Introduction to the 17 Common ISO Systems

 

There are too many ISO systems and it's confusing which one to choose? No worries! Today, let's go through them one by one to explain which type of system certification is most suitable for different enterprises. Avoid wasting money and don't miss the certificates you need!

 

01

ISO9001 Quality Management System

The ISO9001 standard is universally applicable. This doesn't mean the 9000 standards are all-powerful, but because ISO9001 is a foundational standard, embodying the essence of Western quality management science. It applies to manufacturing enterprises, as well as service industries, intermediary companies, sales companies, etc., because quality principles are universal.

 

Generally speaking, the ISO9001 standard is more suitable for manufacturing enterprises because the content of the standard corresponds well and the processes are clearer, giving a sense of fitting the right place.

 

Sales companies can be divided into two types: pure sales and manufacturing sales companies. If it is a pure sales company, its products are outsourced or procured, and its product is sales service rather than product manufacturing. Therefore, the planning process should consider the particularity of the product (sales process), which makes system planning easier.

 

If it is a manufacturing sales enterprise, including production, both the production process and sales process should be planned. So when a sales company applies for ISO9001 certification, it should consider its own products and distinguish itself from manufacturing enterprises.

 

Overall, regardless of the size or industry of the enterprise, currently all enterprises are suitable for ISO9001 certification. Its scope is broad and fits any industry, serving as the foundation and basis for all enterprises to grow and develop. For different industries, ISO9001 has derived various detailed standards, such as quality system standards for the automotive and medical industries.

 

02

ISO14001 Environmental Management System

ISO14001 environmental management system certification applies to any organization, including enterprises, institutions, and related government units. After certification, it proves that the organization has reached an international level in environmental management, ensuring control of various pollutants in all processes, products, and activities of the enterprise, thereby establishing a good social image for the enterprise.

 

Environmental protection issues have increasingly attracted attention. Since the International Organization for Standardization released the ISO14001 environmental management system standard and several related standards, it has received widespread response and attention worldwide. More and more environmentally conscious and energy-saving enterprises have voluntarily implemented the ISO14001 environmental management system.

 

Generally, enterprises implement the ISO14001 environmental management system under the following circumstances:

 

1. Emphasizing environmental protection, hoping to fundamentally achieve pollution prevention and continuous improvement through the implementation of the environmental management system, while promoting the development of clean products, adoption of clean processes, use of efficient equipment, and proper waste disposal.

2. Requirements from related parties. For example, suppliers, customers, bidding, and tendering may require enterprises to provide ISO14001 environmental management system certification.

3. Improving enterprise management level and promoting transformation of management models. By controlling the consumption of various resources, comprehensively optimizing cost management.

In summary, ISO14001 environmental management system is a voluntary certification. Any enterprise with a need for improvement can implement this certification to enhance its reputation and fundamentally improve management levels.

 

03

ISO45001 Occupational Health and Safety Management System

 

ISO45001 is an international safety and health management system certification standard, a new version of the original Occupational Health and Safety Management System (OHSAS18001). Its purpose is to reduce and prevent losses of life, property, and time caused by accidents through management, as well as environmental damage.

 

ISO 45001 occupational health and safety management system applies to any organization's occupational health and safety management system standard. Its purpose is to reduce and prevent losses of life, property, and time caused by accidents through management, as well as environmental damage.

 

We usually refer to ISO9001, ISO14001, and ISO45001 together as the three systems (also called the three standards).

 

These three system standards apply to all industries, and some local governments even provide financial subsidies to certified enterprises.

 

04

GB/T50430 Construction Quality Management System

 

Any enterprise engaged in construction engineering, road and bridge engineering, equipment installation, and other related projects must have corresponding qualification certificates, including the GB/T50430 construction system.

 

In bidding activities, if you are an enterprise in the construction industry, you are likely familiar with GB/T50430 certification, especially since having three certificates can increase bid scores and improve the winning rate.

