What is the ISO?
ISO (International Organization for Standardization) is a worldwide
federation of national standards bodies.
ISO is a nongovernmental organization that comprises standards bodies
from more than 160 countries, with one standards body representing each
ISO members are national standards organizations that collaborate in the
development and promotion of international standards for
technology, scientific testing processes, working conditions, societal issues
and more. ISO and its members then sell documents detailing these
The ISO's General Assembly is its decision-making body. It consists of
representatives from the members and elected leaders called principal
officers. The organization has its headquarters in Geneva, Switzerland,
where a central secretariat oversees operations.
How are ISO standards developed?
The International Organization for Standardization has a six-stage
process for developing standards. The stages include the following:
● Proposal stage. The first step in developing a new standard starts
when industry associations or consumer groups make a request. The
relevant ISO committee determines whether a new standard is indeed
● Preparatory stage. A working group is set up to prepare a working draft
of the new standard. The working group is composed of subject matter
experts and industry stakeholders; when the draft is deemed
satisfactory, the working group's parent committee decides which stage
● Committee stage. This is an optional stage during which members of
the parent committee review and comment on the draft standard. When
the committee reaches consensus on the technical content of the draft,
it can move to the next stage.
● Enquiry stage. The draft standard at this stage is called a Draft
International Standard (DIS). It is distributed to ISO members for
comments and, ultimately, a vote. If the DIS is approved at this stage
without any technical changes, ISO publishes it as a standard. If not, it
moves to the approval stage.
● Approval stage. The draft standard is submitted as a Final Draft
International Standard (FDIS) to ISO members. They vote to approve
the new standard.
● Publication stage. If ISO members approve the new standard, the
FDIS is published as an official international standard.
ISO participating members vote on standards approvals. A standard must
receive affirmative votes from at least two-thirds of participating members
and negative votes from no more than one fourth of participating members.
What is ISO certification?
As it relates to ISO standards, certification is a certifying body's assurance
that a service, product or system meets the requirements of the standard.
While ISO develops the standards, third-party certification bodies certify
conformity with those standards.
According to the ISO, the phrase "ISO certification" should never be used
to indicate that a product or system has been certified by a certification
body as conforming to an ISO standard. Instead, ISO suggests referring to
certified products or systems using the full identification of the ISO
For example, instead of "ISO certified", ISO recommends using the phrase
"ISO 9001:2015 certified." This fully identifies the standard being certified,
including the version -- in this case, the version of ISO 9001 released in
While ISO does not do certifications, its Committee on Conformity
Assessment works on standards related to the certification process.
How do businesses become ISO certified?
The process of getting certified for an ISO standard can be expensive,
time-consuming and potentially disruptive to the business. Before taking
any steps to get certified, determining the need for certification can be the
most important step.
The first step in becoming certified is determining whether certification is
worth the costs. Some reasons that organizations pursue certifications
include the following:
● Regulatory requirements. Some businesses and products require
certification that they meet common standards.
● Commercial standards. When certification is not a regulatory
requirement, products and services that are certified to meet minimum
standards are a necessity for some industries.
● Customer requirements. Even where there is an industry standard or
regulatory requirement for certification, some customers such as
government agencies, may prefer or require certification.
● Improved consistency. Certification can help large organizations
deliver consisted across business units as well as across international
● Customer satisfaction. Enterprise customers that use a product or
service in different contexts and countries appreciate consistent
performance. Compliance with standards can also help the certified
organization resolve customer issues.
The certification process for ISO standards varies, depending on the
standard and the certifying body. For popular standards, organizations may
need to first review and select a suitable certification body.
Recommendations for the steps to follow to get certified in the ISO's quality
management standard, ISO 9001:2015, include the following:
● understand the ISO standard;
● identify trouble areas, where operations do not meet ISO requirements;
● formally document processes, procedures and plans to improve trouble
● implement ISO standards;
● conduct an internal audit to check conformance with the standard before
the official audit; and
● undergo formal compliance audit or certification process.
International Electrotechnical Commission (IEC) standards and ISO
The IEC is another international standards body that establishes standards
for electronic technologies. The IEC works with other standards bodies inch
Standards that the ISO and IEC jointly develop are identified by the prefix
"ISO/IEC." An example of this approach is ISO/IEC 27001:2013. It specifies
requirements for setting up and running an information security
Some popular standards that the ISO and IEC jointly defined include these:
● ISO/IEC 7498 is the set of standards that define the Open Systems
Interconnection universal reference model for communication protocols.
OSI was first published in 1983, and the ISO adopted it as a standard in
1984; the current version was updated in 1994.
● ISO/IEC 27000 is a family of standards for information technology
● ISO/IEC 31000 defines for standardizing definitions of risk-associated
terms and offers guidelines for any person, business or agency. This
family of standards defines an approach to, including risk identification,
risk evaluation and
History of ISO
ISO is the successor to the International Federation of the National
Standardizing Associations (ISA), which operated from 1928 to 1942.
In 1946, after World War II, ISA members and the United Nations
Standards Coordinating Committee held a meeting on international
standards. Their work led to the formation of ISO as a nongovernmental
organization the following year.
ISO published its first standard, ISO/R 1:1951 (Standard Reference
Temperature for Industrial Length Measurements), in 1951. The standard is
now known as ISO 1:2016. As of 2021, ISO had published more than
According to ISO, ISO is not an abbreviation. It is a word, derived from the
Greek isos, meaning "equal," which is the root for the prefix iso- that occurs
in a host of terms, such as isometric (of equal measure or dimensions)
and isonomy (equality of laws, or of people before the law). The name ISO
is used around the world to denote the organization, thus avoiding the
assortment of abbreviations that would result from the translation of
"International Organization for Standardization" into the different national
languages of members. Whatever the country, the short form of the
organization's name is always ISO.
What are popular ISO standards?
Some of the most popular ISO standards include the following:
● ISO/IEC 27000. These security standards define a six-step process for
developing and implementing information security policies and
● ISO/IEC 17799. This security management standard specifies more
than 100 best practices for business continuity, access control, asset
management and more.
● ISO/IEC 20000. This ISO standard creates a technical specification and
codifies best practices for
● ISO/IEC 12207. This ISO standard creates a consistent process for all
● ISO 9000. This family of standards defines how organizations can
establish and maintain effective quality assurance systems for
manufacturing and service industries.