Are we about to murder ISO 26000? Paul Davies - Senior Sustainability Manager at Northwest Rapid Transit (NRT)

Over the past 25 years, we have witnessed a revolution of thinking around societal obligations, accountability, shared responsibility, trust and what we as a society want and

rightfully expect around the behaviour of business. The appearance of ISO 26000 has aligned with this shift in expectations; it seeks to provide conceptual guidance for the development of approaches and new models of organisational governance, sustainability, transparency and inclusiveness that support sustainable development and address the interests of stakeholders.

ISO 26000 is about to undergo its first revision since it was first published four years ago, and more than a decade after its conception. What could be the impact of this revision on a unique and pioneering standard in social responsibility and sustainability?

Guidance rather than requirements

The idea of ‘conceptual guidance’ is what sets ISO 26000 apart from other, more familiar

ISO standards. ISO 26000 is not a technical or a management standard, or even a framework for delivering social responsibility, nor is it focussed on corporations per se. It is not meant

to be prescriptive or to specify; rather it is meant to encourage and guide the thinking, conceptualising, facilitating and enabling of organisations in understanding their role in relation to social responsibility[1] and how that in turn affects sustainable development.

In its current form ISO 26000 doesn’t set specific requirements, but rather relies on

recommendations, guidance and context. It currently does not lend itself to certification by second or third-parties (although some opportunistic organisations have already incorrectly

and quite wrongly issued ISO 26000 ‘certificates’). Its global uptake since 2010 has been difficult to measure, partly because ISO 26000 isn’t a certification standard and therefore does not leave a distinct footprint from organisations that have embraced or adopted all or part of it.

The ISO 26000 revision process

The first edition effectively took eight years to complete – a long gestation period that reflects not only ISO’s efforts at having a truly inclusive multi-stakeholder development

process, but also the sheer challenge of developing a presentable guide that tries to capture, condense and streamline in a digestible form the concepts and implementation of social responsibility. By some accounts the ISO 26000 development process was quite lively, with

clashes in views occurring on a regular and vociferous basis amongst the members of the 450-strong working group (somehow ‘450’ and ‘working group’ struggle to stay in the same sentence).

ISO standards are typically reviewed on a three-to-five-year cycle; the next review of ISO 26000 was scheduled for 2013, and the process has been initiated in several countries, including Australia, with initial inputs facilitated by national standards bodies such as

Standards Australia. The review itself, whilst timely, needs to ensure that some of the key innovations in the development and application of ISO 26000 are preserved, in particular:

1. ISO 26000 needs to be able to continue to evolve and take account of ‘new and

emergent’ thinking and frameworks, rather than to seek to ‘lock in current thinking’ and concepts;

2. ISO 26000 should not be ‘straight-jacketed’ into a prescriptive ‘management system’ style standard that sets hard criteria for what constitutes social responsibility or how that is to be implemented within an organisation; and

3. ISO 26000 should remain in the form of a ‘non-certifiable standard’ so as to avoid the likely consequences of certification de-railing the intent and value of it, and in doing

so also potentially retarding the momentum around social responsibility and sustainable development.

Let’s now consider each of these in turn.

The need for ISO 26000 to continually evolve and take account of new and emergent thinking

In the dozen years since ISO 26000 was first conceived there has been significant thinking, discussion and evolution around concepts of social responsibility, sustainability, shared value, social return on investment, frameworks of accountability, corporate governance,

ethics and non-financial assurance, to name a few. There is no reason to think this will slow down any time soon. We are still in the midst of defining issues that underpin social

responsibility and sustainable development, both in the developed and the developing world. We have had a least one major ethical crisis masquerading as a financial crisis. And we continue to be confounded by the inability of governments and corporates to stem the tide of major, and quite public, governance failures.

To me the true strength of a “guidance” style standard is the elasticity it offers to capture, consider, reflect and promulgate new and emergent thinking, rather than institutionalise

current thinking in a prescriptive or dogmatic framework. I have previously worked with an ISO ‘guidance’ document in the field of best practice in testing and calibration (ISO Guide 25) for more than a decade before it became an ISO standard (ISO/IEC 17025). The

guidance document was highly effective for users in the marketplace to implement best practice and at the same time it retained the flexibility to evolve and mature as the industry

thinking evolved and matured. The result I think was a much better, more considered and more robust ‘standard’ in the long run, a key point that should be considered in the current revision of ISO 26000.

