The ISO Standards for Sustainability


The demand for sustainable business practices is high. On top of that, organisations find themselves having to pore over their supply chains to screen for sustainable practices. With this demand comes an equal need to implement systems to support this. These systems can help:

  • Decrease risks;
  • Show commitment;
  • Disclose progress;
  • Continuously improve sustainability management systems. 

Organisations often rely on external audits and certifications to identify and validate their sustainability efforts. Among many standards and certifications, the ISOs often come up as the most widely used and relied on certification. 

ISO certifications become a basis for deciding to engage, continue, or discontinue commercial relationships. As a result, organisations face the obligation to obtain such certification. However, we often see them having a difficult time navigating the complex world of ISO.

This guide aims to simplify the links between ISO and sustainability. We provide further guidance on the relevant standards and certifications in this space. After reading this guide, you will know:

  1. Which ISOs matter for sustainability;
  2. An explanation of each ISO;
  3. The value of the standard or certification;
  4. Which one(s) might be relevant to your organisation;


So… what is ISO? 

The International Organisation for Standardisation (ISO) started in 1947 as an independent, non-governmental membership organisation. ISO has one common goal: standardising best practices for organisational management systems, designed for continuous improvement.  



Figure 1. The four-steps process (2) 


Facts about the ISOs for Sustainability

  • There are 24,432 ISO international standards to this date;
  • ISO is a provider of standards, not a certifier;
  • The number of ISO certifications increased by 17% from 2019 to 2020 (according to the 2020 ISO survey);
  • According to the same survey, here are the most up-to-date number of obtained ISO certifications worldwide:  

Figure 2. Facts & figures (2)

A Management System Approach to ESG

Regardless of their aim and the topics they cover, all ISO certifications have the same foundation. They rely on the management system model: PDCA, or the “Plan-Do-Check-Act” model.

The PDCA model provides a circular process for organisations to achieve continuous improvement. It can be described as follows:

  • Analyse your context;
  • Establish objectives and processes to deliver results;
  • Align with the organisation’s policy.
  • Implement the processes as planned.
  • Monitor and measure progress against objectives;
  • Analyse results;
  • Report.
  • Take actions to ensure continuous improvement. 

This is a cycle that keeps repeating itself.


Plan do check act model 


The benefits of ISO

  • Incentivise leadership commitment and employee involvement;
  • Comply with current and future regulations;
  • Improve your reputation and stakeholder trust;
  • Gain a competitive advantage through increased efficiencies and cost reductions;
  • Achieve strategic objectives by incorporating specific issues into the organisational management system;  
  • There is high compatibility from one ISO standard to another;
  • Benefit from synergies between ISO standards and external sustainability frameworks (e.g., Sustainability Development Goals, UN Global Compact, GHG Protocol, EcoVadis, CDP, etc);
  • Achieve higher sustainability performance, depending on the specific ISO;


ISO for Sustainability 

Now that you understand the foundation or building blocks of each ISO, we can dive into the ones that matter for sustainability.

We will give you an overview of the ISO standards and certifications that could be relevant to your organisation.


ISO 14001: An Environmental Management System   

Setting up an environmental management system is typically relevant to organisations that generate significant impacts on the environment. This usually includes manufacturing operations, as well as carbon and waste-intensive industries. But because the standard is quite broad, nearly any organisation can benefit from achieving the certification.

All in all, the standard helps organisations improve environmental performance through resource efficiency and waste reduction. Additionally, it supports them in staying ahead of both regulatory obligations and stakeholder demands. The ISO 14001 certification is known to be one the most used standards, along with the ISO45001 standard below.   

Access the ISO14001 standards here. 

Since this one is most often used, let's explain the workings of this ISO according to an example. This is a scenario where ISO 14001 is used:

  1. Top management assumes responsibility for the company's environmental performance. This will encourage management to distribute this responsibility to all levels of the organisation. As a result, performance at the operational level will reflect the ambitions expressed by top management. This is formalised by the development of a policy. The policy is signed by top management and communicated to all employees. 

  2. The implementation of such a management system inherently leads to an improved understanding of the environmental impact of business activities. The company must in fact carry out an environmental risk analysis of its operations. The company will then have internal access to documents detailing the environmental aspects and impacts, which are accessible to all. 

  3. One of the most attractive features for external stakeholders is the implementation of a regulatory watch. A company's ability to comply with and anticipate laws in this changing landscape will be an advantage in the eyes of investors, customers and clients. This step ensures that a company puts in place objectives and measures that are appropriate to the regulatory pressures it faces. The legal risk is greatly mitigated. 

  4. Setting quantitative targets is an important step in involving top management. Although these targets are difficult to establish at the start of an environmental strategy, the implementation of the management system will allow them to be refined over the course of the cycle. 

  5. As a result of steps 2 and 3, the company can put in place internal procedures and training that will meet environmental criteria specific to its context. These informed actions will significantly reduce operational risks. The main objective of this type of system is to create an efficient alignment of the 3 indicators: targets, measures and performance.

  6. At the end of the PDCA cycle, you need to measure the company's performance against its targets. In concrete terms, these performance indicators make it possible to determine whether the actions implemented (procedures, training, innovations, investments) made it possible to achieve these targets. The involvement of top management is again essential. The top management team must periodically review the environmental management system (EMS) to ensure its continuing suitability, adequacy, and effectiveness. 

  7. Continuous improvement is one of the main objectives of implementing an ISO14001-certified management system. This is based on 3 aspects - (a) Management review; (b) Internal and external audits; (c) Corrective action plans. 

