Home » Glossary
Our ISO Glossary has been designed to help you navigate your way through some of the terms you might come across on your journey to certification.
The process of making sure that only authorized people can access an organization’s information.
The process of assessing and recognising the competence of an organization or individual to perform specific tasks or services.
Something that an organization values, such as information, hardware, software, or property. Threat: Something that could cause harm to an organization’s information, like a hacker, virus, or natural disaster.
The plans and procedures that an organization has in place to keep operating during and after a disruption. ISO 22301 is the Business Continuity standard.
An alternative term used for a QMS, EMS, OHSMS, ISMS or a combination of these that make up management systems that may or may not be integrated.
The process of comparing a measurement device or system with a reference standard to ensure accuracy and reliability.
The process of verifying that an organization or individual meets specific standards and requirements.
Meeting legal and other requirements related to occupational health and safety.
Legal requirements and other requirements (admitted term). Legal requirements that an organization has to comply with and other requirements that an organization has to or chooses to comply with.
A term used to describe the management and control of changes.
The act of complying with the guidelines or requirements set forth in a standard, regulation, duty, and/or the organization’s own requirements.
A combination of internal and external issues that can have an effect on an organization’s approach to developing and achieving its objectives.
The ongoing effort to improve processes to achieve overall improvement of the management system and organizations objectives.
A term used for an external provider providing functions such as consultants, people conducting maintenance works, cleaning, and security.
The process of identifying and addressing the root cause of a nonconformity to prevent its recurrence.
A person or organization that receives a product or service from the organization.
The degree to which a product or service meets or exceeds customer expectations.
The term used for the design of products or services for use by an organization’s customers, and the method for controlling changes or enhancements made to existing products or services.
The process of managing documents to ensure their accuracy, completeness, and accessibility.
Planning and procedures to prevent and respond to occupational health and safety emergencies.
Planning and implementing procedures to prevent and respond to environmental emergencies.
The elements of an organization’s activities, products, and services that affect the environment. Once assessed for significance, environmental aspects can sometimes be known as SEA’s ‘Significant Environmental Aspects’.
Any change to the environment resulting from an organization’s activities, products, or services.
A set of policies, procedures, and processes for managing an organization’s environmental impacts. This plays a very important part of becoming ISO 14001 certified.
The results achieved by an organization in managing its environmental impacts.
An audit carried out by an external independent body of an organization’s policies, procedures, and processes to determine compliance with specific standards and requirements.
External issues arise from factors that are not within direct control of the company, such as legal, technological, competitive, market, cultural, social, and economic environments (local, regional, national, or international).
A term used where an external resource (e.g. supplier, contractor, subcontractor etc…) may provide all or part of a process, product or service that forms part of an organization’s product or service provision.
A source or situation that can cause harm to people, property, or the environment.
A term used to describe the order or controls applied to risk—Elimination, substitution, Engineering Controls, Administrative Controls, PPE.
Putting an organization’s policies and processes into action.
The ongoing effort to make things better by improving products, services, and processes to achieve better quality, efficiency, and customer satisfaction.
Anything that an organization uses or processes, such as data, files, or documents.
An event that affects an organization’s information security, such as a breach or a loss of data.
A set of guidelines that help organizations manage their information security risks and ensure their information is safe. This is an integral part of achieving ISO 27001.
An interested party is essentially a stakeholder—an individual or a group of people affected by an organization’s activities.
A systematic and independent review of an organization’s policies, procedures, and processes to determine compliance with the ISO Standard requirements and the organization’s own management system.
We offer a wide range of auditing training courses—click here for details.
Issues that involve inner factors under the direct control of a company such as structure, culture, resources etc.
A global standard for managing an organization’s environmental impacts. Find out more about ISO 14001 here.
A global standard that provides a way for organizations to manage and protect their information. Find out more about ISO 27001 here.
A global standard for managing an organization’s occupational health and safety risks. Find out more about ISO 45001 here.
A global standard that outlines what a quality management system (QMS) should do and how to do it. Find out more about ISO 9001 here.
Metrics that organizations use to assess the operating effectiveness and performance of their management systems.
The actions and decisions of top management that control and direct an organization.
The environmental laws, regulations, and other standards that organizations must follow.
