7 Common Misconceptions about ISO Standard Implementation

7 Common Misconceptions about ISO Standard Implementation


  1. All ISO standards can be certified at the organizational level.

Some standards can be certified at the organizational level (e.g., ISO 27001, ISO 37301, ISO 37001, ISO 14001, ISO 50001), while others only provide a confirmation of compliance, not a certificate (e.g., ISO 26000, ISO 31000, ISO 37000, ISO 37002, ISO 27701). It’s important to understand the difference between certification and compliance confirmation.


2. Every standard must always be implemented into a system.

Standards do not always need to be implemented as separate systems. When an organization already has an established certification system, a new standard is often integrated into the existing system, avoiding duplication and simplifying maintenance. Implementing a standard as a standalone system can create unnecessary complexities and integration challenges.


3. Any certification body can certify an organization.

Certification for a specific standard can only be conducted by a certification body that is accredited for that particular standard. Choosing a non-accredited certification body can result in invalid certification, which can have serious consequences for the organization.


4. A standard can only be integrated/implemented by an external consultant.

There are several models for implementing standards. Organizations can engage external consultants for a full "turnkey" approach, help with integration into an existing system, or handle implementation themselves with occasional consultant support. Regardless of the chosen model, it is crucial that consultants have relevant experience and expertise for the specific standard being implemented. It is especially important to differentiate between consultants specialized in implementation versus those specialized in auditing.


5. Can a Lead Auditor implement a standard? Yes, but...

While a Lead Auditor may have knowledge useful for implementation, specialized training for Lead Implementers provides a deeper understanding of the implementation process. The best scenario is when a consultant has experience in both areas—implementation and auditing—to view the entire process and system effectiveness. This is particularly crucial for standards like ISO 37001, where a deep understanding of global anti-corruption legislation is essential.


6. ISO certification is just a piece of paper.

Certification should not merely be a formality. When an ISO standard is correctly implemented and integrated at a strategic level, it can provide real value to the organization and improve its processes. The key is to use the standard as a tool for decision-making and process enhancement, rather than just a formal document.


7. The responsibility for implementing ISO standards must be within the quality department.

While it is often assumed that the responsibility for implementing standards lies within the quality department, this is not always the case. For example, with standards like ISO 27001 (information security) and ISO 37301 (compliance management), responsibilities may be distributed among different functions within the organization, such as IT security or compliance management. The right approach involves clearly defining responsibilities and fostering collaboration among departments to ensure effective standard management.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了