  8. Once the periodic review has been completed, objectives should be reviewed and processes and documentation should be kept up to date. This is when the real value of the management system takes shape. If the company is underperforming, it can use what is called a root cause analysis. This type of analysis aims to uncover the cause of the lack of performance. On the basis of established responsibilities, training, formalised procedures and records, and analysis, the cause of the problem will be apparent. 


ISO 45001 – A Health & Safety Management System  

ISO 45001 was built on the previous Occupational Health and Safety Assessment Series, the OHSAS 18001. In 2018, ISO45001 replaced the OHSAS standard to provide a more comprehensive standard. This not only focuses on preventing and minimising health & safety risks and hazards but also concentrates on opportunities and improvements.

The ISO 45001 standard is applicable to virtually all organisations which operate with a workforce. However, it is most relevant to those with factories, in which risks of injuries, diseases, and fatalities are highest.   

Access the ISO45001 standards here. 


ISO 26000 – Guidance on Social Responsibility  

The ISO26000 standard provides guidance to any organisation that wishes to strengthen its CSR strategy. It is a very broad standard which enables companies to assess and address the socio-environmental responsibilities that are material to their operations. In other words, the topics within ESG or CSR that matter most to the organisation. While no certification process exists for this standard, it does provide a complete set of guidelines.

They cover the 7 core subjects in CSR:

  1. Organisational governance;
  2. Human rights;
  3. Labour practices;
  4. Environment;
  5. Fair operating practices;
  6. Consumer issues;
  7. Community involvement and development. 

Access the ISO26000 standards here. 


ISO 20400 – A Sustainable Procurement Management System  

ISO describes sustainable procurement as:

The process of making purchasing decisions that meet an organisation’s needs for goods and services in a way that benefits not only the organisation but society as a whole, while minimising its impact on the environment.

In this standard, ISO aims to foster management systems that promote responsible procurement processes. This standard applies to any organisation that has procurement and supply activities. It is even more applicable to those who have significant supply chain impacts and strive to integrate sustainability into their procurement practices.   

We wrote a blog detailing this standard, read more about the ISO20400 blog here 

Access the ISO20400 standards here. 


ISO 50001 – An Energy Management System 

The certification for an energy management system is particularly relevant for energy-intensive industries. These industries include, but are not limited to:

  • Food;
  • Pulp and paper;
  • Basic chemicals;
  • Refining;
  • Iron and steel;
  • Nonferrous metals (primarily aluminium);
  • Non-metallic minerals.

Nonetheless, all organisations regardless of their type, size, or geographical location, use energy for their operations. Effectively implementing an energy management system (EnMS) applies to all organisations. This is true irrespective of the quantity, use, or types of energy consumed.

Organisations can benefit from the ISO50001 approach by managing energy risks and resource efficiency. Aside from sustainability management, this standard specifically generates significant cost savings for organisations.  

Access the ISO50001 standards here. 


ISO 37001 – An Anti-Bribery Management System 

Every year, an estimated US$1 trillion is paid in bribes and US$2.6 trillion is stolen through corruption (WorldBank). 
Naturally, addressing anti-corruption and bribery stands central in regulatory frameworks and external sustainability initiatives.

There is mention of the topic in:

  • The Sustainability Development Goals;
  • The United Nation’s Global Compact;
  • EcoVadis;
  • The US Foreign Corrupt Practices Act;
  • The French Sapin II Law.

Frankly, the list goes on and on. This standard allows companies to:

  1. Manage regulatory requirements;
  2. Comply with external initiatives;
  3. Effectively implement control mechanisms;
  4. Ensure stakeholder assurance.

The standard also supports organisations in protecting themselves and their assets from crimes. Ultimately, it prevents ethics-related escalations (e.g., fines, court cases, etc) and protects corporate reputation. This standard applies to any type of organisation owning financial assets. 

Access the ISO37001 standards here. 


ISO 27001 – An Information Security Management System 

Information security is often disregarded in the sustainability conversation. However, it allows for fundamental rights to be respected. It touches on the right to privacy, confidentiality, and data protection.

For certain organisations operating with a high level of data exchange, these matters become essential to ethical business conduct. This especially applies to the service sector, as well as organisations operating online (e.g., e-commerce, B2B platforms).  

Implementing an effective ISMS can be a challenging task for such organisations. ISO27001 provides a robust framework for:

  • Safeguarding cybersecurity;
  • Protecting organisations from security threats;
  • Increasing the reliability of their systems;
  • Staying ahead of regulatory requirements.  

Access the ISO27001 standards here.   


ISO14064 – Greenhouse Gas and Climate Change Management System 

Carbon footprint assessments are becoming a central element of any sustainability strategy. As a result, accurate and truthful public reporting is essential. GHG reporting is gradually becoming an organisational requirement.

National and governmental commitments to reduce greenhouse gas emissions will continue to put pressure on this. For example, the EU Emissions Trading Scheme (ETS) requires the shipping sector to verify its greenhouse gas emissions report under ISO14064. 

The ISO14061 standard – complementary to the GHG Protocol guidelines, sets the requirements GHG inventories on the:

  • Design;
  • Development;
  • Management;
  • Reporting;
  • Verification.

This framework is applicable to organisations that want to:

  • Implement a GHG inventory system;
  • Maintain a trustworthy process when gathering the data;
  • Monitor the data over time;
  • Consistently report on their inventory.

Any organisation monitoring its greenhouse gas emissions can therefore benefit from the methodology. The same goes for organisations starting the GHG monitoring journey. This standard is used by external auditing firms to provide verification assurance.   

Access the ISO14064 standards here.  

Hopefully, you now have a better understanding of each ISO, whether they are relevant to your organisation and what the benefits are.