ISO 19443:2018 is an international quality management standard that applies ISO 9001:2015 requirements to organizations in the nuclear supply chain, adding nuclear-specific requirements for safety significance classification, graded approach, human performance, nuclear safety culture, and counterfeit/suspect item prevention. It is the dominant nuclear supply chain QA standard in Europe and internationally, and is gaining recognition in North America alongside NQA-1 and CSA N299.

How does ISO 19443 differ from ISO 9001?

ISO 19443 uses ISO 9001:2015 as its foundation and adds nuclear-specific clauses on top. The key additions include: identifying and classifying products and services by safety significance, applying a graded approach (more rigour for safety-significant items), explicit human performance requirements, nuclear safety culture promotion, counterfeit and suspect item prevention, and nuclear-specific records and traceability requirements. An organization certified to ISO 19443 also satisfies ISO 9001.

How does ISO 19443 compare to NQA-1 and CSA N299?

ISO 19443, NQA-1, and CSA N299 all address quality management in the nuclear supply chain but originate from different standards bodies and are dominant in different markets. NQA-1 is the primary standard in the US, CSA N299 in Canada, and ISO 19443 internationally (especially Europe). All three use third-party certification models and address similar core requirements, but ISO 19443's process-based structure (inherited from ISO 9001) differs from NQA-1's 18-requirement structure. Cross-recognition is growing as the nuclear industry becomes more globally integrated.

What is ISO 19443? Nuclear Supply Chain Quality Management Standard Explained

ISO 19443:2018, Quality management systems: Specific requirements for the application of ISO 9001:2015 by organizations in the supply chain of the nuclear energy sector supplying products and services important to nuclear safety is published by the International Organization for Standardization (ISO) and is the primary international QA standard for nuclear supply chain organizations. It takes ISO 9001:2015 as its foundation and adds the nuclear sector-specific requirements that generic quality management does not address: safety significance, graded approach, human performance, nuclear safety culture, and prevention of counterfeit and suspect items.

What ISO 19443 adds to ISO 9001

ISO 19443 is structured identically to ISO 9001:2015, using the same Annex SL clause numbering (Context, Leadership, Planning, Support, Operations, Performance Evaluation, Improvement). Every ISO 9001 requirement is retained. The nuclear-specific content is added as additional requirements within those same clauses, meaning an organization certified to ISO 19443 automatically satisfies ISO 9001.

The nuclear-specific additions that distinguish ISO 19443 from ISO 9001:

Safety significance classification. Organizations must identify which of their products and services are important to nuclear safety and classify them by safety significance. This classification drives the level of rigour applied throughout the QA program, a direct expression of the graded approach.

Graded approach. QA requirements must be applied commensurate with the safety significance of the item or activity. This is not optional: ISO 19443 requires organizations to document how they apply the graded approach, which items receive full QA program treatment, and which are subject to reduced requirements.

Human performance. ISO 19443 includes explicit requirements for human performance tools, pre-job briefings, self-checking (STAR: Stop, Think, Act, Review), concurrent verification, and error-likely situations. Human performance is treated as a controllable variable in the quality system, not just a background condition.

Nuclear safety culture. Organizations must demonstrate awareness of nuclear safety culture principles and establish a working environment that supports it. This includes leadership behaviours, questioning attitude, reporting of concerns, and response to safety issues.

Counterfeit, fraudulent, and suspect items (CFSI). Organizations must have procedures to identify, prevent, and respond to counterfeit or suspect items entering the supply chain. This is a nuclear-specific risk with no direct parallel in generic ISO 9001.

Certification model: Like ISO 9001, ISO 19443 is certified by accredited third-party certification bodies (Bureau Veritas, SGS, TÜV Rheinland, and others). A single ISO 19443 certificate is accepted by nuclear buyers in multiple countries simultaneously, a significant efficiency compared to individual buyer qualification audits.

ISO 19443 vs NQA-1 and CSA N299

ISO 19443, NQA-1, and CSA N299 are the three dominant nuclear supply chain QA standards globally. They share the same fundamental objectives but differ in origin, market acceptance, and structure.

