ISO Standards for Call Centres, CX and Customer Service: A Complete Guide
ISO standards (from the International Organization for Standardization) are internationally recognised frameworks that define best-practice requirements across a wide range of business functions. For organisations involved in contact centre operations, customer experience, customer service, and complaints handling, there is a specific set of ISO standards that establishes global benchmarks for how these functions should be designed, managed, and measured.
ISO standards are not prescriptive scripts — they define what good looks like, not exactly how to achieve it. A contact centre certified to ISO 18295, for example, has demonstrated through an independent audit that its operations meet internationally recognised requirements across customer communication, complaints handling, employee engagement, and more.
This guide covers the key ISO standards relevant to contact centres, CX professionals, customer service operations, and complaints departments globally — what each standard covers, who it applies to, whether certification is required, and how ACXPA's own CX Standards framework relates to the ISO system.
What ISO standards cover
Contact centre operations, quality management, information security, customer satisfaction measurement, complaints handling, and dispute resolution.
Who they apply to
Call centres, CX teams, customer service operations, complaints departments, and any organisation that processes customer contacts or handles customer feedback.
What this guide covers
ISO 18295, ISO 9001, ISO 27001, and the ISO 10001–10004 series — plus how ACXPA's own CX Standards framework relates to ISO certification.
What are ISO Standards?
ISO (International Organization for Standardization) is an independent, non-governmental international body that develops and publishes globally recognised standards across virtually every industry. ISO standards are developed through consensus among national standards bodies from over 160 countries — in Australia, the member body is Standards Australia.
ISO standards work by defining requirements that a management system, product, service, or process must meet to be considered consistent with global best practice. Independent certification bodies then audit organisations against these requirements and issue formal ISO certification to those who pass.
For contact centres, CX operations, and customer service functions, ISO standards provide a structured, internationally recognised framework for demonstrating that your operation meets minimum global quality benchmarks — covering how customers are served, how complaints are handled, how data is protected, and how quality is managed.
In plain English
ISO standards set the internationally agreed benchmark for what good looks like. Certification means an independent auditor has verified that your operation meets that benchmark. Not all organisations need formal certification — but the standards themselves are valuable as a quality framework regardless of whether you pursue certification.
Quick reference — ISO standards relevant to contact centres, CX, customer service and complaints
| Standard | Focus area | Most relevant to |
|---|---|---|
| ISO 18295 | Contact centre operations | Call centres, contact centres |
| ISO 9001 | Quality management systems | All customer service operations |
| ISO 27001 | Information security management | Call centres handling data or payments |
| ISO 10001 | Customer satisfaction — codes of conduct | CX, customer service |
| ISO 10002 | Complaints handling | Complaints departments, all contact centres |
| ISO 10003 | External dispute resolution | Regulated industries, complaints functions |
| ISO 10004 | Monitoring and measuring customer satisfaction | CX, customer service |
ISO 18295 — The Contact Centre Standard
ISO 18295 is the primary international standard specifically designed for contact centre operations. Published in 2017, it provides a comprehensive framework for any contact centre — inbound, outbound, in-house, or outsourced — that aims to deliver services which consistently meet or exceed customer expectations. ISO 18295 is structured in two complementary parts:
Part 1: Requirements for Customer Contact Centres
Part 1 applies directly to the contact centre itself — whether operated in-house or by an outsourcer on behalf of a client. It covers the operational requirements a contact centre must meet across five key areas:
- Customer interactions — how contacts are handled, queued, resolved, and followed up. Includes requirements for wait times, communication quality, and resolution outcomes
- Complaints and escalation handling — requirements for receiving, acknowledging, investigating, and resolving customer complaints within the contact centre environment
- Employee engagement — requirements covering staff competency, training, performance management, wellbeing, and how people are developed and supported
- Management information and reporting — requirements for how contact centre performance is measured, reported, and used to drive continuous improvement
- Resources and technology — requirements for the systems, infrastructure, and resources necessary to deliver consistent service
Part 2: Requirements for Clients Using Contact Centre Services
Part 2 applies to the client organisations that commission or use contact centre services — whether those services are delivered in-house or by a third-party outsourcer. It establishes what client organisations need to provide and define in order to enable the contact centre to deliver high-quality customer service on their behalf — including defining the scope of service, providing adequate information and systems access, establishing performance expectations, and ensuring their governance processes support good customer outcomes.
