Introduction to ISO Jennifer Sawayda Program Specialist Anderson School of Management University of New Mexico Albuquerque, NM

What Is ISO? ISO stands for International Organization for Standardization ISO is an international organization that publishes global standards to ensure that goods and services are safe, reliable, and of good quality. Tackles three aspects of sustainable development: economic, social, sustainable Companies can receive certification for different ISO standards. Source: ISO website, http://www.iso.org/iso/home.html (accessed October 14, 2014).

Why Is ISO Important? Standards vary from country to country, making them hard to compare. Is the quality of Chinese goods of the same quality as Japanese goods? How do you compare the sustainability initiatives of an American company compared to a French company? How do we know? Companies can become certified in certain ISO standards, assuring customers that they adhere to best practices developed by a global organization. Provides an important benchmark for global organizations

Facts about ISO Standards Formed in 1947 Over 19,500 standards published 165 member countries A technical committee works together to develop a standard, then shares the new standard with the ISO community to vote on. If a consensus is reached, the standard is adopted. If not, it’s sent back to the technical committee for additional edits. The committee consists of experts from across the world. Source: ISO website, http://www.iso.org/iso/home.html (accessed October 14, 2014).

Benefits of ISO Standards World Trade Organization requires members to adhere to international standards of the type developed by ISO Standards help companies save on costs Standards reassure customers about the trustworthiness of the company and its products Standards have been shown to contribute to economic growth

Benefits to National Economic Growth Based on a study published in 2012, growth in organizational standards have impacted the following: Canada—17% of labor growth, 9% growth in real GDP France—Standardization contributes 0.81% of economic growth (25% of GDP) New Zealand—Standards are estimated to lead to a 1% increase in economy-wide GDP (2.4 billion NZ dollars) Germany—Economic benefits represent about 1% of GDP United Kingdom—Contributed to 13% of growth in labor productivity (2.5 billion British pounds) Australia—1% increase in standards has led to 0.17% increase in productivity across economy Source: ISO, ISO standards: What’s the bottom line? May 2012, http://www.iso.org/iso/bottom_line.pdf (accessed October 14, 2014). ISBN 978-92-67-10570-3

Benefits to Companies Study of 11 companies (10 countries) show implementing standards can benefit firms between 0.5% and 4% of annual sales revenue Lobatse Clay (brick manufacturer, Botswana)—Standards had positive impact of 4.96% of earnings Nanotron Technologies (information and communications, Germany)—14% cost savings, 19% increase in sales revenue PT Wijaya Karya (pre-cast concrete manufacturer, Indonesia)—0.43% contribution to total revenue Festo Brasil (automation technology provider, Brazil)—Positive impact of $1.83 million on total earnings NTUC Fairprice (supermarket chain, Sinapore)—$10.88 million in total benefits over 10-year period. Source: ISO, ISO standards: What’s the bottom line? May 2012, http://www.iso.org/iso/bottom_line.pdf (accessed October 14, 2014). ISBN 978-92-67-10570-3

Types of ISO Standards ISO 9000: Quality Management ISO 14000: Environmental Management ISO 19600: Compliance Management ISO 22000: Food Management ISO 26000: Social Responsibility ISO 27001: Information Security ISO 50001: Energy Management ISO 31000: Risk Management

Let’s examine some of these more closely to see how they relate to ethics…

ISO 9000—Quality A series of quality assurance standards to ensure consistent product quality under many conditions Why is it important? Designed to ensure safe and quality products and processes among certified companies Important for global companies to compete Provides framework for documenting how business records, trains employees, tests products, and fixes defects To become certified, an independent auditor must verify that company’s factory, laboratory, or office meets ISO quality standards GE Analytical Instruments (United States), Huawei Technologies (China) Source: O.C. Ferrell, Geoffrey Hirt, Linda Ferrell, Business: A Changing World, 9th edition (New York: McGraw-Hill, 2014), p. 261.

ISO 14000—Environmental Comprehensive set of environmental standards that encourage a cleaner, safer, less wasteful world Why is it important? Helpful to the environment Companies from different countries can find acceptable global solutions to environmental problems despite differing regulations Intent is to promote more uniform approach to environmental management and help organizations attain and measure improvements in environmental performance SKF Group (Sweden), NIPPO Batteries (India) Source: O.C. Ferrell, Geoffrey Hirt, Linda Ferrell, Business: A Changing World, 9th edition (New York: McGraw-Hill, 2014), p. 261-262.

ISO 2600—Social Responsibility Corporate social responsibility guidelines used to promote a common understanding in area of social responsibility Designed to be used by all types of organizations Because they are guidelines rather than requirements, it cannot be certified Why is it important? The intent of this standard is to use social responsibility to improve lives of workers, natural environments, and communities Common understanding of social responsibility Promotion of communication, transparency, and trust among stakeholders At least 60 countries have adopted ISO 26000 as their national standard Toshiba attempted to incorporate standard into operations Source: O.C. Ferrell, John Fraedrich, Linda Ferrell, Business Ethics: Ethical Decision Making and Cases, 9th ed. (Mason, OH: South-Western Cengage Learning, 2013), p. 39. Maria Lazarte, “ISO 26000 – International forum revisits the road travelled,” ISO, January 10, 2013, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1691 (accessed October 14, 2014). Toshiba, “Management Based on ISO 26000,” http://www.toshiba.co.jp/csr/en/performance/iso.htm (accessed October 14, 2014).

