Quality Management System
ISO 9001: Quality Management system
ISO 9001: 2015 specifies requirements for a quality management system when an organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.
ISO 13485: Medical Devices Quality Management
ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support).
ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations.
Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the organization.
The processes required by ISO 13485:2016 that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization's quality management system by monitoring, maintaining, and controlling the processes.
ISO 14001: Effective Environmental Management
ISO 14001 is the international standard that specifies requirements for an effective environmental management system (EMS). It provides a framework that an organization can follow, rather than establishing environmental performance requirements.
Part of the ISO 14000 family of standards on environmental management, ISO 14001 is a voluntary standard that organizations can certify to. Integrating it with other management systems standards, most commonly ISO 9001, can further assist in accomplishing organizational goals.
The International Organization for Standardization (ISO) defines an environmental management system as “part of the management system used to manage environmental aspects, fulfill compliance obligations, and address risks and opportunities.” The framework in the ISO 14001 standard can be used within a plan-do-check-act (PDCA) approach to continuous improvement.
Who Should Use The ISO 14001:2015 Revision?
ISO 14001:2015 should be used by any organization that wishes to set up, improve, or maintain an environmental management system to conform with its established environmental policy and requirements. The requirements of the standard can be incorporated into any environmental management system, the extent to which is determined by several factors including the organization’s industry, environmental policy, products and service offerings, and location.
ISO 14971: Risk Management for Medical Devices
This document specifies terminology, principles and a process for risk management of medical devices, including software as a medical device and in vitro diagnostic medical devices. The process described in this document intends to assist manufacturers of medical devices to identify the hazards associated with the medical device, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
The requirements of this document are applicable to all phases of the life cycle of a medical device. The process described in this document applies to risks associated with a medical device, such as risks related to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability.
The process described in this document can also be applied to products that are not necessarily medical devices in some jurisdictions and can also be used by others involved in the medical device life cycle.
This document does not apply to:
— decisions on the use of a medical device in the context of any particular clinical procedure; or
— business risk management
This document requires manufacturers to establish objective criteria for risk acceptability but does not specify acceptable risk levels.
Risk management can be an integral part of a quality management system. However, this document does not require the manufacturer to have a quality management system in place.
ISO 22001: Food Safety standards
The adoption of a food safety management system (FSMS) is a strategic decision for an organization that can help to improve its overall performance in food safety. The potential benefits to an organization of implementing a FSMS based on this document are:
a) the ability to consistently provide safe foods and products and services that meet customer and applicable statutory and regulatory requirements;
b) addressing risks associated with its objectives;
c) the ability to demonstrate conformity to specified FSMS requirements
This standard employs the process approach (see 0.3), which incorporates the Plan-Do-Check-Act (PDCA) cycle (see 0.3.2) and risk-based thinking (see 0.3.3)
This process approach enables an organization to plan its processes and their interactions.
The PDCA cycle enables an organization to ensure that its processes are adequately resourced and managed, and that opportunities for improvement are determined and acted on.
Risk-based thinking enables an organization to determine the factors that could cause its processes and its FSMS to deviate from the planned results, and to put in place controls to prevent or minimize adverse effects.
ISO 27001: Information Security
This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The adoption of an information security management system is a strategic decision for an organization. The establishment and implementation of an organization’s information security management system is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization. All of these influencing factors are expected to change over time.
The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
It is important that the information security management system is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization.
This International Standard can be used by internal and external parties to assess the organization's ability to meet the organization’s own information security requirements.
The order in which requirements are presented in this International Standard does not reflect their importance or imply the order in which they are to be implemented. The list items are enumerated for reference purpose only.
ISO/IEC 27000 describes the overview and the vocabulary of information security management systems, referencing the information security management system family of standards (including ISO/IEC 27003, ISO/IEC 27004 and ISO/IEC 27005), with related terms and definitions.
Learn More about ISO
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electronical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL:
The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives.
The potential benefits to an organization of implementing a quality management system based on this International Standard are:
· a) the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements;
· b) facilitating opportunities to enhance customer satisfaction;
· c) addressing risks and opportunities associated with its context and objectives;
· d) the ability to demonstrate conformity to specified quality management system requirements.