What is ISO and how does it issue standards
By Jean-Pierre Méan
Published on Tuesday November 21, 2017
ISO, the International Organization for Standardization, was created in 1947 following an international conference attended by representatives of 25 countries in the fall of 1946 in London. It is an association according to Swiss law and is registered like any ordinary association in Geneva.
The ISO members are National Standards Bodies dealing with standardization in their respective countries. ISO also has correspondent or subscriber members from countries without a member body. There are currently 118 member bodies, 40 corresponding members and 3 subscriber members.
A full list of all 161 members can be found here.
ISO has established itself as the leading standardization organization worldwide. It has issued over 21000 standards. These include e.g. ISO 9001 – Quality management, ISO 19600 – Compliance management, ISO 2600 Guidance on social responsibility, ISO 31000 Risk management and, since October 2016, ISO 37001 – Anti-bribery management.
ISO standards are elaborated by committees formed from delegates of the National Standards Bodies, who bring a mix of expertise on the standard subject matter and on the standardization process. Other parties interested in the standard (e.g. members of related committees or representatives of civil society) may attend committee meetings as liaison representatives without voting rights. The elaboration process aims at creating a wide consensus supporting the standard. There is extensive consultation with the national standards bodies and with all stakeholders through National Mirror Committees. As a result, ISO standards enjoy a high degree of credibility and have the vocation to be global.
PC 278, the ISO 37001 committee, comprised 140 members from 38 participating countries and 23 observing countries. There were in addition 31 liaison representatives. The committee held 5 physical meetings in Madrid, Miami, Paris, Kuala Lumpur and Mexico. Following a preliminary meeting in London in June 2013, the process started in the fall of 2013 and ended three years later with the publication of the standard in October 2016.
One of the most debated points in the initial meetings was whether the standards should be a guidance standard, such as ISO 19600 on compliance management, or a requirements standard, such as 9001. The difference is of great relevance since only requirements standards can be audited and certified. A few members, worried about the burden which they felt a requirements standard may impose on small and medium-sized companies, insisted that ISO 37001 should be only a guidance standard. The committee voted several times on the issue. Each time there was an overwhelming majority for ISO 37001 being a requirements standard. This means that organizations which decide to go for certification (and only those) need to fulfill the standards requirements.
ISO itself does not conduct conformity assessments. These are conducted by organizations accredited by national accreditation authorities. A list of conformity assessment accreditation bodies can be found on the site of the International Accreditation Forum here.
Do you want to contribute to the blog?
Please have a look at our Blog Guidelines
