WHAT IS ISO?
International Organization for Standardization (ISO) is an international organisation comprising more than 160 national standards bodies. Founded in 1947, with headquarters in Geneva, Switzerland, ISO uses consensus amongst these members to produce International Standards.
This non-governmental, independent organisation has produced in excess of 21500 standards. ISO standards include specifications and guides to define the characteristics of materials, products, processes, services and systems. About 50 of these standards are management systems standards, e.g. ISO 9001 Quality management systems – requirements.
The short name ‘ISO’ is not an abbreviation for the full name, International Organization for Standardization. It is a name derived from the Greek word ‘isos’, meaning equal. By using this short name, the possible variation resulting from translating the full name to different languages is mitigated.
ISO claims that their role is similar to the conductor of an orchestra. The development of International Standards is typically performed by ISO technical committees. A technical committee is an orchestra whilst ISO harnesses their technical expertise to produce the symphony.
Expand the titles below to learn more about each standard.
ISO 9001 is the primary document in the ISO 9000 family of standards. The ISO 9000 series of standards comprises four documents that include:
- ISO 9000:2015 Quality Management Systems – Fundamentals and Vocabulary
- ISO 9001:2015 Quality Management Systems – Requirements
- ISO/TS 9002:2016 Quality Management Systems – Guidelines for the application of ISO 9001:2015
- ISO 9004:2009 Quality Management Systems – Managing for the sustained success of an organisation – A Quality Management Approach
This Standard defines requirements for management arrangements of an organisation that wants to show its ability to provide product and/or services that meet customer and applicable regulatory requirements on a consistent basis, as well as have a desire to drive customer satisfaction through the effective application of management arrangements.
ISO 9001 is a conformance based standard. Therefore, this standard does not set the level of quality performance for the organisation’s production of products or delivery of services. It instead, sets the requirements for the management arrangements needed to deliver the quality of product or service, as agreed between the organisation and its customer or defined in law (for regulated products).
The series of standards has been developed using seven Quality Principles. These are listed in ISO 9000 as follows:
- Customer focus
- Involvement of people
- Process approach
- Continual improvement
- Factual approach to decision making
- Mutually beneficial supplier relationships
When using the documents that make up the series of standards it is important to note that the main focus for conformity is ISO 9001. ISO 9000 provides background and additional information relating to Quality Management Systems as well as definitions of the vocabulary and concepts used in ISO 9001.
ISO 9004 expands on the basic requirements of ISO 9001 and integrates the ‘thinking’ of Business Excellence and maturity modelling alongside the traditional approach to Quality Management Systems.
ISO/TS 9002 may be used for guidance when implementing a Quality Management System.
Follow this link to watch a video explanation on ISO 9001, on our YouTube page: What is ISO 9001?
ISO 13485 is a standard, published by the International Organisation for Standardisation (ISO), which contains management system requirements for the design and manufacture of Medical Devices. Organisations compliant with this standard are able to demonstrate their ability to provide Medical Devices that consistently meet both customer and regulatory requirements.
While this standard remains a stand-alone document, ISO 13485 is in many ways harmonised with ISO 9001. An important difference worth noting is that ISO 9001 requires the organisation to demonstrate continual improvement of the Quality Management System, unlike ISO 13485 that requires only a demonstration that the Quality Management System is implemented and maintained. As a result of these subtle differences, ISO 13485 includes requirements for Medical Devices but excludes some requirements of ISO 9001 that are not appropriate as regulatory requirements. Because of these exclusions, organisations whose Quality Management Systems conform to this International Standard cannot always claim conformity to ISO 9001 unless their Quality Management Systems conform to all the relevant requirements of ISO 9001.
Compliance with ISO 13485 is often used to take the first step toward compliance with European regulatory requirements. The conformity of Medical Devices and In-vitro Diagnostic Medical Devices according to European regulations must be assessed before sale is permitted. The desired arrangements to prove compliance is certification to ISO 9001 and/or ISO 13485. This process typically culminates in a certificate of conformity allowing the CE mark to be used on the device and its packaging and permission to sell the medical device in the European Union.
ISO 14001:2015 defines requirements for an Environmental Management System.
With increasing demand for sustainable development and reporting on the Triple Bottom Line, more and more organisations are seeking to introduce credible Environmental Management Systems.
The content of ISO 14001:2015 provides a convenient framework to achieve legal compliance whilst simultaneously managing business processes for sustainability. The standard may be used by any type of organisation, irrespective of size or type.
Gaining certification to the requirements of ISO 14001 is achieved through third party audit. Benefits of certification to this standard include assurance and demonstration of conformance to shareholders, customers and other interested parties. The environmental management system drives responsible environmental performance.
