Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo including content not in the forum - Search results with No ads.

Which ISO certification is ideal for my IT company?



I wish to know the details of getting which ISO for my IT company? And I need to how it is help to improve my company(IT) strategy?
Re: ISO Consultants in Chennai for my IT company

Hi William! Welcome. It would help to know what your IT company does! If you provide services, then ISO 20,000 might be best. If you handle information, then ISO 27001 could be useful.

I'm sure someone from the area will respond with details of a consultant who may be able to help, locally.


Re: Which ISO certification is ideal for my IT company ?

Hi Andyn. Thanks for your suggestion. I am providing app development services for customer. I hope this may helpful to my company.

Jen Kirley

Quality and Auditing Expert
Staff member
Re: Which ISO certification is ideal for my IT company ?

Welcome to the Cove!

As ISO explains on their page:

1) ISO 9001 is for design and/or production of product as well as design and/or production of services,

2) ISO 20000 is for service management, and

3) ISO 27000 is for IT security methods

Particularly since the 2015 version of ISO 9001 focuses on identifying and controlling risks (something I understand IT people know about) if you are making apps I would think 9001:2015 is most appropriate. How might it improve your strategy? I suggest through reduction of errors, shorter time-to-market, and shorter time in beta via your recognized risks and controls put in place to minimize their impact on your operations and product.


Hello William! Please let us know which types of services are being provided by your IT company. If your company is providing IT security then ISO 27000 and if your IT company is offering service management then ISO 20000 could be useful for your company.
I don't if any of them are ideal, but it sounds like people are trying to tell you which one is a best fit for what your company does. They may be right, but I guess I would have thought no one would certify you to the "wrong" standard, because what you have available for them to audit would not fit with their audit checklist. So I think a better first question might be "Which ISO standard(s) can my company get certified to?" If there is more than one, then you can start looking for "ideal."

First quality principle: "Ideal" is in the eye of the beholder. The standard that might bring the most operational improvement to your company might not be the standard that your customers most revere. You should give some thought to exactly what it is you want to get out of certification, other than a certificate suitable for framing.

John Broomfield

Staff member
Super Moderator
Many suitable standards exist but you should be asking your current and future customers.

It is your leaders and their commitment to the organization’s process-based management system, not the standard that will deliver better strategies.

I would choose the generic standard first (ISO 9001) and make the system work really well before tweaking it conform to the more specialized standards.

Then you may have the problem of finding a double-accredited registrar: once as a registrar and again in the standard your clients help you to choose.

Always maintain your basic accredited certification.
Top Bottom