ISO 9001:2015 (Quality Management System)
ISO 9001:2015 specifies requirements for a quality management system when an organization:
- a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
- b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.
ISO 14001:2015 (Environmental Management System)
ISO 14001:2015 specifies the requirements for an environmental management system that an organization can use to enhance its environmental performance. ISO 14001:2015 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
ISO 14001:2015 helps an organization achieve the intended outcomes of its environmental management system, which provide value for the environment, the organization itself and interested parties. Consistent with the organization’s environmental policy, the intended outcomes of an environmental management system include:
- enhancement of environmental performance;
- fulfilment of compliance obligations;
- achievement of environmental objectives.
ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective. ISO 14001:2015 does not state specific environmental performance criteria.
ISO 14001:2015 can be used in whole or in part to systematically improve environmental management. Claims of conformity to ISO 14001:2015, however, are not acceptable unless all its requirements are incorporated into an organization’s environmental management system and fulfilled without exclusion.
ISO/IEC 17025:2017 (General requirements for the competence of testing and calibration laboratories)
ISO/IEC 17025:2017 specifies the general requirements for the competence, impartiality and consistent operation of laboratories.
ISO/IEC 17025:2017 is applicable to all organizations performing laboratory activities, regardless of the number of personnel.
Laboratory customers, regulatory authorities, organizations and schemes using peer-assessment, accreditation bodies, and others use ISO/IEC 17025:2017 in confirming or recognizing the competence of laboratories.
ISO 13485:2016 (Medical devices — Quality management systems — Requirements for regulatory purposes)
ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations.
Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the organization.
The processes required by ISO 13485:2016 that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system by monitoring, maintaining, and controlling the processes.
ISO 21001:2018 (Educational organizations — Management systems for educational organizations — Requirements with guidance for use)
ISO 21001:2018 specifies requirements for a management system for educational organizations (EOMS) when such an organization:
- a) needs to demonstrate its ability to support the acquisition and development of competence through teaching, learning or research;
- b) aims to enhance satisfaction of learners, other beneficiaries and staff through the effective application of its EOMS, including processes for improvement of the system and assurance of conformity to the requirements of learners and other beneficiaries.
All requirements of ISO 21001:2018 are generic and intended to be applicable to any organization that uses a curriculum to support the development of competence through teaching, learning or research, regardless of the type, size or method of delivery.
ISO 21001:2018 can be applied to educational organizations within larger organizations whose core business is not education, such as professional training departments.
ISO 21001:2018 does not apply to organizations that only produce or manufacture educational products.
ISO 21500:2012 (Guidance on project management)
ISO 21500:2012 provides guidance for project management and can be used by any type of organization, including public, private or community organizations, and for any type of project, irrespective of complexity, size or duration.
ISO 21500:2012 provides high-level description of concepts and processes that are considered to form good practice in project management. Projects are placed in the context of programmes and project portfolios, however, ISO 21500:2012 does not provide detailed guidance on the management of programmes and project portfolios. Topics pertaining to general management are addressed only within the context of project management.
ISO 22000:2018 (Food safety management systems — Requirements for any organization in the food chain)
This document specifies requirements for a food safety management system (FSMS) to enable an organization that is directly or indirectly involved in the food chain:
- a) to plan, implement, operate, maintain and update a FSMS providing products and services that are safe, in accordance with their intended use;
- b) to demonstrate compliance with applicable statutory and regulatory food safety requirements;
- c) to evaluate and assess mutually agreed customer food safety requirements and to demonstrate conformity with them;
- d) to effectively communicate food safety issues to interested parties within the food chain;
- e) to ensure that the organization conforms to its stated food safety policy;
- f) to demonstrate conformity to relevant interested parties;
- g) to seek certification or registration of its FSMS by an external organization, or make a self-assessment or self-declaration of conformity to this document.
