DESARA's listing of standards commonly used by our clients is intended to simplify your purchase experience. The major vendors list thousands of standards in multiple languages, revision levels, and combination packages. A simple keystroke error could cost you hundreds of dollars since electronic versions of standards are non-refundable.
DESARA recommends purchasing standards through Techstreet.com due to the simplicity of ordering and their excellent customer service. One nice feature Techstreet offers for most standards is the option to easily purchase multi-user licenses for up to 9 users. Standards are instantly downloadable as PDFs, but you can also order hard copies (or both) on the same order page. (See below for site licenses from ANSI for organizations of more than 9 licensed users.)
Prices are subject to change. Purchasers are advised to double check orders, as PDFs are non-refundable. The following links are provided as a courtesy, and DESARA does not control their content.
ISO 9001 establishes quality management system requirements for organizations who want an independent auditor (Certification Body) to attest to their compliance with those requirements. ISO 9001 was significantly revised in 2015. Organizations seeking certification should own a copy of the 2015 version.
ISO 9000 defines the basic concepts and language used in ISO 9001. It was significantly revised in 2015. Organizations who use the terminology in their quality management systems should own a copy of the 2015 version. During ISO 9001:2015 transition, organizations should make a point of understanding and adopting new terms and subtle distinctions that will be used for many years to come.
ISO 19011 describes the intent behind the requirements for internal audits in ISO 9001 and other management system standards and gives guidance on how to audit and manage an audit program. Organizations are not certified to ISO 19011, but their audit practices will be examined in light of its guidance. DESARA uses ISO 19011 as the basis for all of our audit-related activities including training programs, gap assessments, and internal audits.
ISO 14001 gives requirements for an environmental management system that can be certified by an outside authority. Like ISO 9001, it was significantly revised in 2015. The two standards now use common terms and structure, a benefit to organizations that are certified to both. Users should own a copy of the current version.
ISO/IEC 27001:2013 - Information Technology - Security Techniques - Information Security Management Systems - Requirements
ISO 27001 sets out requirements for an information security management system that can be certified by an outside authority. Released in 2013, this version uses the same common terms and structure as ISO 9001:2015. Users should own a copy of the current version.
ISO/IEC 27002:2013 - Information Technology Security Techniques Code of Practice for Information Security Controls
ISO 27002 is an essential guidance document for organizations that implement ISO 27001. It explains the numerous controls that are put in place to reduce risks in an information security management system. Users should own a copy of the current version.
Note: ISO/IEC 27001 and 27002 are essential for all organizations seeking certification. The ISO 27000 series, available through the Techstreet.com, includes a number of additional guidance documents that may also be useful in different environments.
ISO/IEC 20000-1 and 2 - Information Technology - Service Management
Part 1: Service Management System Requirements
Part 2: Guidance on the Application of Service Management Systems
ISO 20000 defines requirements for a service management system, including requirements for design, transition, delivery, and improvement of services to fulfill agreed service requirements. Part 1 and Part 2 are essential to effectively deploying a compliant service management system. Note: Related standards are available through the Techstreet.com site.
Price $149 Part 1, and $265 Part 2
ISO 31000 provides generic guidance on managing any type of risk, whether positive or negative, in any type of organization. It provides a common approach that can be used across multiple standards such as ISO 9001:2015, but its application is not required. Organizations are not certified to ISO 31000 because it is only intended as guidance. DESARA uses guidance from ISO 31000 throughout our training and consulting services.
The TL 9000 Requirements Handbook establishes a set of quality management system requirements for suppliers of hardware, software, and services in the ICT industry. Release 5.5 includes all ISO 9001:2008 requirements.
This book is only available through QuEST Forum.
Note: Revision 6.0 is expected to be published in June 2016 with a 2-year transition period allowed.
The TL 9000 Measurements Handbook defines a minimum set of performance measurements for evaluating performance of a TL 9000-certified quality management system.
Note: The Measurements Handbook is independent of the ISO 9001:2015 revision. R6.0 is not expected to be published before 2017.
This book is only available through QuEST Forum.
ANSI offers three different discount programs:
- ANSI Member Companies get a 10-20% discount on standards, so you may want to see if your company is a member before making a purchase.
- Site licenses can be negotiated with ANSI for organizations who expect to spend over $1000 per year on standards.
- Various bundles of standards that are often purchased together (for example, ISO/IEC 27001 and 27002) are sometimes offered at about a 5% discount.
QuEST Forum offers almost a 50% discount on TL 9000 Handbooks to its corporate members. A site license program is also available.