Standard's info

    ISO 9001:2015 specifies requirements for a quality management system when an organization:
  1. needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
  2. aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.


ISO 14001:2015 specifies the requirements for an environmental management system that an organization can use to enhance its environmental performance. ISO 14001:2015 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
    ISO 14001:2015 helps an organization achieve the intended outcomes of its environmental management system, which provide value for the environment, the organization itself and interested parties. Consistent with the organization's environmental policy, the intended outcomes of an environmental management system include:
  • enhancement of environmental performance;
  • fulfilment of compliance obligations;
  • achievement of environmental objectives.
ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective. ISO 14001:2015 does not state specific environmental performance criteria.


    This document specifies requirements for a food safety management system (FSMS) to enable an organization that is directly or indirectly involved in the food chain:
  1. to plan, implement, operate, maintain and update a FSMS providing products and services that are safe, in accordance with their intended use;
  2. to demonstrate compliance with applicable statutory and regulatory food safety requirements;
  3. to evaluate and assess mutually agreed customer food safety requirements and to demonstrate conformity with them;
  4. to effectively communicate food safety issues to interested parties within the food chain;
  5. to ensure that the organization conforms to its stated food safety policy;
  6. to demonstrate conformity to relevant interested parties;
  7. to seek certification or registration of its FSMS by an external organization, or make a self-assessment or self-declaration of conformity to this document.

Organizations that are directly or indirectly involved include, but are not limited to, feed producers, animal food producers, harvesters of wild plants and animals, farmers, producers of ingredients, food manufacturers, retailers, and organizations providing food services, catering services, cleaning and sanitation services, transportation, storage and distribution services, suppliers of equipment, cleaning and disinfectants, packaging materials and other food contact materials.


ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.


ISO 37001:2016 specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system.
    ISO 37001:2016 addresses the following in relation to the organization's activities:
  • bribery in the public, private and not-for-profit sectors;
  • bribery by the organization;
  • bribery by the organization's personnel acting on the organization's behalf or for its benefit;
  • bribery by the organization's business associates acting on the organization's behalf or for its benefit;
  • bribery of the organization;
  • bribery of the organization's personnel in relation to the organization's activities;
  • bribery of the organization's business associates in relation to the organization's activities;
  • direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).
ISO 37001:2016 does not specifically address fraud, cartels and other anti-trust/competition offences, money-laundering or other activities related to corrupt practices, although an organization can choose to extend the scope of the management system to include such activities.
The requirements of ISO 37001:2016 are generic and are intended to be applicable to all organizations (or parts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors.


ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations.
Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the organization.


This document specifies requirements for establishing, implementing, maintaining and improving an energy management system (EnMS). The intended outcome is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance and the EnMS.
    This document:
  1. is applicable to any organization regardless of its type, size, complexity, geographical location, organizational culture or the products and services it provides;
  2. is applicable to activities affecting energy performance that are managed and controlled by the organization;
  3. is applicable irrespective of the quantity, use, or types of energy consumed;
  4. requires demonstration of continual energy performance improvement, but does not define levels of energy performance improvement to be achieved;
  5. can be used independently, or be aligned or integrated with other management systems.


ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance. ISO 45001:2018 is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.
    ISO 45001:2018 helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization's OH&S policy, the intended outcomes of an OH&S management system include:
  • continual improvement of OH&S performance;
  • fulfilment of legal requirements and other requirements;
  • achievement of OH&S objectives.


The Scheme makes use of international and independent standards such as ISO 22000, ISO 9001, ISO/TS 22003 and technical specifications for sector specific Pre-Requisite Programs (PRPs), such as ISO/TS 22002-1, which were developed through a wide and open consultation with a large number of international stakeholders. Besides these standards, the Scheme contains so-called FSSC Additional Requirements which can be found in the FSSC 22000 Scheme documents. The Scheme documents are available from the FSSC 22000 website. The FSSC 22000 Scheme consists of three components: ISO 22000, sector specific PRPs and additional requirements. Besides these three components there’s a FSSC 22000-Quality option based on the additional requirements of ISO 9001. For organizations wishing to integrate their food quality management system into the scope of their certification, FSSC 22000-Quality certification is available. FSSC 22000-Quality consists of a combined FSSC 22000 and full ISO 9001 audit. The FSSC 22000 Scheme consists of three components: ISO 22000, sector specific PRPs and additional requirements. Besides these three components there’s a FSSC 22000-Quality option based on the additional requirements of ISO 9001. For organizations wishing to integrate their food quality management system into the scope of their certification, FSSC 22000-Quality certification is available. FSSC 22000-Quality consists of a combined FSSC 22000 and full ISO 9001 audit.


