Understanding ISO Standards

Understanding ISO Standards does not have to be difficult.  The standards are written in a fairly straightforward way, and they typically lay-out the framework for creating a management system to address needed controls and requirements in areas such as:

  • Product or Service Quality (ISO 9001 Quality Management System)
  • Environmental Management (ISO 14001 Environmental Management System)
  • Information Security (ISO 27001 Information Security Management System)

Describe and Improve Processes

The difficulty some people have in understanding ISO Standards may have to do with the fact that the standards only provide a framework for creating a Quality Management System or an Information Security Management System (for example).  It does not lay out specific requirements or detailed descriptions – except for the very basics of the management system that can address Total Quality Management (TQM). Part of building the management system is defining requirements and processes according the needs of a particular organization.

Sometimes the standards are boiled down to the description, “Say what you do, then do what you say.”  While this does capture one aspect of the ISO Standards (clearly define then execute processes), it misses out on some key elements as well.  Particularly, that expression neglects the focus on measurement and continual improvement in the ISO Standards.

ISO Standard Basics

Besides defining process, the other key elements of typical ISO Standards that should be understood include:

Plan-Do-Check-Act Process Approach:  After creating foundational elements like policies, the first step in implementing ISO Standard requirements is not only to define related processes, but implement a continually improving process approach that requires measurement and review.

Management Responsibility:  Top management has to be involved in, and take responsibility for, the organization meeting requirements from external (regulations, customers) and internal (product specs, policies & procedures) sources.

Improvement of the Management System: Not only do organizational processes need to be in control (relative to requirements) and continually improve, the management system itself needs to have measurement and review as part of the defined system.

The Advantage of a Generic Approach

Do not let the generic nature of the standards, which is needed to make them universally applicable to a wide range of organizations regardless of size or business models, cause confusion.  The generic management systems described by ISO Standards is really a benefit.  With a framework described, the system can be designed and implemented in a way that best meets the needs of a particular organization.  It can focus on meeting goals important to that unique organization, not complying with ill-matching requirements.

The best way to understand ISO Standards is to get a copy of a standard and spend some time reading and reviewing it.  ISO Standards are, mostly, concise and written in a fairly plain language that is straightforward and easy to understand.  Don’t be intimidated by what other say or misleading stories about their complexity.

If they were they difficult to understand and implement, then how could thousands and thousands of organizations of all sizes and types gain the various ISO Standard certifications?  Most of these organizations not only successfully implemented various ISO Standards, but they leveraged the management system defined by the standard into organizational improvement and success.

Additional Articles on ISO Standards

IATF 16949:2016 Standard
IATF 16949:2016 certification is the first step in automotive quality. It is easy to blame a recall for faulty assembly, production or parts on an automotive manufacturer, however, in the automotive industry is not that simple.

Risk Management and AS 9100
A quality management system takes risk management out of the Quality Control department and integrates it into all phases of design, production and delivery, and risk management appeared in AS: 9100 relative to the risk of meeting customer requirements.

ISO 13485 Basics:  A Standard for Medical Device Producers
Instead of adding an extra layer of bureaucracy for medical device producers, companies that embrace ISO 13485 can use it as a way to coordinate and manage a diverse set of regulations and requirements.

Testing Laboratory Practices and ISO 17025
A globally recognized quality standard, ISO 17025 certification gives testing and calibration laboratories the same type of accreditation that ISO 9001 gives to manufacturing and service organizations.

Using ISO 14001 for Environmental Management
While being environmentally responsible through implementing an EMS is frequently seen as an expense that provides benefits only outside the business, many organizations that enact environmentally friendly practices are surprised by the benefits to the organization.

ISO 27001 Sets Information Security Processes
The purpose of ISO 27001 is protecting information and it requires prioritized efforts. How effective these efforts are depends on systematic organization. ISO 27001 uses a management philosophy based on Plan-Do-Check-Act.

An Overview of the ISO 9001 Certification Process
The ISO 9001 Certification Process means certifying to ISO 9000 standards means complying with the requirements set forth in ISO 9001:2008, the latest version of the standard.

ISO 22000 Software: Food Safety Management System Software Makes Compliance Easy
For organizations involved in the food industry, a comprehensive food safety management system (FSMS) is one of the key attributes to the longevity and success of the organization. However, managing the FSMS to ISO 22000,  hazard analysis and critical control point (HACCP) requirements or to the Safe Quality Food (SQF) Program is no easy task.