ISO: International Organization for Standardization

ISO, the International Organization for Standardization, is a nonprofit organization that develops and publishes standards of virtually every possible sort, ranging from standards for information technology to fluid dynamics and nuclear energy. Headquartered in Geneva, Switzerland, ISO is composed of 162 members, each one the sole representative for their home country. As the largest developer and publisher of standards in the world, ISO fills the vital role of a medium for agreement between individual standards developers, spreading progress made by one country's local developers across the world to further the goal of standardization. Standards from ISO are available both individually, directly through the ANSI webstore, and as part of a Standards Subscription. If you or your organization are interested in easy, managed, online access to standards that can be shared, a Standards Subscription may be what you need - please contact us at: [email protected] or 1-212-642-4980 or Request Proposal Price.

Below are ISO's best-selling standards. To find additional standards, please use the search bar above.

ISO 9001:2015

Quality management systems - Requirements

ISO 9001:2015 specifies requirements for a quality management system when an organization:

a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and

b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.

 

ISO/IEC 27001:2013

Information technology - Security techniques - Information security management systems - Requirements

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

ISO 14001:2015

Environmental management systems - Requirements with guidance for use

ISO 14001:2015 specifies the requirements for an environmental management system that an organization can use to enhance its environmental performance. ISO 14001:2015 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.

ISO 14001:2015 helps an organization achieve the intended outcomes of its environmental management system, which provide value for the environment, the organization itself and interested parties. Consistent with the organization's environmental policy, the intended outcomes of an environmental management system include:

+ enhancement of environmental performance;

+ fulfillment of compliance obligations;

+ achievement of environmental objectives.

ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective. ISO 14001:2015 does not state specific environmental performance criteria.

ISO 14001:2015 can be used in whole or in part to systematically improve environmental management. Claims of conformity to ISO 14001:2015, however, are not acceptable unless all its requirements are incorporated into an organization's environmental management system and fulfilled without exclusion.

ISO 45001:2018

Occupational health and safety management systems - Requirements with guidance for use

ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.
ISO 45001:2018 is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.
ISO 45001:2018 helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization's OH&S policy, the intended outcomes of an OH&S management system include:

a) continual improvement of OH&S performance;
b) fulfilment of legal requirements and other requirements;
c) achievement of OH&S objectives.

ISO 45001:2018 is applicable to any organization regardless of its size, type and activities. It is applicable to the OH&S risks under the organization's control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.
ISO 45001:2018 does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system.
ISO 45001:2018 enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing.
ISO 45001:2018 does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties.
ISO 45001:2018 can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to this document are not acceptable unless all its requirements are incorporated into an organization's OH&S management system and fulfilled without exclusion.
 

ISO 14971:2019

Medical devices - Application of risk management to medical devices

This document specifies terminology, principles and a process for risk management of medical devices, including software as a medical device and in vitro diagnostic medical devices. The process described in this document intends to assist manufacturers of medical devices to identify the hazards associated with the medical device, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.  The requirements of this document are applicable to all phases of the life cycle of a medical device. The process described in this document applies to risks associated with a medical device, such as risks related to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability.  The process described in this document can also be applied to products that are not necessarily medical devices in some jurisdictions and can also be used by others involved in the medical device life cycle.  This document does not apply to:  — decisions on the use of a medical device in the context of any particular clinical procedure; or  — business risk management.  This document requires manufacturers to establish objective criteria for risk acceptability but does not specify acceptable risk levels.  Risk management can be an integral part of a quality management system. However, this document does not require the manufacturer to have a quality management system in place.  NOTE Guidance on the application of this document can be found in ISO/TR 24971. 

ISO 19011:2018

Guidelines for auditing management systems

ISO 19011:2018 provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process. These activities include the individual(s) managing the audit programme, auditors and audit teams.

It is applicable to all organizations that need to plan and conduct internal or external audits of management systems or manage an audit programme.

The application of this document to other types of audits is possible, provided that special consideration is given to the specific competence needed.

ISO 15223-1:2021

Medical devices - Symbols to be used with information to be supplied by the manufacturer - Part 1: General requirements

This document specifies symbols used to express information supplied for a medical device. This document is applicable to symbols used in a broad spectrum of medical devices, that are available globally and need to meet different regulatory requirements.

 

These symbols can be used on the medical device itself, on its packaging or in the accompanying information. The requirements of this document are not intended to apply to symbols specified in other standards.

ISO/TR 24971:2020

Medical devices - Guidance on the application of ISO 14971

This document provides guidance on the development, implementation and maintenance of a risk management system for medical devices according to ISO 14971:2019.

The risk management process can be part of a quality management system, for example one that is based on ISO 13485:2016[24], but this is not required by ISO 14971:2019. Some requirements in ISO 13485:2016 (Clause 7 on product realization and 8.2.1 on feedback during monitoring and measurement) are related to risk management and can be fulfilled by applying ISO 14971:2019. See also the ISO Handbook: ISO 13485:2016 Medical devices A practical guide[25].