Types of ISO Standards

Standardization within a business is a familiar concept; it’s better when accounting and

purchasing use the same terminology, for example, and it helps when management can
understand reports from operations. It’s best practice to develop these concepts and
terminology with alignment to external standards as well, so that customers and suppliers will
also understand a company’s processes and information. There are a number of recognized
external bodies that create standardized systems, but the most popular and well-known – and
most frequently adopted – standards come from the ISO.

What is the ISO?

ISO stands for the International Organization of Standardization. It’s an international body
dedicated to creating, setting and promoting standards. To date, they’ve published over
22,600 standards and related documents, applicable to all sorts of industries, from
manufacturing to food safety to accounting and health care.

These standards present an approach that has been agreed on by international experts. The
standards themselves are a collection of best practices which promote product compatibility,
identify safety issues and share solutions and know-how. For example, ISO standards are
why an American cell phone can connect to service in Europe with little difficulty, why food
offered in a supermarket is safe to eat and why credit cards can be used anywhere.

Kinds of ISO Standards

There are a number of different types of ISO standards. Some of the most popular ones
include:

 ISO 9000 - Quality Management. ISO 9000 lays out the criteria for a quality management
system that will help a business continue to improve quality and customer relations. It’s a set
of standardized tools and practices to identify areas of improvement, and is internationally
viewed as the best practice for quality management.
 ISO 22000 - Food Safety Management. ISO 2200 sets out what an organization needs to do
to ensure their food is safe for public consumption. It contains guidelines that can be used at
all points in the industry, no matter the size of the business.
 ISO/IEC 27000 - Information Security Management Systems. ISO/IEC 27000 contains the
family of standards used to keep informational assets safe. Businesses that manage personal
data, customer data, finances or intellectual property use these standards to ensure this
information remains protected.
 ISO 31000 - Risk Management. Risk is a part of every business decision. ISO 31000
provides a framework for managing these risks, with best practices for identifying risks and
consequences.

Certified ISO Standards

While there are many different kinds of ISO standards, only a select few of them can
be certified. Certification is a process that takes place outside ISO, where a company’s
program is reviewed by an independent party to confirm it meets ISO standards. While
certification is not done by ISO, accredited certification organizations, who use ISO’s
 standards on certification, are available to audit internal programs and business practices.
After review, these third-party agencies will certify whether a company meets the ISO criteria.

ISO 9000: The Starting Point

ISO 9000 is the usual starting point, as it provides a basis for most of the other ISO standards
that might apply to a business. A company certified in ISO 9000 can be expected to have
quality standards which lead to quality products and services, which can help a company
when bidding for jobs.

Example standards that can be certified include ISO 22000, ISO 27000, ISO 14000
(Environmental Management Systems), ISO 20000 (IT Service Management Systems) and
ISO 22301 (Business Continuity Management). Standards like ISO 31000 or ISO 26000
(Social Responsibility) cannot be certified, as they contain guidelines rather than
requirements.

Choosing to Certify

Companies can choose whether to certify or not. If a company indicates they comply with ISO
standards, it means they have internally used ISO as a guideline for their program
development. Certification means that a qualified independent party has reviewed their
programs and certified compliance. In some fields, certification may not be necessary, but in
many professional industries, ISO certification is the norm for all customers and competitors.

ISO and Management Systems

Within the context of ISO, a management system is the method a business uses to manage
the tasks required for success. This is usually a collection of procedures, policies and
processes a business adopts, which will be related to their objectives. These objectives can
be everything related to success, from operational efficiency and quality control to
environmental performance and asset management. The management system should ensure
that all parts of the business fit together, operate efficiently and focus on quality improvement.

Quality Management Standard

ISO 9000, the quality management standard, is the usual baseline for these systems. This
family of standards defines and sets out the pieces needed for a quality management system
and directions on how to follow. The main critical pieces of this family are:

 ISO 9000 (2015 version): Sets out the fundamental definitions of a quality management
system and defines certain vocabulary with regards to the quality management concept.
 ISO 9001 (2015 version): Lists and explains the requirements needed to meet the standards
for quality management defined in ISO 9000. ISO 9001 is the only standard in this family a
business can obtain certification for.
 ISO 9004 (2009 version): Defines the guidelines for continuous improvement, which is meant
to ensure a business’ success long-term by pushing for continuous objective analysis of
current status with an eye to potential improvements.
 ISO 19011 (2011 version): A companion family of standards containing guidelines for auditing
management systems.
Quality Management Principles

ISO 9000 (and the standards within) sets out seven quality management principles (QMP) for
senior management to focus on when developing a quality management system that will work
within their organization.

1. Customer Focus: Understanding the customer’s needs, meeting their requirements

and looking to exceed their expectations.
2. Leadership: Making sure leaders at all levels are engaged, ensuring designated
leaders are given the tools to be successful and aligning actions to the overall
direction.
3. Engagement of People: Ensuring individuals at all levels are valued, engaged and
empowered to bring up issues, make suggestions and execute change.
4. Process Approach: Managing a business’ internal actions and activities as a series of
processes that work together as an effective system.
5. Improvement: Emphasizing continuous improvement at every level of the business,
and making sure individuals are empowered to make and measure improvements.
6. Evidence-Based Decision Making: Using appropriate methods to analyse and
evaluate data, and using the results to ensure better decision-making.
7. Relationship Management: Maintaining good relationships with business partners,
such as suppliers, to encourage collaboration and create new business opportunities.

Implementing ISO Standards

It’s up to each individual business to determine what QMP means within their own internal
structure. A common mistake when implementing QMP and ISO 9000 is to attempt to change
internal processes to fit an assumed standard template of requirements. Successful
implementation is more likely if a business looks at existing processes and fits QMP into what
already works.

Another common mistake is resources; while the quality management standards are expected
to eventually make a business more effective and efficient, organizations often grossly
underestimate the time and workload initially required to ensure successful implementation
and certification.

Purpose of ISO Standards

ISO standards exist to help businesses adopt practices that help to straighten out and
standardize their internal procedures. At any scale of business, understanding the advantages
of standards and the concept of QMP can lead to a good number of business advantages;
reduction of waste, improved efficiency and lower cost of production are some of the results
that can be achieved by incorporating these standards.