Common ISO Terminology and Acronyms Explained

Have you ever stumbled upon an ISO-related term or acronym and wondered what it means? Or perhaps you’re just beginning your ISO journey and want a straightforward guide to understanding the language used in the ISO world? This blog simplifies common terminology and answers frequently asked questions, making it easier for you to navigate the certification process.

Whether you’re researching how ISO Certification works or already familiar with it but still confused by the jargon, this guide is here to help.

Key ISO Acronyms You Should Know

Before we dive into frequently asked questions, here are some acronyms commonly used in the ISO world, which you’ll see throughout this blog:

  • ISO – International Organization for Standardization

  • CAB – Conformity Assessment Body

  • BMS – Business Management System

  • QMS – Quality Management System

  • EMS – Environmental Management System

  • ISMS – Information Security Management System

  • OHSMS – Occupational Health & Safety Management System

  • OFI – Opportunity for Improvement

  • NC – Non-conformance

Now that you’re up to speed, let’s address some of the most common questions we hear from clients, students, and colleagues.

What is ISO?

Many people mistakenly think that ISO refers to a product or certificate. In fact, ISO is an international non-governmental organisation that develops and publishes global standards. These standards ensure that businesses of all types and sizes can improve processes, products, and services, while facilitating trade between countries.

ISO’s standards help businesses meet minimum quality, safety, and reliability requirements. However, ISO itself does not certify organisations. Instead, certifications are issued by accredited Conformity Assessment Bodies (CABs), which are recognised internationally.

What is a Management System?

A Management System, or Business Management System (BMS), is a structured framework that defines how a business operates. It includes policies, processes, and procedures that guide employees and managers in achieving specific objectives.

Management Systems can be aligned with one or more ISO standards, such as ISO 9001:2015 (Quality Management), helping organisations ensure their operations meet industry best practices.

What is a Management System Standard?

ISO Management System Standards (MSS) are documents that define best practices and requirements for organisations to follow. These guidelines help improve operations and performance while ensuring compliance with international norms.

There are over 80 ISO standards, but some of the most widely implemented include:

ISO 9001:2015 – Quality Management
ISO 45001:2018 – Occupational Health & Safety
ISO 14001:2015 – Environmental Management
ISO 27001:2022 – Information Security Management

What is a CAB, Certification Body, or Certifier?

All these terms refer to the same entity. CAB stands for Conformity Assessment Body, which is the formal name for a Certification Body or Certifier.

CABs audit businesses’ management systems to ensure compliance with ISO standards and issue certifications once requirements are met. These bodies must be accredited to ensure that their certifications are internationally recognised.

For example, in the Asia-Pacific region, certification bodies are accredited by JAS-ANZ (Joint Accreditation System of Australia and New Zealand). You can find accredited bodies through the JAS-ANZ register or visit the International Accreditation Forum’s website for global information.

How Do Businesses Get ISO Certification?

Every organisation’s certification journey is unique. Some may already have a system in place, while others start from scratch. Some choose to work with consultants, while others rely on internal teams.

Here’s a simplified roadmap to certification:

  1. Identify the relevant ISO standard(s)

  2. Assess gaps between current processes and standard requirements

  3. Develop procedures and documentation

  4. Implement the processes and maintain records

  5. Conduct an internal audit and management review

  6. Undergo an audit by a Certification Body

Once certified, businesses enter a three-year certification cycle with annual surveillance audits to ensure continued compliance.

How Long Does It Take to Get Certified?

Certification timelines vary depending on business size, complexity, and standards pursued. Typically, it takes 3-6 months, but for larger organisations, it may extend up to one year.

It’s important to allow sufficient time after implementation before conducting internal audits to ensure processes are fully operational and compliant.

What’s the Difference Between Certification and Accreditation?

Certification applies to businesses that meet ISO standard requirements, whereas accreditation applies to the CABs that issue certifications.

An accredited Certification Body is authorised to certify businesses, ensuring that their certifications are valid and globally accepted.

What’s the Difference Between an Internal and External Audit?

  • Internal Audits: Conducted by the business itself to ensure systems meet ISO requirements before external audits.

  • External Audits: Performed by the Certification Body to officially grant ISO certification.

Can Businesses Conduct Their Own Internal Audits?

Yes! Organisations can use internal employees to conduct audits as long as they are trained and deemed competent according to ISO 19011:2018 guidelines.

Our Management Systems Internal Auditor Training offers internationally recognised certification to ensure auditors are fully qualified and prepared.

Is an Audit the Same as an Inspection?

No. While often confused, they are different:

  • Audit: A systematic review of processes or systems to verify compliance with standards.

  • Inspection: A focused check of a product, place, or service to ensure requirements like safety or quality are met.

What is a Non-Conformance (NC)?

A Non-Conformance (NC) is a failure to meet a standard or requirement. Two types are:

Major NC: A significant issue that can prevent certification or lead to suspension if unresolved.
Minor NC: A smaller deviation that can escalate if not addressed but doesn’t immediately impact certification.

Both types must be documented and corrected within a specified timeframe.

What is an Opportunity for Improvement (OFI)?

An Opportunity for Improvement (OFI) is a recommendation identified during an audit. It suggests potential improvements but does not affect certification status.

Though action isn’t mandatory, addressing OFIs can help refine processes and may be reviewed in future audits.

What Does “Certified by Exemplar Global” Mean?

Courses recognised by Exemplar Global meet high standards set by experts and are accepted globally. Certifications from these courses are widely recognised and offer additional benefits such as access to professional networks and learning resources.

CERTIFY YOUR SUCCESS

 

QUALITY IS IN OUR DNA.