FAQs: Understand Common ISO Terminology and Acronyms

Reading Time: 8 minutes
Published on: August 29, 2022

Whether you’re just getting started with your Certification journey, or are already familiar with ISO Management System Standards, it can be easy to get confused amongst the many technical terminologies and acronyms used during the implementation and certification process.

To help you navigate this sometimes intricate glossary, this blog covers the frequently asked questions we hear from our clients and colleagues to work as a quick guide for you.

Firstly, let’s start with some common acronyms in the ISO world, that will also be used throughout this blog:

  • ISO – International Organisation for Standardisation
  • CAB – Conformity Assessment Body
  • JAS-ANZ – Joint Accreditation System of Australia and New Zealand
  • BMS – Business Management System
  • QMS – Quality Management System
  • EMS – Environmental Management System
  • ISMS – Information Security Management System
  • OHSMS – Occupational Health & Safety Management System
  • OFI – Opportunity for Improvement
  • NC – Non-conformance

Now onto the FAQ’s.

What is a Management System?

A Management System is a set of documented information – such as policies, processes, procedures and templates – that define how a business is managed and operated towards achieving its goals and best practices. A Management System can also conform to the requirements of one or more ISO Management System Standards.

If you want to learn more about what a Management System is, click here.

What are ISO Management System Standards?

ISO Management System Standards are documents that outline world-wide recognised best practices in business for a wide variety of topics. These documents contain requirements, specifications and guidelines that an organisation can implement to improve its management framework and operations, and, if they choose to, achieve certification.

ISO Standards are developed, published and kept up to date by ISO. ISO has published more than 24,000 International Standards. The four most widely adopted management system standards are:

Why do ISO Standards always have a year noted after the identification number?

All ISO Standards get reviewed approximately every five years by ISO technical committees.

If a standard is revised and updated as a result of this review, ISO will publish a new version of that Standard with the year it was revised. For example, the ISO 9001 standard for quality management is followed by 2015 (ISO 9001:2015), the year that it was last updated and republished. Prior to that, it was ISO 9001:2008.

If your business is already certified when an ISO Standard is updated, certified businesses are generally given a three-year transition period to implement the new version.

While most people refer to a standard as “ISO 9001” only, technically speaking, the ISO Standards should always include their year version (e.g. ISO 9001:2015). This ensures that it correctly refers to the latest published standard version.

What’s a CAB? Is it the same thing as the Certification Body?

CAB is the acronym for Conformity Assessment Body, which is the technical name for, what we commonly call a Certification Body. Sometimes, you may even hear them called ‘Certifiers’.

A Certification Body is the accredited organisation that will conduct audits of a business’s Management Systems to issue certifications against the chosen Standard(s).

There are many Certification Bodies in the market, and the first step when choosing the right one for your business is to check if they are accredited. In the Asia-Pacific region, this accreditation is provided by JAS-ANZ. You can find Accredited Certification Bodies by searching the JAS-ANZ register.

What’s the difference between Certification and Accreditation?

Management System Certification is provided by an independent Certification Body. It verifies that a system implemented by an organisation meets the requirements of one or more ISO Management System Standards.

A Certification Body achieves Accreditation in order to be able to issue ISO Certificates that will be internationally recognised. Accreditation only applies to the Certification Body, not your business. In Australia and New Zealand, Certification Bodies are accredited by JAS-ANZ.

In summary, to achieve an internationally-recognised certification, the organisation needs to be audited by an accredited Certification Body who will conduct the Certification Audits to verify that all the requirements of the relevant ISO Management System Standard(s) have been met.

Note
It’s important to remember that while the International Organisation for Standardisation develops and publishes the ISO standards, the ISO Organisation doesn’t perform certification audits, nor does it provide accreditation of the Certification Bodies.

What is an Internal Audit?

internal audit

The objective of the Internal Audit is to assess if the organisation’s processes are operating effectively, and in conformance with the requirements of the ISO Management Systems Standard(s). Also often referred to as a First Party Audit, they can be conducted by someone within the organisation (with the appropriate training and competency), or by a professional consultant or auditor.

Internal Audits are conducted as part of the implementation and ongoing improvement of the Business Management Systems, and are a requirement of the ISO Management System Standards. A well-conducted internal audit can be one of the most significant contributors to the continuous improvement of the management systems, and the business as a whole.

What is an External Audit?

External Audits are divided into, and also called, Second and Third Party Audits:

  • Second Party Audits are usually conducted by someone who has an interest in the organisation (such as a customer) to ensure that the audited organisation meets the contracted obligations. These audits need to be conducted by competent auditors, but not necessarily a Certification Body, as the outcome is not Certification.
  • Third Party Audits are the same as Certification Audits, and occur when a business engages a Certification Body to ensure conformance of all criteria against the chosen ISO Management System Standard(s). It is only through the External (or Certification) Audit performed by the Certification Body that an organisation can achieve internationally-recognised Certification to ISO Management System Standards.

Is an audit the same thing as an inspection?

