What is ISO
ISO refers to International Organization for Standardization. It is headquartered in Geneva, Switzerland and is a non-governmental organization. A total of 163 countries are affiliated with the organization. In order to smoothen international transactions with respect to any product or service, concerned authorities from different countries come together to define a set of standards so that same quality and level of a deliverable can be maintained anywhere in the world.
The ISO membership is one organization per country. Majority of the ISO members are a part of the country’s government organization or have been entrusted the responsibility by the government organization of a country.
There are three types of membership types with different privileges as follows;
• Regular Member – Has all the privileges starting from participating in development of standards, taking part in policy making, selling publications and ISO standards with copyrights or with ISO title and logo and finally to be part of the ISO management group. Most of the countries in the world are regular members.
• Correspondence Member – Has all the privileges except, being part of the ISO management group, which is not allowed. A few countries are with this kind of membership.
• Paid Member – Has the privilege for only taking part in the development of standards. As few as three to four countries in the world are with this kind of membership.
The standard organizations is Japan are JISC(Japan Industrial Standards Committee), JAB(Japan Accreditation Board) etc., based on the type of businesses and represent Japan at the ISO. The websites of JIS and JAB provide a detailed information on the various standards released by the respective organizations.
Development of Standards
There are 5 stages in the development of standards;
• Working Draft(WD) development – Vague idea suggested by different groups about a standard to be developed.
• Committee Draft(CD) development – The working draft will be analyzed further by a committee to check for the acceptability world over.
• Draft International Standard(DIS) development and circulation– Once the draft reaches this stage we have a draft standard which can be circulated with other member countries for voting during which suggestions and other feedbacks can be expected and appropriate updations are done. This process usually takes a long time period of one to two years depending upon the completeness of the draft. The ‘OK’ vote should be received from all the participating countries to arrive at the final draft.
• Final Draft International Standard(FDIS) circulation– The DIS will be circulated with all the participating countries for a final confirmation and review before the release.
• Release of International Standard – With the approval of the FDIS by the participating countries, the International Standard with be released.
The ISO can be classified into the following two categories mainly;
1) Standards applicable to objects (pictorial symbols, dimensions)
A few examples are as follows;
ISO 7010/JIS 8210 Emergency exit symbol(Japan design used world over)
ISO/IEC 7810 Card sizes
ISO 68 Nut size etc.,
2) Standards applicable to management systems
A few examples are as follows;
ISO 9001 Quality Management System
ISO 14001 Environment Management System
ISO 27001 Information Security Management System etc.,
Management System standards and certification
A management system is the way in which an organization manages the inter-related parts of its business in order to achieve its objectives. These objectives can relate to a number of different topics, including product or service quality, operational efficiency, environmental performance, health and safety in the workplace and many more.
The level of complexity of the system will depend on each organization’s specific context. For some organizations, especially smaller ones, it may simply mean having strong leadership from the business owner, providing a clear definition of what is expected from each individual employee and how they contribute to the organization’s overall objectives, without the need for extensive documentation. More complex businesses operating, for example, in highly regulated sectors, may need extensive documentation and regulation in order to fulfil their legal obligations and meet their organizational objectives.
ISO management system standards (MSS) help organizations improve their performance by specifying repeatable steps that organizations consciously implement to achieve their goals and objectives, and to create an organizational culture that reflexively engages in a continuous cycle of self-evaluation, correction and improvement of operations and processes through heightened employee awareness and management leadership and commitment.
There are various management system standards based on industry types and businesses. The type of ISO standard to be implemented entirely depends upon the client requirements or internal risk reduction requirements of a company. Considering Japan in our study, the following three are the major ISO certification standard sought after by most of the companies in Japan.
• ISO 9001
ISO 9001 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity.
This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO 9001 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.
• ISO 14001
ISO 14001 specifies the requirements for an environmental management system that an organization can use to enhance its environmental performance. ISO 14001 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
ISO 14001 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective. ISO 14001 does not state specific environmental performance criteria.
• ISO/IEC 27001
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
The logos of the above three management systems certified by the JQA(Japan) are as follows;
The ISO management system standards (MSS) is revised once every five years. Though the time period specified is 5 years once, the update may happen based on convenience and state of affairs. For example in case of ISO 9001, the last update happened in 2015 and is named as ISO 9001 : 2015 version. The previous version to 2015 was ISO 9001 : 2008.
