ISO standards · 26 pages
ISO & lab accreditation standards
Answer-first explainers of the major ISO standards and lab-accreditation concepts — quality, environmental, information-security and laboratory standards, calibration and the accreditation-vs-certification distinction.
Browse the topic
All 26 iso & lab accreditation standards pages
ISO (International Organization for Standardization)
ISO is the International Organization for Standardization, an independent, non-governmental organisation founded in 1947 that develops voluntary international standards. Working through national member bodies and expert technical committees, it publishes consensus-based standards covering quality, safety, the environment and information security. The name is not an acronym: it derives from the Greek isos, meaning equal, so the short form is ISO in every language. Conformity to most ISO standards is voluntary unless a regulator or contract requires it.
DefinitionISO 9000
ISO 9000 is both the family name for ISO’s quality-management standards and the specific standard (ISO 9000:2015) that defines the fundamental concepts, principles and vocabulary of quality management. It is not certifiable on its own; rather, it supplies the shared language and seven quality-management principles that underpin ISO 9001, the certifiable requirements standard. Understanding ISO 9000 is the starting point for interpreting and implementing the rest of the family correctly.
DefinitionISO 9001
ISO 9001 is the international standard that specifies the requirements for a quality management system (QMS). The current version, ISO 9001:2015, is built on the process approach, the Plan-Do-Check-Act cycle and risk-based thinking, and requires an organisation to demonstrate it can consistently meet customer and regulatory requirements. It is the only certifiable standard in the ISO 9000 family, so organisations are audited and certified against ISO 9001 specifically. It applies to any organisation, regardless of size or sector.
DefinitionISO 13485
ISO 13485 is the international standard specifying requirements for a quality management system where an organisation needs to demonstrate it can provide medical devices and related services that meet customer and regulatory requirements. The current version, ISO 13485:2016, shares roots with ISO 9001 but is more prescriptive and regulatory-focused, emphasising risk management, design controls, traceability and documentation. It is widely required by regulators and is broadly aligned with frameworks such as the FDA Quality System Regulation and the EU Medical Device Regulation.
DefinitionISO 14001
ISO 14001 is the international standard that specifies the requirements for an environmental management system (EMS). The current version, ISO 14001:2015, helps an organisation identify the environmental aspects of its activities, comply with legal obligations, set objectives, and improve performance through the Plan-Do-Check-Act cycle. It is certifiable and applies to any organisation regardless of sector or size. The aim is a systematic, auditable approach to reducing environmental impact rather than ad hoc or purely reactive efforts.
DefinitionISO/IEC 17025
ISO/IEC 17025 is the international standard specifying the general requirements for the competence, impartiality and consistent operation of testing and calibration laboratories. The current version, ISO/IEC 17025:2017, covers both management-system and technical requirements, including personnel competence, equipment, methods, measurement uncertainty and metrological traceability. It is the standard against which laboratories are accredited by accreditation bodies, with international recognition coordinated through ILAC. Accreditation to ISO/IEC 17025 lets a laboratory demonstrate that its results are technically valid and internationally trusted.
DefinitionISO/IEC 27001
ISO/IEC 27001 is the international standard specifying the requirements for an information security management system (ISMS). The current version, ISO/IEC 27001:2022, requires an organisation to assess information security risks and select controls to treat them, drawing on the catalogue of controls in Annex A. It is certifiable, applies to organisations of any size or sector, and aims to protect the confidentiality, integrity and availability of information. Certification gives independent assurance that information security is managed through a risk-based, continually improving system.
DefinitionISO 15189
ISO 15189 is the international standard specifying requirements for quality and competence in medical laboratories. The current version, ISO 15189:2022, applies to clinical (diagnostic) laboratories and covers the whole testing pathway — pre-examination, examination and post-examination — alongside management and technical requirements. It is the standard against which medical laboratories are accredited, providing assurance that patient test results are reliable. ISO 15189 draws on the same principles as ISO/IEC 17025 but is tailored to the clinical context, including patient care, sample handling and result interpretation.
DefinitionCalibration
Calibration is the operation of comparing the readings of a measuring instrument against a reference standard of known accuracy in order to determine, and where necessary correct, any deviation. It establishes the relationship between what the instrument indicates and the true value, with stated measurement uncertainty. Calibration is essential to metrological traceability, because it links measurements through an unbroken chain to recognised references such as SI units. It is not the same as adjustment, though adjustment may follow a calibration.
DefinitionMetrological traceability
Metrological traceability is the property of a measurement result whereby it can be related to a stated reference — typically an SI unit — through a documented, unbroken chain of calibrations, each contributing to the measurement uncertainty. It is what lets measurements made at different times and places be meaningfully compared, because all are linked to the same reference. Traceability requires that each calibration in the chain is to a higher reference, ultimately reaching a primary standard maintained by a national metrology institute.
DefinitionNonconformity
A nonconformity is a non-fulfilment of a requirement, whether a requirement of a standard, a regulation, a customer or the organisation’s own procedures. In ISO management systems it is the term for an audit finding where something does not meet what is required. Nonconformities are typically graded as major or minor depending on severity and impact, and each must be addressed through correction and corrective action to remove the cause. Identifying and resolving nonconformities is central to how management systems drive improvement.
DefinitionInternal audit
An internal audit is a systematic, independent and documented first-party audit in which an organisation checks its own management system against requirements — the relevant ISO standard, regulations and its own procedures. Conducted by trained internal auditors who are independent of the area examined, it gathers objective evidence to confirm conformity and effectiveness, and surfaces nonconformities and improvement opportunities. ISO management-system standards such as ISO 9001 require internal audits at planned intervals. They differ from external audits, which are carried out by customers or certification bodies.
