ISO is a name to be reckoned with in industries and businesses across the world. As businesses strive for competitive advantage, they must nevertheless ensure that standards are maintained - or suffer the consequences of having poor standards. These can range from quality or health and safety standards, to those required to ensure that efforts are optimised on everything from environmental management to the security of IT infrastructure and food safety.
If there is anything that requires a performance standard, then there is very likely an ISO standard that can provide the needed benchmark. But why do so many companies insist on implementing ISO management systems? Why are ISO standards held in such high esteem? How is it that ISO standards are adopted by nearly every sector imaginable?
This article will offer insight into these important questions by providing an overview of ISO and the evolution of ISO standards, as well as highlighting the importance of ISO management systems and legal registers for your business.
ISO and ISO Standards: An Overview
The history of ISO
What is today known as the International Organization for Standardization, or ISO, has an interesting history dating back to 1926, when it started out as the International Federation of the National Standardizing Associations (ISA).The focus of ISA was solely on mechanical engineering but it was dissolved during the turmoil of World War II. Twenty-five countries met in London in 1946 to join forces and create a new international standards organization, which was to be called ISO. Coincidentally, it is believed that inspiration for the name ISO was in homage to the Greek word “isos,” which means equal.
Today, ISO’s Central Secretariat is based in Geneva, Switzerland, and has members from 165 countries, as well as more than 3,000 technical bodies that are responsible for developing standards. There were 24,427 International Standards set by ISO as of mid-2022. ISO is undoubtedly in a league of its own as the world’s largest developer of management and performance-rating standards. No other standards-generating body comes close to ISO in terms of size, scope and influence.
ISO 9001, the ‘grandparent’ of them all
For nearly 40 years, the focus of ISO was on developing highly technical and specific standards for selected products and technologies. By way of example, the very first ISO standard, published as ‘ISO/R 1:1951,’ set a standard reference temperature for industrial length measurements. That standard actually still exists, now as ISO 1:2002.
The watershed for the organisation came in the 1980s, when ISO decided to start developing standards focused on processes that required management systems. The first was the ISO 9000 Quality Management System (QMS) family of standards, as published in 1987. It is safe to say that ISO 9001 in particular, which focused on all the aspects required for a QMS, took ISO to the next level in terms of global visibility within the business and industrial worlds. That was followed by ISO 14001 in 1996 with its focus on environmental management. Since then, ISO has ramped up its output of international standards, not to mention expanded its influence in the business world.
The ISO process
ISO formulates and publishes what becomes a ‘standard’ by means of a highly exacting process in which a dedicated select committee needs to consider what should be included in a standard and must vote on every section and clause within the standard. There are no less than six stages to the process, including the proposal, preparatory and committee stages, culminating in a Draft International Standard. A 75% consensus by member states is required for the standard to become a Final Draft International Standard, and thereafter a further 75% ‘approval rating’ for it to become officially sanctioned by ISO and published as such.
It is important to remember that many countries have their own means of classifying standards, but a given ISO standard is uniform and ‘as is’ for all industries in all countries. Most important of all, every single ISO standard is voluntary. That means no ISO standard is mandated by law or by any government entity, although many government agencies, non-governmental organisations (NGOs) and corporations will insist on adherence to ISO standards for those bidding on tenders and service level agreements (SLAs), for example.
The ISO ethos
ISO is today an organisation on a mission to ensure the very best in standards, in a way that makes a positive, holistic contribution to the entities that comply with its standards, as well as to greater society. A comprehensive and interesting snapshot of ISO’s ethos and vision can be seen in its own graphic below:
Importance of ISO standards
The importance of ISO standards is linked to its philosophy. On its website, the organisation states how it was founded on the basis of a fundamental question: “What's the best way of doing this?”. The question remains central to what ISO does and is all about to this day. That question is also inherent to any organisation striving to be the best it can be for a given system. By asking that question, it should be clear as to why ISO continues to grow in importance with businesses worldwide, in that it speaks directly to what makes good organisations tick.
The importance of ISO in our daily lives is immense when one considers its sheer reach in everything we do, from the work practices that keep us safe to the mobile technology we use all the time. ISO's standards extend to road safety and the safety of toys, to how medical instruments are sanitised and packaged and countless other means by which we are better protected every day.
Benefits of ISO to businesses
The benefits to businesses of adhering to the ISO standards of their choice can be immense and various. These include:
- Benchmarking: an ISO standard allows a company not only to benchmark its current system against the standard but to also compare itself to competitors and like businesses within that context. It answers the question: ‘how are we on doing on issue X relative to companies Y and Z?’
- Transparency: every ISO standard is available to all who wish to review it (and, usually, purchase it in its full publication). There is nothing ‘opaque’ or unknown about ISO standards.
- Consistency: ISO’s ‘one-for-all, all-for-one,’ ‘one-size-fits-all’ basis on which standards are written and published means that there are no discrepancies between different sectors or organisations in the implementation of standards. Likewise, adhering to an ISO standards means that your business is more likely to be consistent in the way it conducts a given management system.
- Opportunities: being ISO certified (which is different to merely adhering to an ISO standard) opens doors for businesses, particularly those that are in very competitive industries or those involved in international trade or cross-border business. For a business, ISO certification translates into ‘we have standards in place and we have arrived’.
