ISO 26001, a management system on social responsibility?

Reading the recent discussions coming from the post publication group of ISO 26000 Guidance on Social Responsibility, known as PPO (not an official ISO group), one could infer that some sectors, especially certification enterprises, National Standards Bodies with certification services, and consultants are preparing themselves for the elaboration of an ISO standard on requirements for a certifiable social responsibility management system.

The question is: What value could a social responsibility management system add, and what would be its advantages and disadvantages?

If we make an objective balance and analyze the well known management systems standards like ISO 9001 or ISO 14001, could we say that the existence of quality management systems indicates that enterprises offer quality products or quality services, or that enterprises having an environmental management system contribute to the environment?

And in the case of social responsibility, could the fact of having a social responsibility management system mean that an enterprise is socially responsible?

An implemented quality management system is not a guarantee that an enterprise offers always a good quality product or service, it only indicates that there is confidence in the fact that these products or services have been designed according to customer requirements and that they can systematically meet these requirements.

In the case of social responsibility the answer is much more complex since we don't talk about a product meeting customer requirements, we are talking about social programs that should originate from a multi-stakeholder dialogues, which, however, often responds to individual or one-sided demands that come up punctually and not systematically, and, on top of that, these programs vary according to the type of an organisation, its location, workforce, environment, size, etc.

Social responsibility is so wide-ranging and includes so many aspects (organizational governance, human rights, the environment, labour practices, consumer issues, fair operating practices, and community development) so that an enterprise could satisfy some or various of these core subjects, or it could satisfy some of the stakeholders’ necessities but could at the same time not satisfy the expectations of others; therefore, there is a dilemma in pointing out an enterprise as socially responsible, and that's why this definition in the ISO 26000 standard is not to take into consideration. For example, an enterprise may, on the one hand, work on extraordinary social responsibility programs with the community, and on the other hand it may neither have incentive programs for its workforce nor have an interest in getting it publicly known that it is breaking human rights of vulnerable groups.

We need to start at the beginning, i.e. that social responsibility is not a subject to be managed or administered, to the contrary, it is a subject that contributes to sustainable development and therefore to society. This is to say that programs for social responsibility can be managed but not social responsibility as such.

ISO 26000 has been designed to give guidance, to show the outlines of social responsibility, not for certification, and the relevant text of the standard reads:

“This International Standard is not a management system standard. It is not intended or appropriate for certification purposes or regulatory or contractual use. Any offer to certify, or claims to be certified, to ISO 26000 would be a misrepresentation of the intent and purpose and a misuse of this International Standard. As this International Standard does not contain requirements, any such certification would not be a demonstration of conformity with this International Standard.”

The main objective of this guidance is to support that enterprises integrate social responsibility into their daily practices, and such integration varies according to exactly these practices; so, there is no need for another management system but for the integration of social responsibility into existing systems. This can be seen in ISO 26000 clause 7, where the orientation is given on how to put social responsibility in an organization into practice and that organizations can base such practices on existing systems, politics, structures and networks, without changing the focus of the organisation or the degree of maturity of these systems: the idea is to help all organizations, whatever the starting point may be, to integrate social responsibility into their way of operating (see figure 4 of the standard).

On the other hand, what are we going to evaluate in the environmental area if the organization already has an ISO 14001 management Systems? Or in the area of customers and consumers, if the use of ISO 9001 is in place, see clause 7.2 for customer related processes.

The same applies if an enterprise has been certified to OSHAS 18001 which describes the auditing of labour practices, or if it got an SA8000 certificate which includes human rights in its audits.

Finally, the ISO 26000 users should be the ones who decide about the programs to address the ISO 26000 core subjects and issues, which may be seen relevant to each type, location, and size of an organization.

Based on these deliberations, I consider it important that – before a decision is taken in regard of a need for an “ISO 26001” or any other “certifiable standard based on ISO 26000” – the above-mentioned problems should be are evaluated, taking into account the immense risk that a "management system standard on social responsibility based on ISO 26000" is muddled up with a standard giving orientation.

By Ing. Perla Puterman S @FRSIberoamerica

Translation from Spanish to English by guido.guertler@t-online.de