WHAT IS ISO CERTIFICATION?
- Patco Consultancy

- Mar 4, 2019
- 9 min read
Updated: Dec 23, 2022
ISO management standards are a series of frameworks that help you run your business effectively. ISO certification is proof from a third party, such as ourselves that you comply with an ISO management standard. ISO certification gives your organization credibility.

IS ISO CERTIFICATION RIGHT FOR YOU?
Finding out if ISO Certification is right for you is simple. If you answer ‘YES’ to some or all of following questions, you should be considering implementing an ISO Management Standard:
Do you want to increase your success in tenders or do you want potential customers to realize that you’re a credible supplier?
Are there areas of your business that could be more efficient?
Do you need to reduce costs?
Would you like to reduce your insurance fees?
Could your customer satisfaction levels be improved?
Do you find yourself (or your team) spending time fixing things that haven’t gone to plan rather than planning for the future?
Do you need to make your processes and procedures more robust?
Would your business benefit from heightened staff engagement and motivation?
ISO 9001:2015
ISO 9001:2015 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact, there are over one million companies and organizations in over 170 countries certified to ISO 9001.
This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. These principles are explained in more detail in the pdf Quality Management Principles. Using ISO 9001:2015 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.
ISO 13485:2016
Medical devices -- Quality management systems -- Requirements for regulatory purposes
ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations.
Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the organization.
The processes required by ISO 13485:2016 that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization's quality management system by monitoring, maintaining, and controlling the processes.
If applicable regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulatory requirements can provide alternative approaches that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity to ISO 13485:2016 reflect any exclusion of design and development controls.
If any requirement in Clauses 6, 7 or 8 of ISO 13485:2016 is not applicable due to the activities undertaken by the organization or the nature of the medical device for which the quality management system is applied, the organization does not need to include such a requirement in its quality management system. For any clause that is determined to be not applicable, the organization records the justification as described in 4.2.2.
ISO/TS 17582:2014
Quality management systems -- Particular requirements for the application of ISO 9001:2008 for electoral organizations at all levels of government
ISO/TS 17582:2014 specifies requirements for a quality management system where an electoral organization
· needs to demonstrate its ability to manage elections by secret ballot, which provide reliable, transparent, free and fair results that comply with electoral requirements;
· within the established legal framework, aims to enhance the trust and confidence of citizens, candidates, political organizations, and other electoral interested parties through the effective implementation of the electoral quality management system, including processes for continual improvement.
ISO/TS 17582:2014 applies to the election period, including pre-election and post-election activities or processes.
ISO/TS 17582:2014 applies to all electoral bodies involved in any aspect of the electoral process, whether they are permanent organizations or temporary organizations established in support of a particular election period.
ISO/TS 17582:2014 is applicable to elections at all levels of government, whether local, regional or national.
ISO 18091:2014 Preview
Quality management systems -- Guidelines for the application of ISO 9001:2008 in local government
The objective of ISO 18091:2014 is to provide local governments with guidelines for achieving reliable results through the application of ISO 9001:2008 on an integral basis. These guidelines do not, however, add, change or modify the requirements of ISO 9001:2008.
All the guidelines indicated in ISO 18091:2014 are generic and applicable to all local governments, regardless of their type, size and product/service provided. The user can apply the guidance contained in ISO 18091:2014 as a whole or, in part, as necessary, to their maximum benefit.
ISO 14001:2015
Environmental management systems -- Requirements with guidance for use
ISO 14001:2015 specifies the requirements for an environmental management system that an organization can use to enhance its environmental performance. ISO 14001:2015 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
ISO 14001:2015 helps an organization achieve the intended outcomes of its environmental management system, which provide value for the environment, the organization itself and interested parties. Consistent with the organization's environmental policy, the intended outcomes of an environmental management system include:
· enhancement of environmental performance;
· fulfilment of compliance obligations;
· achievement of environmental objectives.
ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective. ISO 14001:2015 does not state specific environmental performance criteria.
ISO 14001:2015 can be used in whole or in part to systematically improve environmental management. Claims of conformity to ISO 14001:2015, however, are not acceptable unless all its requirements are incorporated into an organization's environmental management system and fulfilled without exclusion.
ISO 45001:2018 Preview
Occupational health and safety management systems -- Requirements with guidance for use
You can find more information about this standard and its applications in the ISO 45001 briefing note
ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.
ISO 45001:2018 is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.
ISO 45001:2018 helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization's OH&S policy, the intended outcomes of an OH&S management system include:
a) continual improvement of OH&S performance;
b) fulfilment of legal requirements and other requirements;
c) achievement of OH&S objectives.
ISO 45001:2018 is applicable to any organization regardless of its size, type and activities. It is applicable to the OH&S risks under the organization's control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.
ISO 45001:2018 does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system.
ISO 45001:2018 enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing.
