ISO Management Systems
Jargon Buster 

Jargon busting; the art of demystifying cryptic terms in specialised fields. 

Let’s take a look at the secret language of ISO standards. No secret handshakes required. 

A quick summary of the most popular ISO Standards:

Our ISO Jargon Buster A-Z

Accreditation – Accreditation mostly applies to certification bodies (CB), who in turn provide certification to organisations. For example, BSI (a CB) is accredited by UKAS to ensure they are competent and impartial to audit your system, and to then award your certification. Some CB’s are not accredited (we do not recommend this).

AIMS – Artificial Intelligence Management System (ISO 42001).

BSI - British Standards Institution, the UK’s National Standards body. BSI develops and publishes standards, as well as providing certification. They also represent the UK with the International Standards Organisation (ISO - see below).

BCMS – Business Continuity Management System (ISO 22301).

BCP - Business Continuity Plan (see above).

BIA - Business Impact Analysis. An important step to creating an effective BCP (see above).

BMS - Business Management System; this may contain one or multiple standards.

CA/CAP - Corrective Action / Plan; an action to address a nonconformity or issue, with the aim to prevent it reoccurring. Sometimes certification bodies require a CAP to be submitted or you risk your certification being revoked.

Carbon Reporting - In order to achieve Net Zero, you need accurate reporting in place, read our blog to understand this subject better >

CAV - Continuing Assessment Visit. This is when your Certification Body (CB) visits to check your management system is being maintained, that you’re still compliant, and can keep your certification. Some organisations refer to it as a surveillance audit. 

CB - Certification Body. A third-party organisation who assesses your ISO management system. If you pass that assessment, you receive certification. BSI are a CB, but there are many others.

Context of the organisation - one of the early clauses in most ISO standards, which gets you to consider relevant issues, and stakeholder expectations, when implementing your management system.

Continual Improvement - the ongoing process of enhancing processes, products and services. A clause in most ISO management standards, Continual Improvement forms part of an organisation’s culture to consistently look for ways to improve.

DPO - Data Protection Officer. Organisations who carry out certain types of personal data processing must appoint a DPO, we offer this service for our ISO 27001 clients.

EMS – Environmental Management System (ISO 14001).

EnMS – Energy Management System (ISO 50001).

Environmental Aspects & Impacts - an assessment to identify environmental impacts from an organisation’s products, services and activities (used in ISO 14001).

ESG - Environmental, Social, and Governance. A collective term for an organisation’s environmental management and sustainability, impact on society (especially locally), and how robust and transparent its governance is in terms of leadership, audits, internal controls, and shareholder rights.

ESOS - Energy Savings Opportunity Scheme. This is a mandatory energy assessment scheme for organisations in the UK that meet the qualification criteria. Achieving ISO 50001 will help with this.

Gap Analysis - this is where we look at where you are now, verses where you need to be to obtain compliance, or other goals.

GDPR - General Data Protection Regulations, a legal requirement in the UK. These regulations govern data protection and privacy, and how organisations must act responsibly when handling personal data. All organisations process personal data even if just for its employees.

HIRA - Hazard Identification and Risk Assessment. A process to help manage health and safety hazards and associated controls.

HSMS - Health & Safety Management System (ISO 45001)

Hierarchy of Control - A way of prioritising health and safety control measures, from the most effective to least effective (e.g. eliminating a hazard, or substituting with something less hazardous).

ICO - Information Commissioners Office. The UK's Data Protection and Privacy regulator (supervisory authority), who look to protect data subjects from improper use of their data.

Infosec - Information security, i.e. the protection of information from loss, unauthorised use, modification or distribution (see ISMS below, and ISO 27001)

ISMS - Information Security Management System (ISO 27001), this also covers cyber security and privacy.

ISO - International Organization for Standardization, an independent non-governmental body. Their goal is to bring global experts together and agree on the best way of doing things. From climate change to healthcare, to quality management to AI, ISO aims to have practical working standards to support your organisation, reduce risks, and achieve best practice. 

ISRA - Information Security Risk Assessment. A process to identify risks and associated controls to mitigate them.

MHFA - Mental Health First Aider. A MHFA is trained on how to identify, understand and support a colleague experiencing a mental health issue. They are not therapists, but can respond in a MH crisis, similar to the way a First Aider would if someone experienced a physical trauma. We offer MHFA training (also see ISO 45003 for psychological health and safety).

NC - Nonconformity. Non-fulfilment of a requirement (e.g. ISO standard, management system, legal requirement etc). Sometimes called a noncompliance. These can be minor (i.e. a single identified lapse) or major (i.e a systematic break down in process, or even no process in place).

OFI - Opportunity For Improvement. This may be identified by an internal or external auditor, or your friendly consultant. An OFI is raised to highlight a risk or deficiency in the management system (like an early warning that it could go wrong), or could be an opportunity for improvement and best practice.

OHS or OHSAS – Occupational Health & Safety (see ISO 45001).

PAS - Publicly Available Specification. Organisations or industries can commission a PAS standard as a fast-track route to provide guidance or specification(s) of a product, service or process. A PAS can often become a British or International standard.

PDCA / Plan, Do, Check, Act - This is a cyclical approach to maintain and improve your management system, and business.

PPE - Personal Protective Equipment (e.g. hard hat, eye protection, masks, safety boots, etc.)

QMS – Quality Management System (ISO 9001).

RAMS - Risk Assessment and Method Statement. See HIRA above. A common requirement for contractors when working on customer sites.

SECR - Streamlined Energy and Carbon Reporting; a mandatory UK government requirement for the disclosure of green house gas (GHG) emissions for organisations that fall into the reporting threshold, read more about how we can help with this >

SHEQ - Safety, Health, Environment, Quality.

SOA - Statement of Applicability - determination of the ISO 27001 controls, and how they apply to your organisation.

Something missing from our list? Contact your consultant or get in touch and we’ll be very happy to help.