September 16, 2024
ISO glossary – key terms you need to know
If you’re considering ISO certification for your business, you’ll likely encounter some unfamiliar – and familiar – words and phrases during the implementation process. We’ve put this handy glossary together to demystify some of the key ISO terms and concepts you’ll come across.
Why is grasping them so important? Well, clear communication is vital when working with ISO standards. Whether you’re talking to consultants, auditors or your team, speaking the same language ensures everyone’s on the same page. It helps prevent misunderstandings and makes the whole process smoother.
ISO and management systems
Let’s start with the basics. ISO stands for the International Organization for Standardization. It’s an independent, non-governmental organisation that develops and publishes international standards. Its standards cover a wide range of industries and processes, from quality management to environmental practices.
A management system is a set of interrelated elements that organisations use to achieve their objectives. It includes your organisation’s structure, planning activities, responsibilities, practices, procedures and resources. When we talk about an ISO management system, we’re referring to a framework that aligns with specific ISO standards.
You’ll often hear about PDCA, which stands for Plan-Do-Check-Act. It’s a four-step model for continuous improvement that’s at the heart of many ISO standards. You plan what you’re going to do, do it, check how well it worked and then act on what you’ve learned. It’s a simple but powerful cycle that drives ongoing enhancement in your processes.
Certification and accreditation
ISO Certification is the process of confirming that your management system meets the requirements of a particular ISO standard, such as ISO 9001. An independent third party carries it out, and involves an audit of your systems and processes.
Accreditation, on the other hand, is the formal recognition that a certification body is regulated by their national accreditation body. It’s like a certification for the certifiers.
A certification body – like ISO Quality Services Ltd (ISO QSL) – is an organisation that assesses your management system and issues ISO certificates.
An accreditation body is an authorised organisation that evaluates and recognises the competence of certification bodies. In the UK, the national accreditation body is UKAS (United Kingdom Accreditation Service).
Audit-related terms
An audit is a systematic, independent process for obtaining evidence and evaluating it objectively to determine the extent to which it fulfils the audit criteria. In simpler terms, it’s a structured way of checking whether your management system is working as it should.
Internal audits are conducted by your organisation itself. They’re sometimes called first-party audits. These are valuable tools for self-assessment and improvement.
External audits are carried out by outside parties. They can be second-party audits (conducted by customers or others on their behalf) or third-party audits (performed by independent organisations, like certification bodies).
An auditor is the person who conducts audits. They need to be competent, impartial and objective. For internal audits, you can train your staff to be auditors. For certification audits, the auditors will come from your chosen certification body.
Documentation and records
Documented information refers to both documents and records. It’s information that needs to be controlled and maintained by the organisation.
A procedure is a specified way to carry out an activity or process. In the context of ISO, procedures are usually documented to ensure consistency.
A record provides evidence of activities performed or results achieved. Unlike procedures, which describe how things should be done, records show what actually happened.
Process and performance
A process is a set of interrelated activities that transform inputs into outputs. Understanding and managing your processes is a vital part of ISO management systems.
Process interaction relates to how different processes within a management system relate to and affect each other, which is crucial for optimising overall performance and ensuring operational consistency.
The hierarchy of control is a system for minimising hazards by prioritising control measures from most to least effective.
Key Performance Indicators (KPIs) are measurable values that demonstrate how effectively an organisation is achieving its objectives. They’re crucial for monitoring the performance of your management system.
An objective is a result to be achieved. In ISO terms, objectives should be consistent with your organisation’s policies and should be measurable where practicable.
Continuous improvement is about enhancing performance over time. It’s a fundamental principle in ISO standards and is often achieved through the PDCA cycle we mentioned earlier.
And an opportunity for improvement is a potential area where your organisation can enhance its processes, products, or services beyond basic compliance. It’s often identified during audits to promote continuous improvement.
Risk and compliance
Risk, in ISO terms, is the effect of uncertainty on objectives. This effect can be positive or negative. Managing risk is a key aspect of many ISO standards.
Risk assessment is the overall process of risk identification, analysis and evaluation. It helps you understand what could go wrong and how to prevent it.
Compliance means meeting requirements. These could be legal requirements, customer requirements or the requirements of your management system.
An interested party is a person or organisation that can affect, be affected by, or perceive itself to be affected by a decision or activity. These could include customers, suppliers, regulators or even the local community.
Nonconformity and corrective action
A nonconformity is a non-fulfilment of a requirement. In other words, it’s when something doesn’t meet the standard you’ve set or that’s required by ISO.
Corrective action is an action taken to eliminate the cause of a nonconformity and prevent recurrence. It’s about fixing problems at their root, not just treating symptoms.
Preventive action is an action taken to eliminate the cause of a potential nonconformity or other undesirable situation. It’s about stopping problems before they occur.
Root cause analysis is a method of problem-solving that aims to identify the root causes of faults or problems. It’s an essential part of both corrective and preventive action.
Specific ISO standards
ISO 9001 is the international standard for Quality Management Systems. It’s designed to help organisations ensure they meet customer and regulatory requirements related to product or service quality.
ISO 14001 sets out the criteria for an Environmental Management System. It provides a framework that an organisation can follow to set up an effective environmental management system.
ISO 45001 is the standard for Occupational Health and Safety Management Systems. It’s aimed at improving employee safety, reducing workplace risks and creating better, safer working conditions.
ISO 27001 is the international standard for Information Security Management Systems. It provides a framework for organisations to manage and protect their data and information, both physical and digital.
How can ISO QSL help?
Familiarising yourself with ISO terminology is an essential step in your certification journey. It will help you communicate more effectively with auditors, consultants and your team. It also deepens your understanding of the standards themselves.
If your organisation is interested in implementing an ISO standard but you’re unsure where to begin, ISO QSL can help. As a leading provider of ISO certification services, our expert team can guide your business through the process and help you achieve certification in as little as eight weeks.
Our friendly, expert team is ready to help. Give us a call today to discuss your requirements.