Considering the environmental impacts of a product or service throughout its entire life cycle, considering initial design of activities, acquisition and extraction, production/service delivery, transportation, consumption/application and end of life/disposal.
A term used to describe the management and control of changes that may have an impact on Occupational Health & Safety (OH&S) risks to ensure that appropriate methodology and controls are applied, for example, the purchase of new equipment may require updates to risk assessments, training, location review etc.
A periodic evaluation of an organization’s Management system by top management to assess its effectiveness and identify opportunities for improvement. The inputs and outputs of the meeting are specific to the standard and involves review of the management system.
A set of policies, procedures, and processes developed by an organization to manage and control its conformity to an ISO standard.
Measuring and evaluating an organization’s performance.
A failure to meet the requirements or specifications specified in a standard, regulation, duty, and/or the organization’s own requirements.
Specific goals that an organization sets to achieve its policy.
A set of policies, procedures, and processes used to manage an organization’s occupational health and safety risks and hazards. This plays a very important part of becoming ISO 45001 certified.
The processes and activities used to deliver and control an organization’s management system requirements, including corrective and preventive actions.
The term used for positive or beneficial effects achieved, these may be identified as a result of a risk, event, change or the ability to do something new.
A term used to describe an ‘opportunity’ that has been identified that may result in the improvement of the management system, or a particular element of the organization’s success.
A person or group of people that has its own functions with responsibilities, authorities, and relationships to achieve its commercial objectives.
A term used for when an organization may use the services of an external provider/supplier to provide products, services, or processes.
Measurable results of the management systems, related to the organization’s control of risks, based on its policies and objectives.
The process of monitoring, measuring, analyzing, and evaluating an organization’s performance to make sure it is meeting its objectives.
The process of identifying out what the organization wants to achieve and how it will get there.
A statement of an organization’s Intentions and direction, commitments, goals, and objectives related to a specific subject, that are formally expressed by its top management.
The process of identifying and addressing potential sources of nonconformities to prevent their occurrence.
A set of interrelated or interacting processes or process elements that transforms inputs into outputs.
Products are typically tangible items, something that your customers can physically hold in their hands.
A set of policies, procedures, and processes used to ensure that an organization delivers products or services that meet or exceed customer requirements. This plays a very important part of becoming ISO 9001 certified.
The term used for a potential adverse effect (threat).
The chance that something bad could happen to an organization’s information.
The overall process of estimating the magnitude of risk and deciding whether or not the risk is acceptable. Take a look at our Health and Safety Risk Assessment Awareness Online Training Course.
The process of identifying, assessing, and controlling potential risks that could negatively impact an organization’s objectives.
Thinking systematically about the risks and opportunities in all processes and throughout the management system.
A short descriptive statement that sets out the boundaries of the management system applicability e.g. what the organization provides, for whom and where.
A service is typically an intangible item consisting of one or more activities performed between an organization and a customer.
An individual or group who can affect or be affected by an organization’s activities, products, or services.
A document that provides guidelines or requirements to achieve a particular level of quality or performance.
In ISO 27001 Annex A contains a number of clauses that need to be fulfilled in order to comply with the standard requirements. The statement of applicability refers to each clause as outlined and explains either the controls to be implemented, or the justification to why the clause is not applicable.
The evaluation of a supplier’s ability to deliver products or services that meet or exceed the organization’s requirements.
The resources and infrastructure necessary to help the organization achieve its objectives.
The process of verifying that a product, service, or system meets specific requirements and performs as intended.
The process of confirming that a product, service, or system meets specific requirements and specifications.
A weakness in an organization’s information security that could be exploited by a threat.
An injury or illness caused by an organization’s work activities.
Anyone working for an organization, including employees, contractors, and temporary workers.
Involving workers in occupational health and safety decision-making.
Any location where work activities that are controlled by the organization takes place.
Get Started on Your Certification Journey Now
Your certification costs will depend on the size of your business, location, and the sector you’re in.
It looks as though you are visiting from
Welcome to the Amtivo Group website.
Our teams are based in offices across Asia, Europe, and the Americas. To access a regional website, please choose your location from the list below. Alternatively, you can continue to our group website.
To visit one of our other regional websites, please choose a location from the list below.
