ISO 9000 Series Reference

Key ISO quality management standards and their scope

Searchable reference of the ISO 9000 family of quality management standards including ISO 9001, 9000, 9004, and 19011, with each standard's scope and whether it is certifiable. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What is the difference between ISO 9000 and ISO 9001?

ISO 9000 sets out the fundamentals and vocabulary of quality management — the concepts and definitions. ISO 9001 contains the actual requirements an organisation must meet to have a certifiable quality management system. Only ISO 9001 can be certified; ISO 9000 is a foundational reference.

The ISO 9000 family underpins quality management worldwide, but only one of its standards is something you can actually be certified against. This searchable reference lists the core family members — ISO 9000, 9001, 9004, and 19011 — with each one’s scope and whether it is certifiable.

The family at a glance

StandardPurposeCertifiable
ISO 9000:2015Vocabulary and concepts for quality managementNo
ISO 9001:2015QMS requirements (the certifiable standard)Yes
ISO 9004:2018Sustained success and performance excellenceNo
ISO 19011:2018Guidelines for auditing management systemsNo

How the family works together

The family divides into roles. ISO 9000 defines the concepts and vocabulary used throughout — read it first if the terminology in 9001 is unfamiliar. ISO 9001 holds the requirements: the auditable “shall” statements an organisation implements to run a certifiable quality management system (QMS). ISO 9004 offers guidance for going beyond those requirements toward sustained success and organisational excellence. ISO 19011 guides how management-system audits are planned and run, covering everything from audit programme management to evaluating auditor competence.

A common misconception is that a company is “ISO 9000 certified.” Certification is always against ISO 9001 specifically; the rest of the family supports it but cannot be certified.

ISO 9001:2015 — the certifiable standard

ISO 9001:2015 is structured around the Plan-Do-Check-Act (PDCA) cycle and uses the Annex SL high-level structure shared with ISO 14001 (environmental), ISO 27001 (information security), and ISO 45001 (occupational health). This means organisations holding multiple management-system certifications can integrate them into a single management system with a shared documentation layer.

The 2015 edition’s two most significant changes from the 2008 version were:

  1. Risk-based thinking — organisations must identify and address risks and opportunities throughout the QMS, rather than relying on a separate preventive-action clause.
  2. Context of the organisation — a new requirement to identify internal and external issues, and the needs and expectations of interested parties, that affect the QMS.

There is no longer a mandatory requirement for a quality manual, management representative, or documented procedures (though documented information as evidence of conformity remains required). This gives smaller organisations more flexibility in how they structure their QMS.

What the certification process looks like

A typical ISO 9001 certification journey has three phases:

  1. Stage 1 audit (documentation review): an accredited certification body (CB) reviews your documented QMS — the quality policy, quality objectives, process maps, and key procedures — to assess readiness for stage 2.
  2. Stage 2 audit (implementation audit): the CB audits whether the QMS is actually implemented and effective across your organisation. Nonconformities are raised and must be closed before a certificate is issued.
  3. Surveillance audits: certificates are normally valid for three years, with annual surveillance audits to confirm ongoing conformance. A recertification audit follows at the end of the three-year cycle.

Only accredited certification bodies — accredited by bodies such as UKAS (UK), DAkkS (Germany), ANAB (USA), or JAB (Japan) — issue certificates that carry weight. Unaccredited “certifications” have no industry standing.

ISO 9004 and ISO 19011 in context

ISO 9004 is for organisations that already meet ISO 9001 and want to mature toward broader excellence, covering stakeholder satisfaction beyond customers alone and long-term performance stability. It is written as guidance (“should”) rather than requirements (“shall”), so nothing in it can be audited or certified against.

ISO 19011 is the guide for conducting audits of management systems generally — not just quality. It is used by internal auditors, second-party supplier auditors, and certification body auditors as a competency and methodology reference. Following ISO 19011 is not required by ISO 9001, but most serious internal audit programmes are aligned to it.

Searching this reference

Searching audit surfaces ISO 19011; 9001 surfaces the certifiable requirements standard; risk surfaces 9001 with its risk-based thinking requirements; vocabulary or concepts surfaces ISO 9000. Always cite the edition year — ISO 9001:2015 and ISO 9001:2008 have materially different requirements.