What is an ISO certification?

With an ISO certification, companies, institutions, and authorities prove that they comply with standards such as ISO 9001 (quality management), ISO 27001 (information management system), or ISO 56002 (innovation management). But what exactly is ISO certification? How does it come about? And who may carry it out? You will find out in this article.

Definition of an ISO Certification

Innolytics-innovation-what-is-an-iso-certification-definitionISO certification describes the process by which a company, institution, or authority obtains a certificate of conformity confirming that ISO standards are being met. An ISO certification can be carried out for sub-areas, individual sites, or entire organizations.

ISO certification is also possible within the framework of projects in which all project partners have committed themselves to compliance with ISO 9001:2015, for example. 2015.

The process of ISO certification usually ends with the creation of a certificate issued by certification bodies. This serves as proof. ISO has defined how certification bodies should work in the ISO 17021 standard.

Who carries out ISO certification?

The ISO (International Standardization Organization) does not issue certificates. As an international organization, it focuses on developing standardized norms, compliance with which is usually voluntary. ISO certifications are issued by certification bodies (so-called “certification bodies”). These must prove that they meet the requirements of ISO 17021.

Among other things, they must have the necessary expertise and neutrality. For example, certification bodies may not act in an advisory capacity but may conduct training courses on the requirements for compliance with an ISO standard.

For this purpose, certification bodies may have national accreditation bodies attest that they meet the requirements. This approach has become established in recent years but is not mandatory. Developments such as digitalization mean that ISO standards can be certified in other ways in the future. Ultimately, the issuing of an ISO certification – as described at the beginning – is a confirmation of conformity. It must be issued by neutral, expert, and trustworthy bodies.

Example for ISO certifications

Most ISO standards are known by their number: ISO 9001 (quality management), ISO 14001 (environmental management), ISO 27001 (information security), ISO 50001 (energy management), ISO 18001 (occupational health and safety), etc. Compliance with these standards provides competitive advantages. Companies, organizations, and authorities can prove that they act following the standards set by ISO. The best-known ISO certification is described below.

ISO 9001 certification for quality management

ISO 9001 is the best known and most common certification worldwide. According to the annual ISO Survey, 878,662 companies and more than one million sites were ISO 9001 certified in 2018.

ISO 9001 regulates the establishment of a so-called “quality management system” of companies. It is a management system that enables companies to achieve a high level of customer focus through process management, continuous improvement, knowledge management, and other principles.


There is a philosophy behind ISO 9001: Companies that rely on clear processes, access to knowledge, and continuous improvement are more successful in competition than those whose success is based solely on the shoulders of a few top performers.

The ISO 9001 certification was often quite complex and formalistic until 2015. With the revision of the standard, ISO 9001:2015 has given companies much more freedom in establishing a quality management system.

  • For example, it is no longer necessary to maintain an independent quality manual.
  • It is sufficient that companies document processes in accordance with ISO requirements and make the knowledge of these processes available to employees.

The growing freedom in designing a management system is ultimately also due to digitalization. In the past, quality manuals and standards used to be kept in file folders. However, the possibilities of digital collaboration and increasing networking have created new ways of transporting and communicating knowledge within the company.

Not all certification institutes have been able to achieve the freedom that ISO wants. In all probability, digitization will have further effects on ISO 9001 certifications and the certification process in the future.

Who can carry out ISO certification?

There is no legally prescribed standard for ISO certifications. ISO itself has defined requirements for certification bodies in the ISO 17021 standard already mentioned.

In essence, the standard is about expertise and neutrality. It must be ensured that certification is carried out by persons and institutions that do so on a high professional level and without bias.

  • The certification institutes do not really issue an ISO certificate, but a confirmation of conformity with a specific ISO standard.
  • This confirmation states for which areas of a company, organization, or institution the certificate is awarded.
  • Neutrality and expertise are certified, for example, by national accreditation bodies such as DAkkS in Germany.

However, all this is voluntary. In theory, you could have any person or company certify that you are acting in accordance with the ISO standards. The key challenge here is credibility.

  • Since ISO certifications help companies to position themselves as reliable partners in a competitive environment, the credibility of the certifying body plays a major role.
  • The advantage of the large certification institutes, is their proven credibility.
  • Other not so well-known certification institutes can prove their credibility by accreditation with the DAkkS, but do not have to do so.

However, these are not necessarily the only possibilities. Particularly in the certification market, which has not yet been extensively digitalized, there will certainly be further opportunities in the future to give credibility to certifying bodies and certified companies.