A curated list of international standards, frameworks, and certification bodies for organizations and businesses โ not for individuals.
Scope: This list covers standards that certify or regulate organizations, companies, and processes โ not personal/professional certifications like AWS Certified, PMP, or CISSP. For those, see awesome-certifications.
~ ~ ~
~ ~ ~
- Certification Bodies & Standard Organizations
- Quality Management
- Information Security
- Environmental Management
- Health & Safety
- Privacy & Data Protection
- Financial & Accounting
- Sector Specific
- Governance, Risk & Compliance (GRC)
- Gender Equality & Social Responsibility
- Related Awesome Lists
~ ~ ~
Who writes the rules? This section explains the main bodies that develop and publish international standards.
| Body | Full Name | Scope | Region |
|---|---|---|---|
| ISO | International Organization for Standardization | Cross-industry: quality, security, environment, safety, energy, and more | International |
| IEC | International Electrotechnical Commission | Electrical, electronic, and related technologies | International |
| ITU | International Telecommunication Union | Telecommunications and ICT | International (UN agency) |
| IEEE | Institute of Electrical and Electronics Engineers | Engineering, computing, telecommunications | International |
| NIST | National Institute of Standards and Technology | Cybersecurity, metrology, technology | USA |
| ANSI | American National Standards Institute | Voluntary consensus standards | USA |
| BSI | British Standards Institution | Multi-sector | UK |
| DIN | Deutsches Institut fรผr Normung | Multi-sector | Germany |
| UNI | Ente Italiano di Normazione | Multi-sector, also publishes UNI PdR (practice references) | Italy |
| AFNOR | Association Franรงaise de Normalisation | Multi-sector | France |
| CEN | European Committee for Standardization | European harmonized standards (EN) | Europe |
| CENELEC | European Committee for Electrotechnical Standardization | Electrotechnical standards | Europe |
| AICPA | American Institute of Certified Public Accountants | Auditing, trust services (SOC) | USA |
| PCI SSC | Payment Card Industry Security Standards Council | Payment security | International |
~ ~ ~
Standards that certify an organization's ability to consistently deliver products and services that meet customer and regulatory requirements.
- ISO 9001 โ The world's most adopted quality management system (QMS) standard. Applies to any organization, any size, any industry. Certification demonstrates consistent quality processes and continuous improvement culture.
- ISO 9000 โ Vocabulary and fundamental concepts for the ISO 9000 family.
- ISO 9004 โ Guidance for sustained organizational success beyond ISO 9001.
- CMMI โ Capability Maturity Model Integration. Process improvement framework for software and services organizations, with maturity levels 1โ5.
- Six Sigma โ Data-driven methodology for eliminating defects in processes (DMAIC/DMADV). Organizations can achieve Belt-level certification.
- IATF 16949 โ Quality management for the automotive supply chain (see also Automotive).
~ ~ ~
Standards that certify an organization's information security management system (ISMS) and practices.
- ISO/IEC 27001 โ The global benchmark for Information Security Management Systems (ISMS). Defines requirements for establishing, implementing, maintaining, and improving information security across people, processes, and technology. Uses a risk-based approach with 93 controls in Annex A (ISO 27002).
- ISO/IEC 27002 โ Code of practice for information security controls. Companion to 27001, not independently certifiable.
- ISO/IEC 27017 โ Information security controls for cloud services.
- ISO/IEC 27018 โ Protection of personally identifiable information (PII) in public clouds.
- ISO/IEC 27701 โ Extension to 27001/27002 for privacy information management (PIMS). Bridges ISMS and GDPR compliance.
- SOC 2 โ Service Organization Control 2, issued by AICPA. Audits trust service criteria: Security, Availability, Confidentiality, Processing Integrity, Privacy. Type I = point in time, Type II = over a period.
- SOC 3 โ Public-facing summary report of SOC 2 findings.
- NIST CSF โ NIST Cybersecurity Framework. Voluntary framework for managing and reducing cybersecurity risk. Not a certification per se but widely adopted as a compliance reference.
- NIST SP 800-53 โ Security and privacy controls for federal information systems (USA), widely referenced globally.
- CIS Controls โ Center for Internet Security. Prioritized set of safeguards to mitigate the most common cyberattacks.
~ ~ ~
Standards certifying an organization's environmental impact management and sustainability practices.
- ISO 14001 โ Environmental Management System (EMS). Certifies that an organization systematically controls its environmental impact and pursues continuous improvement.
- ISO 14004 โ General guidelines for EMS implementation.
- ISO 14040/14044 โ Life Cycle Assessment (LCA) methodology.
- ISO 50001 โ Energy Management Systems (EnMS). Helps organizations improve energy performance, efficiency, and consumption.
- EMAS โ Eco-Management and Audit Scheme. EU voluntary instrument for organizations to evaluate, report, and improve their environmental performance. More demanding than ISO 14001.
- GHG Protocol โ Greenhouse Gas Protocol. The most widely used international accounting standard for GHG emissions (Scope 1, 2, 3).
~ ~ ~
Standards certifying occupational health, safety, and well-being management systems.
- ISO 45001 โ Occupational Health and Safety Management System (OHSMS). Replaced OHSAS 18001 in 2018. Certifies that an organization proactively manages workplace hazards and risks.
- OHSAS 18001 โ Predecessor to ISO 45001. Officially withdrawn in 2021; organizations should have migrated.
- ISO 45003 โ Psychological health and safety at work. Guidance on managing psychosocial risks.
