Certification Scope

The scope of a quality management system defines its geographic locations, product lines (including services), applicable processes, and identifies any excluded ISO 9001 requirements.


For example, an organization can define its scope to include a single site, or the scope can include multiple sites if they have a common system and the same top management.


The scope can include the applicable processes for a single product or service, or include the processes necessary for multiple products and services.


The scope can include all the applicable processes, or some of the processes can be outsourced to organizations outside the scope, i.e., to a supplier or another organization within the company.


The scope also identifies any requirements excluded from the ISO 9001 standard. For example, if a service organization has no measuring equipment to be calibrated, clause 7.6 would be excluded.

Although ISO 9001 is applicable to all organizations regardless of their type, size, or products, under certain circumstances an organization may exclude a specific ISO 9001 requirement and still be permitted to claim conformity to the standard. This is because not all the requirements in clause 7 are relevant to all organizations. ISO 9001 explains the permissible exclusions in clause 1.2.


The terms “scope of the quality management system” and “scope of certification” are often used interchangeably, but this can lead to confusion. It might be difficult for a customer to identify what parts of a supplier organization have been certified to ISO 9001, what product lines or processes are covered by the system, or what ISO 9001 requirements have been excluded.

To lessen such confusion and to enable identification of what has been certified, the scope of certification should clearly define:

  • the scope of the quality management system – including details of the product lines and related sites, departments, and divisions that are covered
  • the organization’s main processes for its product realization or service delivery activities (e.g., design, manufacture, delivery, service, and support) for the covered product lines
  • any ISO 9001 requirement that has been excluded.

Note that the scope of certification is not the same as the certificate that is awarded to the organization after their successful demonstration of conformity to ISO 9001. The certificate usually includes a synthesized description of the scope of certification, but not the details of the ISO 9001 requirements that have been excluded. However, it may refer to the fact that the exclusions are detailed in the organization’s quality manual.


It is the responsibility of the certification body auditor to:

  • ensure that the final statement of the scope of certification is not misleading
  • verify the scope only refers to the processes, products, sites, departments, or divisions of the organization that was assessed during the certification audit
  • verify the scope defines any excluded ISO 9001 requirements and that the justification for the exclusions is provided and is reasonable.

As an additional measure to combat potential confusion among customers and end-users, the certification scope should be clearly defined in the organization’s quality manual and any publicly available documents, including any promotional and marketing material. However, promotional statements should not be included in the certification scope statement.

(Some of the information in this article was extracted from the ISO website)