ISO 37001 Certification: Understanding and navigating the process

Maurice Crescenzi (mcrescenzi@aol.com) is Managing Director, Ethics and Compliance Practice Leader at Grant Thornton LLP in New York, NY.

The International Organization for Standardization (ISO) is a non-governmental organization based in Geneva, Switzerland. ISO was formed in 1947 as a result of the merger of two previously separate standards-setting organizations, the International Federation of the National Standardizing Associations and the United Nations Standards Coordinating Committee. ISO’s charge is to “facilitate the international coordination and unification of industrial standards.”[1] ,[2] In pursuing its mission, ISO works closely with more than 700 international, regional, and national organizations across approximately 162 countries to establish business standards. ISO’s list of partners includes the World Trade Organization (WTO), World Standards Cooperation (WSC), and the United Nations (UN).[3]

To date, ISO has published more than 21,000 international standards that apply across a range of industries and organizational functional areas. These standards help organizations improve operational efficiency and effectiveness. They also promote good management practices. Generally, ISO standards are neither industry- nor product-specific.

Perhaps the most well-known ISO standards relate to quality and environmental management systems; however, ISO has also published standards that help organizations improve in other areas, such as social responsibility, sustainability, and enterprise risk management — standards that reflect the cross-industry, global imperative of achieving long-term organizational growth, and at the same time minimizing negative environmental and social impacts.[4]

Not all ISO standards carry the same weight or effect, however. In some instances, ISO standards simply set forth guidance, good practices, and advice. In other instances, ISO standards set forth actual requirements. Organizations may strive to be formally certified with regard to the latter category of requirements-based standards. ISO 37001 is considered a requirements-based standard — with regard to which organizations may strive for certification.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field