ISO 14021:2016 specifies requirements for self-declared environmental claims, including statements, symbols and graphics, regarding products. It further describes selected terms commonly used in environmental claims and gives qualifications for their use. This International Standard also describes a general evaluation and verification methodology for self-declared environmental claims and specific evaluation and verification methods for the selected claims in this International Standard. ISO 14021:2016 does not preclude, override, or in any way change, legally required environmental information, claims or labelling, or any other applicable legal requirements.


ISO 14024:2018 establishes the principles and procedures for developing Type I environmental labelling programmes, including the selection of product categories, product environmental criteria and product function characteristics, and for assessing and demonstrating compliance. ISO 14024:2018 also establishes the certification procedures for awarding the label.


This document defines and establishes methodologies for a set of indicators to steer and measure the performance of city services and quality of life.
    ISO 37120 – Benefits of standardized indicators:
  • More effective governance and delivery of services
  • International benchmarks and targets
  • Local benchmarking and planning
  • Informed decision making for policy makers and city managers
  • Learning across cities
  • Leverage for funding and recognition in international entities
  • Leverage for funding by cities with senior levels of government
  • Framework for sustainability planning
  • Transparency and open data for investment attractiveness
  • Data is moving fast – big data and the information explosion – ISO can help to give cities a reliable foundation of globally standardized data that will assist cities in building core knowledge for city decision-making, and enable comparative insight and global benchmarking


ISO 14006:2011 provides guidelines to assist organizations in establishing, documenting, implementing, maintaining and continually improving their management of ecodesign as part of an environmental management system (EMS). ISO 14006 is intended to be used by those organizations that have implemented an EMS in accordance with ISO 14001, but can help in integrating ecodesign in other management systems. The guidelines are applicable to any organization regardless of its size or activity. Standard applies to those product-related environmental aspects that the organization can control and those it can influence. ISO 14006 does not establish by itself specific environmental performance criteria, and is not intended for certification purposes.


ISO 14065:2013 specifies principles and requirements for bodies that undertake validation or verification of greenhouse gas (GHG) assertions.


ISO 14298:2013 specifies requirements for a security printing management system for security printers. ISO 14298 specifies a minimum set of security printing management system requirements. Organizations ensure that customer security requirements are met as appropriate provided these do not conflict with the requirements of ISO 14298:2013.


ISO 39001:2012 specifies requirements for a road traffic safety (RTS) management system to enable an organization that interacts with the road traffic system to reduce death and serious injuries related to road traffic crashes which it can influence. The requirements in ISO 39001 include development and implementation of an appropriate RTS policy, development of RTS objectives and action plans, which take into account legal and other requirements to which the organization subscribes, and information about elements and criteria related to RTS that the organization identifies as those which it can control and those which it can influence.


This globally recognized standard for managing information technology services is designed to ensure the consistency of IT infrastructure and services, both within the company and its contractors. This consistency ensures the satisfaction of both consumers and employees. In an effort to create effective management of IT services, the standard considers a number of key processes - from reporting at the level of service management, financing and reporting on IT services to managing information security, suppliers, contingencies, changes and versions. ISO 20000 certification helps companies improve and optimize IT processes, increase productivity and ensure consistency and management of IT services both within the organization and in external networks and for end users. This approach confirms the company's commitment to provide reliable IT services and infrastructure, guarantees customer satisfaction, operational efficiency and enhances the company's reputation.
    Other benefits:
  • lower costs due to increased productivity;
  • the use of recommended methods that have proven their effectiveness;
  • ISO 20000 is recognized in the IT industry worldwide;
  • consistency between business goals and the capabilities of IT services, reducing risks and improving the interaction between the business sector and IT services.


This document establishes terms, definitions and service requirements for service providers conducting market, opinion and social research, including insights and data analytics (hereinafter referred to as "service providers"). Non-market research activities, such as direct marketing, are outside the scope of this document.
    Key requirements of the standard:
  • the presence of the organization-provider of marketing and sociological studies of a documented quality management system;
  • conducting regular audits of this system;
  • continuous training and staff development;
  • subcontractor management;
  • full transparency for the client, which includes the ability to verify key stages and reporting on them;
  • ensuring the safety, integrity and confidentiality of information;
  • verification and approval of the main stages of research.
The certification of the organization according to the ISO 20252 standard confirms the conformity of the production cycle and the organization’s quality management system with international requirements for marketing and sociological research providers. The presence or absence at the provider of a certificate of compliance with ISO 20252 allows the client to evaluate the minimum level of service that he can count on. This certification can be carried out either separately or as part of integrated management systems based on international standards.


ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. The requirements specified in ISO 22301 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.