What Are ISO Standards And Why Are They Important?

For an organization to flourish, standard operating procedures (SOPs) cannot exist in a vacuum. Yes, it is critical to develop, implement, and manage SOPs but without the other elements of an effective management system how do you know if your organization's procedures are appropriate, or effective, or even if they align with your policy and objectives?

To ensure your SOPs provide the correct levels of control, result in optimal outputs, and that the inputs, procedures, and outputs are in alignment with your core business they should be part of a wider management system.

In an effective management system you can expect to see:

  • The definition of roles and responsibilities
  • A risk management process
  • Effective planning measures
  • Comprehensive resource management
  • The control of external suppliers
  • Control of outputs - products or services
  • Performance evaluation
  • Plans for improvement

Management systems do not have to be verified by an external body to be effective. However, a growing number of organizations require their suppliers to have an ISO certification before working with them.

What Are ISO Standards?

With its headquarters in Switzerland, the International Standards Organization is an independent, non-governmental organization made up of representatives of the 164 member countries. Since its foundation in 1947 it has published over 20,000 standards covering everything from food safety and manufactured products to environmental management, and health and safety systems.

Some standards are industry specific such as the AS9100D series of standards in use by the aerospace industry, while others, such as ISO9001 are applicable to all organizations.

Interesting Random Fact
The organisation is called ISO but, ISO is not an acronym. Although it is called the International Standards Organization in English, the organization's name in other languages does not abbreviate to ISO. Instead ISO is instead a reference to the Greek isos (ίσος) which means "equal."

How Can An ISO Standard Apply To All Organizations?

There are multiple ISO standards, such as ISO 9001:2015, which applies to quality management, and ISO 14001:2015, which applies to environmental management. These ISO standards lay out a set of criteria against which the framework of a management system is assessed, rather than the specific content of the management system.

For example, section 5 of ISO 9001:2015 covers leadership and requires the organization clearly document organizational roles, responsibilities, and authorities. However, it does not dictate what those roles, or their responsibilities and authorities should be.

The most commonly seen cross organizational management system standard is the ISO 9001:2015 standard for quality management. ISO 9001 is the quality management system standard and 2015 is the year of the current revision so you may see this written as either ISO 9001 or ISO 9001:2015.

All of the cross organizational standards follow the same basic structure, whether they cover health and safety management, environmental management or any other function. So, for the sake of clarity, for the rest of this post I'll refer to management systems to encompass all non industry specific standards, no matter what area of an organization they are meant to cover.

The Content Of An ISO Compliant Management System

ISO management systems are built on a process approach to organizational management. It requires you to:

  1. Identify your key processes.
    1. Define the standard against which you will measure those processes.
    2. Decide how you will measure and evaluate those processes.
    3. Document your approach to definition, measurement and evaluation.
    4. Use the data you obtain to continually improve.
  2. Outline Leadership
    1. Define leadership roles, responsibilities, and authorities.
    2. Document an organizational policy.
  3. Maintain a plan to develop, implement, maintain, and improve the management system. Document the elements of this plan.
  4. Provide adequate resources to implement, maintain, and improve your management system.
  5. Plan, develop, maintain, carry out, evaluate, document, and improve your operations. Depending on your organization this can require you to:
    1. Ensure standards for your goods or services are defined, i.e. know how to decide if your goods or services are good enough for your customers.
    2. Plan, implement, and control your processes so that your end product meets the standards you set out in a.
    3. Have a process by which you will identify and respond to any goods or services which do not meet your standards.
    4. Lay out a system by which you can receive and respond to internal and external feedback.
    5. Know how to control the quality of goods and services from suppliers.
  6. Create, implement, maintain, review, and improve an internal audit system which evaluates the performance of your management system.

At first glance this seems to be a huge burden. However, points 2-4 & 6, can be created fairly quickly and simply using readily available template. It is the process mapping and operational management (discussed next) that takes the time.

Operational Procedures for ISO Management System

Standard operational procedures are arguably the most important element of any management system. Without accurate, up to date, SOPs for staff to follow, a business places itself at significant risk of customer satisfaction or regulatory non-compliance.

This is why Keeni was developed, to allow you to create, use, and manage operational procedures interactively. With Keeni you no longer have to:

  • Print documents to use as checklists onsite and then have to upload the data into another system.
  • Worry about out of date copies of operational procedures being used.
  • Provide multiple hard copies of operational procedures to multiple work sites.

Instead, everyone can have access to the same version of your virtually hosted management system documentation all of which can be interactive. That means your workforce can access relevant procedures, utilize checklists and other fillable documents right there on their devices, and have their inputs immediately available to those with a need to know.

