Introduction to ISO standard

ISO is an international federation of national standards bodies (International Organization for Standardization). One standards body from each of the more than 160 member nations that make up the ISO, a voluntary organization, is represented in the organization. The US is represented, for instance, by the American National Standards Institute.
National standards organizations that work together to produce and promote international standards for various topics, including technology, scientific testing procedures, working conditions, and societal challenges, are members of ISO. Documents describing these standards are then sold by ISO and its members.

The General Assembly of the ISO is the body that makes decisions. It is made up of elected officials known as major officers and representatives from the membership. The organization’s central secretariat manages operations from its headquarters in Geneva, Switzerland.

How do ISO standards become created?

The six-stage procedure for creating standards is outlined by the International Organisation for Standardisation. The following are some of the stages:

1. Stage of the proposal: A request from consumer organizations or business associations initiates the process of drafting a new standard. The relevant ISO committee decides the necessity of a new standard.
2. Stage of preparation: To write a working draft of the new standard, a working group is formed. Subject matter experts and industry stakeholders make up the working group. The parent committee of the working group determines the next step if the draft is judged satisfactory.
3. Stage of Committee: Members of the parent committee can evaluate and provide feedback on the draft standard at this optional stage. The committee can proceed to the next phase once an agreement has been reached on the technical aspects of the proposal.
4. Enquiry stage: At this point, the standard is referred to as a Draft International Standard (DIS). Members of ISO get it for feedback and, in the end, a vote. ISO publishes the DIS as a standard if it is approved at this point without requiring any technical modifications. If not, the approval stage is reached.
5. Stage of approval: The Final Draft International Standard (FDIS) for the draft standard is distributed to ISO members. They cast their votes in favor of the new norm.
6. Stage of publication: The FDIS is released as an official international standard if ISO members accept the new standard.
   Members of ISO that participate cast votes to approve standards. A minimum of two-thirds of participating members must vote in favor of a standard, and no more than one-fourth of participating members may vote against it.

What is ISO certification?

Concerning ISO standards, certification is an official body’s guarantee that a product, system, or service satisfies standard requirements. Third-party certification bodies attest to conformance with the standards, which are developed by ISO.

“ISO certification” should never be used to suggest that a system or product has been approved by a certification authority as adhering to an ISO standard, according to the ISO. Alternatively, ISO recommends utilizing the complete ISO standard identity when referring to approved systems or goods.

For instance, ISO suggests stating “ISO 9001:2015 certified” rather than “ISO certified.” This provides a complete identification of the standard that is being certified, together with its version—in this example, the 2015 release of ISO 9001.

The Committee on Conformity Assessment of ISO develops standards for the certification procedure, even though ISO does not perform certifications.

How can companies obtain ISO certification?

Obtaining an ISO certification can be a costly, time-consuming, and perhaps disruptive procedure for the company. Determining if a certification is necessary can be the most crucial step before taking any further action to obtain one.

Determining if certification is cost-effective is the first step in obtaining certification. The following are some of the reasons why organizations seek certifications:

• Regulation requirements: Certain companies and goods need to be certified as meeting a set of common criteria.
• Commercial standards: Certain businesses require products and services that are certified to fulfill basic standards, even in cases where certification is not mandated by regulations.
• Customer requirements: Certain clients, such as government organizations, may prefer or require certification, even in cases where it is required by law or industry standards.
• Increased consistency: Large organizations can provide consistent quality assurance across international borders and business units with the support of certification.
• Customer satisfaction: Consistent performance is valued by enterprise customers who utilize a product or service in many settings and nations. The accredited organization can also assist in resolving client complaints by adhering to standards.

Depending on the standard and the certifying authority, several procedures apply to ISO certifications. Organizations may need to study and choose an appropriate certification body beforehand for popular standards. The following are suggested actions to do to obtain certification by ISO 9001:2015, the ISO’s quality management standard:

• recognize problem areas when activities don’t adhere to ISO requirements;
• comprehend the ISO standard;
• Implement ISO standards;
• explicitly record processes, procedures, and plans to address difficulty areas;
• Before the official audit, perform an internal audit to ensure that the standard is being followed;
• Additionally, go through a formal compliance audit or certification process.

ISO and the International Electrotechnical Commission (IEC):

Another worldwide standards organization that creates standards for electronic technologies is the IEC. The International Telecommunication Union, the IEEE, the ISO, and other standards organizations collaborate with the IEC.

Standards co-developed by the ISO and IEC are denoted with the prefix “ISO/IEC.” A case in point of this methodology is ISO/IEC 27001:2013. The prerequisites for establishing and maintaining an information security management system are outlined in it.

The following are a few well-known standards that the ISO and IEC jointly defined:

• The Open Systems Interconnection (OSI) universal reference model for communication protocols is defined by the ISO/IEC 7498 series of standards. The present version of OSI was modified in 1994 after it was first published in 1983 and accepted as a standard by the ISO in 1984.
• A series of standards for information technology security methods is ISO/IEC 27000.
• A framework for risk management is defined by ISO/IEC 31000, which provides guidance for individuals, businesses, and agencies and standardizes the definitions of terminology related to risk. An approach to risk management, encompassing risk identification, analysis, evaluation, and assessment, is outlined in this set of standards.