ISO: Everything You Need to Know (Ultimate Guide + Free Templates) process.st/iso May 13, 2020
Oliver Peterson May 13, 2020 ISO, Management, Processes
ISO means standards. A standard is just a set of requirements, decided by experts, for doing something specific. A lot of standards exist under the banner of ISO, for all sorts of things, from quality management, to environmental and social responsibility guidelines, to how to design medical devices. They’re useful because they help you to write good processes; how to structure, organize, implement, and improve on them. At the heart of ISO is the principle of systematizing your approach to process management in your company – simple as that! You might be scared of ISO, but there’s really no need to be intimidated. What’s more, recent changes have made it easier than ever to get started with ISO standards. In this Process Street article, we’ll look at everything ISO, including (but not limited to): 1/16
Let’s start with the basics. What exactly is ISO?
What is ISO? A simple introduction for normal people ISO stands for International Organization for Standardization, and it’s one of the most renowned and well-established entities for setting and maintaining standards in the world. ISO’s standards have been implemented by companies and organizations of all sizes and industries throughout 164 countries since its founding in London, 1947. So ISO basically creates new standards, and those standards are set by relevant experts in the field. The point of ISO standards is to provide an informed and reliable basis for companies and organizations to base their standard operating procedures, and generally run their operations. A standard can be defined as an established set of requirements that have been agreed upon by many people. This is the same for an ISO standard. In order for an ISO standard to be created, it must be substantiated by a number of experts from many different, autonomous standards organizations. So, this means that when a company follows an ISO standard, they are following a standard that was agreed upon by 100+ standards organizations as the best possible practice guidelines to follow. That’s pretty much what ISO is all about. They have published thousands of standards, across all types of industries. More recently, ISO has created a shared structure that many of their standards utilize, to make cross-functionality and multi-standard integration more easy. This shared structure is known as the MSS structure.
Management System Standards (MSS)
2/16
Certain ISO standards focus on management systems, such as: quality management (ISO 9001), risk management (ISO 31000), and environmental management systems (ISO 14001), to name a few. These are sometimes referred to as “Management System Standards”. They outline specific guidelines for companies to follow in order to effectively build and maintain management systems. Some of the more popular ISO MSS include: ISO 9001:2015 (quality management systems) ISO 14001:2015 (environmental management systems) ISO/IEC 27001:2013 (information security management systems) In addition, there are also ISO MSS that provide guidelines for management standards that operate within specific, somewhat niche, industries or departments, such as: ISO 13485:2016 (Medical devices) ISO/TS 22163:2017 (Railway applications) ISO/TS 29001:2010 (Petroleum industries) There are also some other MSS that act as guides or provide further elaboration on particular areas of an organization’s management system, to help deepen the understanding of more complex systems. Some of these standards include: ISO/TS 22003:2013 (Food safety management systems) ISO/TR 10013:2001 (QMS documentation guidelines) ISO 19011:2018 (Auditing management system guidelines) ISO 26000:2010 (Social responsibility guide) ISO 31000:2018 (Risk management guide) The one thing many of these standards share is their core structure, known as the Annex L structure.
Annex L Annex L (formerly Annex SL) is a high-level, 10-part structure built to optimize the development, upkeep, and continuous improvement of management systems. The purpose of Annex L is to promote uniformity amongst the Management System Standards. As ISO continues to update its standards, it will eventually conform all its standards to follow the Annex L structure as its foundation, so that the standards are more compatible with each other and easier to integrate. The Annex L MSS structure is: 3/16
Scope Normative references Terms and definitions Context of the organization Leadership Planning Support Operation Performance evaluation Improvement
Quick tips: How to use Process Street for ISO Here’s a great introduction video about Process Street to get you started: With Process Street’s easy-to-use features and editor interface, you and your team will have no issues creating and managing recurring processes. All you need to do is create a template, and then run a checklist from the template you created. The template serves as an in-progress document where edits are made, whereas the checklist is the finished, working process. To best utilize Process Street’s capabilities in order to achieve ISO 9001 compliance, you should: 1. Create your Process Street processes Take some time to make a list of the processes you and your team use regularly, and assign each team member to build their own processes within Process Street. This allows for your employees to create and customize their processes according to what best suits their needs. If you’re just starting out with Process Street, start with simple processes to begin familiarizing yourself with the platform and then work your way up to more complicated processes as you grow more comfortable. 2. Keep your folder library organized Your process library provides folders, subfolders, and tags to help you best keep track all of your templates and make sure you can easily access them when needed. And if you have any private information that needs to be kept from being seen, you can make use of our Permissions feature to keep it protected. 3. Build your meta-processes A meta-process is a process that exists to manage other processes. These can range from topics like how to build new processes, processes for streamlining other processes, or risk assessment processes, etc. 4/16
Some meta-process examples are: FMEA Template: Failure Mode and Effects Analysis The Process for Optimizing a Process 4. Document your company policies The best way to record your company policies is by drafting a clear structure including information such as: Context of the Company, Support, Operations, etc. and then asking your team to review it and give feedback once finished. 5. Create your official document Within your Process Street process library, you’ll have a folder in which you’ll be able to monitor your policy templates. It’s good practice to keep all of your processes organized within a single system, especially when you’re just starting out, because as your library grows, it will only become more unmanageable if you’re not taking measures to keep everything in order. If you’d like to keep a physical copy of your processes, all you need to do is export your templates as a PDF. And that’s it! Building ISO compliant processes using Process Street is intuitive and easy to get started!
