Home » Glossary
Our ISO Glossary has been designed to help you navigate your way through some of the terms you might come across on your journey to certification.
Any location where work activities that are controlled by the organisation takes place.
Involving workers in occupational health and safety decision-making.
Anyone working for an organisation, including employees, contractors, and temporary workers.
An injury or illness caused by an organisation’s work activities.
A weakness in an organisation’s information security that could be exploited by a threat.
The process of confirming that a product, service, or system meets specific requirements and specifications.
The process of verifying that a product, service, or system meets specific requirements and performs as intended.
The resources and infrastructure necessary to help the organisation achieve its objectives.
The evaluation of a supplier’s ability to deliver products or services that meet or exceed the organisation’s requirements.
In ISO 27001 Annex A contains a number of clauses that need to be fulfilled in order to comply with the standard requirements. The statement of applicability refers to each clause as outlined and explains either the controls to be implemented, or the justification to why the clause is not applicable.
A document that provides guidelines or requirements to achieve a particular level of quality or performance.
An individual or group who can affect or be affected by an organisation’s activities, products, or services.
A service is typically an intangible item consisting of one or more activities performed between an organisation and a customer.
A short descriptive statement that sets out the boundaries of the management system applicability e.g. what the organisation provides, for whom and where.
Thinking systematically about the risks and opportunities in all processes and throughout the management system.
The process of identifying, assessing, and controlling potential risks that could negatively impact an organisation’s objectives.
The overall process of estimating the magnitude of risk and deciding whether or not the risk is acceptable. Take a look at our Health and Safety Risk Assessment Awareness Online Training Course.
The term used for a potential adverse effect (threat).
The chance that something bad could happen to an organisation’s information.
A set of policies, procedures, and processes used to ensure that an organisation delivers products or services that meet or exceed customer requirements. This plays a very important part of becoming ISO 9001 certified.
Products are typically tangible items, something that your customers can physically hold in their hands.
A set of interrelated or interacting processes or process elements that transforms inputs into outputs.
The process of identifying and addressing potential sources of nonconformities to prevent their occurrence.
A statement of an organisation’s Intentions and direction, commitments, goals, and objectives related to a specific subject, that are formally expressed by its top management.
The process of identifying out what the organisation wants to achieve and how it will get there.
The process of monitoring, measuring, analysing, and evaluating an organisation’s performance to make sure it is meeting its objectives.
Measurable results of the management systems, related to the organisation’s control of risks, based on its policies and objectives.
A term used for when an organisation may use the services of an external provider/supplier to provide products, services, or processes.
A person or group of people that has its own functions with responsibilities, authorities, and relationships to achieve its commercial objectives.
A term used to describe an ‘opportunity’ that has been identified that may result in improvement of the management system, or a particular element of the organisations success.
The term used for positive or beneficial affects achieved, these may be identified as a result of a risk, event, change or the ability to do something new.
The processes and activities used to deliver and control an organisation’s management system requirements, including corrective and preventive actions.
A set of policies, procedures, and processes used to manage an organisation’s occupational health and safety risks and hazards. This plays a very important part of becoming ISO 45001 certified.
Specific goals that an organisation sets to achieve its policy.
A failure to meet the requirements or specifications specified in a standard, regulation, duty, and/or the organisations own requirements.
Measuring and evaluating an organisation’s performance.
A set of policies, procedures, and processes developed by an organisation to manage and control its conformity to an ISO standard.
A periodic evaluation of an organisation’s Management system by top management to assess its effectiveness and identify opportunities for improvement. The inputs and outputs of the meeting are specific to the standard and involves review of the management system.
A term used to describe the management and control of changes that may have an impact on Occupational Health & Safety (OH&S) risks to ensure that appropriate methodology and controls are applied, for example, the purchase of new equipment may require updates to risk assessments, training, location review etc.
Considering the environmental impacts of a product or service throughout its entire life cycle, considering initial design of activities, acquisition and extraction, production/service delivery, transportation, consumption/application and end of life/disposal.
The environmental laws, regulations, and other standards that organisations must follow.
The actions and decisions of top management that control and direct an organisation.