A prescriptive ‘management system’ style standard won’t work for ISO 26000

Before taking this point further, I want to be clear that I am not anti-management system

standards. I have worked at a senior level in standards and certification for a national industry body for the best part of 20 years and have seen the birth and widespread adoption of

two of the best known series of management standards in use today – ISO 9000 and ISO 14001. Whilst their benefits to many organisations are evident, I have also seen how they can be inappropriately applied and misused in the marketplace. I am also cognisant of research

findings that question the causal relationship between management system implementation and improvements in organisational performance.

But quite apart from this, is ISO 26000 an appropriate candidate to become a management

standard? From a practical sense right now, my answer is no. The absence of any requirements in ISO 26000 means it is impossible for an organisation to be certified against it, as conformity cannot be established. More importantly, from a ‘value-adding’ perspective,

it is an even bigger NO from me. It is simply too soon in the life of this standard and the thinking that is still evolving around social responsibility and sustainable development, to

start locking in requirements to ‘manage’ social responsibility in order to realise sustainable development. As Adrian Henriques points out in his review of ISO 26000 and sustainable development, “It is not clear whether, if ISO 26000 had been a management system standard,

this would have led to greater social responsibility and better sustainable development outcomes.”[2] To try and recast the intent of ISO 26000 as a management ‘tick-the-box

exercise’ is to strangle it, both from the point of view of enabling further substantive development of its fundamentals, and in enabling organisations to interpret and apply its content to their own unique context.

A sure way to kill off the intent and potential of ISO 26000 is to certify against it.

Over the last 25 years, we seem to have fallen victim to a mindset that says unless we can capture current thinking, emerging concepts and best practice as explicit management

requirements, and then independently establish compliance to those requirements, the approach lacks legitimacy amongst users and value in the marketplace. We seem to feel

uncomfortable with the notion that standards can be stimulants for innovation rather than being used solely as a means of cementing currently accepted approaches and practices in place. I fully recognise that there is market demand for a certifiable equivalent of ISO 26000, but demanding something does not legitimise it.

Back in the 90s, the market demand for ISO 9000 was as much driven by corporate marketing departments and board rooms wanting the ‘ISO 9000 badge’ as it was by managers

wanting to improve their quality management systems. Suddenly a process for enhancing the management of an asset such as quality was being misused as a product certification label, or to claim that the company itself was a ‘quality organisation’. Stakeholders, such as

purchasers and investors, were in many cases being misled or misguided about how to interpret ISO 9000 certification. Many ‘certifiers’ quickly jumped on the bandwagon to get a

slice of a very large and lucrative quality ‘certification’ pie, which not only added little to the value of ISO 9000, but probably degraded its true worth in the eyes of many users.

Should we now risk a repeat performance of that same scenario twenty years later with ISO 26000? What would the market make of ‘ISO 26000 certification’? Would a company that

became certified to the standard believe that they have fulfilled all the requirements of a socially responsible and sustainable organisation? Would customers, employees, investors,

suppliers and regulators similarly believe that ISO 26000 certification equates to a high performing, best practice, trustworthy, caring entity that does no harm. What would marketing and corporate communications departments do to ‘package’ and ‘dumb down’ ISO 26000 certification as they so ably did with ISO 9000 certification two decades ago?

Most of all, what would wider society make of something that says to business “you’ve ticked all the boxes in social responsibility, you’re certified - so feel good, stop trying and

focus your energies now on something more important …”. To some degree the erosion of ISO 26000 by ‘certification’ has already started, even though ISO and others have made it clear where they stand on certifying against this standard. Certifiers and consultants can be

an inventive lot, and they will no doubt lobby for certification largely as an income source. Even if ISO 26000 remains in the guidance realm, expect to see certificates on some company walls claiming they’re now certified ‘social champions’ or ‘sustainability leaders’.

The revision of ISO 26000 is much more important than just what might happen to the standard itself. Get it right and the benefits of an innovative, evolving and supportive standard will continue. Get it wrong and we may well not only murder something yet to

deliver to its full potential, but do significantly wider harm to the credibility and legitimacy of what it means for an organisation to be socially responsible.

[1] ISO 26000 goes beyond just addressing social issues to also dealing with environmental, governance and economic responsibilities – that is, sustainable behaviour more broadly.

[2] ISO 26000 and sustainable development; Standards for change? Adrian Henriques – 2012