Certifiable Management Systems, Guidance Standards, and Product Specifications

International Organization for Standardization (ISO) standards play a critical role in helping organisations improve quality, safety, efficiency, and interoperability. However, not all ISO standards are the same. One of the most common points of confusion for businesses is understanding the different types of ISO standards and how they apply in practice.

In this article, we attempted to provide a clear and illustrative overview of the three main categories of ISO standards:

1. Certifiable management system standards
2. Non-certifiable guidance standards
3. Product and technical specification standards

By the end, you should have a solid understanding of which type of ISO standard is relevant to your organisation and why.

What Are ISO Standards?

ISO standards are internationally agreed documents that define best practice, requirements, or specifications across a wide range of industries. They are developed by experts from national standards bodies and are designed to:

• Improve consistency and efficiency
• Enhance safety and reliability
• Support regulatory compliance
• Facilitate international trade
• Build trust with customers and stakeholders

ISO publishes thousands of standards, but they generally fall into one of the three categories outlined below.

1. Certifiable ISO Management System Standards

What Are Certifiable Management System Standards?

Certifiable ISO standards define the requirements for a management system. A management system is the framework of policies, procedures, processes, and controls an organisation uses to meet its objectives.

These standards are written using mandatory language such as “shall”, meaning organisations must meet specific requirements. Because of this, they can be independently audited and certified by an accredited certification body.

Certification demonstrates that an organisation’s management system has been externally verified against an internationally recognised standard.

Key Characteristics

• Requirements-based standards
• Use mandatory language (e.g. “shall”)
• Auditable and certifiable
• Apply to organisations of any size or sector
• Focus on continual improvement and risk-based thinking

Common Examples of Certifiable ISO Standards

Some of the most widely recognised certifiable ISO standards include:

• ISO 9001 – Quality Management Systems
• ISO 14001 – Environmental Management Systems
• ISO 45001 – Occupational Health and Safety Management Systems
• ISO/IEC 27001 – Information Security Management Systems
• ISO 22301 – Business Continuity Management Systems
• ISO 22000 – Food Safety Management Systems

Why Organisations Choose Certification

Businesses pursue ISO certification for several reasons:

• To meet customer or contractual requirements
• To improve internal processes and consistency
• To demonstrate compliance and credibility
• To gain a competitive advantage
• To support tendering and procurement

It is important to note that ISO itself does not issue certificates. Certification is carried out by independent, accredited certification bodies. If you are considering certification to one or multiple management standards for your organisation, let’s chat for a quick guidance!

2. Non-Certifiable ISO Guidance Standards

What Are ISO Guidance Standards?

Guidance standards provide best practice recommendations, advice, and frameworks rather than mandatory requirements. They are designed to help organisations improve performance, maturity, or understanding in a particular area.

Because they are advisory in nature and do not contain auditable requirements, guidance standards cannot be certified.

Key Characteristics

• Advisory rather than mandatory
• Use language such as “should” or “may”
• Not intended for certification
• Can support or complement certifiable standards
• Often used as internal reference tools

Common Examples of ISO Guidance Standards

Well-known guidance standards include:

• ISO 9004 – Guidance for quality management and sustained success
• ISO 31000 – Risk management guidelines
• ISO 26000 – Guidance on social responsibility
• ISO/IEC 27002 – Information security controls guidance
• ISO 22313 – Guidance on business continuity management

How Organisations Use Guidance Standards

Although they are not certifiable, guidance standards are extremely valuable. Organisations often use them to:

• Improve existing management systems
• Prepare for future certification
• Benchmark internal practices
• Support strategic decision-making
• Enhance governance and risk management

For example, ISO 31000 is frequently used alongside ISO 9001 or ISO 27001 to strengthen risk-based thinking, even though it cannot be certified.

3. ISO Product and Technical Specification Standards

What Are Product Specification Standards?

Product and technical specification standards define precise requirements for products, materials, components, services, or test methods. Unlike management system standards, these focus on what must be achieved rather than how an organisation is managed.

They are often used by manufacturers, engineers, laboratories, and regulators to ensure consistency, safety, and interoperability.

Key Characteristics

• Highly technical and detailed
• Define measurements, tolerances, materials, or test methods
• Often sector- or product-specific
• Not management system standards
• May support regulatory or legal compliance

Examples of ISO Product and Specification Standards

Examples include:

• ISO 216 – Paper sizes (including A4)
• ISO 7010 – Safety signs and symbols
• ISO 898-1 – Mechanical properties of fasteners
• ISO 10993 – Biological evaluation of medical devices
• ISO 8573 – Compressed air quality standards

Certification vs Conformity

Product standards are sometimes mistakenly described as “certified.” In reality:

• Organisations may test or declare conformity to a product standard
• Third-party testing or inspection may be required
• This is different from management system certification

For example, a product may be tested to confirm it meets an ISO specification, but the organisation itself is not “ISO certified” as a result.

Understanding the Differences at a Glance

Would you like to have a free quote for developing an ISO standard management system in your organisation?

Choosing the Right ISO Standards for Your Organisation

Selecting the right ISO standard depends on your objectives:

• If you need external certification to meet customer or tender requirements, a certifiable management system standard is appropriate.
• If you want guidance and improvement without certification, a guidance standard may be sufficient.
• If you manufacture or supply products, technical specification standards may be essential for compliance and market access.

Many organisations use a combination of all three types to build systems, improve performance, and ensure product quality.

Final Thoughts

Understanding the different types of ISO standards is essential for making informed decisions about compliance, certification, and improvement. Certifiable management system standards provide formal assurance, guidance standards offer flexibility and insight, and product specifications ensure consistency and safety at a technical level.

By selecting and applying the right ISO standards, organisations can strengthen credibility, reduce risk, and support long-term success.

If you are considering ISO standards for your business, clarity on these distinctions is the first step toward choosing the right path.

Not sure which ISO standard applies to your business?
Speak to an ISO expert for clear, practical advice tailored to your organisation.

Request a call back now!

About Us 

Candy Management Consultants has guided UK businesses through stress-free ISO certifications since 2017. Our 100% first-pass success rate comes from tailoring frameworks to your operations and personalised approach – not checklists, at fixed day rates, transparent per-project contracts and with the help of the modern ISO management software.