Metrics that organisations use to assess the operating effectiveness and performance of their management systems.
A global standard that outlines what a quality management system (QMS) should do and how to do it. Find out more about ISO 9001 here.
A global standard for managing an organisation’s occupational health and safety risks. Find out more about ISO 45001 here.
A global standard that provides a way for organisations to manage and protect their information. Find out more about ISO 27001 here.
A global standard for managing an organisation’s environmental impacts. Find out more about ISO 14001 here.
Issues that involve inner factors under the direct control of a company such as structure, culture, resources etc.
A systematic and independent review of an organisation’s policies, procedures, and processes to determine compliance with the ISO Standard requirements and the organisation’s own management system.
We offer a wide range of auditing training courses – click here for details.
An interested party is essentially a stakeholder – an individual or a group of people affected by an organisation’s activities.
A set of guidelines that help organisations manage their information security risks and ensure their information is safe. This is an integral part of achieving ISO 27001.
An event that affects an organisation’s information security, such as a breach or a loss of data.
Anything that an organisation uses or processes, such as data, files, or documents.
The ongoing effort to make things better by improving products, services, and processes to achieve better quality, efficiency, and customer satisfaction.
Putting an organisation’s policies and processes into action.
A term used to describe the order or controls applied to risk- Elimination, substitution, Engineering Controls, Administrative Controls, PPE.
A source or situation that can cause harm to people, property, or the environment.
A term used where an external resource (e.g. supplier, contractor, subcontractor etc…) may provide all or part of a process, product or service that forms part of an organisation’s product or service provision.
External issues arise from factors that are not within direct control of the company, such as legal, technological, competitive, market, cultural, social, and economic environments (local, regional, national, or international).
An audit carried out by an external independent body of an organisation’s policies, procedures, and processes to determine compliance with specific standards and requirements.
The results achieved by an organisation in managing its environmental impacts.
A set of policies, procedures, and processes for managing an organisation’s environmental impacts. This plays a very important part of becoming ISO 14001 certified.
Any change to the environment resulting from an organisation’s activities, products, or services.
The elements of an organisation’s activities, products, and services that affect the environment. Once assessed for significance, environmental aspects can sometimes be known as SEA’s ‘Significant Environmental Aspects’.
Planning and implementing procedures to prevent and respond to environmental emergencies.
Planning and procedures to prevent and respond to occupational health and safety emergencies.
The process of managing documents to ensure their accuracy, completeness, and accessibility.
The term used for the design of products or services for use by an organisation’s customers, and the method for controlling changes or enhancements made to existing products or services.
The degree to which a product or service meets or exceeds customer expectations.
A person or organisation that receives a product or service from the organisation.
The process of identifying and addressing the root cause of a nonconformity to prevent its recurrence.
A term used for an external provider providing functions such as consultants, people conducting maintenance works, cleaning, security.
The ongoing effort to improve processes to achieve overall improvement of the management system and organisations objectives.
A combination of internal and external issues that can have an effect on an organisation’s approach to developing and achieving its objectives.
The act of complying with the guidelines or requirements set forth in a standard, regulation, duty, and/or the organisations own requirements.
A term used to describe the management and control of changes.
Legal requirements and other requirements (admitted term). Legal requirements that an organisation has to comply with and other requirements that an organisation has to or chooses to comply with.
Meeting legal and other requirements related to occupational health and safety.
The process of verifying that an organisation or individual meets specific standards and requirements.
The process of comparing a measurement device or system with a reference standard to ensure accuracy and reliability.
An alternative term used for a QMS, EMS, OHSMS, ISMS or a combination of these that make up management systems that may or may not be integrated.
The plans and procedures that an organisation has in place to keep operating during and after a disruption. ISO 22301 is the Business Continuity standard.
Something that an organisation values, such as information, hardware, software, or property. Threat: Something that could cause harm to an organisation’s information, like a hacker, virus, or natural disaster.
The process of assessing and recognising the competence of an organisation or individual to perform specific tasks or services.
The process of making sure that only authorised people can access an organisation’s information.
Get Started on Your Certification Journey Now
Your certification costs will depend on the size of your business, location, and the sector you’re in.
