ISO Glossary
The world of management system certification uses a sometimes complicated terminology. We would like to help you understand what these weird phrases actually mean.
Certification Terminology explained
A-D Terms related to certification
The process of making sure that only authorised people can access an organisation’s information.
The process of assessing and recognising the competence of an organisation or individual to perform specific tasks or services.
Something that an organisation values, such as information, hardware, software, or property.
Threat: Something that could cause harm to an organisation’s information, like a hacker, virus, or natural disaster.
The plans and procedures that an organisation has in place to keep operating during and after a disruption. ISO 22301 is the Business Continuity standard.
An alternative term used for a QMS, EMS, OHSMS, ISMS or a combination of these that make up management systems that may or may not be integrated.
The process of comparing a measurement device or system with a reference standard to ensure accuracy and reliability.
The process of verifying that an organisation or individual meets specific standards and requirements.
Meeting legal and other requirements related to occupational health and safety.
Legal requirements and other requirements (admitted term). Legal requirements that an organisation has to comply with and other requirements that an organisation has to or chooses to comply with.
A term used to describe the management and control of changes.
The act of complying with the guidelines or requirements set forth in a standard, regulation, duty, and/or the organisations own requirements.
A combination of internal and external issues that can have an effect on an organisation’s approach to developing and achieving its objectives.
The ongoing effort to improve processes to achieve overall improvement of the management system and organisations objectives.
A term used for an external provider providing functions such as consultants, people conducting maintenance works, cleaning, security.
The process of identifying and addressing the root cause of a nonconformity to prevent its recurrence.
A person or organisation that receives a product or service from the organisation.
The degree to which a product or service meets or exceeds customer expectations.
The term used for the design of products or services for use by an organisation’s customers, and the method for controlling changes or enhancements made to existing products or services.
The process of managing documents to ensure their accuracy, completeness, and accessibility.
E-I Terms related to certification
Planning and procedures to prevent and respond to occupational health and safety emergencies.
Planning and implementing procedures to prevent and respond to environmental emergencies.
The elements of an organisation’s activities, products, and services that affect the environment. Once assessed for significance, environmental aspects can sometimes be known as SEA’s ‘Significant Environmental Aspects’.
Any change to the environment resulting from an organisation’s activities, products, or services.
A set of policies, procedures, and processes for managing an organisation’s environmental impacts. This plays a very important part of becoming ISO 14001 certified.
The results achieved by an organisation in managing its environmental impacts.
An audit carried out by an external independent body of an organisation’s policies, procedures, and processes to determine compliance with specific standards and requirements.
External issues arise from factors that are not within direct control of the company, such as legal, technological, competitive, market, cultural, social, and economic environments (local, regional, national, or international).
A term used where an external resource (e.g. supplier, contractor, subcontractor etc…) may provide all or part of a process, product or service that forms part of an organisation’s product or service provision.
A source or situation that can cause harm to people, property, or the environment.
A term used to describe the order or controls applied to risk- Elimination, substitution, Engineering Controls, Administrative Controls, PPE.
Putting an organisation’s policies and processes into action.
The ongoing effort to make things better by improving products, services, and processes to achieve better quality, efficiency, and customer satisfaction.
Anything that an organisation uses or processes, such as data, files, or documents.
An event that affects an organisation’s information security, such as a breach or a loss of data.
A set of guidelines that help organisations manage their information security risks and ensure their information is safe. This is an integral part of achieving ISO 27001.
An interested party is essentially a stakeholder – an individual or a group of people affected by an organisation’s activities.
A systematic and independent review of an organisation’s policies, procedures, and processes to determine compliance with the ISO Standard requirements and the organisation’s own management system.
Issues that involve inner factors under the direct control of a company such as structure, culture, resources etc.
K-O Terms related to certification
Metrics that organisations use to assess the operating effectiveness and performance of their management systems.
The actions and decisions of top management that control and direct an organisation.
The environmental laws, regulations, and other standards that organisations must follow.