- Safety: Although many ISO standards are not specifically safety-focused, many of them are so in one way or the other. The focus on safety can be internal to an organisation, e.g. the safety of workers or even the safety and security of IT systems and infrastructure. Safety can also be external in terms of product safety for customers or measures that secure the safety of all people.
Constancy is also a leading benefit provided by ISO itself, as an organisation comprised of nearly every national standards body in the world and with credibility which has never waned. In a contemporary business world that seems to be in a constant state of flux, it is comforting for managers to know that ISO remains unchanged and continues to fulfil its mandate as it has for many decades now. There were even assurances of this when some British businesses questioned whether the United Kingdom’s departure from the European Union (EU) with Brexit would mean that British companies could no longer be ISO-certified. That was never in question, as ISO remains a constant, regardless of political, social or other upheavals.
A further very important benefit derived from ISO standards is that of harmonisation. As more companies within an industry sector adhere to general or industry-specific ISO standards, so industry rules will tend to become more harmonised. An example is ISO 20022, which is focused on managing data messaging between financial institutions. The standard was developed as an improvement on the outdated SWIFT system of financial messaging, and it is predicted that it will be the universal standard for high or large-value payments systems in all reserve currencies for up to 80% of transactions by 2025.
There are many additional reasons as to why adhering to ISO standards can be beneficial to companies. Standardisation in itself is a leading benefit, with ISO certification being the zenith of standardisation. Sometimes the reasons for this can be market-related or industry-specific. For example, it has been stated that in the custom metal fabrication industry, “The purpose of standardization is to streamline production in the varying industries, to ensure the consistency and safety of products, and the promotion of global collaboration and compatibility.”
By way of another example, the full scope of benefits of a specific ISO standard, in this instance ISO/IEC 27001 for IT security, can be seen in the graphic below:
Courtesy: Ntrust Advisory
Consider this: A hint as to why so many businesses adopt ISO standards may be found in the words of Taiichi Ohno, the Japanese engineer who is considered the ‘father’ the Toyota Production System and which heavily influenced Lean Manufacturing principles: “Without standards, there can be no improvement”.
What is a legal register?
A legal register is essentially a formal document/file or series of documents/files that comprise all of the laws applicable to an organisation within a specific context. That context can be that it includes all applicable laws focused instead solely on a specific aspect or function of a business. So, for example, an environmental legal register will focus only on relevant environmental laws. Registers can be either in electronic or hard copy (paper) formats or a combination of both. There is no set ‘format’ for a legal register, with registers being decidedly diverse in scope and format between different companies and even within organisations.
Benefits of a legal register
There are many benefits to having legal registers in place, including:
- Centrality: A legal register should contain all applicable legal requirements, making it a central repository for all laws that may be applicable to the organisation within a specified context.
- Ease: A good legal register is one that is easily accessed, referenced and updated. It should also be easily available to anyone within the organisation that may need to acquire legal information or understand the ambit law in a specific context or situation.
- Auditability: A legal register should be proof of an effort by the organisation at complying to relevant laws, which should arise in the event of any audit, whether systems-related or specifically for legal compliance. It doesn’t equate to actual compliance, of course, but it should equate to an effort made to at least identify applicable laws.
ISO and legal registers
Most ISO standards do not require a legal register per se, although they nearly all require some minimum form of applicable legal compliance. However, two of the most popular standards in the world do imply the need for registers, namely ISO 14001 for environmental management and ISO 45001 for health and safety management.
Clause 6.1.3 (‘Compliance obligations’) of ISO 14001:2015 stipulates: “An organisation shall determine and have access to the compliance obligations related to its environmental aspects; determine how these compliance obligations apply to the organization; take these compliance obligations into account when establishing, implementing, maintaining and continually improving its environmental management system...An organisation shall maintain documented information of its compliance obligations’.
The same clause (i.e. 6.1.3, the ‘Determination of legal requirements and other requirements) of ISO 45001:2018 is more emphatic in this regard when it states: “The organisation shall establish, implement and maintain a process to determine and have access to up-to-date legal requirements and other requirements that are applicable to its hazards, OH&S risks and OH&S management system...The organisation shall maintain and retain documented information on its legal requirements and other requirements and shall ensure it is updated to reflect any changes.”
So, whilst the term ‘legal register’ is not actually used in either standard, it is clear that the need for such a register is implied, otherwise how are legal requirements to be identified and updated as needed?
To conclude, ISO is undoubtedly the global gold standard in management system and other, non-process standards. Legal registers, though not expressly stipulated in ISO standards, offer benefits to organisations wishing to ensure their legal compliance, both for ISO purposes and beyond.
Consider these words by American musician Billy Corgan: “Don't judge yourself by someone else's standards. You will always lose.” They should be invaluable words for any business enterprise. Perhaps ISO is the only true exception to that statement. After all, the standards that many businesses wish to be judged by are indeed those set by the International Organization for Standardization. They have stood the test of time for many years now and should continue to do so for many more.
How about the African perspective?
Well, don't get stumped on how ISO compliance and legal registers are being rolled out across the continent — just have a look at our latest report:
- Discover the four trends in ISO compliance from an African perspective;
- Get an overview of ISO Standards, and their need for legal registers;
- See how other African companies are implementing them;
- Learn from case studies on Nigeria, Ghana, Kenya & South Africa.