ISO Simplified: All You Need to Know
What is ISO, its most popular international standards, and more.
Published September 7th, 2020
What is ISO?
The International Organization for Standardization (ISO) is an independent non-government organization that establishes internationally recognized standards. ISO was founded in 1947 with the goal to set standards that will help set benchmarks for quality, safety, and processes across industries and regions. Originally formed in London by 65 delegates from 25 countries, ISO is now based in Geneva, Switzerland and has since published 22,782 international standards recognized by its members in 164 countries.
The International Organization for Standardization decided to use “ISO,” derived from the Greek isos which means equal, as its short-form regardless of the language or country where it is recognized.
Designed by ISO members, ISO standards provide frameworks, guidelines, or requirements that can be followed to help achieve their intended purpose. ISO standards aid multiple industries in different regions implement internationally recognized benchmarks for quality, security, safety, etc.
Contrary to popular belief, ISO itself does not provide certifications for the standards it publishes. It is the third-party auditors that conduct inspections and provide certifications for ISO standards. To be “certified” for an ISO standard means that an organization has provided enough proof to third-party auditors that they have met the requirements of said standard.
Today, ISO is considered the gold standard by many businesses and organizations around the globe. Aside from certification, adhering to ISO standards help in achieving the following:
- Facilitate consensus building among organizations through shared benchmarks
- Keep businesses up-to-date with the latest industry best practices
- Encourage trade and business partnerships across the globe through compliance with regulatory and industry requirements
There are several approaches to preparing for ISO certification, such as engaging with consultants to seek advice on certification or preparing internally before getting third-party help. Here are 5 steps to prepare for third-party certification of an ISO standard.
- Familiarize yourself with the ISO standard
Determine which ISO standard is applicable and most beneficial to your organization or industry. While adhering to an ISO standard is voluntary, there are industries that require organizations to get certified for specific ISO standards. Getting to know the most popular ISO standards is a good start. Once you have determined which standard to follow, it’s time to get the rest of the company on board with the drive towards certification.
- Get buy-in
Getting aligned with ISO standards, particularly for vital processes, would need the cooperation of everyone in the organization. Proper information dissemination and conducting employee training can help the rest of the staff understand the reason behind getting certified for an ISO standard. Getting buy-in will also help minimize aversion to internal audits, which is a common requirement for certification.
- Conduct internal audits
Conducting internal audits can help identify gaps in current processes, discover areas for improvement, and assess readiness for third-party certification. Form a team that will conduct internal audits using audit checklists based on the ISO standard you wish to get certified for. The auditing team will be accountable for the proper documentation of internal audits, which is a must for ISO certification.
- Align with the ISO standard
Once areas for improvement are discovered through internal audits, proceed with implementing changes to address gaps and deficiencies. Always document changes made and continue conducting regular internal audits to track the organization’s progress towards alignment with the ISO standard.
- Proceed with the third-party audit
Get in touch with a reputable third-party auditor that will conduct the certification audit and help your organization get certified for the ISO standard.
ISO certification is not a one-off endeavor and is valid only for three years starting from the date of certification. ISO certification is valid for three years, after which, recertification is needed to ensure consistency of ISO standard-aligned processes. Continue implementing the ISO-aligned processes and be aware of updates even after the certification for the ISO standard is achieved. ISO standards are reviewed every 5 years and revisions are published by ISO in order to reflect current industry best practices.
Out of the 22,782 international standards, here are 9 of the most popular ISO standards and how they are commonly used.
Quality Management System
ISO 9001:2015 – ISO’s most in demand international standard designed to set a framework for implementing Quality Management System (QMS) in any organization or industry. This standard served as a basis for other international standards such as ISO 13485:2016 and IATF 16949:2016, and is an optional prerequisite for other standards such as ISO 17025. The ISO 9001:2015 standard, although technically optional, has become a requirement by certain institutions in order to engage in business.
ISO 14001:2015 – ISO’s standard for establishing a framework for Environmental Management System (EMS). Through an organization’s EMS, the standard aims to help organizations minimize their negative impact on the environment and be more efficient in using resources. ISO 14001:2015 also helps organizations work to meet regulatory environmental performance requirements.
Information Security Management
ISO/IEC 27001:2013 – The international standard that provides a framework for Information Security Management System (ISMS). The ISO 27001:2013 standard aims to help organizations, regardless of size, maintain the confidentiality, integrity, and availability of information assets to stakeholders.
Food Safety Management
ISO 22000:2018 – ISO’s standard for Food Safety Management System (FSMS) provides the requirements for organizations to prove that they have ensured the safety of food from food safety hazards. It is the ISO standard on which FSSC 22000, another international food standard, expands upon. The older version, ISO 22000:2005, is still valid until June 2021 and organizations that wish to continue certification for the ISO standard should transition to the latest version by June 29, 2021.
