Frequently asked questions

Here are eight frequently asked questions that relate to ISO 26000. Feel free to suggest additional questions.

Question 1. Is ISO 26000 a standard, a guidance standard, a certifiable standard, a requirement standard?

ISO 26000 is an International Standard offering guidance, similar to many other ISO-standards offering guidance through recommendations (shoulds). There are many types of ISO-deliverables, e.g standard and technical report, but there is no deliverable called “an ISO guidance document”. An ISO-Standard does not have to contain requirements (shalls) in order to be an International Standard. ISO 26000 is not a requirement standard and is not certifiable.

Question 2. Is ISO 26000 an ISO management system standard (mss)?

No. In order to develop a MSS it must be a part of the New Work Item Proposal (NWIP). It was not. The NWIP stated that ISO 26000 was not to be in conflict with existing ISO-standards. The standard was to “operationalize SR” and “emphasize performance results and improvement”. The drafters decided that one efficient way to fulfill these expectations was to use relevant parts of a management system standard approach when drafting clause 7 of ISO 26000. The aim was to facilitate for users of MSS such as ISO 14001 or ISO 9001.

Question 3. How can I get an international ISO 26000 certification?

You can not. ISO 26000 was not developed as a requirement standard using “shalls”. It was developed as standard offering guidance through recommendations “shoulds”. There is no international accreditation scheme connected to ISO 26000 which is why it is technically not possible to be internationally certified. There are national and regional certification schemes that verify compliance against local standards inspired by ISO 26000. If you choose to certify your organisation against any such local standard you can not claim to be certified to ISO 26000, only to the local standard.

Question 4. Can my organisation voluntarily chose to exchange all “shoulds” to “shalls” in the ISO 26000 standard and then ask a credible body to audit or verify our compliance to this “our own requirements based on ISO 26000”? The auditor makes a statement regarding what we did and what was found. Would that be OK?

This is an audit report, or self-declaration, and not certification. If your organisation is transparent and stick to the agreed intended use in ISO 26000 and the PPO Communication protocol, you should be fine.

Question 5. Why should I not speak of “implementing ISO 26000”?

The word implementation is not fully correct to use in relation to guidance. You implement your decided actions and behaviors, not the 480+ recommendations in ISO 26000 that has guided your decision. The important thing is how you manage your impacts, your contribution to sustainable development, not which tools you have used.

Question 6. Is there a lot of misuse of ISO 26000?

No. So far the we know of approximately 40 cases of misuses since its publication. A majority of these are consultants and certification agencies trying to portray ISO 26000 related services under a flag of certification.

Question 7. Can I use ISO 26000 in business to business contracts and in legislation?

ISO 26000 “is not intended or appropriate for certification purposes or regulatory or contractual use.”. The standard is not suitable for regulatory or contractual use. It is possible, in both contracts and legislation, to decide to use any part of the 450+ recommendations in ISO 26000 and reword into agreed requirements. In such case the parties to the contract or the law maker can not say that the text or requirement is from ISO 26000, as it is not.

Question 8. ISO has developed more than 20 000 standards since 1947 and almost all of these are technical. I have heard that ISO is now developing “societal standards” and if so, is that an appropriate task for ISO?

ISO develops standards that its members call for and deem globally relevant. The standards help producers and consumers on issues related to goods and services. In addition, some of the standards do however relate to organisational development, e.g. ISO 26000, ISO 9001, ISO 45001. ISO does not produce “societal standards” or even “technical standards”, ISO produces standards. Over the past years ISO has started to explain the value of standards in light of one of the three dimensions of sustainable development: environmental, social, economic. Most ISO standards deliver on more than one of these dimensions, if not all three.