ISO & Quality Management Glossary
A comprehensive A–Z reference of ISO and quality management terminology. Definitions for terms used across ISO 9001, ISO 14001, ISO 45001 and other management system standards.
This glossary covers the most important terms you will encounter when working with ISO management system standards. Whether you are preparing for certification, conducting internal audits or simply learning about quality management, these definitions will help you understand the language of ISO standards.
A
Accreditation
Formal recognition by an authoritative body that a certification body is competent to carry out specific conformity assessment tasks such as certification, testing or inspection.
Audit (Internal/External/Third-party)
A systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. Internal audits are conducted by the organisation itself, external audits by customers or independent third-party certification bodies.
Audit Criteria
The set of policies, procedures or requirements used as a reference against which audit evidence is compared during an audit.
Audit Evidence
Records, statements of fact or other verifiable information that is relevant to the audit criteria being assessed.
Audit Finding
The result of evaluating collected audit evidence against audit criteria. Findings can indicate conformity, nonconformity or opportunities for improvement.
Audit Programme
A set of one or more audits planned for a specific timeframe and directed towards a particular purpose, including the schedule, scope, methods and resources required.
Annex SL
The high-level framework defined by ISO that provides a common structure, core text and terminology for all ISO management system standards, enabling easier integration of multiple standards.
B
Benchmarking
The practice of comparing an organisation's processes, performance metrics or practices against industry best practices or leading competitors to identify areas for improvement.
Business Continuity
The capability of an organisation to continue delivering products or services at acceptable predefined levels following a disruptive incident, supported by planning and preparedness activities.
C
Calibration
The process of comparing measurements from a device or instrument against a known standard to ensure accuracy, and making adjustments where necessary to maintain measurement traceability.
Certification
The formal attestation by an accredited third-party body that an organisation's management system conforms to the requirements of a specific ISO standard.
Certification Body
An independent, accredited organisation authorised to assess and certify that a company's management system meets the requirements of a particular ISO standard.
Clause
A numbered section within an ISO standard that contains specific requirements or guidance. For example, ISO 9001 contains clauses 1 through 10.
Competence
The demonstrated ability to apply knowledge and skills to achieve intended results. Organisations must ensure personnel affecting quality performance are competent through education, training or experience.
Compliance
The act of meeting mandatory legal, regulatory or contractual requirements imposed by external authorities or agreements.
Conformity
The fulfilment of a specified requirement of a standard or specification. Unlike compliance, conformity typically refers to meeting voluntary standard requirements rather than legal obligations.
Continual Improvement
A recurring activity to enhance performance and the effectiveness of the management system. It is a core principle of ISO standards and follows the Plan-Do-Check-Act cycle.
Context of the Organisation
The combination of internal and external issues, interested parties and their requirements that affect an organisation's ability to achieve the intended outcomes of its management system (Clause 4 of Annex SL-based standards).
Corrective Action
Action taken to eliminate the root cause of a detected nonconformity or other undesirable situation in order to prevent its recurrence.
Customer Satisfaction
The customer's perception of the degree to which their requirements and expectations have been fulfilled. Monitoring customer satisfaction is a key requirement of ISO 9001.
D
Design and Development
The set of processes that transform requirements into specified characteristics for a product, service, or process. ISO 9001 Clause 8.3 requires planning, inputs, controls, outputs and changes to be managed.
Document Control
The systematic management of documents and records to ensure they are approved, current, available where needed, and protected from unintended changes or loss.
Documented Information
Information that an organisation is required to control and maintain, encompassing both documents (procedures, policies, forms) and records (evidence of activities performed).
E
Effectiveness
The extent to which planned activities are realised and planned results are achieved. ISO standards require organisations to evaluate the effectiveness of actions taken and the management system overall.
Environmental Aspect
An element of an organisation's activities, products or services that interacts or can interact with the environment, such as emissions, waste discharge or resource consumption.
Environmental Impact
Any change to the environment, whether adverse or beneficial, wholly or partially resulting from an organisation's environmental aspects.
Environmental Management System (EMS)
A structured framework, as defined by ISO 14001, for managing an organisation's environmental responsibilities in a systematic way that contributes to environmental sustainability.
External Provider
An outside organisation that provides products, processes or services to the organisation, including suppliers, subcontractors and outsourced process providers.
G
Gap Analysis
A systematic comparison of an organisation's current practices and systems against the requirements of an ISO standard to identify areas that need to be addressed before certification.
H
Hazard
A source or situation with the potential to cause harm in terms of injury, ill health, damage to property, the environment, or a combination of these. Central to ISO 45001 risk management.
High Level Structure (HLS)
The identical core structure, terminology and definitions shared by all ISO management system standards (also known as Annex SL), making it easier to implement and integrate multiple standards.
I
Improvement
Activity to enhance performance. ISO management system standards require organisations to determine and select opportunities for improvement and implement necessary actions.
Information Security Management System (ISMS)
A systematic approach to managing sensitive information so that it remains secure, as defined by ISO/IEC 27001. It includes people, processes and IT systems.
Integrated Management System (IMS)
A single, unified management system that addresses the requirements of two or more ISO standards (e.g., ISO 9001, ISO 14001 and ISO 45001) to reduce duplication and improve efficiency.
Interested Party
A person or organisation that can affect, be affected by, or perceive itself to be affected by a decision or activity. Also known as a stakeholder.
Internal Audit
An audit conducted by or on behalf of the organisation itself to evaluate how well the management system conforms to the organisation's own requirements and the applicable ISO standard.
ISO (International Organization for Standardization)
An independent, non-governmental international body comprising national standards bodies from over 160 countries that develops and publishes voluntary international standards.
