Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.

ISO 9000 - Quality management

The ISO 9000 family addresses various aspects of quality management and contains some of ISO’s best-known standards. The standards provide guidance and tools for companies and organizations who want to ensure that their products and services consistently meet customer’s requirements and that quality is consistently improved.

Standards in the ISO 9000 family include:

  • ISO 9001:2015 - sets out the requirements of a quality management system
  • ISO 9000:2015 - covers the basic concepts and language
  • ISO 9004:2009 - focuses on how to make a quality management system more efficient and effective
  • ISO 19011:2011 - sets out guidance on internal and external audits of quality management systems.

ISO 9001:2015

ISO 9001:2015 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact, there are over one million companies and organizations in over 170 countries certified to ISO 9001.

This standard is based on a number of quality management principles including a strong customer focus, the motivation, and implication of top management, the process approach and continual improvement. 


Certification to ISO 9001:2015

Checking that the system works is a vital part of ISO 9001:2015. It is recommended that an organization performs internal audits to check how its quality management system is working. 


Sector-specific applications of ISO 9001

ISO has a range of standards for quality management systems that are based on ISO 9001 and adapted to specific sectors and industries. These include:

ISO/TS 29001 – Petroleum, petrochemical and natural gas industries

ISO 13485 – Medical devices 

ISO/IEC 90003 – Software engineering 

ISO 17582 – Electoral organizations at all levels of government

ISO 18091 - Local government


ISO 14000 - Environmental management

The ISO 14000 family of standards provides practical tools for companies and organizations of all kinds looking to manage their environmental responsibilities.

ISO 14001:2015 and its supporting standards such as ISO 14006:2011 focus on environmental systems to achieve this. The other standards in the family focus on specific approaches such as audits, communications, labelling and life cycle analysis, as well as environmental challenges such as climate change.

The ISO 14000 family of standards are developed by ISO Technical Committee ISO/TC 207 and its various subcommittees. 


ISO 14001:2015

ISO 14001:2015 sets out the criteria for an environmental management system and can be certified to. It maps out a framework that a company or organization can follow to set up an effective environmental management system. It can be used by any organization regardless of its activity or sector.

Using ISO 14001:2015 can provide assurance to company management and employees as well as external stakeholders that environmental impact is being measured and improved.


ISO 45001 - Occupational health and safety

Over 6300 people die each day from work-related accidents or diseases - that’s nearly 2.3million every year.

The burden of occupational injuries and diseases is significant, both for employers and the wider economy, resulting in losses from early retirements, staff absence and rising insurance premiums.

To combat the problem, ISO is developing a new standard, ISO 45001 Occupational health and safety management systems - Requirements, that will help organizations reduce this burden by providing a framework to improve employee safety, reduce workplace risks and create better, safer working conditions, all over the world.

The standard is currently being developed by a committee of occupational health and safety experts and will follow other generic management system approaches such as ISO 14001 and ISO 9001. It will take into account other International Standards in this area such as OHSAS 18001, the International Labour Organization's ILO-OSH Guidelines, various national standards and the ILO's international labour standards and conventions.


ISO 26000 - Social responsibility

Business and organizations do not operate in a vacuum. Their relationship to the society and environment in which they operate is a critical factor in their ability to continue to operate effectively. It is also increasingly being used as a measure of their overall performance.

ISO 26000 provides guidance on how businesses and organizations can operate in a socially responsible way. This means acting in an ethical and transparent way that contributes to the health and welfare of society.


ISO 26000:2010

ISO 26000:2010 provides guidance rather than requirements, so it cannot be certified to, unlike some other well-known ISO standards. Instead, it helps clarify what social responsibility is, helps businesses and organizations translate principles into effective actions and shares best practices relating to social responsibility, globally. It is aimed at all types of organizations regardless of their activity, size or location.

The standard was launched in 2010 following five years of negotiations between many different stakeholders across the world. Representatives from government, NGOs, industry, consumer groups and labour organizations around the world were involved in its development, which means it represents an international consensus.


ISO 50001 - Energy management

Using energy efficiently helps organizations save money as well as helping to conserve resources and tackle climate change. ISO 50001 supports organizations in all sectors to use energy more efficiently, through the development of an energy management system (EnMS).


ISO 50001:2011 – Energy Management System

ISO 50001 is based on the management system model of continual improvement also used for other well-known standards such as ISO 9001 or ISO 14001. This makes it easier for organizations to integrate energy management into their overall efforts to improve quality and environmental management.


