Blog

What is the ISO?

The International Organization for Standardization (ISO) is an international federation that is responsible for the creation, and promotion of the ISO standards.

ISO members, which are standard bodies of 167 countries, collaborate with each other to develop and promote international standards for technology, working conditions, etc. As is understandable, each member also represents a country. For example, the organization that represents Greece is the Hellenic Organization for Standardization (ELOT).

Then, ISO and the standard bodies sell the necessary documents detailing the standards.

According to ISO’s official website, there are three different member categories:

1. Full members or member bodies, that help with the development of ISO standards, and participate and vote in ISO technical and policy meetings. They also sell and adopt ISO International Standards nationally.

2. Correspondent members, that observe the ISO standards development by attending the ISO technical and policy meetings as observers. They also sell and adopt ISO International Standards nationally or within their territory.

3. Subscriber members, that keep ut with the ISO’s work but cannot particiapte in the technical and policy meetings. They do not sell or adopt ISO International Standards.

Learn more about the ISO membership and the benefits that come with it by downloading the ISO Membership Manual.

You can also read more about how ISO supports the developing countries in international standardization work by visiting this link.

What is ISO certification?

ISO certification is the assurance of a certifying body that the services, products, or systems of a company meet the requirements of each standard.

Although the ISO and its members are responsible for the development of the standards, they can not certify conformity with the requirements, so third-party certification bodies are needed.

How do companies become ISO certified?

In order for a company to get certified with and ISO, they must first determine the need for certification, since this process can be expensive and time-consuming for the company.

There are a few key steps that a company must take before obtaining certification, the first of which is assessing whether the certification is worth the cost. This means that they will have to consider the reasons for which the company needs to be in conformity with ISO requirements. Some of those reasons are:

• Regulatory requirements, some companies and products/services require certification that they meet common standards.

• Commercial standards, some industries consider products and services that meet the minimum standards a necessity.

• Customer requirements, it’s a common thing for some customers to require a certification of conformity.

• Improved consistency, a certification helps organizations in delivering consistent quality assurance.

• Customer satisfaction, by being compliant with the standards, a company can easily resolve any customer issues.

The second step to getting the ISO certification is to find a suitable certification body for your company’s needs. This is a very important step, not only because there is a large number of certification bodies, but also because you are going to build a relationship with them. So why not pay a little more attention to this particular step, so you can find the right one for your needs?

After you have found the most suitable certification body and contacted them, it is time to start working on the steps that will lead you to getting certified. Those steps include:

• Understand the ISO standard you need and its requirements.

• Identify the areas that do not meet those requirements.

• Document your processes, procedures and plans.

• Implement ISO standard.

• Check your conformance with the standard by conducting an internal audit.

• You can now start the certification process with the body you’ve chosen.

What are the different ISO Standards?

There are currently over 24000 ISO standards, covering various industries and there are many ways you can actually categorize them.

Different ISO standards cover different industries. For example,

The ISO Standards for the Manufacturing industry are:

• ISO 9001 – Quality,
• ISO 14001 – Environmental,
• ISO 45001 – Occupational Health & Safety.

The ISO Standards for SMEs are:

• ISO 9001 – Quality,
• ISO 14001 – Environmental,
• ISO 5001 – Energy.

The ISO Standards for the Engineering industry are:

• ISO 9001 – Quality,
• ISO 14001 – Environmental,
• ISO 45001 – Occupational Health & Safety: Physical Risk,
• ISO 45003 – Occupational Health & Safety: Psychosocial Risks.

The ISO Standards for IT companies are:

• ISO 9001 – Quality,
• ISO 27001 – Information Security,
• ISO 14001 – Environmental,
• ISO 22301 – Business Continuity,
• ISO 45001 – Occupational Health & Safety: Physical Risk,
• ISO 20000-1 – IT Service.

As you can see from the examples above, the ISO 9000 family is the best-known standard for quality management, for companies and organizations of any size or industry. Standards under this family help businesses to improve the quality of their products and/or services, and meet their customers’ expectations.

Another popular ISO family within the industries is the ISO 45000, which is known to affect the Occupational Health and Safety industry. Companies that are in conformity with ISO 45001 requirements, are proved to improve employee safety, reduce workplace risks, and create better and safer working environments.

A third really known family is the ISO/IEC 27000 family, which helps keep information assets secure. Companies or organizations that have ISO/IEC 27001 in place, are known to manage assets such as customer data, employee details, intellectual property, etc, with safety.

How to read an ISO Standard title?

When reading an ISO standard title there are three components, e.g. ISO/IEC 27001:2013. But what do they represent?

• ISO: it refers to the International Organization for Standardization (ISO) and the International Electrotechnical Commision (IEC), that develop the standard.

• 27001: this number classifies the standard. In this example, all standards within the ISO 27000 family refer to information security management.

• 2013: the final component of the standard’s title refers to the version of it that’s being met, and it’s represented by the year the standard was launched. 2013 is the second edition of the ISO/IEC 27001, and it was published in October 2013.

How do I find out about new ISO Standards?

The best and most reliable way to be informed about the new standards or their new editions is through the official website of ISO.