ISO & SOP (Standard Operating Procedures) Standard operating procedures go hand-in-hand with ISO standards. You can build better SOPs if you have a firm grasp on the relevant ISO standards. What are SOPs? In as simple terms as possible, they’re another way of thinking about processes. They’re also typically more formalized, which is where ISO standards come in. Here’s an example of an ISO 9001 SOP mini-manual structure template: Here’s that same template, filled in to illustrate how it might look in practice. Check out our other SOP pieces for more best practice tips on writing SOPs, as well as a whole lot of templates to help you get started with SOPs ASAP: Simple SOP Format Guide: How to Write Standard Operating Procedures What is an SOP? 16 Essential Steps to Writing Standard Operating Procedures 20 Free SOP Templates to Make Recording Processes Quick and Painless
ISO for BPM (Business Process Management)
5/16
Business process management is the practice of building, maintaining and optimizing processes in your business. ISO standards can sometimes be very useful for companies doing BPM, especially when it comes to compliance. Since recent revisions of a variety of ISO standards, it’s never been easier to make your SOPs highly actionable, and even automated using the power of BPM software. With the right kind of BPM software, you can easily achieve ISO compliance and make sure your SOPs allow you to: Reduce human error Lower costs across the board Save time and money in general Guarantee compliance Achieve consistent success Support good workflows Maintain and manage quality Assign different tasks within a workflow Actually use them Process Street is a type of BPM software. You can use Process Street to implement ISO standards, and build robust, actionable libraries of SOPs. Further reading on BPM: What is BPM? The Ultimate Guide to Getting Started 9 Benefits of Business Process Management (BPM) and Why You’ll Love It What is BPM Software? The Best Business Process Management Software (BPMS) The Ultimate Guide to Business Process Automation The Complete Guide to Business Process Management Ultimate Guide to Small Business Automation with Zapier 6/16
All this talk of BPM brings us nicely to one of the most important concepts for ISO – continuous improvement.
Continuous improvement: a central theme of ISO
Simply put, continuous improvement is an ongoing process of evaluating your company’s processes and products/services and making improvements based on observations. Most continuous improvement efforts fall under one of two types: Gradual (or “incremental”) improvement, which takes place over a period of time; “Breakthrough” improvement, which takes place all at once. A company that utilizes continuous improvement efforts is always evaluating their performance and ability to achieve customer satisfaction, while also continuing to look for ways to correct any issues and streamline processes. Continuous improvement is one of the main elements of the many ISO management systems. Many management system standards often require that the company regularly assesses their processes and determines whether they align with company goals and objectives. Further reading on continuous improvement: Process Improvement: Stop Bad Processes Killing Your Business How to Use The Deming Cycle for Continuous Quality Improvement Business Process Reengineering: What to Do If Your Business Is Failing 9 Lean Manufacturing Principles to Kill the Jargon and Get Quality Results What is Muda? The 7 Wastes Every Lean Business Needs to Combat DMAIC: The Complete Guide to Lean Six Sigma in 5 Key Steps 8 Critical Change Management Models to Evolve and Survive 7/16
ISO templates index What follows is a comprehensive index of all of the ISO templates we’ve built here at Process Street, conveniently grouped together by their respective areas of specialization. Each section I’ve structured as follows: Brief overview of the family of standards in question List of all of our relevant templates Links to further reading on the topic Overview of ISO templates by series: ISO 9000 family: Quality management system templates ISO 14000 family: Environmental management templates ISO 19000 family: Audit management templates ISO 26000 family: Corporate social responsibility templates ISO 27000 family: Information security management templates ISO 31000 family: Risk management templates
ISO 9000 family: Quality management system templates
8/16
What is ISO 9000? ISO 9000 is a set, or family, of quality management standards developed to guide companies when establishing and managing their quality management systems. Standard showcase: ISO 9001:2015 for Quality Management Systems List of ISO 9000 family & related templates: ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist ISO 9004:2018 for Sustainable Success in QMS Self Audit Checklist ISO 9000 Structure Template ISO 9000 Marketing Procedures Further reading: What is a Quality Management System? The Key to ISO 9000 ISO 13485: Basics and How to Get Started (QMS for Medical Devices) What is ISO 9001? The Absolute Beginner’s Guide (Free Templates!) ISO 9001: The Ultimate QMS Guide (Basics, Implementation, ISO Templates) 9/16