ISO 50001:2011 provides a framework of requirements for organizations to:

Develop a policy for more efficient use of energy

Fix targets and objectives to meet the policy

Use data to better understand and make decisions about energy use

Measure the results

Review how well the policy works, and

Continually improve energy management.


ISO 31000 - Risk management

Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.


ISO 31000:2009

ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. 

However, ISO 31000 cannot be used for certification purposes but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.


Related Standards

A number of other standards also relate to risk management.

ISO Guide 73:2009, Risk management - Vocabulary complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.

ISO/IEC 31010:2009, Risk management – Risk assessment techniques focus on risk assessment. Risk assessment helps decision-makers understand the risks that could affect the achievement of objectives as well as the adequacy of the controls already in place.  ISO/IEC 31010:2009 focuses on risk assessment concepts, processes and the selection of risk assessment techniques.


ISO 22000 - Food safety management

The ISO 22000 family of International Standards addresses food safety management.

The consequences of unsafe food can be serious and ISO’s food safety management standards help organizations identify and control food safety hazards. As many of today's food products repeatedly cross national boundaries, International Standards are needed to ensure the safety of the global food supply chain.

The ISO 22000 family contains a number of standards each focusing on different aspects of food safety management.

ISO 22000:2005 contains the overall guidelines for food safety management.

ISO 22004:2014 provides generic advice on the application of ISO 22000

ISO 22005:2007 focuses on traceability in the feed and food chain

ISO/TS 22002-1:2009 contains specific prerequisites for food manufacturing

ISO/TS 22002-2:2013 contains specific prerequisites for catering

ISO/TS 22002-3:2011 contains specific prerequisites for farming

ISO/TS 22002-4:2013 contains specific prerequisites for food packaging manufacturing

ISO/TS 22003:2013 provides guidelines for audit and certification bodies


ISO 22000 is under revision

ISO 22000, Food safety management systems -- Requirements for any organization in the food chain is under revision, with the draft version available for purchase from early 2017.

Learn more on our revision page.

The final updated version is expected in late 2018.


ISO 22000:2005

ISO 22000:2005 sets out the requirements for a food safety management system and can be certified to. It maps out what an organization needs to do to demonstrate its ability to control food safety hazards in order to ensure that food is safe. It can be used by any organization regardless of its size or position in the food chain.


ISO/IEC 27001 - Information security management

The ISO/IEC 27000 family of standards helps organizations keep information assets secure.

Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.


ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).


What is an ISMS?

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

It can help small, medium and large businesses in any sector keep information assets secure.


Certification to ISO/IEC 27001

Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed. ISO does not perform certification.


ISO 37001 - Anti-bribery management systems

Bribery is one of the world’s most destructive and challenging issues. With over US$ 1 trillion paid in bribes each year*, the consequences are catastrophic, reducing quality of life, increasing poverty and eroding public trust.

Yet despite efforts on national and international levels to tackle bribery, it remains a significant issue. Recognizing this, ISO has developed a new standard to help organizations fight bribery and promote an ethical business culture.

ISO 37001, Anti-bribery management systems, specifies a series of measures to help organizations prevent, detect and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.

It is designed to help your organization implement an anti-bribery management system, or enhance the controls you currently have. It helps to reduce the risk of bribery occurring and can demonstrate to your stakeholders that you have put in place internationally recognized good-practice anti-bribery controls.


Who is it for?

ISO 37001 can be used by any organization, large or small, whether it be in the public, private or voluntary sector, and in any country. It is a flexible tool, which can be adapted according to the size and nature of the organization and the bribery risk it faces.


ISO 13485 – Medical devices

Safety and quality are non-negotiables in the medical devices industry. Regulatory requirements are increasingly stringent throughout every step of a product’s life cycle, including service and delivery. More and more, organizations in the industry are expected to demonstrate their quality management processes and ensure best practice in everything they do.

ISO 13485, Medical devices – Quality management systems – Requirements for regulatory purposes, is an internationally agreed standard that sets out the requirements for a quality management system specific to the medical devices industry. It has recently been revised, with the new version published in March 2016.


What is a medical device?

A medical device is a product, such as an instrument, machine, implant or in vitro reagent, that is intended for use in the diagnosis, prevention and treatment of diseases or other medical conditions.


Who is ISO 13485 for?

ISO 13485 is designed to be used by organizations involved in the design, production, installation and servicing of medical devices and related services. It can also be used by internal and external parties, such as certification bodies, to help them with their auditing processes.


