What Is the Difference Between Certifiable and Non Certifiable ISO Standards?

CertBetter

Team CertBetter

11 min read
ExploreISO StandardsGetting Certified
What Is the Difference Between Certifiable and Non Certifiable ISO Standards?

Why This Question Matters More Than You Think

One of the most common points of confusion I see from business owners approaching ISO for the first time is assuming that every ISO standard comes with a certificate at the end. They find a standard that fits their industry, start reading about it, and then spend weeks preparing, only to discover that no certification body will ever issue them a certificate for that particular standard. That is a frustrating and costly mistake, and it happens more often than it should.

The difference between certifiable and non certifiable ISO standards is one of the most practical things you need to understand before you invest a single dollar in ISO compliance. This article breaks it down clearly, with real examples, so you can make the right decision for your business from the start.

What Makes an ISO Standard Certifiable?

A certifiable ISO standard is one that contains requirements a business can be independently audited against, with a formal certificate issued by an accredited certification body upon successful completion. The key word here is requirements. Certifiable standards are written using the language of obligation, specifically the word “shall”. When a clause says your organisation shall do something, that is an auditable requirement. An auditor can check whether you have done it or not, and raise a nonconformance if you have not.

Certifiable standards also tend to follow a consistent structure called the High Level Structure, or HLS. This is a common framework developed by ISO to align management system standards and make it easier for organisations to run integrated systems. If you have ever looked at ISO 9001, ISO 14001, or ISO 45001, you will have noticed they all share a very similar layout with the same clause numbering. That is the HLS at work.

The Role of Accredited Certification Bodies

For a certificate to carry real weight in the market, it needs to be issued by an accredited certification body. Accreditation bodies like JAS-ANZ in Australia and New Zealand oversee certification bodies and confirm they are competent to audit against specific standards. When your certificate comes from a JAS-ANZ accredited body, clients and government procurement teams can trust it. Without that accreditation chain, the certificate is worth very little, regardless of how much work went into it.

You can read more about how this works in our article on the difference between certification and accreditation.

Examples of Certifiable ISO Standards

Here are some of the most widely recognised certifiable ISO standards in Australia and globally:

  • ISO 9001 (Quality Management Systems)
  • ISO 14001 (Environmental Management Systems)
  • ISO 45001 (Occupational Health and Safety Management Systems)
  • ISO 27001 (Information Security Management Systems)
  • ISO 22000 (Food Safety Management Systems)
  • ISO 50001 (Energy Management Systems)
  • ISO 13485 (Medical Devices Quality Management)
  • ISO 20000 (IT Service Management)
  • ISO 42001 (AI Management Systems)
  • ISO 37001 (Anti Bribery Management Systems)

All of these use “shall” language, follow the HLS or an equivalent requirements structure, and have active accreditation schemes that allow certification bodies to issue formal certificates.

Audit Workshop
Self-paced online ISO standard courses, Foundation to Lead Auditor
ISO 45001:2018 Lead Auditor Training Course
Limited time
ISO 45001:2018 Lead Auditor Training Course
USD 129USD 789
ISO 14001:2026 Lead Auditor Training Course
Limited time
ISO 14001:2026 Lead Auditor Training Course
USD 129USD 789
ISO 9001:2015 Lead Auditor Training Course
Limited time
ISO 9001:2015 Lead Auditor Training Course
USD 129USD 789
View all ISO courses
Exemplar Global logo
Audit Workshop is an Exemplar Global Recognised Training Provider

What Makes an ISO Standard Non Certifiable?

Non certifiable ISO standards are written as guidance documents, frameworks, or technical specifications. They provide best practice recommendations, definitions, principles, or technical guidance, but they do not impose auditable requirements that a third party can verify. These documents typically use the language of recommendation, such as “should” rather than “shall”.

Because there are no mandatory requirements to audit against, no formal certification scheme exists for these standards. A business can implement the guidance, self assess against the principles, and even publicly state that it has aligned its practices with the standard. But no accredited certification body will issue a certificate for it, because there is nothing to certify against in a formal auditable sense.

This does not mean these standards are less valuable. In many cases they are extraordinarily useful for improving operations, building frameworks, and informing strategy. The distinction is simply about what you can put on a certificate and market to clients.

Examples of Non Certifiable ISO Standards

Some of the most well known non certifiable ISO standards include:

  • ISO 31000 (Risk Management Guidelines)
  • ISO 26000 (Social Responsibility Guidance)
  • ISO 10006 (Quality Management in Projects)
  • ISO 10002 (Customer Satisfaction and Complaints Handling)
  • ISO 19011 (Guidelines for Auditing Management Systems)
  • ISO 31030 (Travel Risk Management)
  • ISO 10015 (Quality Management in Training)
  • ISO 20400 (Sustainable Procurement)

Take ISO 26000 as a clear example. It is one of the most downloaded ISO standards in the world and covers social responsibility across seven core subjects including human rights, labour practices, and community involvement. But ISO itself explicitly states that ISO 26000 is not a management system standard and is not intended for certification purposes. We have a dedicated article on whether ISO 26000 is certifiable that goes into this in detail.