What is ISO 9001 Certification? How to Get Certified (For Beginners) What is ISO 9000? The Beginner’s Guide to Quality Management System Standards (Free ISO 9001 QMS Template)
ISO 14000 family: Environmental management templates What is ISO 14000? ISO 14000 is a group of standards dedicated to building and maintaining an environmental management system (EMS). An EMS is a defined set of regulations and processes that have been built to help companies minimize their negative impact on the environment and boost their overall performance and efficiency. Comparable to a QMS, an environmental management system emphasizes the importance of continuous improvement and bases its regulations on methods of BPM that have been proven effective. In order to be effective, an EMS should be composed of concise actionable processes, regulations, and clearly recorded responsibilities and potential consequences for all applicable employees. Standard showcase: ISO 14001:2015 for Environmental Management Systems List of ISO 14000 family & related templates: ISO 14001 EMS Structure Template ISO 14001 EMS Mini-Manual Procedures ISO 14001:2004 to ISO 14001:2015 EMS Transition Checklist ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist ISO 9000 Structure Template ISO 9000 Marketing Procedures FMEA Template: Failure Mode and Effects Analysis SWOT Analysis Template Further reading: ISO 50001: The Ultimate Guide to Energy Management Systems (EnMS) 5 Free ISO 14001 Checklist Templates for Environmental Management What is ISO 14000? EMS Basics & Implementation (Environmental Management) What is Environmental Management? How You Can Implement it Today
ISO 19000 family: Audit management templates
10/16
What is ISO 19000? The ISO 19000 family is the set of auditing-related standards, with guidelines for running ISO MSS audits for all of the different management system types. Standard showcase: ISO 19011:2018 Checklist for Auditing Management Systems List of ISO 19000 family & related templates: ISO 9001 Internal Audit Checklist for Quality Management Systems ISO 45001 Occupational Health and Safety (OHS) Audit Checklist ISO 27001 Information Security Management System (ISO 27K ISMS) Audit Checklist ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist ISO 9000 Structure Template ISO 9000 Marketing Procedures ISO 14001 Environmental Management Self Audit Checklist ISO 14001 EMS Structure Template ISO 14001 EMS Mini-Manual Procedures 11/16
ISO 26000 Social Responsibility Performance Assessment Checklist FMEA Template: Failure Mode and Effects Analysis SWOT Analysis Template Further reading: ISO 19011:2018 Basics (8 Free Management System Audit Checklists) Internal Audit Basics: What, Why, and How to Do Them (5 Audit Checklists) Audit Process: 5 Expert Steps for You to Get Your Audit Right Operational Audit: Best Practices Used by the Experts Compliance Audit: What It Is, How to Prepare, and Why You Should Care Financial Audits: A Quick Guide with Free Templates What is an ISO Audit? Free ISO 9000 Self-Audit Checklist (ISO 9004:2018) Brand Audit: How to Help Win Over 91% of Your Target Audience
ISO 26000 family: Corporate social responsibility templates What is ISO 26000? ISO 26000 is an individual standard that defines foundational principles for corporate social responsibility. The purpose of ISO 26000 is to help companies figure out how to incorporate social responsibility within their practice and provide a framework to best translate the standard’s principles into actionable steps. Standard showcase: ISO 26000:2010 Social Responsibility Performance Assessment Checklist List of ISO 26000 family & related templates: ISO 19011 Management Systems Audit Checklist ISO 9001 Internal Audit Checklist for Quality Management Systems ISO 45001 Occupational Health and Safety (OHS) Audit Checklist ISO 27001 Information Security Management System (ISO 27K ISMS) Audit Checklist ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist ISO 9000 Structure Template ISO 9000 Marketing Procedures ISO 14001 Environmental Management Self Audit Checklist ISO 14001 EMS Structure Template ISO 14001 EMS Mini-Manual Procedures FMEA Template: Failure Mode and Effects Analysis SWOT Analysis Template Further reading: ISO 26000 for Corporate Social Responsibility: How to Get Started Corporate Sustainability: Using System Thinking to Solve a Global Crisis 12/16
