Everything you need to know about ISO terms and definitions

As an ISO certification consultant, we are responsible for advising clients on a range of ISO topics including terminology and definitions. Are you getting started on your ISO journey? Are you wanting to discover more about accreditation, certification, or registration?

We can help!

Your company’s management system is accredited; you are not accredited to an ISO Standard. Compliant offers management system creation and audit support for a range of ISO standards including ISO 9001, ISO 14001, ISO 22301, ISO 27001, and ISO 45001.

An ISO standard cannot be certified to by an individual. Individuals can, however, get training to become auditors and inspect businesses in accordance with an ISO standard. For example, if you want to work as an ISO 27001 Lead Auditor, you might pursue training and certification. You cannot obtain ISO 27001 certification.

Although the phrases “accreditation,” “registration,” and “certification” are sometimes used interchangeably, they do not have the same definitions.

Below we explore what each of the terms means:


If a company has created and maintained a compliant management system that has been audited by a third-party auditor from an authorised Certification Body, that company is said to be certified to an ISO Standard.

Compliant works with a range of ISO Certification Bodies and can pass cost savings from these partnerships directly onto clients.

Organisations are subject to yearly audits from the Certification Body to ensure continued compliance with the standard of choice in order to maintain certification. As proof that a management system is in compliance with a particular ISO standard or other normative standards, a certification document or certificate will be issued. If routine audits are not performed or if your management system consistently or gravely fails to meet certification requirements, certification may be revoked.

ISO works in a 3-year cycle, with clients gaining initial certification. The following year clients have their annual surveillance audit which is based on a day rate and the number of days based on the business and the certifications being implemented (the certifying body would provide the client with a proposal for this closer to the date, based on their annual day rate charges). The year after is the same and then on the 3rd year clients go through a recertification audit which may require more days. The cycle then starts again.


An authorised entity can formally recognise an organisation’s competence to carry out specified responsibilities by awarding it accreditation. Certification Bodies that may audit and certify businesses adhering to management system standards are accredited by Accreditation Bodies such as UKAS.

A frequent question we are asked is ‘why invest in UKAS accredited certifications rather than non-UKAS’? The answer is simple. The United Kingdom Accreditation Service (UKAS) is the sole national accreditation body for the United Kingdom. Discover more about UKAS in a previous article of ours here.

End users in the public and private sectors are encouraged to trust and accept the Certification Body’s certificates through the accreditation procedure, which also ensures objectivity and competence. Customers can be confident that Certification Bodies and ISO consultants such as Compliant operate in accordance with internationally recognised standards thanks to accreditation.


Another name for certification is registration. Certification is currently favoured over the phrases registration and registrar.

Auditing: Audits, Auditing, and Auditors

An organisation’s level of conformity with the standard that it is being audited against is determined through the methodical process of auditing, which involves gathering and analysing information about the management system of the organisation.

Auditor types include:

  1. Consultants:

Organisations receive specific guidance from management system consultants such as Compliant about the creation, implementation, and upkeep of a management system.

We create bespoke management systems for our clients and offer ongoing payment options to help you manage costs. We also offer support during audit days and our BSI Trained Lead Auditors are always on hand to answer any questions.

Every year, your management system has to be completely updated. This includes new version numbers, dates, review dates and any customisation that has occurred over the previous 12 months on documents. As part of our post certification support Compliant updates processes, procedures and documents with any recommendations made by auditors throughout the year and add company documents relevant to your business operations over the past 12 months to your new pack.

Read more about our post certification support here.

  1. In-house auditors:

An internal auditor is a member of staff who independently and impartially assesses the management system activities of a corporation. Internal auditors carry out internal audits of the company and write management reports.

Although required by ISO management system standards, internal audits cannot be used to certify an organisation. As part of our post certification support we offer to complete 2 internal audits per year with our clients to prepare for surveillances. All of our internal audits are carried out by trained auditors.

  1. External or third-party auditors

The person or persons that carry out the audit(s) for the certifying body is known as the external or third-party auditor. Third-party auditors are independent, as opposed to consultants or internal auditors. It is their responsibility to gather and assess factual facts to ascertain whether the management system conforms with the ISO Standard. On the basis of these conclusions, the Certification Body will recommend certification.

Regulatory Body

An authorised third-party organisation called a Certification Body assesses businesses seeking certification to specific ISO Standards and issues them with certificates. To be able to attest to one or more specific ISO Standards, Certification Bodies must gain accreditation. Accreditation Bodies audit Certification Bodies to guarantee the objectivity and compliance of their activities and processes.

Technical Area

Depending on the management system standard under consideration, the word “technical area” is used in a variety of ways. The phrase refers to the goods, processes, and services in the management system.


In the context of the management system standard’s scope, the phrase is connected to goods, processes, and services for any management system. A specific certification system may specify the technical field, or the certifying authority may decide what it is. It is utilised to cover several other words that are commonly employed in various management system disciplines, such as “scopes,” “categories,” “sectors,” etc.

At the beginning of very audit or surveillance the auditor will check whether an organisations’ scope has remained the same and update if necessary. The organisation scope is placed on your final certificate so it is important that it is accurate.

NCR: nonconformity

An NCR or nonconformity is a failure to meet a requirement. There are 2 types of nonconformities that can be raised during audits:

  1. (Major NCR) Major Nonconformity – a nonconformity that hinders the management system’s ability to deliver the desired results.
  2. (Minor NCR) Minor Nonconformity – a nonconformity that has no impact on the management system’s capacity to produce the desired results.

Certificate Programme

This is the compliance assessment system for management systems, to which the same precise specifications, particular guidelines, and practises are applicable.

Audit time

The audit time is the amount of time necessary to organise and carry out a thorough and efficient audit of the client organisation’s management system. Audit durations vary dependant on the standard(s) that you are being certified to, the scope of your business, the industry in which you operate, the number of premises you operate from and the number of employees that your business has.

Get in touch on 0333 456 5000 to find out more about any of our packages or fill in our FREE ISO calculator to get your quote today!


Getting started with Complaint

We always have time for your questions. If we have missed anything above and you would like more information, please get in touch today.

If you would like a FREE quotation just fill in our quote calculator here!