What is ISO certification? An introduction to ISO management systems, standards and certification.

An introduction to ISO standards, management systems, certification and other terminology.

Share this story

Written by: alcumus
30th May

Those of us working in the certification industry sometimes forget that the outside world doesn’t have a clue what we’re talking about. So, if you don’t know anything about ISO standards, management systems or UKAS accredited certification, read on.

What are ISO standards?

Generally speaking, an ISO standard is a document created by a panel of international experts on a subject matter and published by the International Organisation for Standardisation.

An ISO standard gives guidelines on conformity or describes the way something should be done, whether it’s for a business process or a set of criteria a product should conform to. ISO standards are especially important in industries related to consumer and manufacturing safety, such as with medical devices and food products. However, the most popular ISO standards are ’management systems’ such as Environmental Management or Information Security Management.

ISO documents have a number and a name. For example, ISO 9001 Quality Management Systems.

When an organisation adopts an ISO standard, it demonstrates to their customers and the outside world that they are compliant with an accepted international way of working or that product quality conforms to a set of established criteria. It builds trust in the supply chain and raises quality and confidence levels across the global business community.

What are the main standards?

Almost unbelievably, there are about 22,000 ISO standards. There’s hardly anything you do or buy that isn’t covered by an ISO standard. There’s even a standard, ISO 3103, for brewing a cup of tea. (It specifies six minutes brewing time, would you believe.)

Right now, the four most popular ISO standards that apply to nearly all businesses are:

ISO 9001 Quality Management

ISO 45001 Occupational Health & Safety Management

ISO 14001 Environmental Management

ISO 27001 Information Security Management

Who is ISO? What does it stand for?

Although the organisation that produces ISO standards is called the International Organisation for Standardisation, it’s just a coincidence that the capital letters of its name contain the same letters as in ‘ISO’, which it also uses in its logo.

ISO is in fact derived from the Greek word “isos”, meaning "equal". So now you know!

As far as the ISO organisation is concerned, it’s an independent, non-governmental body based in Geneva consisting of members from 167 countries who represent their own national standards bodies.

How do you get certified?

You can’t just buy a copy of an ISO standard, put it on the shelf and claim to be an ISO compliant business. You have to ‘implement’ the standard and work in accordance with it. You need to keep evidence that demonstrates this too. Then, an auditor from a third party certification body will audit your organisation to confirm whether you are compliant or not. If you meet the standard, you’re awarded a certificate and can promote your credentials. The auditor will return at set intervals to ensure that you remain compliant.

It's these external, third party audits that give ISO certification its value. Because they are impartial, it gives confidence to your customers that you genuinely are compliant.

The importance of ‘accredited’ certification

Basically, you can appoint anyone to audit your ISO system and give you a certificate. You could get your next door neighbour to do it. But who would place any value in that? It would be meaningless.

So, how can your customers be sure that the certificate you display is impartial and meaningful?

Within the UK, the only sure fire way is through getting audited by a certification body that has been accredited by UKAS (the United Kingdom Accreditation Service). They have been appointed by the government to ensure that bodies which award certificates are themselves competent to do so. UKAS audits certification bodies on a regular basis to ensure that they are compliant.

So be careful - some certification bodies out there are not UKAS accredited and the certificates they issue are less meaningful and often not accepted at all.

Read more on the importance of UKAS accredited certification here.

How many businesses are ISO certified?

Official, confirmed numbers are hard to come by but we do know from ISO and UKAS sources that there are more than 1.5 million businesses worldwide with some kind of ISO certification and about 110,000 certificates issued in the UK. Many businesses have more than one certificate.

When you remember there are 5.6 million businesses in the UK, 1.4 million of those with employees, that means if you are one of those certified businesses you are in a very select group. It immediately marks you out as a cut above the rest. This is why UKAS accredited certification is so often used as a criterion in tender applications - it’s one of the easiest ways for the procuring business to immediately create a high quality shortlist.

Final thoughts

If, after you’ve done your research and got a quote for getting certified, you’re still left wondering whether it’s all worthwhile, then consider this. A certification ‘cycle’ is three years: that is, after the three years are up, you get a full audit again and a new certificate is issued. More than 90% of ISOQAR clients who were certified 3 years ago have decided to renew their certification. Their bottom line is a clear indication of the value of ISO certification.