Jargon Buster
The certification world is full of unusual terminology, so we have compiled a list of common words and phrases that you may encounter on your certification journey.
ISO
International Standards Organization
Based in Switzerland, the ISO are the architects responsible for the International standards we see today. The ISO operate different technical boards and committees in numerous specialist fields to continuously enhance and develop international standards such as the suite of Management System Standards for which we offer our services. Often confusion arises from ill-informed terminology displayed by organizations the world over stating “ISO Certified” or similar, here it is important to note that The International Standards Organization do not assess Management System Standards and do not issue certification, instead they produce the standards which act as guide for organizations to create their own management systems in a process-based manor.
Standards
ISO Management System Standards
International Standards (in this context) relate to the documents created and published by the International Standards Organization. The most recognizable suite of standards are the Management System Standards such as ISO 9001 which can be used by any organization to create a management system however, it should be noted that thousands of International Standards exist for all areas of industry and commerce such screw thread pitch and paper weight.
Management System
ISO Management System
Management systems are unique to each organization, often created using an ISO standard or multiple standards, management systems provide an organizational structure to plan, monitor, control and continuously improve operational processes used to deliver a given product or service. Management systems do not require certification however, certification by an external body provides impartial assurance to shareholders that an organization is conforming to an agreed standard (ISO).
QMS - Quality Management System
EMS - Environmental Management System
ISMS - Information Security Management System
OHSAS / Occupational Health and Safety Management System
CB
Certification Body
CB’s otherwise known as Certification Bodies or Registrars, are organizations that provide an assessment service to third party organizations based on an elected ISO standard such as ISO 9001. Certification bodies will issue certification accordingly which can be used to publicly demonstrate compliance with the elected standard. Certification bodies come in all shapes and sizes; IPC only works with accredited certification bodies which means they are globally recognized and trusted.
AB
Accreditation Body
AB’s otherwise known as Accreditation Bodies are either appointed by, or under the control of national governments. Their function is to ensure their subscribing certification bodies are continually meeting the required national and international standards for which they are responsible for.
Well known examples of Accreditation bodies are:
UKAS - United Kingdom Accreditation Services
IAS - International Accreditation Service
ANAB - American National Accreditation Board
Internationally recognized accreditation bodies are party to the IAF Multilateral Recognition Agreement (MLA).
Scope
Scope of Certification
When applying for certification an organization will always be asked for their Scope of Certification, this is essentially a summary of core processes and services offered by an organization to which they will be assessed against their elected standard. The scope is usually determined when a management system is being created although it can change and be developed as an organization grows.
When developing your management system the requirements for your scope can be found in section 4 of your chosen standard.
NCR
Non-Conformance Report
When an organization is being assessed against a standard, the assessor may identify areas where requirements are not being met, this is called a Non-Conformance. The assessor will document this finding in a Non-Conformance Report which is later used by the organization to record corrective actions and supporting evidence.
Learn More
Residual Risk
Residual Risk (Risk assessment)
‘Residual Risk’ in the context of risk assessment refers to the level of risk that remains after all mitigation efforts and control measures have been implemented. Even after taking steps to reduce or eliminate a particular risk, some degree of risk usually persists. This remaining risk is known as residual risk.
Key Points
Inherent Risk vs. Residual Risk:
Inherent Risk: The level of risk before any controls or mitigation strategies are applied.
Residual Risk: The risk that remains after controls or mitigation strategies have been applied.
Assessment and Acceptance:
Assessing residual risk is a critical part of the risk management process. It helps determine whether the remaining risk is within acceptable levels or if further action is required.
If the residual risk is deemed acceptable, no further action may be needed. If it is still too high, additional controls or measures should be considered.
Continuous Monitoring:
Residual risk should be continuously monitored, as changes in circumstances, environments, or processes can alter the effectiveness of controls, thereby changing the level of residual risk.
In summary, residual risk is what’s left after all efforts have been made to control a risk, and it is an important factor in determining whether the remaining level of risk is manageable or if further actions are necessary.