 

05

ISO27001 Information Security Management System

 

1. Industries where information is the lifeline:

 

1. Financial industry: banks, insurance, securities, funds, futures, etc.

2. Telecommunications industry: telecom, Netcom, mobile, Unicom, etc.

3. Shell companies: foreign trade, import and export, HR, headhunting, accounting firms, etc.

 

2. Industries highly dependent on information technology:

1. Steel, semiconductors, logistics

2. Electric power, energy

3. Outsourcing (ITO or BPO): IT, software, telecom IDC, call centers, data entry, data processing, etc.

 

3. Industries with high technical process requirements and coveted by competitors:

1. Pharmaceuticals, fine chemicals

2. Research institutions

 

Introducing an information security management system can coordinate information management in various aspects, making management more effective. Ensuring information security is not just about having a firewall or hiring a company that provides 24-hour information security services; it requires comprehensive integrated management.

 

06

ISO20000 Information Technology Service Management System

 

ISO20000 is the first international standard for IT service management system requirements. It adheres to the philosophy of "customer-oriented, process-centered" and emphasizes continuous improvement of IT services provided by organizations according to the PDCA (Deming quality) methodology. Its purpose is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving IT service management systems (ITSM).

 

ISO 20000 certification is suitable for IT service providers, which can be internal IT departments or external service providers, including (but not limited to) the following categories:

1. IT service outsourcing providers

2. IT system integrators and software developers

3. Internal IT service providers or IT operations support departments within enterprises

 

07

ISO22000 Food Safety Management System

 

ISO22000 Food Safety Management System Certificate is one of the essential certificates in the catering industry.

 

The ISO22000 system applies to all organizations in the entire food supply chain, including feed processing, primary product processing, food manufacturing, transportation and storage, as well as retailers and the catering industry.

 

It can also be used as a standard basis for organizations to conduct second-party audits of their suppliers, and of course, it can be used for third-party commercial certification.

 

08

HACCP Hazard Analysis and Critical Control Points System

 

The HACCP system is a preventive food safety control system that assesses hazards that may occur during food processing and then takes control measures.

 

This system mainly targets food production enterprises and focuses on the hygiene and safety of the entire production chain (responsible for consumer life safety).

 

Although both ISO22000 and HACCP systems belong to food safety management, they differ in scope: ISO22000 applies to various industries, while HACCP only applies to the food and related industries.

 

09

IATF16949 Automotive Industry Quality Management System

 

Enterprises suitable for IATF16949 system certification include manufacturers of passenger cars, trucks, buses, motorcycles, and their parts and accessories.

 

Enterprises not suitable for IATF16949 system certification include manufacturers of industrial vehicles (forklifts), agricultural vehicles (small trucks), construction vehicles (engineering vehicles), mining, forestry, and other utility vehicles.

 

For mixed-production enterprises where only a small portion of products are supplied to automobile manufacturers, IATF16949 certification can also be done. All company management should follow IATF16949, including automotive product technology. If the production sites can be separated, only the automotive product manufacturing site needs to be managed according to IATF16949; otherwise, the entire factory must comply with IATF16949.

 

Although mold product manufacturers are suppliers in the automotive supply chain, their supplied products are not used on automobiles, so they cannot apply for IATF16949 certification. Similar cases include transportation suppliers, etc.

 

10

Product After-Sales Service Certification

 

Any enterprise legally operating within the People's Republic of China can apply for product after-sales service certification, including enterprises manufacturing tangible products, selling tangible products, and providing intangible products (services).

 

Products are items entering the consumer field. Besides tangible products, products also include intangible services. Both industrial and consumer goods belong to products.

 

Tangible products have external form and intrinsic quality as well as promotional elements such as quality, packaging, brand, shape, style, color tone, culture, etc.

 

Intangible products include labor and technical services, such as financial services, accounting services, marketing planning, creative design, management consulting, legal consulting, programming, etc. Intangible products generally occur along with tangible products and infrastructure, such as aviation services, hotel services, beauty services, etc.

 

Therefore, any production, trade, or service enterprise with independent legal status can apply for product after-sales service certification.

 

11

Automotive Functional Safety Certification ISO26262

 

ISO26262 is derived from the basic functional safety standard IEC61508 for electronic, electrical, and programmable devices, mainly targeting specific electrical components, electronic devices, and programmable electronic devices used in the automotive field, aiming to improve the international standard for functional safety of automotive electronic and electrical products.

