ISO 9001:2015, Quality management systems - Requirements

ISO 9001:2015 specifies requirements for a quality management system when an organization:
Annex SL is part of the ISO / IEC Directives part 1 that specifies how the ISO Management System Standards (MSS) should be written. The purpose of Annex SL is to increase the consistency and alignment of the MSS by providing a unifying and agreed high-level structure, identical underlying text, common terms and key definitions. The aim is to increase compatibility of all ISO Type A MSS (and B where appropriate).
● needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
● aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.

ISO 14001:2015, Environmental management systems - Requirements with guidance for use

ISO 14001:2015 specifies the requirements for an environmental management system that an organization can use to enhance its environmental performance. ISO 14001:2015 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
ISO 14001:2015 helps an organization achieve the intended outcomes of its environmental management system, which provide value for the environment, the organization itself and interested parties. Consistent with the organization's environmental policy, the intended outcomes of an environmental management system include:
● enhancement of environmental performance;
● fulfilment of compliance obligations;
● achievement of environmental objectives.
ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective. ISO 14001:2015 does not state specific environmental performance criteria.
ISO 14001:2015 can be used in whole or in part to systematically improve environmental management. Claims of conformity to ISO 14001:2015, however, are not acceptable unless all its requirements are incorporated into an organization's environmental management system and fulfilled without exclusion.

ISO/IEC 19770-1:2017, Information technology - It asset management - Part 1: IT asset management systems - Requirements

ISO/IEC 19770-1:2017 specifies requirements for an IT asset management system within the context of the organization.
ISO/IEC 19770-1:2017 can be applied to all types of IT assets and by all types and sizes of organizations.
● This document is intended to be used for managing IT assets in particular, but it can also be applied to other asset types. It can be suitable, in whole or in part, for managing embedded software and firmware, however its use for these purposes has not been determined. It is not intended for managing information assets per se, i.e. it is not intended for managing information as an asset independent of hardware and software assets. Certain types of data and information are covered, such as data and information about IT assets in scope, and depending on how the scope is defined, it can cover digital information content assets. See the Introduction for an explanation about IT assets.
● This document does not specify financial, accounting, or technical requirements for managing specific IT asset types.
● ISO/IEC 19770-1:2017 is a discipline-specific extension of ISO 55001:2014, with changes, and is not a sector-specific application of that International Standard. ISO 55001:2014 is intended to be used for managing physical assets in particular, but it can also be applied to other asset types. This document specifies requirements for the management of IT assets which are additional to those specified in ISO 55001:2014. Conformance to this document does not imply conformance to ISO 55001:2014.

ISO/IEC 20000-1:2018, Information technology - Service management - Part 1: Service management system requirements

This document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by:
● a customer seeking services and requiring assurance regarding the quality of those services;
● a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain;
● an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services;
● an organization to monitor, measure and review its SMS and the services;
● an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS;
● an organization or other party performing conformity assessments against the requirements specified in this document;
● a provider of training or advice in service management.
The term "service" as used in this document refers to the service or services in the scope of the SMS. The term "organization" as used in this document refers to the organization in the scope of the SMS that manages and delivers services to customers. The organization in the scope of the SMS can be part of a larger organization, for example, a department of a large corporation. An organization or part of an organization that manages and delivers a service or services to internal or external customers can also be known as a service provider. Any use of the terms "service" or "organization" with a different intent is distinguished clearly in this document.

ISO 20121:2012, Event sustainability management systems - Requirements with guidance for use

ISO 20121:2012 specifies requirements for an event sustainability management system for any type of event or event-related activity, and provides guidance on conforming to those requirements.
ISO 20121:2012 is applicable to any organization that wishes to:
● establish, implement, maintain and improve an event sustainability management system;
● ensure that it is in conformity with its stated sustainable development policy;
● demonstrate voluntary conformity with ISO 20121:2012 by
      ▪   first party (self-determination and self-declaration),
      ▪   second party (confirmation of conformance by parties having an interest in the organization, such as clients, or by other persons on their behalf), or
      ▪   an independent third party (e.g. a certification body).
ISO 20121:2012 has been designed to address the management of improved sustainability throughout the entire event management cycle.

ISO 21001:2018, Educational organizations - Management systems for educational organizations - Requirements with guidance for use

ISO 21001:2018 specifies requirements for a management system for educational organizations (EOMS) when such an organization:
● needs to demonstrate its ability to support the acquisition and development of competence through teaching, learning or research;
● aims to enhance satisfaction of learners, other beneficiaries and staff through the effective application of its EOMS, including processes for improvement of the system and assurance of conformity to the requirements of learners and other beneficiaries.
All requirements of ISO 21001:2018 are generic and intended to be applicable to any organization that uses a curriculum to support the development of competence through teaching, learning or research, regardless of the type, size or method of delivery.
ISO 21001:2018 can be applied to educational organizations within larger organizations whose core business is not education, such as professional training departments.
ISO 21001:2018 does not apply to organizations that only produce or manufacture educational products.