All requirements of this document are generic and are intended to be applicable to all organizations in the food chain, regardless of size and complexity. Organizations that are directly or indirectly involved include, but are not limited to, feed producers, animal food producers, harvesters of wild plants and animals, farmers, producers of ingredients, food manufacturers, retailers, and organizations providing food services, catering services, cleaning and sanitation services, transportation, storage and distribution services, suppliers of equipment, cleaning and disinfectants, packaging materials and other food contact materials.
This document allows any organization, including small and/or less developed organizations (e.g. a small farm, a small packer-distributor, a small retail or food service outlet) to implement externally-developed elements in their FSMS.
ISO/IEC 27001:2013 (Information technology — Security techniques — Information security management systems – Requirements)
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
ISO 22301:2012 (Societal security — Business continuity management systems – Requirements)
ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.
ISO 26000:2010 (Guidance on social responsibility)
ISO 26000:2010 provides guidance to all types of organizations, regardless of their size or location, on:
- concepts, terms and definitions related to social responsibility;
- the background, trends and characteristics of social responsibility;
- principles and practices relating to social responsibility;
- the core subjects and issues of social responsibility;
- integrating, implementing and promoting socially responsible behaviour throughout the organization and, through its policies and practices, within its sphere of influence;
- identifying and engaging with stakeholders; and
- communicating commitments, performance and other information related to social responsibility.
ISO 26000:2010 is intended to assist organizations in contributing to sustainable development. It is intended to encourage them to go beyond legal compliance, recognizing that compliance with law is a fundamental duty of any organization and an essential part of their social responsibility. It is intended to promote common understanding in the field of social responsibility, and to complement other instruments and initiatives for social responsibility, not to replace them.
In applying ISO 26000:2010, it is advisable that an organization take into consideration societal, environmental, legal, cultural, political and organizational diversity, as well as differences in economic conditions, while being consistent with international norms of behaviour.
ISO 26000:2010 is not a management system standard. It is not intended or appropriate for certification purposes or regulatory or contractual use. Any offer to certify, or claims to be certified, to ISO 26000 would be a misrepresentation of the intent and purpose and a misuse of ISO 26000:2010. As ISO 26000:2010 does not contain requirements, any such certification would not be a demonstration of conformity with ISO 26000:2010.
ISO 26000:2010 is intended to provide organizations with guidance concerning social responsibility and can be used as part of public policy activities. However, for the purposes of the Marrakech Agreement establishing the World Trade Organization (WTO), it is not intended to be interpreted as an “international standard”, “guideline” or “recommendation”, nor is it intended to provide a basis for any presumption or finding that a measure is consistent with WTO obligations. Further, it is not intended to provide a basis for legal actions, complaints, defences or other claims in any international, domestic or other proceeding, nor is it intended to be cited as evidence of the evolution of customary international law.
ISO 26000:2010 is not intended to prevent the development of national standards that are more specific, more demanding, or of a different type.
ISO 29993:2017 (Learning services outside formal education — Service requirements)
ISO 29993:2017 specifies requirements for learning services outside formal education, including all types of life-long learning (e.g. vocational training and in-company training, either outsourced or in-house). These include any learning services provided by a learning service provider (LSP) that are addressed to learners themselves, as well as to sponsors who are acquiring the services on behalf of the learners. The key features of these kinds of services are that the goals of learning are defined and the services are evaluated, and that they involve interaction with the learner. The learning can be face-to-face, mediated by technology, or a blend of both.
In cases where the learning service provider is part of an organization that delivers products (i.e. goods and services) in addition to learning services, ISO 29993:2017 only applies to learning services.
ISO 29993:2017 is not aimed at schools, colleges and universities providing learning services as part of a formal education system, but it can be useful to them as a tool for reflection and self-evaluation.
ISO 31000:2018 (Risk management – Guidelines)
ISO 31000:2018 provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context.
ISO 31000:2018 provides a common approach to managing any type of risk and is not industry or sector specific.
ISO 31000:2018 can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.