Certification to ISO 13485

Like other ISO management system standards, certification to ISO 13485 is not a requirement of the standard, and organizations can reap many benefits from implementing the standard without undergoing the certification process. However, third-party certification can demonstrate to regulators that you have met the requirements of the standard. ISO does not perform certification.


What are the key improvements?

The new version has a greater emphasis on risk management and risk-based decision making, as well as changes related to the increased regulatory requirements for organizations in the supply chain.


New and improved ISO/IEC 17024 standard for personnel certification programmes


Personnel certification has become an important element of verifying the competence of an increasingly mobile and global workforce, underscoring the value of industry-recognized credentials that can be carried across national borders. In response to this growing need, a new and improved ISO/IEC International Standard aims to harmonize the various procedures used around the world for certifying the competence of personnel in different occupations or professions.

ISO/IEC 17024:2012, Conformity assessment – General requirements for bodies operating certification of persons, provides a global benchmark for personnel certification programmes to ensure that they operate in a consistent, comparable and reliable manner worldwide, thereby allowing individuals to have skills that translate across national lines.

The breadth and scope of certification programmes in existence today is tremendous: programs exist for financial planners, public accountants, safety professionals, non-destructive testing experts, supply and purchasing management professionals, the construction industry, health care professionals and hundreds more.

The updated ISO/IEC 17024:2012 standard will help organizations that certify individuals in a variety of occupations and professions protect the integrity and ensure the validity of individual certification programmes. It will also promote consumer and public confidence in the capabilities and competence of the people who provide specialized services or who create products that support our daily lives and livelihoods.

“Most professionals now pursue certification as a means of demonstrating that they have the necessary knowledge, skills and abilities to perform their work,” explains Dr Cynthia Woodley, Chair of the team that developed the new standard. “Programmes accredited under ISO/IEC 17024 will increase the potential for national and international reciprocity of certified individuals and personnel certification bodies.”

In this second edition, the framework outlined in ISO/IEC 17024 has been reviewed and updated to take account of new requirements for personnel certification programmes and security-related issues. New criteria for examinations were also added.

The new ISO/IEC 17024 standard addresses the structure and governance of the certifying body, the characteristics of the certification programme, the information required to be available to applicants, and the recertification initiatives of the certifying body. It is designed to help organizations conduct well-planned and structured evaluations in order to ensure the impartiality of operations and reduce any conflict of interest.


ISO/IEC 17020:2012

Conformity assessment: Requirements for the operation of various types of bodies performing inspection


ISO/IEC 17020:2012 specifies requirements for the competence of bodies performing inspection and for the impartiality and consistency of their inspection activities.


It applies to inspection bodies of type A, B or C, as defined in ISO/IEC 17020:2012, and it applies to any stage of inspection.


ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of conformity assessment, the ISO Committee on conformity assessment (CASCO) is responsible for the development of International Standards and Guides.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

Draft International Standards are circulated to the national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 17020 was prepared by the ISO Committee on conformity assessment (CASCO).

It was circulated for voting to the national bodies of both ISO and IEC, and was approved by both organizations.

This second edition cancels and replaces the first edition (ISO/IEC 17020:1998), which has been technically revised.

ISO/IEC 17025:2005

General requirements for the competence of testing and calibration laboratories


ISO/IEC 17025:2005 specifies the general requirements for the competence to carry out tests and/or calibrations, including sampling. It covers testing and calibration performed using standard methods, non-standard methods, and laboratory-developed methods.


It is applicable to all organizations performing tests and/or calibrations. These include, for example, first-, second- and third-party laboratories, and laboratories where testing and/or calibration forms part of the inspection and product certification.


ISO/IEC 17025:2005 is applicable to all laboratories regardless of the number of personnel or the extent of the scope of testing and/or calibration activities. When a laboratory does not undertake one or more of the activities covered by ISO/IEC 17025:2005, such as sampling and the design/development of new methods, the requirements of those clauses do not apply.


ISO/IEC 17025:2005 is for use by laboratories in developing their management system for quality, administrative and technical operations. Laboratory customers, regulatory authorities and accreditation bodies may also use it in confirming or recognizing the competence of laboratories. ISO/IEC 17025:2005 is not intended to be used as the basis for certification of laboratories.


Compliance with regulatory and safety requirements on the operation of laboratories is not covered by ISO/IEC 17025:2005.