Which ISO standards might Amazon require from suppliers?

If you supply goods or services via Amazon, you may be asked to demonstrate certification to one or more ISO management system standards. A common challenge for suppliers is understanding which standard applies to their business, and whether certification is actually required at all.

This article outlines the ISO standards Amazon most commonly refers to, what each one covers, and how relevance is typically determined.

Amazon does not operate a single, universal ISO requirement for all sellers. Requirements vary depending on factors such as:

• the nature of the products or services supplied,

• the risks associated with those activities,

• whether personal data is handled,

• environmental or health & safety impacts,

• the role the supplier plays in the wider supply chain.

As a result, different suppliers may be asked for different standards, or no ISO certification at all.

ISO 9001 focuses on how an organisation manages quality, consistency, and customer requirements.

Amazon may refer to ISO 9001 where it wants assurance that a supplier has:

• defined and controlled processes,

• mechanisms for handling issues and complaints,

• systems in place to monitor and improve performance.

This is the most commonly requested ISO standard and is often relevant to manufacturers, distributors, and service providers.

ISO 14001 relates to how an organisation manages its environmental responsibilities.

This standard may be relevant where suppliers:

• manufacture or distribute physical products,

• generate waste or emissions,

• operate logistics, storage, or transport activities,

• are expected to demonstrate environmental controls within the supply chain.

ISO 14001 focuses on identifying environmental impacts and managing them in a structured and proportionate way.

ISO 45001 addresses how organisations manage health and safety risks to workers and others.

Amazon may reference ISO 45001 where suppliers:

• employ staff in operational or warehouse environments,

• carry out installation, maintenance, or site-based activities,

• operate facilities where health & safety risks are present.

The standard is concerned with risk identification, controls, and continual improvement - not just policies on paper.

ISO/IEC 27001 focuses on the management of information security risks.

This standard is often relevant where suppliers:

• handle personal or customer data,

• access Amazon systems or platforms,

• provide IT, software, or data-driven services,

• process commercially sensitive information.

  
  

ISO/IEC 27001 requires a structured approach to identifying, assessing, and managing information security risks.

In some cases, Amazon suppliers may be asked to hold certification to more than one ISO standard, particularly where multiple risk areas are involved.

For example:

• a manufacturer may require ISO 9001 and ISO 14001,

• a technology-enabled service provider may require ISO 9001 and ISO/IEC 27001,

• an operational business with staff and facilities may require ISO 9001 and ISO 45001.

Understanding relevance and scope is critical before pursuing certification.

One of the most common issues we see is suppliers:

• pursuing certification to a standard that does not apply,

• over-scoping their management system unnecessarily,

• or missing a standard that Amazon actually expects.

This can lead to additional cost, delay, and rework.

The most effective approach for Amazon suppliers is to:

• confirm whether ISO certification is required,

• identify which standard(s) are relevant,

• define an appropriate scope based on actual activities,

• implement systems that reflect how the business operates.

Certification should be proportionate, relevant, and aligned to real risks - not a box-ticking exercise.

We support Amazon sellers in understanding which ISO standards apply to their activities and in implementing management systems that meet standard requirements and business needs, supporting the full process through to accredited certification.

Further details are available on our Amazon Supplier ISO Support page: