Standards set out best practice often specifying the requirements and criteria for the management of the specific aspects of business. 

If there is an area of concern for your organisation then there is likely to be a standard which can help you to improve and avoid issues.

Most standards require an element of continuous improvement and therefore internal reviews and audits are often needed to ensure improvements can be identified and implemented.

Many standards are optional however some may be required by government regulations. 

Standards are most frequently adopted by organisations to demonstrate that best practice is being followed in one or more aspect of their operation to their customers and potential customers. To this end organisations often choose to prove their compliance by means of an independent audit by a certification body.  Most standards do not mandate certification but it can be a useful marketing tool and a good check of internal controls.

Many of the most prevalent business standards are developed and maintained by ISO – the International Organisation for Standardisation is an independent membership body based in Geneva. It currently has 166 member countries.  ISO develops standards, it does not certify organisations or companies to those standards.

Below is a brief description of some of the most commonly implemented standards:

ISO 9001
Part of the ISO 9000 family of standards ISO 9001, sets out the requirements of a Quality Management System.

The current version is ISO 9001:2015. Organisations have three years to transition to this version from the previous 2008 version.  The standard is applicable to organisations of any size and any sector or industry. 

ISO 14001
Part of the ISO 14000 family of standards ISO 14001 provides the criteria for an effective environmental management system. 

The current version is ISO 14001:2015. 

The ISO 14001 standard does not mandate performance requirements.

ISO/IEC 27001
Part of the ISO 27000 family of standards ISO 27001 sets out the requirements for an Information Security Management System.  Information security can be applied to all types of information and data within an organisation and utilises a risk management approach.

The standard is applicable to organisations of any size and any sector or industry. 

The current version is ISO/IEC 27001:2013

ISO 28000
Part of the ISO 28000 family of standards ISO 28000 sets out the requirements for a security management system for the supply chain.  It is applicable across the supply chain not just to transport companies.

The current version is ISO 28001:2007.

We would strongly suggest that organisations considering this standard should first look at Authorised Economic Operator Status which would potentially bring more benefits.  ISO 28001 could be used to contribute to proving compliance to the AEO Security requirements if an organisation wishes to implement/certify to both.  Careful cost/benefit analysis is suggested in this case.

ISO/IEC 20000 - 1
This standard sets out the requirements for a service management system, with particular focus on IT organisations or services.The current version is ISO/IEC 20000-1:2011.


We will be adding more summaries to this page so do keep visiting and let us know if there is a particular standard or regulation which you would like to see included here.

 Content copyright 2023. MORLEY-CONSULTING.CO.UK. All rights reserved.

Standards Overview

​​​Practical, pragmatic advice and training

Morley Consulting

email: enquiries@morley-consulting.co.uk

Tel: +44 (0)7841133027