UKBA logo dark

ISO Standards Overview

By Peter Jones

Today, millions of organisations worldwide are accredited with standards from the International Standards Organisation, which include Quality (ISO 9001), Environment(ISO 14001), Occupational Health & Safety (ISO 45001)and Information Security (ISO 2700) management systems.

Achieving a recognised quality standard from a United Kingdom Accreditation Service (UKAS) accredited certification body provides a benchmark by which an organisation can be measured within its industry sector.

ISO 9001:2015 – Quality Management Systems

ISO 9001 is the most recognisable standard from quality management systems and is implemented extensively in manufacturing, service and social enterprise organisations.

ISO 9001:2015 – Quality Management Systems

  • understand the organisation and its context;
  • understand the needs and expectations of interested parties;
  • understand  the processes and risks involved;
  • be customer focused;    
  • have a quality policy;                              
  • demonstrate leadership and commitment;
  • define the roles and responsibilities;
  • have the infrastructure, equipment and trained personnel;
  • understand the customer and any legal requirements;
  • control and measure the process;
  • keep appropriate records of the process;
  • take action to correct and improve the process;
  • regularly audit the effectiveness of your quality system.

ISO 14001:2015 – Environmental Management Systems

The current standard, released in 2015, has been extensively modified to reflect the overall structure of ISO 9001:2015. While many of the clauses and requirements are similar to ISO9001:2015 in particular the standard requires that top management:

  • demonstrate that your activities meet environmental legislative requirements;
  • undertake an environmental aspect and impact evaluation;
  • understand the organisation’s environmental impact on interested parties;
  • have an environmental policy;
  • implement a (measurable) environmental improvement programme to reduce impact.
  • raise awareness of environmental issues within your organisation;
  • regularly audit the effectiveness of your environmental system.


ISO 45001:2018 Occupational Health and Safety Management Systems

Achieving ISO 45001:2018 reduces the risk of legal action from incidents occurring in the workplace and reduces the risks in the working environment for employees, customers and the general public.

No responsible employer wishes to see anyone injured in their workplace. ISO 45001:2018 structure is compatible with ISO 9001 and ISO 14001 and can be incorporated into the documentation as part of an integrated management system.

To achieve ISO 45001:2018 accreditation the organisation needs to:

  • undertake a legislative review;
  • have a health and safety policy;
  • identify management responsibilities and commitment;
  • raise awareness of health and safety issues within your organisation;
  • hold regular health and safety meetings;
  • have effective document control, record keeping and emergency response procedures;
  • risk assess all activities;
  • regularly audit the effectiveness of your occupational health and safety system.

ISO 27001 Information Security Management System

It’s a regular occurrence nowadays to hear the news of yet another successful cyber or ransomware attack on an organisation’s information systems.

Usually, organisations are able to recover their systems, improve their security and carry on. But in many cases data is compromised and, increasingly, customers want reassurance that every effort has been made to protect sensitive data before any attack occurs.

Recently, a ransomware cyber attack has struck some of the world’s biggest companies. Major organisations in the UK, US, Russia, France and Germany were among those left in chaos due to the new ‘Petya’ attack.

Hacked computers were met with a message saying “Oops, your important files are encrypted, Perhaps you are looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

It says that the user can only restore their computer and get back their documents by paying $300 dollars in the cryptocurrency bitcoin. It doesn’t sound like much but experts have warned in previous similar hacking attacks that paying the ransom does not always guarantee that the computer and its files are then restored or that the organisations are not open to another attack as malicious code may still be left on their servers.

Often sensitive data is compromised and customers want assurance that their details are safe and all efforts have been made to prevent attacks in the first place.

ISO27001:2013 information security management system helps you protect valuable information and deliver real benefits to an organisation.

Benefits include:

  • supports compliance with relevant laws and regulations
  • reduces the likelihood of facing prosecution and fines
  • can help you gain status as a preferred supplier
  • provides a framework for the management of information security risks
  • provides reassurance to clients that their information is secure
  • demonstrates credibility and trust
  • improves your ability to recover your operations and continue business
  • demonstrates that information security is a priority
  • gain a competitive advantage
  • provides a framework for identifying risks to information security
  • provides a common set of policies, procedures and controls in place to manage risks to
  • information security
  • provides a straightforward way for responding to tender requirements around information governance

Organisations tendering to the public sector have seen the requirements for 27001 compliance appearing on tenders for Government contracts.

Peter Jones | UK Business Advisors (

Need advice & guidance?

We have advisors all over the UK. Get in touch today for expert guidance and support.