~ ~ ~
Frameworks and standards governing how organizations handle personal data.
- GDPR โ General Data Protection Regulation. EU regulation (2016/679). Not an ISO standard โ it is binding law for any organization processing EU residents' data. No single "GDPR certification" exists, but ISO 27701 bridges it.
- ISO/IEC 27701 โ See Information Security. The closest certifiable standard to GDPR compliance.
- CCPA โ California Consumer Privacy Act. US state law regulating data privacy for California residents.
- HIPAA โ Health Insurance Portability and Accountability Act. US federal law governing health information privacy and security.
- ePrivacy Directive โ EU directive on privacy in electronic communications. Companion to GDPR.
- ISO 29100 โ Privacy framework. Foundational concepts and terminology for privacy standards family.
~ ~ ~
Standards and frameworks governing financial reporting, controls, and auditing.
- SOX โ Sarbanes-Oxley Act. US federal law mandating financial reporting controls and auditor independence for public companies.
- IFRS โ International Financial Reporting Standards. Accounting standards adopted in 140+ countries.
- GAAP โ Generally Accepted Accounting Principles. US accounting standard.
- PCI DSS โ Payment Card Industry Data Security Standard. Mandatory for any organization that stores, processes, or transmits cardholder data. Currently PCI DSS v4.0.
- ISAE 3402 / SSAE 18 โ Assurance reports on controls at service organizations. International equivalent of SOC 1.
~ ~ ~
- IATF 16949 โ Quality management system for automotive production and relevant service part organizations. Replaces ISO/TS 16949. Required by most OEMs (Toyota, VW, GM, Ford, etc.).
- VDA 6.x โ German Automotive Industry Association quality standards series.
- ASPICE โ Automotive SPICE. Process assessment model for automotive software development.
- ISO 26262 โ Functional safety for road vehicles (E/E systems).
- ISO/SAE 21434 โ Cybersecurity engineering for road vehicles.
- ISO 13485 โ Quality management system for medical devices. Required for market access in EU, Canada, and others.
- MDR / IVDR โ EU Medical Device Regulation (2017/745) and In Vitro Diagnostic Regulation (2017/746).
- FDA 21 CFR Part 820 โ US FDA Quality System Regulation for medical device manufacturers.
- IEC 62304 โ Medical device software lifecycle processes.
- ISO 14971 โ Risk management for medical devices.
- ISO 22000 โ Food Safety Management System (FSMS). Applies across the entire food chain.
- HACCP โ Hazard Analysis Critical Control Points. Systematic preventive approach to food safety.
- FSSC 22000 โ Food Safety System Certification. Builds on ISO 22000, recognized by GFSI.
- BRC Global Standards โ British Retail Consortium standards for food safety and packaging.
- IFS Food โ International Featured Standard. European food retail standard.
- AS9100 โ Quality Management System for Aviation, Space, and Defense organizations.
- DO-178C โ Software Considerations in Airborne Systems and Equipment Certification.
- DO-254 โ Design Assurance Guidance for Airborne Electronic Hardware.
- ISO/IEC 20000-1 โ IT Service Management System (ITSM). The certifiable standard underlying ITIL practices.
- ITIL 4 โ IT Infrastructure Library. Best practice framework for IT service management. Organizations adopt it; individuals get certified in it.
- ISO/IEC 25010 โ Systems and software quality models (SQuaRE series).
- ISO/IEC 12207 โ Software lifecycle processes.
- ISO/IEC 15408 โ Common Criteria for Information Technology Security Evaluation.
~ ~ ~
Frameworks helping organizations manage governance, enterprise risk, and regulatory compliance holistically.
- COBIT 2019 โ Control Objectives for Information and Related Technologies. Framework for IT governance and management by ISACA.
- COSO ERM โ Committee of Sponsoring Organizations. Enterprise Risk Management integrated framework.
- ISO 31000 โ Risk Management. Principles, framework, and process for any organization. Not directly certifiable but widely referenced.
- OCEG GRC Capability Model โ Open Compliance and Ethics Group. The "Red Book" GRC framework.
- Basel III โ International regulatory framework for banks (capital requirements, stress testing).
- Solvency II โ EU regulatory framework for insurance companies.
~ ~ ~
- UNI PdR 125:2022 โ Italian practice reference for gender equality certification in organizations. Basis for the Italian Gender Equality Certification ("Certificazione della Paritร di Genere").
- ISO 30415 โ Human resource management โ Diversity and inclusion.
- SA8000 โ Social Accountability International standard. Certifies ethical working conditions: no child labor, forced labor, discrimination; freedom of association.
- B Corp Certification โ Issued by B Lab. Certifies companies that meet high standards of social and environmental performance, accountability, and transparency.
- ISO 26000 โ Guidance on social responsibility. Not certifiable โ provides guidance only.
~ ~ ~
- awesome-standards โ Technical standards: RFC, proposals, language specs (developer-focused)
- awesome-security โ Security tools, resources, and references
- awesome-gdpr โ GDPR resources and tools
- awesome-compliance โ Compliance frameworks, tools, and resources
- awesome-certificates โ Free personal certifications for developers (NOT this list)
~ ~ ~
Contributions welcome! Please read CONTRIBUTING.md before submitting a PR.
Rules:
- Only standards that certify or apply to organizations, not individuals
- Include a brief description explaining what the standard certifies and why it matters
- Link to the official issuing body, not third-party summaries
- If adding a sector-specific standard, place it in the correct subsection
~ ~ ~
Copyright (c) 2026 Openapiยฎ