ISO 45001:2018 does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties.
ISO 45001:2018 can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to this document are not acceptable unless all its requirements are incorporated into an organization's OH&S management system and fulfilled without exclusion.
ISO/IEC 20000-1:2018 Preview
Information technology -- Service management -- Part 1: Service management system requirements
This document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by:
a) a customer seeking services and requiring assurance regarding the quality of those services;
b) a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain;
c) an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services;
d) an organization to monitor, measure and review its SMS and the services;
e) an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS;
f) an organization or other party performing conformity assessments against the requirements specified in this document;
g) a provider of training or advice in service management.
The term "service" as used in this document refers to the service or services in the scope of the SMS. The term "organization" as used in this document refers to the organization in the scope of the SMS that manages and delivers services to customers. The organization in the scope of the SMS can be part of a larger organization, for example, a department of a large corporation. An organization or part of an organization that manages and delivers a service or services to internal or external customers can also be known as a service provider. Any use of the terms "service" or "organization" with a different intent is distinguished clearly in this document.
ISO 22000 family - Food safety management
The ISO 22000 family of International Standards addresses food safety management.
The consequences of unsafe food can be serious and ISO’s food safety management standards help organizations identify and control food safety hazards. As many of today's food products repeatedly cross national boundaries, International Standards are needed to ensure the safety of the global food supply chain.
The purpose of ISO 22000
ISO 22000:2018 sets out the requirements for a food safety management system and can be certified to. It maps out what an organization needs to do to demonstrate its ability to control food safety hazards in order to ensure that food is safe. It can be used by any organization regardless of its size or position in the food chain.
ISO/IEC 27001:2013 Preview
Information technology -- Security techniques -- Information security management systems -- Requirements
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
ISO 29990:2010
Learning services for non-formal education and training -- Basic requirements for service providers
ISO 29990:2010 specifies basic requirements for providers of learning services in non-formal education and training.
ISO 50001 - Energy management
Using energy efficiently helps organizations save money as well as helping to conserve resources and tackle climate change. ISO 50001 supports organizations in all sectors to use energy more efficiently, through the development of an energy management system (EnMS).
ISO 50001:2018 – Energy Management System
ISO 50001 is based on the management system model of continual improvement also used for other well-known standards such as ISO 9001 or ISO 14001. This makes it easier for organizations to integrate energy management into their overall efforts to improve quality and environmental management.
ISO 50001:2018 provides a framework of requirements for organizations to:
· Develop a policy for more efficient use of energy
· Fix targets and objectives to meet the policy
· Use data to better understand and make decisions about energy use
· Measure the results
· Review how well the policy works, and
· Continually improve energy management.
ISO 26000:2010
Guidance on social responsibility
This standard was last reviewed and confirmed in 2014. Therefore this version remains current.
ISO 26000:2010 provides guidance to all types of organizations, regardless of their size or location, on:
· concepts, terms and definitions related to social responsibility;
· the background, trends and characteristics of social responsibility;
· principles and practices relating to social responsibility;
· the core subjects and issues of social responsibility;
· integrating, implementing and promoting socially responsible behaviour throughout the organization and, through its policies and practices, within its sphere of influence;
· identifying and engaging with stakeholders; and
· communicating commitments, performance and other information related to social responsibility.
ISO 26000:2010 is intended to assist organizations in contributing to sustainable development. It is intended to encourage them to go beyond legal compliance, recognizing that compliance with law is a fundamental duty of any organization and an essential part of their social responsibility. It is intended to promote common understanding in the field of social responsibility, and to complement other instruments and initiatives for social responsibility, not to replace them.
In applying ISO 26000:2010, it is advisable that an organization take into consideration societal, environmental, legal, cultural, political and organizational diversity, as well as differences in economic conditions, while being consistent with international norms of behaviour.
ISO 26000:2010 is not a management system standard. It is not intended or appropriate for certification purposes or regulatory or contractual use. Any offer to certify, or claims to be certified, to ISO 26000 would be a misrepresentation of the intent and purpose and a misuse of ISO 26000:2010. As ISO 26000:2010 does not contain requirements, any such certification would not be a demonstration of conformity with ISO 26000:2010.
ISO 26000:2010 is intended to provide organizations with guidance concerning social responsibility and can be used as part of public policy activities. However, for the purposes of the Marrakech Agreement establishing the World Trade Organization (WTO), it is not intended to be interpreted as an “international standard”, “guideline” or “recommendation”, nor is it intended to provide a basis for any presumption or finding that a measure is consistent with WTO obligations. Further, it is not intended to provide a basis for legal actions, complaints, defences or other claims in any international, domestic or other proceeding, nor is it intended to be cited as evidence of the evolution of customary international law.
ISO 26000:2010 is not intended to prevent the development of national standards that are more specific, more demanding, or of a different type.

Comments