💡 Why ISO 18295 matters
ISO 18295 certification is increasingly relevant for contact centres seeking government contracts and public sector outsourcing opportunities globally, where it is often listed as a mandatory or preferred requirement. It is also increasingly requested by large enterprise clients as part of procurement due diligence for outsourcing arrangements.
ISO 9001 — Quality Management
Quality Management Systems — Requirements
ISO 9001 is the world's most widely adopted management system standard — applicable to any organisation of any size in any sector. For contact centres and customer service operations, it provides a framework for building quality management systems that consistently deliver services meeting customer and regulatory requirements. Key principles relevant to customer service operations include:
- Customer focus — the primary goal of quality management is to meet customer requirements and strive to exceed expectations
- Process approach — understanding and managing interrelated processes as a system to deliver consistent outcomes
- Evidence-based decision making — decisions based on analysis of data rather than assumption
- Continual improvement — a systematic approach to improving processes and outcomes over time
- Leadership commitment — management accountability for quality at all levels
ISO 9001 certification is often the foundational quality certification for contact centres before pursuing more sector-specific standards such as ISO 18295.
ISO 27001 — Information Security Management
Information Security Management Systems — Requirements
ISO 27001 is the international standard for information security management. For contact centres it is particularly relevant because of the volume of sensitive customer data they handle — personal information, payment card data, health records, and financial details. ISO 27001 requires organisations to establish, implement, maintain, and continually improve an Information Security Management System (ISMS) — a systematic approach to managing sensitive information to keep it secure across people, processes, and technology.
For contact centres handling payment card data, ISO 27001 is often pursued alongside PCI-DSS (Payment Card Industry Data Security Standard), which sets specific requirements for organisations that store, process, or transmit cardholder data. ISO 27001 is broader in scope — PCI-DSS is more prescriptive for the specific payments context.
ISO 10001–10004 — The Customer Satisfaction Series
The ISO 10000 series is a family of four complementary standards focused on customer satisfaction — covering how organisations commit to customers, handle complaints, resolve disputes, and measure satisfaction. Together they provide a comprehensive framework for the full customer service and complaints lifecycle. This series is particularly relevant to CX professionals, customer service operations, and complaints departments.
Customer Satisfaction — Guidelines for Codes of Conduct
Provides guidelines for planning, designing, developing, implementing, maintaining, and improving customer satisfaction codes of conduct. It defines the commitments an organisation makes to its customers about how they will be treated — and the processes for delivering on those commitments consistently. Relevant to any customer-facing function, particularly CX teams defining their service promise.
Customer Satisfaction — Guidelines for Complaints Handling
The most widely referenced standard in the customer service and complaints handling space. ISO 10002 provides guidelines for the complaints handling process within an organisation — covering how complaints are received, acknowledged, assessed, investigated, responded to, closed, and reported. It is applicable to all organisations regardless of size or sector. ISO 10002 principles underpin many industry-specific complaints handling codes and regulatory requirements globally.
Customer Satisfaction — Guidelines for Dispute Resolution External to Organisations
Provides guidelines for dispute resolution processes that operate external to the organisation — external ombudsman schemes, mediation, arbitration, and similar mechanisms. Particularly relevant for regulated industries — such as financial services, telecommunications, and energy — where external dispute resolution is mandated. It helps organisations design their internal processes to interface effectively with external resolution schemes.
Customer Satisfaction — Guidelines for Monitoring and Measuring
Provides guidelines for defining and implementing processes to monitor and measure customer satisfaction — covering how to plan and conduct customer satisfaction surveys, how to analyse and use the results, and how to communicate findings internally and externally. For CX professionals and contact centre managers, it provides a structured methodology for moving beyond anecdotal understanding of customer satisfaction to systematic, comparable measurement.