L
Leadership
The commitment and active involvement of top management in establishing, implementing and improving the management system. ISO standards require leaders to demonstrate accountability and promote a quality or safety culture.
Lifecycle Perspective
Consideration of the environmental aspects and impacts of a product or service throughout all stages of its life, from raw material acquisition through production, use and end-of-life treatment. Required by ISO 14001.
M
Management Review
A periodic, planned evaluation by top management of the suitability, adequacy and effectiveness of the management system, including consideration of opportunities for improvement and the need for changes.
Management System
The set of interrelated or interacting elements of an organisation used to establish policies and objectives and the processes to achieve those objectives. It provides a framework for consistent performance.
Monitoring
Determining the status of a system, process, product, service or activity through observation, supervision or measurement at defined intervals.
Measurement
The process of determining a value, typically using instruments or defined methods. Measurement provides quantitative data for decision making and performance evaluation.
N
Nonconformity (NC/NCR)
The non-fulfilment of a requirement. A nonconformity report (NCR) documents the deviation and triggers corrective action. Nonconformities can be classified as major or minor.
Normative Reference
A document referred to in a standard that is indispensable for its application. For ISO 9001:2015, the normative reference is ISO 9000:2015 (fundamentals and vocabulary).
O
Objective
A result to be achieved, which should be consistent with the organisation's policy, measurable where practicable, monitored, communicated and updated as appropriate.
Observation
A statement of fact made during an audit that does not constitute a nonconformity but highlights an area that could become a concern or represents an opportunity for improvement.
Occupational Health and Safety (OH&S)
Conditions and factors that affect or could affect the health and safety of workers and other persons in the workplace. ISO 45001 provides the framework for managing OH&S risks.
P
Performance Evaluation
The process of monitoring, measuring, analysing and evaluating how well the management system and its processes are performing against planned objectives and criteria (Clause 9 of Annex SL standards).
Plan-Do-Check-Act (PDCA)
A four-stage iterative management cycle used to control and continually improve processes: Plan (establish objectives), Do (implement), Check (monitor and measure), Act (take action to improve).
Policy
A formal statement by top management of an organisation's intentions and direction relating to quality, environment or health and safety. The policy provides a framework for setting objectives.
Preventive Action
Action taken to eliminate the cause of a potential nonconformity or other undesirable potential situation before it occurs. In ISO 9001:2015, this concept is addressed through risk-based thinking.
Procedure
A specified way to carry out an activity or a process. Procedures define what is to be done, by whom, when, where and how, ensuring consistency and repeatability.
Process
A set of interrelated or interacting activities that use inputs to deliver an intended result (output). The process approach is a fundamental principle of ISO management systems.
Process Approach
A management strategy that treats activities and related resources as interconnected processes, enabling more efficient and predictable results through systematic management of process interactions.
Q
Quality
The degree to which a set of inherent characteristics of a product, service, system or process fulfils requirements and expectations of customers and other interested parties.
Quality Management
The coordinated activities to direct and control an organisation with regard to quality, including quality planning, quality assurance, quality control and quality improvement.
Quality Management System (QMS)
A formalised system of processes, procedures and responsibilities for achieving quality policies and objectives. ISO 9001 specifies the requirements for an effective QMS.
Quality Manual
A document specifying the quality management system of an organisation, typically including the QMS scope, documented procedures and a description of process interactions. No longer mandatory under ISO 9001:2015 but widely used.
Quality Objectives
Specific, measurable goals related to quality that are consistent with the quality policy, set at relevant functions and levels within the organisation and monitored for achievement.
Quality Policy
A high-level statement of an organisation's overall intentions and direction related to quality, formally expressed by top management. It provides the framework for setting quality objectives.
R
Risk
The effect of uncertainty on objectives. Risk can be positive (opportunity) or negative (threat) and is expressed in terms of likelihood and consequence.
Risk Assessment
The overall process of risk identification, risk analysis and risk evaluation, used to understand the nature of risk and to determine the level of risk for prioritisation and treatment.
Risk-Based Thinking
An approach introduced in ISO 9001:2015 that requires organisations to consider risk when planning and operating their management system, replacing the previous concept of standalone preventive action.
Root Cause Analysis
A systematic investigation method used to identify the fundamental underlying cause of a nonconformity or problem, rather than just addressing its symptoms, to prevent recurrence.
S
Scope
The boundaries and applicability of a management system, including the products, services, processes, locations and organisational units covered.
Stakeholder
Any person, group or organisation that has an interest in or can be affected by the organisation's activities, decisions or outputs. Also referred to as an interested party.
Standard
A document, established by consensus and approved by a recognised body, that provides rules, guidelines or characteristics for activities or their results, aimed at achieving optimum order in a given context.
Surveillance Audit
A periodic audit conducted by a certification body between certification and recertification audits to verify that the certified management system continues to meet the standard's requirements.
SWOT Analysis
A strategic planning tool used to evaluate Strengths, Weaknesses, Opportunities and Threats relevant to an organisation, often used when analysing the context of the organisation under Clause 4.
T
Top Management
The person or group of people who direct and control an organisation at the highest level. ISO standards place specific responsibilities on top management for leadership and commitment.
Traceability
The ability to trace the history, application, location and distribution of a product, component or material through all stages of production, processing and delivery.
V
Validation
Confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled. Validation answers: "Are we building the right product?"
Verification
Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled. Verification answers: "Are we building the product right?"
W
Work Instruction
A detailed, step-by-step document that describes how to perform a specific task or operation. Work instructions provide more detail than procedures and are typically used at the operational level.
Worker Participation
The involvement of workers in decision-making processes related to the management system, particularly regarding occupational health and safety. ISO 45001 requires active consultation and participation of workers.