Similarly, ISO 31000 is a widely used risk management framework that provides excellent guidance for building a risk management approach, but it does not have a certification scheme attached to it.

The Grey Area: Standards That Are Sometimes Misunderstood

Some standards sit in a genuinely confusing middle ground, and this is where businesses get caught out the most.

ISO 10002 Customer Complaints

ISO 10002 is a guidance standard for customer satisfaction and complaints handling. Some providers will sell you a “certificate of conformance” to ISO 10002, but these are not third party accredited certifications in the same sense as ISO 9001. They are typically self declarations or first party assessments. If a client or tender asks for ISO certification and you hand them an ISO 10002 certificate from a non accredited body, it will likely not be accepted. Understand what you are buying before you pay for it.

ISO 19011 Auditing Guidelines

ISO 19011 provides guidance on auditing management systems. It is the reference document that informs how audits should be conducted. It is not a standard you get certified to. However, auditors use it as a foundational reference, and many training programmes are built around its principles.

Sector Specific Extensions

Some non certifiable standards are designed to be used alongside certifiable ones. ISO 10015, for instance, covers quality management in training and development. It is a guidance document, not a certifiable standard on its own. However, its principles are often implemented as part of a broader ISO 9001 quality management system. The same applies to ISO 10006 in project management contexts.

How to Tell the Difference Quickly

When you pick up an ISO standard document and want to know quickly whether it is certifiable, here are the practical checks to run:

  1. Check the title and scope. If the title includes the words “guidelines” or “guidance”, that is a strong signal it is non certifiable. If it says “requirements”, it is almost certainly certifiable.
  2. Look at the language in the clauses. Certifiable standards use “shall” throughout. Non certifiable standards use “should” or “may”.
  3. Check ISO.org directly. The ISO standards catalogue lists each standard and often indicates whether it is a management system standard with a certification scheme.
  4. Search for accredited certification schemes. If you cannot find a JAS-ANZ or IAF accredited certification body offering audits against the standard, it is almost certainly non certifiable.
  5. Ask the certification body directly. A reputable certification body will tell you plainly whether a standard has a formal certification scheme.

Does Non Certifiable Mean Not Worth Implementing?

Absolutely not. This is a misconception worth addressing directly. Many non certifiable standards represent some of the most sophisticated thinking in their respective fields. ISO 31000 is arguably one of the best risk management frameworks available anywhere. ISO 26000 has shaped corporate responsibility reporting globally. ISO 19011 is the backbone of how professional auditors operate.

The distinction between certifiable and non certifiable is about the formal third party assurance mechanism, not about the quality or usefulness of the standard itself. Plenty of businesses implement non certifiable standards and gain real operational benefits without ever needing a certificate.

Where it matters is when you are responding to a tender, meeting a contractual requirement, or trying to demonstrate compliance to a regulator or client. In those situations, only a certificate from an accredited certification body against a certifiable standard will do the job. Claiming alignment with a guidance standard will not satisfy a procurement requirement that asks for ISO certification.

Practical Scenarios Where This Distinction Is Critical

Responding to a Government Tender

Suppose a government tender requires ISO 9001 certification. You have implemented ISO 31000 across your business and have a solid risk management framework. That is genuinely valuable, but it does not satisfy the tender requirement. ISO 31000 is non certifiable. You need ISO 9001 certification from an accredited body to tick that box.

If you are unsure which certifications are required for government work, our article on which ISO certification is required for government tenders covers this in detail.

Supply Chain Requirements

A large manufacturer requires all suppliers to hold ISO 14001 certification. One of your competitors claims they are “aligned with ISO 20400 sustainable procurement principles”. That sounds impressive, but ISO 20400 is a guidance document with no certification scheme. The manufacturer will not accept it as equivalent to ISO 14001. Only an accredited ISO 14001 certificate satisfies the requirement.

Building an Integrated Management System

A business implementing an integrated management system might choose to certify to ISO 9001, ISO 14001, and ISO 45001, while also using ISO 31000 as the internal framework for risk management and ISO 10002 as guidance for complaints handling. The certifiable standards form the auditable backbone. The non certifiable standards inform how the system is built and operated. That is a perfectly sensible and effective approach.

What About Standards That Were Never Designed for Certification but Have Certificates Attached?

This is a real problem in the market and worth a direct warning. Some certification bodies or consultants will issue “certificates of compliance” or “certificates of conformance” against non certifiable standards. These are not accredited certifications. They are essentially paid documents that look official but carry no formal weight in a procurement or regulatory context.