By adopting the requirements of ISO 14001 an organisation creates a system that provides top management with information to build long term success. This includes compliance to applicable legislation and other requirements that are voluntarily adopted as part of its self-imposed management arrangements. The standard is not intended to increase or change an organisation’s legal requirements but instead to create a structured approach to acquire, control, maintain and disseminate legal information to its people to ensure compliance.
The ISO 14000 series of standards also offers a range of practical tools to manage Environmental Responsibilities.
The aim of an Environmental Management System is to assist organisations to introduce management arrangements that help contribute to Sustainable Development. It does this by setting out requirements that provide a structured approach to Environmental Protection under ever changing conditions.
The organisation’s management are therefore able to consider how they will deal with the changing circumstances, such as rising sea levels, climate change, increasing population and their need for employment, fluctuating economics in the context of existing and new activities, products and services.
The standard also enables organisations to achieve their own requirements for environmental performance. Providing a means to achieve their vision for a better future, despite pressure to perform at ever-higher levels of profit.
Follow this link to watch a video explanation on ISO 14001, on our YouTube page: What is ISO 14001?
This technical specification was jointly developed by the International Automotive Task Force (IATF), a group of automotive representatives from the major Original Equipment Manufacturers.
ISO/TS 16949:2009 is a technical specification, rather than an International Standard, used to implement the requirements of ISO 9001 in the automotive sector. It sets out the quality management system requirements for the design and development, production and, as appropriate, installation and servicing of automotive-related products.
Its purpose is to provide organisations in the automotive supply chain with a Quality Management System that ensures continual improvement, emphasising prevention of defects and the reduction of process variation and wastage. Furthermore, it is intended to provide a common approach to a Quality Management System to expressly avoid the need for multiple certification and customer audits.
This standard is written in such a way as to be supplemented by Original Equipment Manufacturer’s requirements.
Accreditation is a process in which validation of competency, consistency, independence and impartiality is delivered. This standard, ISO 17021, deals with these requirements where audits of a management system for purposes of certification, require indisputable credibility.
Organisations that certify third parties against standards are themselves accredited according to the requirements of ISO 17021 by accreditation bodies; hence they are sometimes known as “accredited certification bodies”. The accreditation process ensures that their certification practices are acceptable, typically meaning that they are competent to certify third parties.
ISO 17021 addresses the entire certification process used by a certification body – from audit planning to audit reporting, including the analysis of potential for conflict of interest and development of the audit program with schedules for surveillance.
This standard contains the general requirements for the competence of testing and calibration laboratories. ISO 17025 shares many principles with the ISO 9001 standard but places emphasis on competence instead of conformance of management arrangements. It applies directly to organisations that produce testing and calibration results and thus supports confidence in the accuracy and repeatability of the results produced. Its content deals with testing and/or calibration performed using standard methods, non-standard methods, and laboratory-developed methods.
With similar intent to ISO 9001, where a laboratory does not undertake one or more of the activities dealt with in ISO 17025, the requirements of those clauses are not applicable.
The standard may be used for in-company laboratories as well as external second or third party laboratories.
Where calibration results must prove traceability to national or international standards, accreditation of the laboratory will be delivered against the requirements of this standard. Where in-company calibration laboratories have close focus on metrology as part of their responsibilities they may also consider the guidance offered by ISO 10012, which deals with measurement management systems and combines the ‘thinking’ in ISO 17025 with that of ISO 9001.
Similarly where products are regulated and require testing for compliance to defined specifications, for example for purposes of applying a product mark, accreditation will be delivered against the requirements of this standard. This is typical of the arrangements needed for compliance with European regulatory requirements. Where required by a regulation, a certificate of conformity would be issued by the accredited product testing laboratory, known as a Notified laboratory, allowing the CE mark to be used on the product and its packaging and permission to sell the product in the European Union.
ISO 22000 provides the requirements for a Food Safety Management System where organisations operating within the food chain desire to demonstrate their ability to control food safety hazards. It applies equally to organisations of any size, which are involved in any aspect of the food chain and related services.
It should be recognised that Food Safety intrinsically considers the protection of consumers against food-born infectious agents and other hazards.
ISO 22000 combines and supplements the main parts of ISO 9001 and Hazard Analysis and Critical Control Point (HACCP) management to provide a framework for a Food Safety Management Systems (FSMS). It also shares common principles with other management systems, such as ISO 14001.
ISO 22000 is developed for certification purposes, which once achieved, will provide added confidence and assurance of food safety to customers.