 

ISO26262 officially began development in November 2005, took about six years, and was officially published in November 2011 as an international standard. China is also actively developing corresponding national standards.

 

Safety is one of the key elements in future automotive research and development. New functions are not only used for assisted driving but also applied to vehicle dynamic control and active safety systems related to safety engineering. In the future, the development and integration of these functions will strengthen the demand for safety system development processes and provide evidence to meet all intended safety goals.

 

With increasing system complexity, software and electromechanical device applications, risks from system failures and random hardware failures are also increasing. The purpose of ISO 26262 is to provide a better understanding of safety-related functions and explain them as clearly as possible, while providing feasible requirements and processes to avoid these risks.

 

ISO 26262 provides a lifecycle concept (management, development, production, operation, service, disposal) for automotive safety and offers necessary support during these lifecycle stages. The standard covers the overall development process of functional safety (including requirements planning, design, implementation, integration, verification, validation, and configuration).

 

The ISO 26262 standard determines safety requirement levels for systems or system components based on safety risk levels, classified from A to D (Automotive Safety Integrity Level ASIL), with level D being the highest and requiring the most stringent safety requirements.

 

As the ASIL level increases, the requirements for system hardware and software development processes also increase. For system suppliers, in addition to meeting existing high-quality requirements, they must also meet these higher requirements imposed by increased safety levels.

 

12

ISO13485 Medical Device Quality Management System

ISO13485, called "Medical Devices - Quality Management Systems - Requirements for Regulatory Purposes" in Chinese, is a special standard issued by the ISO organization because medical devices are special products for saving lives and treating diseases. The general requirements of ISO9000 are insufficient for regulation. Therefore, ISO13485:1996 (YY/T0287 and YY/T0288) was issued to propose special requirements for the quality management systems of medical device manufacturers, promoting the safety and effectiveness of medical device quality.

 

The version in effect as of November 2017 is ISO13485:2016 "Medical Devices Quality Management Systems - Requirements for Regulatory Purposes." The name and content have changed compared to previous versions.

 

Certification Registration Conditions:

 

1. Have obtained a production license or other qualification certificates (when required by national or departmental regulations).

 

2. The products covered by the quality management system applying for certification should comply with relevant national standards, industry standards, or registered product standards (enterprise standards), and the products should be finalized and produced in batches.

 

3. The applying organization should establish a management system that meets the certification standard to be applied for. For medical device production and operation enterprises, they should also meet the requirements of YY/T 0287 standard. Enterprises producing Class III medical devices should have operated the quality management system for no less than 6 months; enterprises producing and operating other products should have operated it for no less than 3 months. At least one comprehensive internal audit and one management review should have been conducted.

 

4. Within one year before submitting the certification application, the applying organization's products should have no major customer complaints or quality incidents.

13

ISO5001 Energy Management System

 

On August 21, 2018, the International Organization for Standardization (ISO) announced the release of the new energy management system standard ISO 50001:2018. The new standard is revised based on the 2011 version to meet ISO's requirements for management system standards, including the high-level structure called Annex SL, the same core text, and common terms and definitions to ensure high compatibility with other management system standards.

 

Certified organizations will have three years to transition to the new standard. The introduction of the Annex SL structure aligns with all newly revised ISO standards, including ISO 9001, ISO 14001, and the recent ISO 45001, ensuring that ISO 50001 can be easily integrated with these standards.

 

With more involvement from leadership and employees in ISO 50001:2018, continuous improvement of energy performance will become a focal point. The common high-level structure will make it easier to integrate with other management system standards, thereby improving efficiency and reducing energy costs. It can make organizations more competitive and potentially reduce environmental impact.

 

Enterprises certified through the energy management system can apply for certifications such as green factories and green products. Various government subsidy programs are available across regions in our country. If needed, you can contact our partners to obtain the latest policy support information!

