Management System Standards - Part 1 - Overview

Go to -

Management System Standards - Part 2 - Common Structure

Management System Standards - Part 3 - One Free Standard

Management System Standards - Part 4 - Interaction

Management System Standards - Part 5 - Implementation

Management System Standards - Part 6 - Certification


A management system standard encapsulates attributes and practices of good management, of an aspect of operations, such as quality, environmental impact, occupational health & safety, information security and business continuity etc.

Most, but not all, management system standards, are part of a international framework, which enables organisations to achieve accredited certifications to the standards. These accredited certifications are recognised worldwide.

Certified organisations can market themselves as conforming to one or more management system standards. Organisations that wish to procure from suppliers, or collaborate with partners, can select organisations that are certified to appropriate standards.

These certifications simplify, speed up, and reduce the cost of, pre-selection. However, they do NOT eliminate the need to perform appropriate due diligence and/or technical checks on selected suppliers or partners.

The following document describes reasons to certify to management system standards.

Why Certify to Management System Standards


The most prevalent management system standards are those published by ISO (International Organization for Standardization), such as:

ISO 9001:2015 - Quality management systems - Requirements;

ISO 14001:2015 - Environmental management system - Requirements with guidance for use;

ISO 22301:2019 - Security and resilience - Business continuity management systems - Requirements;

ISO 45001:2018 - Occupational Health and Safety Management Systems - Requirements with guidance for use;

ISO 50001:2018 - Energy management systems - Requirements with guidance for use.

Some management system standards are jointly published by both ISO and IEC (International Electrotechnical Commission), such as:

ISO/IEC 20000-1:2018 - Information technology - Service management - Service management system requirements;

ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements;

ISO/IEC 42001:2023 - Information technology - Artificial intelligence - Management system requirements.

Additionally, other organisations publish management system standards, such as:

International Aerospace Quality Group (IAQG) publishes the aerospace quality management system standard AS9100;

International Automotive Task Force (IATF) publishes the automotive quality management system standard IATF 16949;

Social Accountability International (SAI) publishes the social accountability standard SA8000.