Many countries have formed accreditation bodies to authorise ("accredit") the certification bodies. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies are accepted worldwide. In the UK the main accreditation authority is UKAS, the United Kingdom Accreditation Service.

Certification bodies themselves operate under another quality standard, ISO/IEC 17021, while accreditation bodies operate under ISO/IEC 17011.

So for example; an organisation applying for ISO 9001:2008 certification is audited based on an extensive sample of its sites, functions, products, services and processes. The auditor presents a list of problems (defined as "nonconformities", "observations", or "opportunities for improvement") to management. If there are no major nonconformities, the certification body will issue a certificate. Where major nonconformities are identified, the organisation will present an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organisation has carried out sufficient corrective action, it will issue a certificate. The certificate is limited to the scope and function of the audited organisation and will display the addresses to which the certificate refers.

An ISO certificate is awarded permanently, it must be renewed at regular intervals recommended by the certification body, usually once every three years. There are no grades of competence within ISO 9001:2008 certification, either a organisation is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001:2008 certification contrasts with measurement-based quality systems.