ISO 27000 family: Information security management templates What is ISO 27000? The ISO 27000 series of standards defines the best practices to help companies improve their information security. Standard showcase: ISO 27001:2013 Information Security Management System (ISO 27K ISMS) Audit Checklist List of ISO 27000 family & related templates: ISO 19011 Management Systems Audit Checklist ISO 9001 Internal Audit Checklist for Quality Management Systems ISO 45001 Occupational Health and Safety (OHS) Audit Checklist ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist ISO 9000 Structure Template ISO 9000 Marketing Procedures ISO 14001 Environmental Management Self Audit Checklist ISO 14001 EMS Structure Template ISO 14001 EMS Mini-Manual Procedures ISO 26000 Social Responsibility Performance Assessment Checklist FMEA Template: Failure Mode and Effects Analysis SWOT Analysis Template Further reading: How to Incorporate Security Best Practices Into Your Workflow Business Trip Security: What are the Risks for Traveling Employees? How Salesforce Built the Fort Knox of Data Security 8 IT Security Processes to Protect and Manage Company Data
ISO 31000 family: Risk management templates
What is ISO 31000? ISO 31000 is a set of regulations developed to help optimize risk management within organizations. Much like ISO 9001, this standard can be used by companies and organizations of any size and industry. ISO 31000:2018 is an individual standard within the ISO 31000 family of risk management standards. All of the ISO 31000 standards are built to be used, regardless of business type or industry, to guide those looking to utilize the principles of risk management. 13/16
Standard showcase: Risk Management Process List of ISO 31000 family & related templates: FMEA Template: Failure Mode and Effects Analysis SWOT Analysis Template Prioritization Matrix Template ISO 19011 Audit Template ISO 9001 Audit Template ISO 14011 Audit Template Electrical Inspection Template Hotel Sustainability Audit Further reading: What Is ISO 31000? Getting Started with Risk Management Why You Need a Risk Management Process (+ Free Template) The Ultimate Risk Management Guide: Everything You Need to Know Basics of Enterprise Risk Management (ERM): How to Get Started
Agile ISO
In 2015, ISO made changes to its standards to allow for agile ISO. So, this means that you can use a BPM software, such as Process Street, to help create and maintain your management systems. Agile ISO is all about taking old-fashioned, rigid ISO standard operating procedures and updating them using digital tools for efficient and effective process improvements. If you’d like to better understand how the 2015 ISO changes encourage more agility within your QMS, feel free to check out our post on agile ISO. Further reading on agile ISO:
Automating ISO with Process Street Process Street is a BPM software. That means it’s designed to help you automate all of your recurring manual tasks, and ISO is no exception. You can choose from a variety of options to automate your procedures with Process Street, including: 14/16
Zapier Webhooks API Zapier lets you automatically find and run checklists in Process Street and trigger actions in over 1,500 apps, including Salesforce, Slack, Google Sheets, Asana, Airtable and more. We also have large customers making use of our API, and you can use webhooks to build even more specific integrations, essentially extending your automations to cover all of the remaining use cases you can think of!
Relevant case studies Case study: LA Creative
Click here to see the case study. Who are they? LA Creative is a Management Service Provider (MSP) that builds systems to help their clients optimize their use of technology and boost Return on Investment. What do they use Process Street for? Streamline client onboarding, offboarding and project management. How does it help them? Better management of remote teams, minimized error and wasted time, improved team communication and training, and streamlined day-to-day processes.
Case study: Alarca Realty
Click here to see the case study. Who are they? Alarca Realty is a property management firm that provides their clients with comprehensive management of homes, condominiums, duplexes, townhouses, and smaller developments. What do they use Process Street for? End-to-end completion of move-ins and move-outs, creating new properties listings, 15/16
management of maintenance work, contract renewals, dealing with tenant evictions, employee onboarding, streamlining recurring tasks, monitoring employee performance How does it help them? Improved team communication, reduced error and wasted time, more effective monitoring of employee performance, established employee accountability, streamlined task management
Case study: PocketSuite
Click here to see the case study. Who are they? PocketSuite is a smart-based software for entrepreneurs built to optimize booking, payment, client management, and customer service via SMS communication. What do they use Process Street for? Tracking the number of resolved support tickets, content creation management and automation, customer support management and automation, and recurrent task management and automation. How does it help them? Boosted productivity and growth, more efficient customer support service, and redacted costs and wasted time.
Further reading on ISO
16/16