An audit is an assessment of a process or a system to determine whether it meets a defined set of criteria. An audit can be performed internally or externally, to verify conformance to one or more ISO standards and the organisation’s own requirements, through a systematic review of factual evidence. Other common types of audits are Legal Compliance audits and Financial audits.

On the other hand, an inspection is an evaluation of a place, product or service to ensure it meets relevant requirements. Site safety inspections are a common type of inspection, which generally check for hazards and potential risks in an environment, and usually verify that a business premises safety measures are in place and effective.

What is the difference between Occupational Health & Safety (OHS) and Work Health & Safety (WHS)?

The two terms mean exactly the same thing. The term ‘Occupational Health & Safety (OHS)’ is recognised globally. However, in Australia it is very common to hear ‘Work Health & Safety (WHS)’ instead. This is due to the terminology in our legislation – The Work Health & Safety Act. WHS is just another term for OHS.

Occupational Health & Safety vs Work Health & Safety

Why are there three Occupational Health & Safety Standards?

Standards are often reviewed, and sometimes updated or even withdrawn, in order to reflect current business needs. Also, different countries and standards bodies can have their own standards for topics also covered by the ISO Standards.

Until a few years ago, the OHSAS 18001:2007 standard was the most widely adopted international safety standard. The AS/NZS 4801:2001 standard was also popular and was the most commonly adopted safety standard across Australia and New Zealand for many years.

However, since the release of ISO 45001:2018 in 2018, as the internationally recognised Safety Standard by ISO, it is officially replacing OHSAS 18001:2007 (since 30 September 2021) and also AS/NZS 4801:2001 (from 13 July 2023).

This means that businesses who were already certified to OHSAS 18001:2007 and/or AS/NZS 4801:2001 need to upgrade their management systems to the requirements of ISO 45001:2018. If you want to learn more about ISO 45001:2018, and what this change means, click here.

What does “implementation” mean when it comes to ISO and Certification?

Simply put, implementation means fully embedding the Management System into the day-to-day processes and activities of the business.

Once the Management System is developed, the implementation starts. Practically speaking, it means using the documented information developed to meet its purpose.

For example, if you’ve developed a customer feedback process and register, you will have to follow the process, add the records to the feedback register and demonstrate that you’re analysing that information to make well-informed decisions about how you can improve customer satisfaction. Actions like these will be checked by an auditor to verify that the system is implemented and effective in facilitating continual improvement in the business – not just that you have some documents in place.

implementing requirements for ISO and Certification

What are Non-Conformances?

A Non-Conformance is a failure to meet a specific requirement. These will be identified during the audit process, and recorded in the audit report. Non-Conformances are either Minor or Major, and must be resolved and closed within the time frame designated by the auditor.

Major Non-Conformance is the absence of or failure to conform to the requirements of the Standard. Failure to address Major Non-Conformances can result in non-achievement or suspension of the Certification.

Minor Non-Conformance can be raised as a result of a process that hasn’t been fully implemented, or scenarios where adequate evidence couldn’t be produced during the audit. If not addressed within the required timeframe, they could subsequently be escalated to major non-conformances.

What does Opportunity for Improvement (OFI) mean?

Opportunities for Improvement (OFIs) can be observed during audits, and are also recorded in the audit report. OFIs won’t impact your Certification, but when addressed, may prove beneficial toward making your system and business operations more effective.

Formal written responses are usually not required. However, actions on OFIs may be reviewed at the next audit, and you may be asked about decisions and actions taken to address them.


We hope that you were able to learn something new, and that these ISO related terms and acronyms are now clearer for you to understand. Need help demystifying other terms and processes for achieving an ISO Management System certification? Or, are you looking to get your business certified to one or more ISO Management System Standards?

We can help you! Our team of experts have over 15 years of experience helping businesses develop and implement effective ISO Management System solutions, and achieve Certification first time! Book your online FREE strategy session with us today, or call us now on 1300 614 897.

About the author

Managing Director at ISO Certification Experts

Erica is the Managing Director of ISO Certification Experts and ICExperts Academy. She has been helping businesses with their ISO Certification needs for over 20 years. Erica is also a Certified trainer, implementer and auditor for the ISO 9001, ISO 14001, ISO 45001 and ISO 27001 standards. Erica primarily heads up the day-to-day operations of the businesses, and is also a current member of the Standards Australia Committees: QR-008 Quality Systems and ISO 9001 Quality Management Brand Integrity.

All information on this blog site is for informational purposes only. As this information is based on our professional experience, opinion, and knowledge, we make no representations as to the suitability of this information for your individual business circumstances. Especiality Pty Ltd trading as ISO Certification Experts and all related businesses and brands will not be liable for any errors, omissions, legal disputes or any damage arising from its display or use. All information is provided as is, with no warranties and confers no rights.

We will not be responsible for any material that is found at the end of links that we may post on this blog site. The advice, ideas, and strategies should never be used without first assessing your own personal business situation or seeking professional and/or legal advice. Information may also change from time to time to suit industry and business needs, requirements and trends.