7 Core Subjects of ISO 26000 7 Key Principles of ISO 26000 Accountability Transparency Ethical Behavior Respect, consideration, and response to organizational stakeholders Respect for rule of law Respect for international norms of behavior Respect for human rights 7 Core Subjects of ISO 26000 Organizational Governance Human Rights Labor Practices The Environment Fair Operating Practices Customers (Consumer) Issues Community Involvement and Development Ministry of Foreign Affairs Netherlands, “International guidelines: ISO 26000 on Social Responsibility,” CBI Market Information Database, http://www.cbi.eu/system/files/marketintel/ISO26000.pdf (accessed October 14, 2014). Maria Lazarte, “ISO 26000 – International forum revisits the road travelled,” ISO, January 10, 2013, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1691 (accessed October 14, 2014). Toshiba, “Management Based on ISO 26000,” http://www.toshiba.co.jp/csr/en/performance/iso.htm (accessed October 14, 2014).

ISO 31000—Risk Management Provides principles and a framework for risk management Defines risk as “The effect of uncertainty on objectives” Because they are guidelines rather than requirements, it cannot be certified Why is it important? Businesses can use this standard to compare their own systems with ISO 31000 as a benchmark; also provides guidelines for internal and external audit programs 5 principles of effective risk management, including continual improvement, full accountability for risks, application of risk management in all decision making, continual communications, and full integration in the organization’s governance structure More than 40 countries have adopted ISO 31000 as national risk management standard “ISO 3100 and Enterprise Risk Management,” Compliance Online, http://www.complianceonline.com/dictionary/ISO_31000_Enterprise_Risk_Management.html?channel=dic_ERM (accessed October 14, 2014). Posted by Greg Hutchins, “ISO 31000 Risk Management Standard Press Release,” CERM®RISK INSIGHTS, April 1, 2013, http://insights.cermacademy.com/2013/04/iso-31000-risk-management-standard-press-release/ (accessed October 14, 2014).

ISO 19600—Compliance Compliance management standard that not only addresses risks and legal requirements but is also intended to meet the needs of stakeholders Deals with both mandatory requirements (e.g. court judgments, laws, permits) and voluntary (principles, environmental commitments, industry standards) Because they are guidelines rather than requirements, it cannot be certified Intended to assist organizations in improving their approaches to compliance management This allows for small and medium sized organizations to adapt the solutions to their systems 12 principles grouped into 4 themes: commitment, monitoring and measurement, implementation, and continual improvement PPT presentation presented at 2014 ECOA conference in Atlanta, presented by Martin Tolar, GRC Institute, entitled “The First ISO Standard in E&C: What You Need to Know,” Presented October 2, 2014. Dick Hortensius, “What Is the General Idea Behind the Proposed ISO 19600?” Ethics Intelligence, April 2014, http://www.ethic-intelligence.com/experts/4636-general-idea-behind-iso-19600/ (accessed October 14, 2014).

ISO 19600 continued 3-step process Compliance objectives should Identify compliance risk by relating obligations to activities to identify areas where noncompliance could happen Sources of noncompliance should be analyzed against the type of consequences and risk of noncompliance Results of analysis should be evaluated against level of compliance risk the organization is willing to accept Compliance objectives should Meet identified requirements Be consistent with compliance policy Be measurable Be communicated Be monitored Undergo updates PPT presentation presented at 2014 ECOA conference in Atlanta, presented by Martin Tolar, GRC Institute, entitled “The First ISO Standard in E&C: What You Need to Know,” Presented October 2, 2014.

ISO 19600 continued Leadership can support compliance management by: Establishing and upholding organizational values Ensure the compliance management system is consistent with the organization’s strategy Ensure that adequate resources are allocated and assigned appropriately Clearly communicate the compliance management system to all stakeholders Establish accountability mechanisms that apply to all staff PPT presentation presented at 2014 ECOA conference in Atlanta, presented by Martin Tolar, GRC Institute, entitled “The First ISO Standard in E&C: What You Need to Know,” Presented October 2, 2014.

A Final Thought… Although adhering to ISO standards may be costly, for many global organizations the benefits far outweigh the costs. Major benefits include: Being able to compete against other global companies with quality products and efficient processes A reputation for adopting best practices Cost savings and sales revenue Better relationships with stakeholders And more! PPT presentation presented at 2014 ECOA conference in Atlanta, presented by Martin Tolar, GRC Institute, entitled “The First ISO Standard in E&C: What You Need to Know,” Presented October 2, 2014.