Standards are written to establish, maintain and improve the way in which something is made or done for the benefit of consumers and other interested parties. They are developed by experts in the field covered by the standard and subject to wide consultation and scrutiny before publication. Standards are consensus-based and voluntary. They support innovation and provide solutions, with many of them developed to address global challenges (e.g. sustainable development goals). All standards are reviewed periodically to determine their continuing relevance. Developing a standard typically takes around three years.
Guidance
A guidance standard typically refers to a document that offers advice, recommendations, or suggestions on a particular topic related to the implementation or understanding of other standards. Guidance standards do not establish requirements like normative standards do but instead provide additional information to assist users in interpreting and applying the requirements of normative standards effectively. It is not possible to claim compliance with a guidance standard.
Guidance standards may take various forms, such as technical reports, handbooks, guidelines, or best practice documents. They aim to complement the normative standards by offering practical insights, examples, explanations, or methodologies that can facilitate the application of the requirements in specific contexts.
For example, ISO 9004 is a guidance standard related to quality management, offering guidance on how organizations can enhance the performance and sustainability of their quality management systems beyond the requirements specified in ISO 9001. Similarly, ISO/IEC 27002 provides guidance on information security management, offering best practices and control objectives to support the implementation of the requirements specified in ISO/IEC 27001.
Overall, guidance standards in the context of ISO international standards play a crucial role in supporting organizations and individuals in effectively implementing and benefiting from the requirements outlined in normative standards. They provide valuable insights and recommendations to enhance understanding and application in real-world scenarios.
Codes of practice
A code of practice typically refers to a set of guidelines or recommendations for implementing the requirements outlined in a standard that users should adhere to in the performance of activities and might include guidance on ethical and other behaviors. In effect, it provides practical guidance on how to achieve compliance with the standard’s provisions. A code of practice might include additional details, examples, best practices, and methodologies that organizations can follow to effectively apply the requirements of the standard in their specific context.
Codes of practice are often developed alongside ISO standards to offer supplementary information and aid organizations in understanding and implementing the requirements more effectively. While ISO standards set out the criteria for various processes, systems, or products, codes of practice provide practical insights and guidance on how to meet those criteria in the real-world. They can help organizations tailor their approaches to suit their unique circumstances while still adhering to the overarching principles of the standard.
Specifications
A specification refers to a detailed description of the requirements, characteristics, or criteria that a product, process, service, or system shall meet to demonstrate compliance with the standard. Specifications are typically precise and measurable, providing clear guidelines for manufacturers, service providers, or organizations to follow when developing or implementing their products or processes.
Specifications within ISO standards might cover various aspects, including dimensions, materials, performance criteria, testing methods, documentation requirements, and other relevant parameters. They serve as a benchmark against which conformance can be assessed and verified. For example, in the ISO standard for quality management systems, ISO 9001, specifications outline the specific documentation required, such as quality manuals, procedures, records, and work instructions.
Overall, specifications in ISO international standards provide clarity and consistency, enabling organizations worldwide to produce goods and services that meet established quality, safety, and performance expectations. Think of them as requirements’ standards.
Management Standards
ISO management standards (MS) support the implementation of specific aspects of an organization’s management system and support governance and leadership functions on all levels. They are intended to be widely applicable across economic sectors (or perhaps are specific to some), various types and sizes of organizations and diverse geographical, cultural and social conditions. MSs can be considered as overarching documents for the governance of an organization.
Management System Standards
A management system describes the way in which an organization manages the interrelated parts of its business processes and activities to achieve its objectives. A management system standard specifies requirements that the organization must follow to improve its organizational and operational efficiency and to claim conformity with that standard. ISO has published numerous Management System Standards (MSS) – many are applicable across sectors while others are specific to a sector. It can be a practical way of supporting decisions resulting from the implementation of a MS.
Types of MSS
There are two types of MSS. It is not always easy to know which is which. The main difference between a Type A and a Type B MSS is that the former Type A contains requirements against which an organization can claim conformity, whereas a Type B does not. The latter contain guidance with recommendations or information in support of a Type A MSS. Some MSSs can contain a mix of requirements and guidance. You might see the title of the standard appended with the words Requirements with guidance for use (e.g. ISO 41001). Normally, a Type B MSS (ISO 55000) provides guidance on the application of a Type A MSS (e.g. ISO 55001), although, some Type B MSSs are independent.
In terms of the language of MSSs, requirements specify what shall be done. On the other hand, guidance with recommendations says what should be done.
Certification
There is often confusion over what certification means. To be clear, certification can take place only against a standard that contains requirements. Think about it logically. If something shall be done, either it has or it has not been done. In the case of something that should be done, there can be valid reasons for deviating from the guidance and recommendation. Guidance and recommendations cannot, therefore, be mandatory.
ISO does not undertake certification or issue certificates. Since companies or other organizations cannot be certified by ISO, they cannot use the ISO logo or in any way imply endorsement by ISO. Certification is performed by certification bodies, which are most commonly organizations that have be accredited by a nationally approved body.
Claiming conformity
To claim conformity with a standard, an organization needs evidence that it is meeting its requirements. Evidence gathering is generally achieved by undertaking an audit. There are three types of audit: first-party, second-party, and third-party. First-party audits are internal audits by the organization and can result in self-determination and self-declaration. Sometimes, you might see the term, self-certification, as an alternative way of indicating that the organization is working in conformity with the standard. Note, however, that ISO does not use this term.
Second- and third-party audits are external audits. A second-party audit could be undertaken by, for example, a client or customer. They might then be expected to confirm that the organization is working in conformity with the standard. A third-party audit is usually undertaken by an independent authority, being an organization that is recognized as having the competence to conduct independent audits. They are typically accredited by a national accreditation body. Successful third-party audits can result in certification or confirmation of a current certification.
A further distinction can be drawn between MSSs that are generic (e.g. ISO 9001) and one that is specific to a sector (e.g. ISO 41001).
The above text has been extracted from the ISO website, expanded and edited for ease of reading.
Find out more
If you are interested in finding out more about standards development then watch this video.