Although most consumers are interested only in those organisations with direct impact on the food preparation, this standard deals with the entire food supply chain, from growers and producers to processors, packaging, transport and point of sale. It extends also to suppliers of non-food products and services, like cleaning, label printers and equipment manufacturers.
By implementing an ISO 22000 compliant Food Safety Management System the organisation is best positioned to anticipate, manage and mitigate Food Safety Risks, prevent recall of products and the associated potential liability whilst simultaneously protecting the value of the brand.
We all agree that Social Responsibility is needed to safeguard our future. A sustainable world is dependent on what we do about human rights, the environment and ethical behaviour.
ISO 26000 assists in putting forward a world-view on what Social Responsibility is. It provides organisations of all type with guidance on best practices. For this reason, there is no certification scheme for this standard.
The practical value offered by the standard is that it facilitates management protocols and routines that demonstrate Social Responsibility. It provides stimuli to organisational leaders to consider socially responsible behaviour and decide on the contributions their organisations may make to society. It further encourages monitoring and reporting on actions taken in regard to assuring healthy ecosystems, social equity and good organisational governance.
The standard deals with six core subjects that include:
- Human rights
- Labour practices
- The Environment
- Fair operating practices
- Consumer issues
- Community involvement and development
These core subjects are dealt with in the context of seven principles:
- Ethical behaviour
- Respect for stakeholder interests
- Respect for the rule of law
- Respect for international norms of behaviour
- Respect for human rights
Risk Management is an increasingly important business driver because of the interest shown by stakeholders in the risk profile of an enterprise. Risk should influence strategic decisions, it may be a cause of uncertainty in the organisation or it may simply be inherent to the activities of the organisation. An enterprise-wide approach to Risk Management enables an organisation to consider the potential impact of all type of risks on all processes, activities, products, services and facilities. Implementing a comprehensive approach results in an organisation benefiting from what is often referred to as the ‘upside of risk’. The approach is based on the proposition that risk management must produce value for the organisation, put differently, the benefit of reducing risk must be greater than the cost of its management.
ISO 31000 contains principles and generic guidelines for design, implementation and maintenance of risk management processes. It may be used by any type or size of organisation within any industry sector. Since the content may be applied throughout the life of an organisation across a wide range of activities, it is equally applicable from a strategic perspective to a tactical perspective and can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.
ISO 31000 seeks to provide a universally recognised approach for practitioners and organisations employing risk management to replace the vast number of existing standards and methods that differ between industry sectors and disciplines.
ISO 31000 is intended to be utilised to harmonise risk management processes in existing and future ISO standards. To achieve this it provides a common approach in support of standards dealing with specific risks rather than replacing those standards.
This approach to standardising risk management processes will, in all likelihood, encourage wider adoption by organisations that need an enterprise risk management approach that accommodates management system compliance with multiple standards and other requirements.
ISO 31000 is not intended for the purpose of certification.
Road accidents account for some 1.3 million fatalities around the world each year. With this staggering statistic in mind, any organisation committed to improving its performance in regard to road safety will benefit from the introduction of ISO 39001.
This standard is equally applicable to public and private organisations that interact with the road traffic system and is particularly useful for vehicle fleet operators, road designers, road builders, and road and ribbon maintainers.
Developed with the input of experts representing 40 countries, it provides a structured, holistic approach to road-traffic safety to complement existing programmes and regulations. It specifies the requirements for an organisation seeking to develop its management arrangements to implement initiatives that improve road traffic safety.
For organisations already in control of traffic related risk, achieving compliance shouldn’t prove to be too onerous as many of the required steps will already have been taken. Certification to ISO 39001 will signify to customers, suppliers, road traffic authorities and peers that best practice has been adopted and proof has been demonstrated to the certification auditors.
How we use energy today has consequences for our children and future generations.
Deploying new technologies can take time, but organisations can derive immediate benefits by managing their energy consumption more efficiently. Improved energy efficiency can cut costs and conserve resources as well as contribute to a reduction in the causes of global warming.
The ISO 50001 International Standard aims to help organisations continually reduce their energy use, and therefore their energy costs and their greenhouse gas emissions. This standard for energy management systems can assist in the safeguard of mankind’s future by immediately making a positive difference.
ISO 50001 is based on similar concepts to those used in ISO 9001 and ISO 14001 and certainly supports the focus of ISO 14001 which defines the requirements for an environmental management system.
The standard defines requirements for establishing, implementing, maintaining and improving an energy management system, the purpose of which is to ensure an organisation can follow a systematic approach to continually improving energy performance. This includes energy use, energy consumption, energy efficiency and energy security.
Where funding is made available by donors that are promoting the reduction in energy consumption, it is not uncommon for them to demand conformance to this standard as a means to their assurance of reliable reporting.