ISO 21401:2018, Tourism and related services - Sustainability management system for accommodation establishments – Requirements

This document specifies environmental, social and economic requirements to implement a sustainability management system in accommodation establishments in the tourism sector.
This document applies to the aspects that can be controlled by the accommodation establishments and over which they can exert influence.
This document is applicable to any accommodation establishment, regardless of its type, size or location, that wishes to:
● implement, maintain and improve sustainable practices in their operations;
● ensure conformance with its defined sustainability policy.

ISO 22000:2018, Food safety management systems - Requirements for any organization in the food chain

This document specifies requirements for a food safety management system (FSMS) to enable an organization that is directly or indirectly involved in the food chain:
● to plan, implement, operate, maintain and update a FSMS providing products and services that are safe, in accordance with their intended use;
● to demonstrate compliance with applicable statutory and regulatory food safety requirements;
● to evaluate and assess mutually agreed customer food safety requirements and to demonstrate conformity with them;
● to effectively communicate food safety issues to interested parties within the food chain;
● to ensure that the organization conforms to its stated food safety policy;
● to demonstrate conformity to relevant interested parties;
All requirements of this document are generic and are intended to be applicable to all organizations in the food chain, regardless of size and complexity. Organizations that are directly or indirectly involved include, but are not limited to, feed producers, animal food producers, harvesters of wild plants and animals, farmers, producers of ingredients, food manufacturers, retailers, and organizations providing food services, catering services, cleaning and sanitation services, transportation, storage and distribution services, suppliers of equipment, cleaning and disinfectants, packaging materials and other food contact materials.
This document allows any organization, including small and/or less developed organizations (e.g. a small farm, a small packer-distributor, a small retail or food service outlet) to implement externally-developed elements in their FSMS.

ISO 22301:2019, Security and resilience - Business continuity management systems - Requirements

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
● implement, maintain and improve a BCMS (BUSINESS CONTINUITY MANAGEMENT SYSTEMS);
● seek to ensure conformity with stated business continuity policy;
● need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
● seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.

ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems - Requirements

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

ISO 30301:2019, Information and documentation - Management systems for records - Requirements

This document specifies requirements to be met by a management system for records (MSR) in order to support an organization in the achievement of its mandate, mission, strategy and goals. It addresses the development and implementation of a records policy and objectives and gives information on measuring and monitoring performance.
An MSR can be established by an organization or across organizations that share business activities. Throughout this document, the term "organization" is not limited to one organization but also includes other organizational structures.
This document is applicable to any organization that wishes to:
● establish, implement, maintain and improve an MSR to support its business;
● ensure itself of conformity with its stated records policy;

ISO 35001:2019, Biorisk management for laboratories and other related organisations

This document defines a process to identify, assess, control, and monitor the risks associated with hazardous biological materials. This document is applicable to any laboratory or other organization that works with, stores, transports, and/or disposes of hazardous biological materials. This document is intended to complement existing International Standards for laboratories.
This document is not intended for laboratories that test for the presence of microorganisms and/or toxins in food or feedstuffs. This document is not intended for the management of risks from the use of genetically modified crops in agriculture.

ISO 37001:2016, Anti-bribery management systems - Requirements with guidance for use

ISO 37001:2016 specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system. ISO 37001:2016 addresses the following in relation to the organization's activities:
● bribery in the public, private and not-for-profit sectors;
● bribery by the organization;
● bribery by the organization's personnel acting on the organization's behalf or for its benefit;
● bribery by the organization's business associates acting on the organization's behalf or for its benefit;
● bribery of the organization;
● bribery of the organization's personnel in relation to the organization's activities;
● bribery of the organization's business associates in relation to the organization's activities;
● direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).
ISO 37001:2016 is applicable only to bribery. It sets out requirements and provides guidance for a management system designed to help an organization to prevent, detect and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.
ISO 37001:2016 does not specifically address fraud, cartels and other anti-trust/competition offences, money-laundering or other activities related to corrupt practices, although an organization can choose to extend the scope of the management system to include such activities.
The requirements of ISO 37001:2016 are generic and are intended to be applicable to all organizations (or parts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors.