Considering the environmental impacts of a product or service throughout its entire life cycle, considering initial design of activities, acquisition and extraction, production/service delivery, transportation, consumption/application and end of life/disposal.
A term used to describe the management and control of changes that may have an impact on Occupational Health & Safety (OH&S) risks to ensure that appropriate methodology and controls are applied, for example, the purchase of new equipment may require updates to risk assessments, training, location review etc.
A periodic evaluation of an organisation’s Management system by top management to assess its effectiveness and identify opportunities for improvement. The inputs and outputs of the meeting are specific to the standard and involves review of the management system.
A set of policies, procedures, and processes developed by an organisation to manage and control its conformity to an ISO standard.
Measuring and evaluating an organisation’s performance.
A failure to meet the requirements or specifications specified in a standard, regulation, duty, and/or the organisations own requirements.
Specific goals that an organisation sets to achieve its policy.
A set of policies, procedures, and processes used to manage an organisation’s occupational health and safety risks and hazards. This plays a very important part of becoming ISO 45001 certified.
The processes and activities used to deliver and control an organisation’s management system requirements, including corrective and preventive actions.
The term used for positive or beneficial affects achieved, these may be identified as a result of a risk, event, change or the ability to do something new.
A term used to describe an ‘opportunity’ that has been identified that may result in improvement of the management system, or a particular element of the organisations success.
A person or group of people that has its own functions with responsibilities, authorities, and relationships to achieve its commercial objectives.
A term used for when an organisation may use the services of an external provider/supplier to provide products, services, or processes.
P-R Terms related to certification
Measurable results of the management systems, related to the organisation’s control of risks, based on its policies and objectives.
The process of monitoring, measuring, analysing, and evaluating an organisation’s performance to make sure it is meeting its objectives.
The process of identifying out what the organisation wants to achieve and how it will get there.
A statement of an organisation’s Intentions and direction, commitments, goals, and objectives related to a specific subject, that are formally expressed by its top management.
The process of identifying and addressing potential sources of nonconformities to prevent their occurrence.
A set of interrelated or interacting processes or process elements that transforms inputs into outputs.
Products are typically tangible items, something that your customers can physically hold in their hands.
A set of policies, procedures, and processes used to ensure that an organisation delivers products or services that meet or exceed customer requirements. This plays a very important part of becoming ISO 9001 certified.
The term used for a potential adverse effect (threat).
The chance that something bad could happen to an organisation’s information.
The overall process of estimating the magnitude of risk and deciding whether or not the risk is acceptable.
The process of identifying, assessing, and controlling potential risks that could negatively impact an organisation’s objectives.
Thinking systematically about the risks and opportunities in all processes and throughout the management system.
S-Z Terms related to certification
A short descriptive statement that sets out the boundaries of the management system applicability e.g. what the organisation provides, for whom and where.
A service is typically an intangible item consisting of one or more activities performed between an organisation and a customer.
An individual or group who can affect or be affected by an organisation’s activities, products, or services.
A document that provides guidelines or requirements to achieve a particular level of quality or performance.
In ISO 27001 Annex A contains a number of clauses that need to be fulfilled in order to comply with the standard requirements. The statement of applicability refers to each clause as outlined and explains either the controls to be implemented, or the justification to why the clause is not applicable.
The evaluation of a supplier’s ability to deliver products or services that meet or exceed the organisation’s requirements.
The resources and infrastructure necessary to help the organisation achieve its objectives.
The process of verifying that a product, service, or system meets specific requirements and performs as intended.
The process of confirming that a product, service, or system meets specific requirements and specifications.
A weakness in an organisation’s information security that could be exploited by a threat.
An injury or illness caused by an organisation’s work activities.
Anyone working for an organisation, including employees, contractors, and temporary workers.
Involving workers in occupational health and safety decision-making.
Any location where work activities that are controlled by the organisation takes place.
Let's Get Your Company Certified!
Make use of our certification services so that your businesss gains the competitive advantage of having accredited ISO certifications.