ISO 39001:2012 (Road traffic safety (RTS) management systems — Requirements with guidance for use
ISO 39001:2012 specifies requirements for a road traffic safety (RTS) management system to enable an organization that interacts with the road traffic system to reduce death and serious injuries related to road traffic crashes which it can influence. The requirements in ISO 39001:2012 include development and implementation of an appropriate RTS policy, development of RTS objectives and action plans, which take into account legal and other requirements to which the organization subscribes, and information about elements and criteria related to RTS that the organization identifies as those which it can control and those which it can influence.
ISO 45001:2018 (Occupational health and safety management systems — Requirements with guidance for use)
ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.
ISO 45001:2018 is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.
ISO 45001:2018 helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization’s OH&S policy, the intended outcomes of an OH&S management system include:
- a) continual improvement of OH&S performance;
- b) fulfilment of legal requirements and other requirements;
- c) achievement of OH&S objectives.
ISO 45001:2018 is applicable to any organization regardless of its size, type and activities. It is applicable to the OH&S risks under the organization’s control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.
ISO 45001:2018 does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system.
ISO 45001:2018 enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing.
ISO 45001:2018 does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties.
ISO 45001:2018 can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to this document are not acceptable unless all its requirements are incorporated into an organization’s OH&S management system and fulfilled without exclusion.
ISO 41001:2018 (Facility management — Management systems)
ISO 41001:2018 specifies the requirements for a facility management (FM) system when an organization:
- a) needs to demonstrate effective and efficient delivery of FM that supports the objectives of the demand organization;
- b) aims to consistently meet the needs of interested parties and applicable requirements;
- c) aims to be sustainable in a globally-competitive environment.
The requirements specified in ISO 41001:2018 are non-sector specific and intended to be applicable to all organizations, or parts thereof, whether public or private sector, and regardless of the type, size and nature of the organization or geographical location.
ISO 50001:2018 (Energy management systems)
This document specifies requirements for establishing, implementing, maintaining and improving an energy management system (EnMS). The intended outcome is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance and the EnMS.
- a) is applicable to any organization regardless of its type, size, complexity, geographical location, organizational culture or the products and services it provides;
- b) is applicable to activities affecting energy performance that are managed and controlled by the organization;
- c) is applicable irrespective of the quantity, use, or types of energy consumed;
- d) requires demonstration of continual energy performance improvement, but does not define levels of energy performance improvement to be achieved;
- e) can be used independently, or be aligned or integrated with other management systems.
IATF 16949:2016 (Automotive quality management systems)
The automotive industry has always needed to demonstrate high levels of safety and quality. With increasingly complex supply chains that span the world, it’s important that you can demonstrate your commitment to quality and on-time delivery. Following some of the challenges faced by the automotive industry in recent years, IATF 16949:2016 builds upon ISO 9001:2015 with supplementary requirements designed to help automotive Original Equipment Manufacturers (OEMs) and suppliers consistently produce quality products and meet customer needs
AS9100D (Aero Space quality management systems)
When AS9100 is implemented in an organization:
- Well defined and documented procedures improve the consistency of output
- Quality is constantly measured
- Procedures ensure corrective action is taken whenever defects occur
- Defect rates decrease
- Defects are caught earlier and are corrected at a lower cost
- Defining procedures identifies current practices that are obsolete or inefficient
- Documented procedures are easier for new employees to follow
- Organizations retain or increase market share, increasing sales or revenues
TL 9000 (The Telecom quality management systems)
QuEST Forum has pursued a goal of global telecommunications quality and industry-wide performance excellence through its TL 9000 standard. It accomplishes this goal in three ways:
By defining system requirements for the design, development, production, delivery, installation and maintenance of telecom products and services and providing a measurement system that allows companies to track performance and improve results
By eliminating the need for multiple quality management standards, which reduces the cost of doing business and ultimately results in better products and services to consumers
By providing a consistent set of quality expectations to drive efficiency and performance across the global telecom supply chain