ISO (International Organization for Standardization)

ISO stands for International Organization for Standardization, the association in charge of the development of international standards. On the one hand, certification of an ISO standard guarantees that requirements for quality and safety are met, and on the other hand, that companies, authorities, and institutions use uniform standards worldwide.

The International Organization for Standardization (ISO) is an independent, non-governmental organization established in 1947 under Swiss law. ISO consists of several standardization organizations that are responsible for the development and publication of internationally recognized ISO standards. These include industry standards, guidelines, rules, and requirements to maintain quality, safety, and uniformity.

The standards cover all areas except electronics, electrics, and telecommunications. The International Electrotechnical Commission (IEC) and the International Telecommunication Union (ITU) are responsible for these respectively. The trio of ISO, IEC, and ITU forms the World Standards Cooperation (WSC), which is generally responsible for international standardization.

ISO standards are developed by the ISO to establish globally applicable safety, quality, and uniformity standards. These are intended to optimize international production, manufacturing, communication, and cooperation between countries, companies, and institutions in fields such as business, the sciences, and technical development. An ISO standard defines specific quality and form requirements and guarantees that compliance is made visible by ISO certification. The standards are published monthly in the ISO Bulletin and in the Standard Handbooks. ISO standards can be recognized by the abbreviation of the respective organization for standardization and a number from 1 to 99999.

The ISO is active in almost every part of our daily lives and business fields, and comprises over 20,000 standards and technical specifications. The best-known and most important standards can be found in areas such as quality management systems, the environment, occupational health and safety, medicine, production, or food safety. Well-known standards can also be found in health protection, data and information security, and compliance.

Some of the most common ISO standards include:

• ISO 27001: Information security
• ISO 8601: Date and time specifications
• ISO 50001: Energy management
• ISO 14001: Environmental management
• ISO 45001: Work safety management
• ISO 31000: Risk management
• ISO 9001: Quality management
• ISO 26000: Business ethics (not a certifiable standard, but a guide on sustainability, social responsibility, transparency, human rights, ethics)

ISO standards are developed by national and international standards working groups. Standards are developed, reviewed, approved, and published as international standards at regular intervals by ISO members. The process from development to publication has six stages:

1. Proposal/preliminary step (NP - New Work Item Proposal): New standardization plans are collected, evaluated, and ranked by standardization committees.
2. Draft (WP – Working Draft): Expert working groups develop basic drafts.

Committee Draft (CD): National representatives prepare initial draft standard.

1. Survey (DIS - Draft International Standard): A draft on the survey is published for voting or comments. If less than 75 percent of members approve, a second survey draft is done. If the DIS is approved by a clear majority, the FDIS phase can be skipped.
2. Approval (FDIS – Final Draft International Standard): The final draft is published for comment, survey, and vote. If the majority includes at least two-thirds of members, the FDIS goes into the publication phase.
3. Publication (ISO standard): The new ISO standard is published, for example, in the ISO Bulletin and the Standard Handbook.

Another phase is the revision. Since an ISO standard is only useful if it’s up to date with current technical and social standards, the ISO is reviewed with relevance, accuracy, and timeliness in mind after five years at the latest. If there’s potential for improvement, the standard is revised. If there’s no reason to revise, the ISO standard is withdrawn and replaced by a new, updated standard.

Individual certification isn’t done by the ISO, but by external bodies and service providers. The ISO advises against using terms like “ISO certification” or “ISO-certified.” Instead, the ISO standard should include the version number to indicate that products, services, or systems meet ISO requirements.

Certification by external, independent testing bodies isn’t free. The costs depend on the size of the company, the industry, and the initial certification or recertification. Although getting a certification is expensive and time consuming, it offers numerous advantages:

• Evidence of internationally accepted standards and norms act as a stamp of reputability and professionalism.
• Products and services that meet ISO standards inspire customer confidence.
• Quality standards ensure internal and international consistency, efficiency, and security of management systems in various business areas and institutions.
• Compliance with international standards enables consistency and seamless cooperation across borders.

Depending on the standard and the responsible body for certification, the certification process may include these steps and stages:

• Gather information on the ISO standard in question
• Identify structures and process flows within your business that don’t meet ISO requirements
• Document optimization areas and plans
• Implement ISO standards
• Verify compliance with the ISO standard through internal audits
• Apply for official compliance audit or certification from responsible body

The validity of an acquired ISO certificate is usually three years. In the case of ISO 9901, surveillance audits must also be carried out in the two following years after certification. If ISO validity expires, the ISO certification can or should be refreshed by a re-certification. In the case of ISO 9001, it can take between three and six months to get this, depending on the complexity of company structures and systems.