Who is ISO? (International Organization for Standardization)
Who is ISO?
ISO (International Organization for Standardization) is a network of standards institutes from 159 countries with a central office in Geneva, Switzerland, that coordinates the system.
ISO is a non-governmental organization that forms a bridge between the public and private sectors, and is the largest standards organization in the world.
- Many of its member institutes are part of the governmental structure of their countries, or are mandated by their government.
- Some members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations.
- Therefore, ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society.
How ISO Works
ISO works under 200 technical committees and over 500 subcommittees, in over 30 countries and in more than 90 metropolitan areas. There is a 150 person “secretariat” with the majority of the funding coming from the sales of the actual standards, which is why you cannot give away standards or acquire them for free. Additionally, another aspect of ISO is the nature of the standards as being voluntary and largely unregulated. However, there are cases, as noted above, where individual countries have written many of the standards into local law.
When you want to be certified to a standard, it is important for you to understand what and who ISO is. One of the most important things to know is that ISO does not actually certify a group directly. ISO produces the standard, and there are accredited organizations that perform the task of auditing and then certifying an organization.
The certification process involves a registrar “auditing” a group to ensure that their operations are in compliance with processes outlined in the current ISO/IEC 27001 standard. If nonconformities are found, the organization must create a program for correcting these problems before certification can be issued. This certification is usually valid for three years, and after this period of time the organization must recertify that their organization still meets the ISO/IEC 27001 requirements.
Is ISO for You?
Understanding if ISO is right for you depends upon your situation and motivation. Being certified has proven to increase business and has many other benefits for your company. We have assembled a number of tools and a body of information to allow you to incorporate as much of the standard as possible independently to lower the lost and increase the total value of your ISO/IEC 27001:2022 ISMS.