ISO 50001:2018 – ISO provides a framework for Energy Management System (EnMS) through this international standard. Similar to the approach of ISO 9001 and ISO 14001, ISO 50001:2018 encourages the participation of leadership in promoting the efficient use of energy in the organization through an effective EnMS.
ISO 13485:2016 – The latest ISO standard for the QMS of organizations involved in the manufacturing, distribution, servicing, and disposal of medical devices. A revision of the old version ISO 13485:2003 and is based on ISO 9001, this international standard aims to maintain the safety and quality of medical devices and keep up with the latest technology and changes to regulations. ISO 13485:2016 is also a prerequisite for manufacturers that want to get certified for the Medical Device Single Audit Program (MDSAP) by the International Medical Device Regulators Forum (IMDRF).
Testing and Calibration
ISO/IEC 17025:2017 – Laboratories intended for testing and calibration can benefit from getting certified for this ISO standard that aims to recognize laboratories with technical proficiency aligned with international standards. This ISO standard recognizes ISO 9001:2015 for QMS as an optional prerequisite to get certified.
Occupational Health and Safety
ISO 45001:2018 – ISO revised standard for Occupational Health & Safety (OH&S) provides a framework aiming to promote safer workplaces in any industry by being proactive in addressing hazards and engaging all stakeholders. This international standard is based on and has replaced BS OHSAS 18001 so those that are currently certified for BS OHSAS 18001 would need to transition to ISO 14001:2018 by March 2021.
ISO 31000:2018 – The international standard that provides a framework for the design, implementation, and maintenance of risk management in an organization. This ISO standard serves as a guide and is not intended for certification.
An ISO standard is created for a specific purpose or to address a certain need of an industry. Despite the unique intent for the development of each ISO standard, the most popular ISO standards do have some common sections. Below are the 10 most common sections found in most ISO standards:
Section 1: Scope
This is a mandatory section that contains the description of the international standard’s scope and limitation, goal, the organization/s it is applicable to, and any special condition that needs special attention.
Section 2: Normative Reference
Another mandatory section for all ISO standards, it lists the document titles of any normative references. According to ISO, these are documents “which are cited in the text in such a way that some or all of their content constitutes requirements of the document.”
Section 3: Terms and Definitions
This mandatory section defines the terms used in the standard or references the title of the document that would contain these terms and definitions.
Section 4: Context of the Organization
The context helps confirm if internal and external issues that can impact the goal of the standard had been determined. This section also seeks to confirm if the interested parties and the expectations that are relevant to the implementation of the standard are identified.
Section 5: Leadership
The leadership section stresses the responsibility of organizational leadership to spearhead the implementation of the ISO standard. It seeks to confirm the leadership’s commitment to continuously improve processes and allocate resources to support the implementation of the standard. Depending on the standard, worker participation and company culture is also taken into account.
Section 6: Planning
This section is used to confirm if there are plans, procedures, objectives, and actions aligned with the intent to implement the standard. Depending on the standard, the planning section also seeks to determine if objectives are measurable or if risks and opportunities are taken into consideration.
Section 7: Support
The support section typically consists of clauses for employee awareness of the processes involved in the standard, documentation of employee competency, internal and external communications, and if sufficient resources and support that will help employees fulfill the requirements of the standard are available.
Section 8: Operation
The operation section aims to confirm if the organization has properly planned, implemented, controlled, and maintained the processes needed to meet the requirements of the standard. This section also emphasizes the need for documentation to prove that the processes were indeed carried out according to plan. Depending on the standard, outsourced processes may also be taken into consideration.
Section 9: Performance Evaluation
The performance evaluation section tackles the need for the organization to determine monitoring and performance evaluation protocols that ensure valid results. This includes confirmation that the frequency of evaluations, what needs to be measured, method of analysis, and the persons responsible for the tasks had been established. Documentation of performance evaluation is also highlighted in this section.
Section 10: Improvement
Crucial for ISO standards, particularly those intended for management system standards, the improvement section aims to lay down the framework for the promotion of continuous process improvement. Even those standards that do not have this section still stress on the commitment to incorporate processes for continuous improvement.
Around the world, over a million organizations are certified for at least one of the international standards set by ISO. Some of the standards developed by ISO even became the basis or were expanded upon by other recognized organizations that also publish international standards. Since ISO’s inception more than 70 years ago, it has helped organizations implement processes, create products, develop industry best practices, foster international partnerships, and improve industry benchmarks that align with ISO standards and will continue to do so in the foreseeable future.