In case of an organization wishing to certify to a certain management system (For ex: ISO 14001), the readiness of an organization to the system will first be checked by the JQA(Japan Quality Association) organization. JQA is a body to provide testing and certification service for the various ISO standards as part of quality management system activity.Thus we can say that as JQA checks for the conformity to the various standards and provides the ceritifcation, they have to work in close co-ordination with the various Standards organizations like the JAB, JISC etc.,
The IAF or International Accreditation Forum develops a single worldwide program of conformity assessment which reduces risk for business and its customers by assuring them that accredited certificates may be relied upon. Accreditation assures users of the competence and impartiality of the body accredited. IAF members, i.e., the certifying bodies of member countries(JAB/JISC.. incase of Japan) or registration bodies issue certificates attesting that an organization’s management, products or personnel comply with ISO standard.
Merits of ISO certification
Certification can be a useful tool to add credibility, by demonstrating that your product or service meets the expectations of your customers. For some industries, certification is a legal or contractual requirement. The following points describe the actual merits behind ISO certification.,
1) To gain the trust of customers
In order to demonstrate that a product exported to foreign countries or sold in the domestic market meets a certain level of quality, is safe to the environment and maintains the confidentiality of user data, a 3rd party certifying authority like the ISO is used as a tool.
2) Gaps or Problem identification from a 3rd Party perspective
In case of audit done by an internal party, the seriousness compared to a certifying external body will not be there. So, when the audit is done by a 3rd party body like the ISO, issues or gaps unable to be identified or overlooked by the organization can be certainly expected. Also the auditing ISO personnel will be auditing from a customer’s position so issues unidentified from the customer viewpoint may be also found out.
3) Continuous improvement
Organizations which get certified with the ISO Management System Standards, will have a review yearly once by the concerned ISO authorities. At the end of each yearly audit, the auditors suggest the organization improvement plans with respect to the problems identified. As a result of these continued yearly audits, continued improvement of the organization can be brought about.
The PDCA cycle is the most used methodology to implement a continuous improvement system in a company or organization. The PDCA methodology describes the four essential steps that should be carried out systematically to achieve continuous improvement, defined as a continuous way to improve the quality of products and processes (decrease failures, increase effectiveness and efficiency, problem solving, avoid potential risks etc., ).
The PDCA/Deming Cycle is composed for four cyclic steps as above, so that once we have finished with the final stage we have to start again with the first one, and repeat the cycle again. Doing that in a company, the activities are reevaluated periodically to incorporate new enhancements. The application of this methodology is primarily intended to be used for companies and organizations, but you can also use it in any other situation.
One special characteristic of ISO Management Standard System is the Internal Audit. The internal audit is basically used to check(PDCA) whether the management system built by the organization is functioning properly or not. Also in case of suggestion for changes, a trial period to verify the development of the new process is established. If the improvement does not achieve the initial expectations we will have to modify the process again to obtain the desired objectives.
In other words internal audit is used,
1) To check for the management system functionality.
2) To Identify problems or improvement points.
3) By the concerned manager to implement the audit suggestions in management system improvement.
The internal audit is an indispensable activity as part of the continuous improvement of an organization.
The management systems specify the requirements but do not mention “how to” attain those requirements. So, it is upto the organizations to decide how to attain and to what level based on their targets with respect to the continuous improvement plan. This can be a set of lower level targets before targeting the higher level expectancy of the management system.
Management systems of the future
One of the main changes in the new version of ISO 9001:2015 is the adoption of the High-Level Structure (HLS). That sounds innovative, but it is important because this High-Level Structure means that in the future, all management system standards will be aligned. The core text in the High-Level Structure will be used in every management system standard whether it be for quality, work health and safety, the environment, food safety or another discipline. This common factor also applies to the text of requirements description wherever applicable. Also, common terminologies will be used in every management system with the same definition.
This common structure is possible because basic concepts such as management, customer requirements, planning, performance, control, monitoring, measurement, auditing, corrective action, and nonconformity are common to all management system standards. Whilst the standards have always had common elements, they have been described and organized differently, making effective integration difficult.
The High-Level Structure will ensure that future management system standards support each other. They will be easier to read and understand, and it will aid greatly in the integration of multiple standards within the one organization. The resulting improved linkages in processes and activities will deliver better value and efficiency.
• In order to smoothen international transactions with respect to any product or service, a set of ISO standards have been set up to maintain the quality and level of a deliverable.
• The ISO standards can be classified as “Standards applicable to Objects” and “Standards applicable to Management systems”.
• The ISO management system is a useful tool to reduce the management risks of each organization.
• The ISO brings about step by step continuous improvement, thus strengthening the organization.
• The common factors as part of future management systems will bring about better integration of multiple standards within an organization resulting in better value and efficiency.