Making Sense of ISO Standards For Managersposted by Anna Mar, September 14, 2012
The International Standards Organization (ISO) publishes close to 20,000 standards.
These standards cover a broad range of topics — basically anything that's of interest to governments, organizations and businesses. Many of these standards are fairly obscure. For example, ISO has standards for how to connect undersea cables or how to represent Japanese language with the roman alphabet.
The following families of standards are commonly of interest to managers.
(ISO 9000 Family)
|A family of standards for quality management systems.
Quality management is the discipline of ensuring the consistency of products and processes. For example, ensuring that a process meets requirements or that a product is consistent with a standard.
The requirements for a quality management system. A quality management system includes procedures, processes and resources for quality management. Organizations can be certified against ISO 9001 requirements. More than 1 million organizations are currently ISO 9001 certified. It's the most widely adopted ISO standard.
Supporting standards such as a vocabulary for quality management.
Performance improvements for a quality management system. This includes guidance for sustaining quality improvements.
Guidelines for handling customer service complaints.
Guidelines for project quality management.
A standard for auditing ISO 9001 & ISO 14000 organizations.
(ISO 31000 Family)
|A set of guideline standards for risk management that are not intended for certification.
Risk management is the identification, assessment, prioritization, planning and control of risks.
Principles and guidelines for implementing risk management.
Risk assessment techniques.
ISO Guide 73
A vocabulary for risk management.
(ISO 14000 Family)
|Standards for good environmental business practices and a framework for environmental management systems.
Requirements and guidance for an environmental management system. Organizations can be certified against the ISO 14001 standard.
Guidelines for environmental management systems including principles and support techniques.
Guidelines for ecodesign. How to manage and continually improve ecodesign as part of an environmental management system.
Guidance for conducting an Environmental Assessment of Sites and Organizations (EASO). Provides a systematic process for identifying environmental issues and determining their business consequences.
ISO 14020, 14021, 14022, 14023, 14024, 14025
Principles and standards for accurate, verifiable and relevant environmental labels and claims (e.g. environmentally friendly claims on product labels).
Specifications for measuring and reporting greenhouse gas emissions and removals.
(ISO 26000 Family)
|Guidelines for organizational social responsibility (more commonly known as corporate social responsibility).
ISO 26000 (or ISO SR)
High level guidelines and best practices for social responsibility. Not intended for certification.
(ISO 50001 Family)
|A specification for energy management including a system for energy efficiency, energy security, energy use and consumption. Specifically aimed at improving energy performance.
Specifies requirements for an energy management system. This includes practices such as implementing an energy policy and energy action plan. In order to be certified organizations must improve energy performance and meet requirements.
ISO 50001 is compatible with ISO 9001 and ISO 14000. These three standards are commonly implemented together to improve quality, environmental practices and energy efficiency.
|Other Useful ISO Standards||A few ISO standards that are commonly adopted by organizations.
Language Codes (ISO 639)
A list of standard language codes such as "en" for English.
Country Codes (ISO 3166)
A list of standard country codes such as "jp" for Japan.
Currency Codes (ISO 4217)
A list of currency codes such as "JPY" for Japanese yen.
Technology StandardsA few standards of interest to IT managers.
|Information Security Management Systems
|A growing family of standards for information security.
Requirements for information security management systems. Organizations can be ISO 27001 certified.
Overview and vocabulary for information security management systems.
Best practice recommendations for information security management.
Measuring and reporting guidance for information security management.
Information security risk management guidelines.
Requirements for accredited organizations to perform ISO 27001 certification.
Requirements for audits of information security management systems.
Information security techniques.
ISO 27030 ~ 27037
Guidelines for a variety of information security techniques and best practices.
| IT Service Management
|A standard for managing IT services. This includes the design, transition, delivery and improvement of IT services.
A standard for managing IT services that aligns with the popular ITIL framework for ITSM. Organizations can be ISO 20000 certified and individuals can be ISO 20000 qualified.
Organizations only do two things: change and stay the same. It's the organizations that change who own the future.|
The many faces of change management.|
The primary objective of organizational change management is to execute an effective strategy. That's easier to say than do. The following secondary objectives (goals) are how organizations deliver change.|
The fine art of project management.|