ISO Standards comprise fundamental tools to be used in the organization’s corporate governance.
Firstly, it is important to highlight what corporate governance is. According to some corporate governance institutions, the definition is:
“Corporate governance is the system by which companies and other organizations are directed, monitored and encouraged, involving the relationships between partners, board of directors, executive officers, supervisory and control bodies and other interested parties.”
According to this concept, we can say that all organizations have corporate governance, but at different levels and most companies, at a basic level of governance.
It is mainly in this gap that ISO standards come in as corporate governance tools, with different themes and areas of activity. ISO standards for management systems comply with minimum standards so that any type of company, regardless of size and industry, can implement corporate governance.
To exemplify the use of ISO Standards as corporate governance tools, we highlight 3 standards of management systems:
ISO 9001 – Quality Management Systems
The Standard of Standards, the world’s first and most popular management system standard, is a powerful tool for initiating corporate governance in institutions.
The Standard, with the objective of focusing on the client and meeting the requirements of the parties, and within this structure requires as requirements, the assessment of the scenario, structure of responsibility of the leadership, competencies of roles and responsibilities, planning of resources and changes, standardized operationalization of processes, continuous monitoring and improvement.
ISO 27001 – Information Security Management Systems
ISO 27001 is currently in version 2013, it presents requirements according to information security management, with THAT it is necessary to establish process controls to meet this objective.
The Standard is currently the focus of the global discussion because it is also a tool for complying with data protection laws, such as the European GDPR.
The information security management system implemented and certified, brings an even greater robustness to the governance of organizations, because information security and data protection are and will be the main organizational risks.
ISO 22301 – Business Continuity Management Systems
ISO 22301 aims to promote the organization’s business continuity, and for that single fact it is already a Corporate Governance Standard. The highlight of the regulation is the preparation of the BIA – Business Impact Analysis, an essential tool for all organizations that want to manage their risk of incidents that may impact their business, thus being a tool and governance.
These are just a few examples of how the ISO Standards can be used to establish, maintain and improve the corporate governance of organizations, and these combined can bring up several themes such as Compliance, Innovation, Sustainability, among others.
To further improve this scenario, in the coming years, ISO will launch ISO 37000 – Corporate Governance Guide to become an international standard on, but this is the subject for a next post.