ISO Certification Glossary

A systematic framework to prevent, detect, and address bribery within an organization and in its business relationships. ISO 37001:2016 is the international certification standard for ABMS, applicable to public, private, and not-for-profit organizations of all sizes.

A common framework structure mandated by ISO for all new and revised management system standards. Annex SL gives standards like ISO 9001, ISO 14001, ISO 45001, ISO 27001, and ISO 50001 the same high-level clause structure (10 clauses), making it significantly easier to integrate multiple standards into a single Integrated Management System (IMS).

An independent, accredited third-party organization that conducts formal Stage 1 and Stage 2 audits and issues ISO certificates upon successful completion. Certification bodies in India must be accredited by NABCB (National Accreditation Board for Certification Bodies) or equivalent international accreditation bodies (e.g., UKAS, DAkkS).

A step in a food production process at which a control measure can be applied to prevent, eliminate, or reduce a food safety hazard to an acceptable level. Identifying CCPs is the second of the 7 HACCP principles.

A mandatory conformity mark for products sold in the European Economic Area (EEA), indicating that a product meets EU safety, health, and environmental protection requirements. ISO 13485 certification is a standard pathway for Indian medical device manufacturers to achieve CE Marking under the EU MDR 2017/745.

India's landmark data protection legislation enacted in 2023, governing the collection, processing, and storage of personal data. ISO/IEC 27001:2022 provides an ideal framework for achieving DPDP Act compliance, particularly for IT companies, BPOs, and healthcare organizations.

A set of processes and practices that enable an organization to systematically reduce its environmental impacts and increase its operating efficiency. An EMS helps track, manage, and improve environmental performance. ISO 14001 is the international certification standard for EMS.

A systematic framework for organizations to manage energy consumption, improve energy efficiency, and reduce energy costs and greenhouse gas emissions. ISO 50001 is the international standard for EnMS. Organizations implementing ISO 50001 typically report 10–30% reductions in energy costs.

An integrated set of policies and procedures that ensures food produced or handled by an organization is safe for consumption. FSMS incorporates HACCP principles, prerequisite programs, and management system requirements. ISO 22000 is the internationally recognized FSMS certification standard.

An initial assessment conducted by an ISO consultant to compare an organization's current processes, documentation, and practices against the requirements of a specific ISO standard. The gap analysis identifies areas that need improvement before a formal ISO audit can be passed. VETREO provides free gap analysis for all ISO certification engagements.

A science-based, systematic approach to food safety that identifies, evaluates, and controls biological, chemical, and physical hazards in food production. Originally developed for NASA's space food program, HACCP is mandated by FSSAI in India for high-risk food businesses and required by international food import regulations.

An independent, non-governmental international organization headquartered in Geneva, Switzerland. ISO develops and publishes international standards covering nearly every industry — from technology and food safety to healthcare and environmental management. It has published over 24,000 standards used in 167 countries.

A systematic framework of policies, processes, and controls that an organization uses to manage and protect its information assets from security threats such as cyberattacks, data breaches, and unauthorized access. ISO/IEC 27001 is the international certification standard for ISMS.

A structured framework for planning, delivering, and continuously improving IT services. An SMS ensures IT services are aligned with business needs and consistently meet agreed Service Level Agreements (SLAs). ISO/IEC 20000-1 is the international certification standard for IT SMS.

India's premier accreditation body for healthcare organizations, established under the Quality Council of India (QCI). NABH accreditation certifies that a hospital meets rigorous standards for patient safety, clinical care, and organizational management. It is required for empanelment under CGHS, ECHS, and Ayushman Bharat/PMJAY.

An autonomous body established by UGC India to assess and accredit higher education institutions. ISO 21001 (EOMS) and NAAC are complementary — ISO 21001 provides an internationally recognized management system framework that many institutions implement to strengthen their NAAC preparation.

A framework that enables organizations to reduce occupational risks, prevent workplace injuries and ill-health, and create a safe working environment. ISO 45001:2018 is the international standard for OH&SMS, replacing the earlier OHSAS 18001.

An iterative four-step management method used for the control and continuous improvement of processes and products. All ISO management system standards are built around the PDCA cycle: Plan (establish objectives), Do (implement processes), Check (monitor and measure), Act (take corrective actions and improve).

A formalized system that documents processes, procedures, and responsibilities for achieving quality policies and objectives. A QMS helps coordinate and direct an organization's activities to meet customer and regulatory requirements and improve effectiveness and efficiency on a continuous basis. ISO 9001 is the internationally recognized QMS certification standard.

An annual on-site or remote audit conducted by the certification body during Years 1 and 2 of a 3-year ISO certification cycle to verify that the organization continues to comply with the standard's requirements. Certification is suspended or withdrawn if surveillance audits reveal non-conformities that are not corrected.