If you are purchasing a certificate and want to know whether it will be accepted by clients or government, the test is simple: was it issued by a JAS-ANZ accredited certification body against a standard that has a recognised certification scheme? If the answer to either part is no, treat it with caution. Our article on common ISO certification myths covers some of the misconceptions that lead businesses to pay for certificates that do not deliver what they expect.

Choosing the Right Path for Your Business

The starting point is always to understand what you actually need. Ask yourself these questions:

  • Is there a contractual, tender, or regulatory requirement driving this? If yes, you almost certainly need a certifiable standard with an accredited certificate.
  • Are you trying to improve internal operations, build a framework, or demonstrate commitment to a principle? A non certifiable guidance standard might be exactly the right tool.
  • Are you trying to do both? You can implement guidance standards alongside certifiable ones. Many well run businesses do exactly this.

Once you know what you need, the next challenge is finding the right consultant and certification body to help you get there. Getting multiple quotes and comparing providers is always worth doing before you commit, particularly for certifiable standards where audit costs and timelines vary significantly between providers.

That is exactly where CertBetter can help. By submitting a single form, you can receive up to three competing quotes from vetted ISO consultants and accredited certification bodies, all at no cost to your business. Whether you are pursuing ISO 9001, ISO 27001, ISO 45001, or any other certifiable standard, CertBetter connects you with providers who have been verified for competence and transparency, so you can make an informed decision rather than a costly guess.

Get 3 ISO Quotes. 24 Hours Response

Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.

Trusted by 400+ businesses like yours

Frequently Asked Questions

No. ISO 31000 is a guidance standard, not a requirements based standard, which means no accredited certification scheme exists for it. You can implement its principles within your organisation and even self declare alignment, but no accredited certification body will issue a formal ISO 31000 certificate. If you need to demonstrate risk management capability to a client or tender, you would typically do so through a certifiable management system standard like ISO 9001 or ISO 27001, which both incorporate risk management requirements.

Check the language used in the standard. Certifiable standards use the word “shall” to describe requirements that organisations must meet. Non certifiable guidance standards use “should” or “may” to describe recommendations. You can also check whether the standard has an active accreditation scheme by searching the ISO website or asking a JAS-ANZ accredited certification body whether they offer audits and certification against that specific standard.

No. ISO 26000 is explicitly described by ISO itself as a guidance document and is not intended for certification, regulatory, or contractual use. It provides principles and guidance on social responsibility but does not contain auditable requirements. Some third party organisations offer their own verification or assurance schemes related to social responsibility, but these are not ISO certifications and should not be confused with accredited ISO certification.

Yes, and this is actually a very common and effective approach. Many organisations implement non certifiable guidance standards as the internal methodology behind their certifiable management systems. For example, ISO 31000 might inform how risk is managed within an ISO 9001 quality management system, or ISO 10002 might shape the complaints handling process within that same system. The certifiable standard provides the auditable framework, while the guidance standard informs how it is designed and operated.

Some unaccredited or less reputable providers issue certificates of conformance or compliance against guidance standards as a commercial service. These documents may look official but they carry no formal accreditation backing and will generally not be accepted by procurement teams, government agencies, or sophisticated clients who understand the ISO certification landscape. Always verify that any certificate you receive comes from a JAS-ANZ accredited certification body and is issued against a standard that has a recognised certification scheme.

Start by identifying the driver behind the decision. If a client, tender, or regulator has specified a standard, that answers the question for you. If you are choosing proactively, consider your industry, the risks your business faces, and what your customers or supply chain partners value most. ISO 9001 is the most universally recognised starting point for quality, ISO 45001 for workplace safety, ISO 14001 for environmental management, and ISO 27001 for information security. A qualified ISO consultant can help you map your needs to the right standard before you commit to any implementation work.

Dilawar Laghari

Hi! I am Dilawar Laghari, founder of CertBetter.

I created CertBetter to help anyone compare ISO certification providers for free.

Related Articles

What ISO Certification Do Environmental Consultants Need?
Getting Certified

What ISO Certification Do Environmental Consultants Need?

26 June 2026

What Are the Business Benefits of ISO 50001 Certification?
Getting Certified

What Are the Business Benefits of ISO 50001 Certification?

25 June 2026

Government Grants and Subsidies for ISO 42001 Certification in Canada
Getting Certified

Government Grants and Subsidies for ISO 42001 Certification in Canada

25 June 2026

How to Get ISO Certified as a Sole Trader or Freelancer
Getting Certified

How to Get ISO Certified as a Sole Trader or Freelancer

24 June 2026

Browse by Topic

ISO Standards419 articlesGetting Certified316 articlesManagement Systems203 articlesCompliance & Risk127 articlesIndustry News31 articles
Certifiable vs Non Certifiable ISO Standards - CertBetter