ISO 37101:2016, Sustainable development in communities - Management system for sustainable development - Requirements with guidance for use

ISO 37101:2016 establishes requirements for a management system for sustainable development in communities, including cities, using a holistic approach, with a view to ensuring consistency with the sustainable development policy of communities.
The intended outcomes of a management system for sustainable development in communities include:
● managing sustainability and fostering smartness and resilience in communities, while taking into account the territorial boundaries to which it applies;
● improving the contribution of communities to sustainable development outcomes;
● assessing the performance of communities in progressing towards sustainable development outcomes and the level of smartness and of resilience that they have achieved;
● fulfilling compliance obligations.
ISO 37101:2016 is intended to help communities become more resilient, smart and sustainable, through the implementation of strategies, programmes, projects, plans and services, and demonstrate and communicate their achievements.
ISO 37101:2016 is intended to be implemented by an organization designated by a community to establish the organizational framework and to provide the resources necessary to support the management of environmental, economic and social performance outcomes. A community that chooses to establish the organizational framework by itself is considered to constitute an organization as defined in ISO 37101:2016.
ISO 37101:2016 is applicable to communities of all sizes, structures and types, in developed or developing countries, at local, regional or national levels, and in defined urban or rural areas, at their respective level of responsibility.
ISO 37101:2016 can be used in whole or in part to improve the management of sustainable development in communities. Claims of conformity to ISO 37101:2016, however, are not acceptable unless all its requirements are incorporated into an organization's management system for sustainable development in communities and fulfilled without exclusion.

ISO 39001:2012, Road traffic safety (RTS) management systems - Requirements with guidance for use

ISO 39001:2012 specifies requirements for a road traffic safety (RTS) management system to enable an organization that interacts with the road traffic system to reduce death and serious injuries related to road traffic crashes which it can influence. The requirements in ISO 39001:2012 include development and implementation of an appropriate RTS policy, development of RTS objectives and action plans, which take into account legal and other requirements to which the organization subscribes, and information about elements and criteria related to RTS that the organization identifies as those which it can control and those which it can influence.

ISO 41001:2018, Facility management - Management systems - Requirements with guidance for use

ISO 41001:2018 specifies the requirements for a facility management (FM) system when an organization:
● needs to demonstrate effective and efficient delivery of FM that supports the objectives of the demand organization;
● aims to consistently meet the needs of interested parties and applicable requirements;
● aims to be sustainable in a globally-competitive environment.
The requirements specified in ISO 41001:2018 are non-sector specific and intended to be applicable to all organizations, or parts thereof, whether public or private sector, and regardless of the type, size and nature of the organization or geographical location.

ISO 44001:2017, Collaborative business relationship management systems - Requirements and framework

ISO 44001:2017 specifies requirements for the effective identification, development and management of collaborative business relationships within or between organizations.
ISO 44001:2017 is applicable to private and public organizations of all sizes, from large multinational corporations and government organizations, to non-profit organizations and micro/small businesses.
Application of ISO 44001:2017 can be on several different levels, e.g.
● a single application (including operating unit, operating division, single project or programme, mergers and acquisitions);
● an individual relationship (including one-to-one relationships, alliance, partnership, business customers, joint venture);
● multiple identified relationships (including multiple partner alliances, consortia, joint ventures, networks, extended enterprise arrangements and end-to-end supply chains);
● full application organization-wide for all identified relationship types.

ISO 45001:2018, Occupational health and safety management systems - Requirements with guidance for use

ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.
ISO 45001:2018 is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.
ISO 45001:2018 helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization's OH&S policy, the intended outcomes of an OH&S management system include:
● continual improvement of OH&S performance;
● fulfilment of legal requirements and other requirements;
● achievement of OH&S objectives.
ISO 45001:2018 is applicable to any organization regardless of its size, type and activities. It is applicable to the OH&S risks under the organization's control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.
ISO 45001:2018 does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system.
ISO 45001:2018 enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing.
ISO 45001:2018 does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties.
ISO 45001:2018 can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to this document are not acceptable unless all its requirements are incorporated into an organization's OH&S management system and fulfilled without exclusion.

ISO 46001:2019, Water efficiency management systems - Requirements with guidance for use

This document specifies requirements and contains guidance for its use in establishing, implementing and maintaining a water efficiency management system. It is applicable to organizations of all types and sizes that use water. It is focused on end-use consumers.
This document is applicable to any organization that wishes to:
achieve the efficient use of water through the ?reduce, replace or reuse' approach;
establish, implement and maintain water efficiency;
continually improve water efficiency.
This document specifies requirements and contains guidance for its use regarding organizational water use. It includes monitoring, measurement, documentation, reporting, design and procurement practices for equipment, systems, processes and personnel training that contribute to water efficiency management.

ISO 50001:2018, Energy management systems - Requirements with guidance for use

This document specifies requirements for establishing, implementing, maintaining and improving an energy management system (EnMS). The intended outcome is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance and the EnMS.
This document:
● is applicable to any organization regardless of its type, size, complexity, geographical location, organizational culture or the products and services it provides;
● is applicable to activities affecting energy performance that are managed and controlled by the organization;
● is applicable irrespective of the quantity, use, or types of energy consumed;
● requires demonstration of continual energy performance improvement, but does not define levels of energy performance improvement to be achieved;
● can be used independently, or be aligned or integrated with other management systems.

ISO 55001:2014, Asset management - Management systems - Requirements

ISO 55001:2014 specifies requirements for an asset management system within the context of the organization.
ISO 55001:2014 can be applied to all types of assets and by all types and sizes of organizations.