How Are Organizations ISO Certified?

To achieve ISO certification a business must first design and implement an internal management system. This system must comply with the criteria of the standard for which the business wishes to be certified.

Once the management system is established, and at least two full internal audit cycles have taken place, the organization can request an external audit from their national certification body.

Each ISO member country has their own certification body which is responsible for providing certification audit services.

The certification body allocates a specially trained auditor to work with a business. The auditor will:

  1. Assess the organization's readiness for a certification audit.
  2. Carry out a comprehensive certification audit that will thoroughly examine every element of the management system.
  3. Provide a professional opinion as to whether the ISO standard has been met. This will result in a recommendation on whether or not the business should receive certification.
  4. Return on a regular basis to carry out partial systems audits . How often these take place is dependant on the size and complexity of the management system. The certification body determines how often partial audits should take place.
  5. Provide a report at the completion of each audit. The audit report will provide some overall commentary and details of any issues. Each issue is referred to as a non-compliance.
  6. Auditors do not expect everything to be perfect during an audit and a non-compliance doesn't automatically mean the organization does not achieve ISO certification.

There is no easy answer to how many non-compliances will result in a fail. If there are one or two non-compliances in a couple of areas in a large and complex management system, that would not be a problem. On the other hand, if the same number of non-compliances were identified in a much smaller business, or all in the same area of a larger business this could result in a pass or a fail.

However, if there is a significant issue with any area of the management system this will result in a "major non-compliance." Any non-compliance will result in a failure to be certified or, if the business is already certified they will be given a specific timeframe in which to correct or their certification will be revoked.

What Are The Benefits Of ISO Standard Certification?

There are multiple internal and external benefits of implementing a management system and having it certified as complying with an ISO standard. Internal audits will provide:

Business Stability

A simplified explanation of business stability expected for certification can be illustrated by the the "Run Over By A Bus" narrative and it goes like this:

  • An ISO compliant management system will cause your organization to:
    • Identify roles and responsibilities.
    • Map all processes and procedures.
    • Assess the effectiveness of these processes and procedures.
    • Put in place a system to monitor and review these processes and procedures.
    • Ensure processes and procedures are aligned with your core business values and policy.
    • Document all of this information, keep the information up to date, and ensure it is readily available to everyone involved.
  • Once you have taken all of these steps, every critical detail of your business will be mapped and documented. Therefore if you were to be run over by a bus today, your business would still be able to provide the same standard of product or service tomorrow.

Implement an effective management system and your business should carry on without you without missing a beat.

Product And Service Continuity

As part of a management system you will identify a specific standard against which you will measure your goods or services. Then, once you have mapped processes and developed and documented your procedures every person carrying out a specific task should:

  • Have the same or similar qualifications, training, and experience.
  • Utilize the same inputs.
  • Take the same steps in the same order.
  • Produce the same outputs.

In addition, you will put in place a system to monitor and review your output, preventing your customer receiving sub-standard goods or services.

Risk Management

By identifying any current, future, and potential risks to your business you will minimize the possibility of customer dissatisfaction or regulatory non-compliance.

Meanwhile, by obtaining certification you can:

Ensure Impartiality

An internal auditor who has developed and implemented a management system, may not be the best person to highlight any issues. If a mistake has been made with the development or implementation of the system then the person who made that mistake is unlikely to notice it. Either that or they may be unwilling to bring the non-conformance to anyone's attention.

Avoid Familiarity Blindness

An internal auditor may become overly familiar with the systems they are auditing. This can lead to oversights which, in turn, can compromise the effectiveness of the system as a whole.

Prevent Hierarchy Issues

In both the public and the private sectors, implementing a management system can reduce employee related obstacles. An external audit and the requirement for certification minimizes these issues.

Learn From The Experiences Of Others

While certification auditors cannot provide consultative services and, technically speaking, should not provide any advice at all, they are helpful souls who genuinely want people to achieve certification to ISO standards.

Consequently when there is an issue with a client management system it is not unheard of for auditors to share an anonymised account of another client in the same or similar situation. This can help an organization improve not only it's management systems, but in some cases it's processes and procedures.

Bid For Projects And Contracts

More and more businesses are using International Standards as a way of ensuring their suppliers and partners meet a specific minimum standard.

For example, the AS9100 series of standards is specific to the aerospace industry. A significant proportion of organizations, up and down the supply chain, require proof of AS9100 certification before contracting.

Have you had experience with ISO standards? If so, was it a positive or negative experience?