 

14

Intellectual Property Standardization

 

Category One:

Intellectual property advantage and demonstration enterprises — standardization required;

 

Category Two:

1. Enterprises preparing to apply for municipal or provincial famous trademarks or well-known trademarks — standardization can serve as effective proof of intellectual property management compliance;

2. Enterprises preparing to apply for high-tech enterprise status, technology innovation projects, industry-university-research cooperation projects, or technical standard projects — standardization can serve as effective proof of intellectual property management compliance;

3. Enterprises preparing for listing — standardization can help avoid intellectual property risks before listing and serve as effective proof of the company's intellectual property compliance.

 

Category Three:

1. Medium and large enterprises with complex organizational structures such as group or holding companies — standardization can help streamline management thinking;

2. Enterprises with high intellectual property risks — standardization can regulate intellectual property risk control and reduce infringement risks;

3. Enterprises with some foundation in intellectual property work seeking more standardized management — standardization can regulate management processes.

 

Category Four:

Enterprises frequently participating in bidding — after standardization, they can become preferred procurement targets for state-owned and central enterprises.

 

15

ISO/IEC17025 Laboratory Management System

 

What is laboratory accreditation?

 

A formal recognition procedure by an authoritative body to confirm whether testing/calibration laboratories and their personnel are competent to perform specified types of testing/calibration.

A third-party certification formally indicating that a testing/calibration laboratory has the capability to carry out specific types of testing/calibration work.

The authoritative bodies here refer to CNAS in China, A2LA and NVLAP in the United States, DATech and DACH in Germany, etc.

 

Comparison leads to identification. The editor specially created the following comparison table to deepen everyone's understanding of the concept of "laboratory accreditation":

 

 

Testing/calibration reports reflect the final results of the laboratory. Whether the laboratory can issue high-quality (accurate, reliable, timely) reports to society and gain trust and recognition from all sectors has become the core issue for laboratories to meet market economy demands. Laboratory accreditation provides confidence in trusting testing/calibration data!

16

SA8000 Social Responsibility Standard Management System Certification

 

SA8000 involves the following main contents:

 

1) Child labor: Enterprises must control minimum age, juvenile workers, schooling, working hours, and safe work scope according to laws.

2) Forced labor: Enterprises must not engage in or support the use of forced labor or use bait or require deposits in employment. Employees must be allowed to leave after shifts and resign.

3) Health and safety: Enterprises must provide a safe and healthy working environment, protect against possible accidents and injuries, conduct health and safety education, provide sanitary cleaning facilities and drinking water.

4) Freedom of association and collective bargaining: Enterprises respect the rights of all personnel to form and join chosen unions and conduct collective bargaining.

5) Discrimination: Enterprises must not discriminate based on race, social status, nationality, disability, gender, sexual orientation, membership, or political affiliation.

6) Punishment measures: Physical punishment, mental and physical oppression, and verbal abuse are not allowed.

7) Working hours: Enterprises must comply with relevant laws, overtime must be voluntary, and employees must have at least one day off per week.

8) Remuneration: Wages must meet the legal and industry minimums and provide discretionary income beyond basic needs. Employers must not evade labor laws through false training programs.

9) Management system: Enterprises must establish a publicly available policy committing to comply with relevant laws and other regulations; ensure management reviews, appoint company representatives to supervise plan implementation and controls, select suppliers also meeting SA8000, establish channels for expressing opinions and corrective actions, maintain open contact with auditors, provide applicable inspection methods, and present supporting documents and records.

 

17

ISO/TS22163:2017 Railway Certification

 

Railway certification, known as "IRIS," is developed by the European Railway Industry Association (UNIFE) and strongly promoted and supported by the four major system manufacturers (Bombardier, Siemens, Alstom, and AnsaldoBreda). IRIS is based on the international quality standard ISO 9001 and is an extension of ISO 9001. It is specifically designed for the railway industry to assess its management system. IRIS aims to improve product quality and reliability by enhancing the entire supply chain.

 

The new international railway industry standard ISO/TS22163:2017 officially came into effect on June 1, 2017, replacing the original IRIS standard. It is a major milestone for the railway industry's quality management system IRIS certification. ISO 22163 covers all requirements of ISO 9001:2015 and adds railway industry-specific requirements on this basis.