Dimension	ISO 19443	NQA-1	CSA N299
Publisher	ISO	ASME	CSA Group
Primary market	International (Europe dominant)	United States	Canada
Structure	ISO 9001 Annex SL (process-based)	18 requirements	4 levels by safety significance
Certification	Third-party (ISO-accredited CBs)	Primarily buyer audits; N-stamp for some	Third-party (SCC-accredited CBs)
ISO 9001 relationship	Directly extends ISO 9001	Independent; structurally similar	Independent; aligned to ISO 9001
Human performance	Explicit requirement	Supplementary guidance (Part II)	Addressed in program requirements

Cross-recognition between ISO 19443 and NQA-1 is a practical reality in the global nuclear supply chain. Suppliers certified to ISO 19443 who enter the US market may still need to demonstrate NQA-1 compliance to individual US buyers. Conversely, NQA-1-qualified US suppliers entering European or international markets often pursue ISO 19443 certification as the locally preferred credential. The substantive requirements are similar enough that holding both certifications does not typically require a fundamentally different QA program.

ISO 19443 in the global nuclear supply chain

ISO 19443 was published in 2018 to address a recognized gap: the nuclear industry had country-specific QA standards (NQA-1 in the US, CSA N299 in Canada, KTA 1401 in Germany, RCC-Q in France) but no single international standard that would function across markets. ISO 19443 was designed to fill that role, using the ISO 9001 framework that most industrial suppliers already understood as its base.

Adoption has been strongest in Europe and in the supply chains of internationally active nuclear operators. Utilities in France, the UK, Finland, and across Asia have driven adoption among their supplier bases. The growth of advanced reactor projects and SMR programs is accelerating ISO 19443 adoption further, as new nuclear projects in multiple countries require a supply chain that can operate across jurisdictions.

For North American suppliers targeting international markets, ISO 19443 certification is increasingly a practical requirement. For international suppliers entering the North American market, ISO 19443 provides a recognized QA credential that reduces, though does not eliminate, the additional qualification work required by US and Canadian buyers.

Practical implementation: what changes when an organization pursues ISO 19443

For an organization already holding ISO 9001 certification, the incremental work to achieve ISO 19443 is concentrated in the nuclear-specific additions. The process framework, document control structure, audit program, and most operational procedures carry over. The new work typically involves: documenting safety significance classifications for product and service categories, developing or formalizing human performance procedures, adding a counterfeit/suspect item prevention program, and integrating nuclear safety culture awareness into induction and ongoing training.

For organizations starting from scratch, ISO 19443's alignment with ISO 9001 means that the large body of implementation guidance, gap assessment tools, and experienced auditors available for ISO 9001 applies directly. The nuclear-specific clauses are additions, not replacements, and certification bodies that are accredited for both ISO 9001 and ISO 19443 can audit both standards in a combined assessment.

Where programs most commonly struggle in ISO 19443 surveillance audits is in the graded approach documentation, specifically demonstrating that safety significance classifications are current, that the rationale for classifications is traceable, and that the QA activities applied to each category are genuinely commensurate with the assigned significance level. Programs that assign significance classifications at setup and then never revisit them as product scope evolves are a consistent audit finding.

Forged Operations supports ISO 19443-aligned nuclear supply chain programs. The platform manages document control, NCR lifecycle, corrective action tracking, and supplier qualification records to keep programs in continuous surveillance-ready condition across ISO 19443, NQA-1, and CSA N299.

Book a demo Learn more →

References

International Organization for Standardization. ISO 19443:2018: Quality management systems — Specific requirements for the application of ISO 9001:2015 by organizations in the supply chain of the nuclear energy sector supplying products and services important to nuclear safety. Geneva: ISO, 2018.
International Organization for Standardization. ISO 9001:2015: Quality Management Systems — Requirements. Geneva: ISO, 2015.
International Atomic Energy Agency. GS-R-3: The Management System for Facilities and Activities. Vienna: IAEA, 2006.
International Atomic Energy Agency. GSR Part 2: Leadership and Management for Safety. Vienna: IAEA, 2016.
CSA Group. CSA N299 series: Quality Assurance Program Requirements for the Supply of Items and Services for Nuclear Power Plants. Toronto, Ontario: CSA Group.