ACXPA CX Standards — Australia's Own Contact Centre Framework
Alongside the international ISO framework, ACXPA has developed its own Contact Centre CX Standards — a practical, Australian-specific set of standards defining what good customer experience looks like in a contact centre context. These standards are designed to complement, not replace, ISO certification.
What the ACXPA CX Standards measure
The ACXPA Contact Centre CX Standards cover the key dimensions of customer experience in a contact centre interaction — from how calls are answered and customers are greeted, through to how effectively issues are resolved and the overall quality of the interaction. Unlike ISO standards which focus on management systems and processes, ACXPA's CX Standards are outcome-focused — measuring the actual experience delivered to customers, independently validated through mystery shopping and powering the Australian Call Centre Rankings.
How ACXPA CX Standards differ from ISO
- Outcome-focused — measures actual customer experience, not just management systems and processes
- Australian-specific — developed in the context of Australian contact centre operations and customer expectations
- Independently measured — powers the Australian Call Centre Rankings through mystery shopping across multiple industry sectors
- Practical framework — directly aligned with a number of CX Skills training programs
How they complement ISO
- ISO 18295 and ISO 9001 define the system for delivering quality — ACXPA CX Standards measure whether the outcome was actually good
- Many contact centres use ACXPA's standards as an operational benchmark alongside formal ISO certification
- The Australian Call Centre Rankings provide independently verified benchmarking data across sectors — something ISO certification alone does not provide
- CX Skills training programs reference ACXPA's CX Standards as the practical framework for what agents and managers should be delivering
Do You Need ISO Certification?
The short answer: it depends on your industry, your clients, and your aspirations. ISO certification is not universally mandatory — but there are specific contexts where it is either required or strongly expected.
🏛️ Government and public sector contracts
ISO certification — particularly ISO 9001 and increasingly ISO 18295 — is frequently listed as a mandatory or preferred requirement for contact centre outsourcing tenders and government service delivery contracts. If your organisation competes for or holds public sector contracts, certification is likely either required now or will be in the near future.
🏢 Large enterprise clients
Large corporate clients increasingly require their outsourcers and service providers to hold ISO certifications as part of their supply chain due diligence and risk management processes. ISO certification is becoming a threshold requirement for inclusion in enterprise procurement panels.
🔒 Data-sensitive operations
Contact centres handling payment card data, health information, financial services data, or other sensitive personal information should seriously consider ISO 27001. It demonstrates systematic security governance — increasingly important as cyber risk and privacy regulation intensify globally.
📋 When you don't need formal certification
Even without formal certification, ISO standards are valuable as internal quality audit tools. Many contact centres use ISO frameworks — particularly ISO 18295, ISO 10002 for complaints, and ISO 9001 — as benchmarking frameworks for gap analysis and continuous improvement, without pursuing the cost and rigour of formal third-party certification. The frameworks set global minimum expectations and help identify operational gaps.
Other Quality Frameworks
ISO is not the only quality framework relevant to contact centres. Several other international frameworks are used in the industry — COPC (Customer Operations Performance Center) is a performance management framework specifically developed for contact centres used by some large global organisations, and CCXP (Certified Customer Experience Professional) is an individual practitioner credential administered by the CXPA. Both are referenced in the industry, though neither is an ISO-accredited standard.
CX Skills offers training programs aligned with ACXPA's own CX Standards framework — validated through the Australian Call Centre Rankings and specifically focused on the Australasian market.
Getting ISO Certified — Where to Start
ISO certification is issued by accredited third-party certification bodies — not by ISO itself. The process typically involves a gap analysis against the relevant standard, implementing the required management systems and processes, and an independent audit by the certification body. The ACXPA Supplier Directory lists specialist consultants in Australia who can guide you through the process:
Standards and Certification Specialists
Specialist providers offering ISO gap analysis, management system implementation, and certification support for contact centres and customer service operations.
Contact Centre Consultants
Experienced contact centre consultants who can help assess your operation against ISO requirements and develop the management systems needed for certification.