DefinitionCLIA (Clinical Laboratory Improvement Amendments)
CLIA stands for the Clinical Laboratory Improvement Amendments of 1988, the US federal standards that regulate clinical-laboratory testing performed on humans to ensure the quality and reliability of results. Administered chiefly by the Centers for Medicare and Medicaid Services (CMS), with the CDC and FDA, CLIA requires laboratories to hold an appropriate certificate based on the complexity of the tests they perform — from waived tests to high-complexity testing. Almost any US laboratory testing human samples for health purposes must comply with CLIA.
ComparisonAccreditation vs certification
The difference is competence versus conformity. Accreditation is the formal recognition, by an authoritative accreditation body, that a body is competent to carry out specific tasks — such as a laboratory testing to ISO/IEC 17025, or a certification body operating. Certification is third-party attestation that a specific product, system or person conforms to a standard, such as an organisation being certified to ISO 9001. Accreditation assesses competence and sits a level above certification; certification confirms conformity. Accreditation bodies accredit; certification bodies certify.
ComparisonISO 9001 vs ISO 13485
The difference is scope and emphasis. ISO 9001 is the general quality-management standard for any organisation, built around customer satisfaction and continual improvement. ISO 13485 applies the same QMS foundations to the medical-device sector but is more prescriptive and regulatory-focused, prioritising risk management, traceability and meeting regulatory requirements over continual improvement. ISO 13485 was derived from ISO 9001, yet the 2016 version deliberately does not follow the High-Level Structure used by ISO 9001:2015, reflecting the medical sector’s need for stability and regulatory alignment.
DefinitionISO 45001
ISO 45001 is the international standard, published in 2018, that specifies requirements for an occupational health and safety (OH&S) management system. It helps organisations provide safe and healthy workplaces by identifying and controlling health and safety risks, reducing work-related injury and ill health. It is certifiable, follows the common High-Level Structure, and replaced the earlier OHSAS 18001.
DefinitionISO 50001
ISO 50001 is the international standard that specifies requirements for an energy management system (EnMS). It helps organisations establish the systems and processes needed to improve energy performance, including energy efficiency, use and consumption. The current version, ISO 50001:2018, is certifiable, follows the High-Level Structure, and is built around continual improvement of measurable energy performance.
DefinitionSurveillance audit
A surveillance audit is a periodic audit, usually annual, conducted by a certification body during the validity of a certificate to confirm that an organisation continues to conform to the standard. It sits between the initial certification audit and the recertification audit, sampling parts of the management system rather than re-auditing it in full, so certification reflects ongoing conformity rather than a single point in time.
DefinitionCertification body
A certification body is an independent third-party organisation that audits and certifies that an organisation’s management system conforms to a standard, such as ISO 9001. Sometimes called a certification or registration body, it issues the certificate after a successful audit. To be credible, the certification body is itself accredited by a national accreditation body, which assesses its competence and impartiality.
DefinitionManagement review
Management review is the activity, required by ISO management-system standards, in which top management periodically reviews the organisation’s management system to ensure its continuing suitability, adequacy and effectiveness. It examines defined inputs — such as audit results, performance data, nonconformities and feedback — and produces decisions and actions on improvement, resource needs and changes to the system.
DefinitionISO/IEC 17020
ISO/IEC 17020 is the international standard that sets out requirements for the competence of inspection bodies and the impartiality and consistency of their inspection activities. It is the basis on which inspection bodies are accredited. Inspection involves examining a product, process, service or installation to determine conformity with requirements, distinguishing it from the testing and calibration covered by ISO/IEC 17025.
DefinitionISO 42001 — AI management system
ISO/IEC 42001:2023, published December 2023, is the first international standard specifying requirements for an artificial intelligence management system (AIMS). It follows the Plan-Do-Check-Act structure and Annex SL (High-Level Structure), building on ISO 9001 and ISO/IEC 27001 foundations. It is certifiable, covers AI risk and impact assessment, and applies to any organisation developing or using AI systems.
DefinitionISO 27701
ISO/IEC 27701:2019 extends the ISO/IEC 27001 information security management system with privacy information management requirements for protecting personally identifiable information (PII). It maps to GDPR accountability obligations and addresses both Data Controllers and Data Processors. Certification to ISO/IEC 27701 requires an existing or concurrent ISO/IEC 27001 certification and provides third-party assurance of privacy governance.
DefinitionISO 22301
ISO 22301 is the international standard specifying requirements for a business continuity management system (BCMS). The current version, ISO 22301:2019, uses the Plan-Do-Check-Act structure and Annex SL. It requires business impact analysis, recovery time objectives, recovery point objectives and documented continuity plans, and is certifiable by independent third-party audit. It applies to organisations of any size or sector.
DefinitionISO 31000
ISO 31000:2018 (second edition) is the international risk management standard providing principles, a framework and a process for managing risk. It is not certifiable — it provides guidance, not requirements — but is widely referenced across sectors as the universal risk management standard. It defines eight principles and a risk management process covering risk identification, analysis, evaluation and treatment.
GuideISO 27001 requirements
ISO/IEC 27001:2022 specifies ISMS requirements in ten clauses; clauses 4–10 contain the auditable requirements. Annex A lists 93 controls in four themes (organisational, people, physical, technological) — reduced and restructured from 114 controls in 14 domains in the 2013 edition. Organisations select applicable controls via risk assessment and document decisions in a Statement of Applicability.
