What International Standards Does a CRO Company Need to Meet?



CRO companies around the world have a list of high standards that they need to meet in order to be successful. Some of these standards are internationally recognized. TheInternational Organization for Standardization is a non-governmental organization and the world’s largest developer of voluntary international standards.

Most market-leading CRO companies like Novotech CRO fully comply with these safety/quality standards. However, there are some low-tier companies that might not exactly tick out all the boxes.

According to the International Organization for Standardization, ISO certifications are a procedure in which a third party gives written assurance that a product, process, or service conforms to the requirements specified in the repository.

Some of the international standards that CRO companies should meet include:

ISO 14155 (Clinical Investigation of Medical Devices for Human Subjects – Good Clinical Practice)

  • Provides guidance to CRO companies on how to implement Good Clinical Practice (GCP).
  • Scientific and ethical standards in regards to conducting, design, monitoring, performance, recording, auditing, and reporting during the clinical studies.
  • Protect the safety and wellbeing of participants.
  • Define the responsibilities of everyone involved in the clinical study.
  • Assist ethical committees and regulatory bodies in their assessments.
  • Ensure credibility of study and research results.
  • Not a compulsory certification but strongly recommended proving that the wellbeing of participants is of paramount importance to the CRO company.

ISO 9001 (Quality Management System)

  • Covers research facilities, participants, staff, training, services, and equipment.
  • Strong focus on improvement.
  • Streamline operations.
  • Reduce costs.
  • Ensures the accessibility of reliable data.
  • Assists CRO companies to make informed decisions.
  • Work alongside ethical committees and regulatory bodies.

ISO/IEC 27001 (Information Technology – Security Techniques – Information Security Management Systems – Requirements)

  • Key focus on information security.
  • Protect confidential information in a cost-effective way by implementing an Information Security Management System (ISMS).
  • Only authorized people can access and edit information.
  • Identifies, evaluates, and addresses any information risks.

ISO 45001 (Occupational Health and Safety)

  • Improve employee safety.
  • Reduce workplace risks and accidents.
  • Create safer working conditions.
  • The Health and safety of employees and participants are of paramount importance.
  • Guidelines for an Occupational Health and Safety Management System.

An ISO certification demonstrates that a company meets high standards, cares about their employees and clients/customers, and strengthens their credibility. In some industries, it is a legal requirement to have ISO certifications.

Although ISO sets the guidelines for the standards, they don’t issue the actual certification, which is usually awarded by external certification organizations.

To get an ISO certification in Australia, there are 5 steps which must be followed:

  • Gap Analysis: A full review of your company which is then compared to the ISO standard. (Identifies strengths and weaknesses).
  • Certification Documentation: Outlines compliance objectives and the guidelines the business will follow to ensure compliance with a specific ISO certification.
  • Develop a Management System: Management systems are assessed (and sometimes changed) so they can follow standards.
  • Implementation: ISO standards are integrated into the company. Employees are given extensive training.
  • Auditing and Ongoing Improvements: Auditing becomes an ongoing process that ensures that a company is operating in accordance with the ISO standards.


Please enter your comment!
Please enter your name here