💡 Start with a gap analysis
Before committing to the full certification process, an ISO gap analysis conducted by a specialist consultant will identify where your current operation meets the requirements and where investment is needed. This gives you a realistic picture of the effort and cost involved before you begin, and often reveals quick wins that improve operations independently of the certification outcome.
Frequently Asked Questions About ISO Standards
What ISO standard applies specifically to call centres?
ISO 18295 is the primary international standard designed specifically for contact centre operations. Published in 2017, it has two parts: ISO 18295-1 (requirements for the contact centre itself) and ISO 18295-2 (requirements for client organisations using contact centre services). ISO 9001 (quality management) and ISO 27001 (information security) are also widely relevant to contact centre operations.
Is ISO certification mandatory for call centres?
ISO certification is not universally mandatory, but is required or strongly preferred in specific contexts — particularly for government and public sector contracts, large enterprise outsourcing arrangements, and regulated industries. Even where certification is not required, ISO standards are valuable as internal quality benchmarking frameworks.
What is the difference between ISO 18295 and ISO 9001?
ISO 9001 is a general quality management system standard applicable to any organisation. ISO 18295 is specifically designed for contact centres and goes into much more detail about contact centre-specific requirements — customer interaction handling, complaints management within the contact centre, employee engagement, and performance reporting. Many contact centres pursue ISO 9001 as a foundation before seeking ISO 18295 certification.
What ISO standard covers complaints handling?
ISO 10002 specifically covers customer satisfaction — guidelines for complaints handling in organisations. It is the most widely referenced complaints handling standard and provides a framework for how complaints should be received, acknowledged, investigated, resolved, and reported. ISO 10003 covers external dispute resolution — relevant where complaints are escalated to external bodies such as ombudsman schemes.
Do I need ISO 27001 if my call centre handles payments?
ISO 27001 and PCI-DSS serve related but different purposes. PCI-DSS sets specific mandatory requirements for organisations that store, process, or transmit cardholder data. ISO 27001 is a broader information security management system standard. Contact centres handling payments typically need to meet PCI-DSS requirements — ISO 27001 is a complementary broader framework. Seek specialist advice on your specific obligations under both frameworks and the Australian Privacy Act.
What is the difference between ISO standards and the ACXPA CX Standards?
ISO standards focus on management systems and processes — they define how an organisation should be structured and governed to consistently deliver quality. ACXPA's Contact Centre CX Standards are outcome-focused — they define what a good customer experience looks and feels like during a contact centre interaction, and are independently measured through mystery shopping for the Australian Call Centre Rankings. The two frameworks are complementary: ISO defines the system, ACXPA's standards measure the outcome.
How long does it take to get ISO certified?
It depends on the size and complexity of your operation and how close your current systems are to meeting the requirements. For contact centres starting from scratch, ISO 9001 certification typically takes 6–12 months to implement and certify. ISO 18295 may take longer given its operational specificity. A gap analysis at the outset will give you a more accurate estimate for your specific situation.
Where to Next
Summary: ISO Standards for Call Centres, CX and Customer Service
ISO standards provide the international quality framework for contact centres, customer experience, customer service, and complaints handling operations. ISO 18295 is the standard specific to contact centres. ISO 9001 covers quality management systems broadly. ISO 27001 addresses information security. And the ISO 10001–10004 series covers the full customer satisfaction lifecycle — from codes of conduct through complaints handling, external dispute resolution, and satisfaction measurement.
Whether formal certification is required depends on your industry, clients, and operational context — but the standards are valuable as quality benchmarking frameworks regardless of whether you pursue certification. ISO certification is increasingly expected for government contracts and large enterprise outsourcing arrangements.
Alongside ISO, ACXPA's own Contact Centre CX Standards provide an outcome-focused quality framework specific to Australian contact centre operations — measuring the actual customer experience delivered, independently validated through the Australian Call Centre Rankings. The two frameworks are complementary: ISO defines the system, ACXPA's standards measure the outcome.
