spring 2000.
- ^ a b "The 'quality' you can't feel", John Seddon, The Observer, Sunday November 19, 2000
- ^ "A Brief History of ISO 9000: Where did we go wrong?". John Seddon. Chapter one of "The Case Against ISO 9000", 2nd ed., Oak Tree Press. November 2000. ISBN 1-86076-173-9
- ^ "Is ISO 9000 really a standard?" Jim Wade, ISO Management Systems – May-June 2002
- ^ a b "ISO a GO-Go." Mark Henricks. Entrepreneur Magazine Dec 2001.
- ^ The ISO Survey – 2005 (abridged version, PDF, 3 MB), ISO, 2005
- ^ Abrahamson, E. (1996). "Managerial fashion." Academy of Management Review. 21(1):254-285.