Did you know there are fourteen ISO Management Systems Standards*?
- ISO 9001 Quality management system
- ISO 13485 Medical devices quality management system
- ISO 14001 Environmental management system
- ISO 18788 Private security ops management system
- ISO/IEC 20000-1 IT service management system
- ISO 22000 Food safety management system
- ISO 22301 Business continuity management system
- ISO/IEC 27001 Information security management system
- ISO 28000 Supply chain security management system
- ISO 37001 Anti-bribery management system
- ISO 39001 Road traffic safety management system
- ISO 45001 Health and safety management system
- ISO 50001 Energy management system
- ISO 55001 Asset management system
Is this a cottage industry, ISO's sausage-machine churning out MSSs one after another? Has ISO discovered a vein of gold?
Or is it that the MSS approach works so well that organizations welcome the standards, creating demand?
Both maybe? Or something else entirely?
You tell me.
All I know is that ISO/IEC 27001 does a pretty good job in the area of information risk and security management, based on BS 7799. ISO 9001 set the MSS ball rolling, drawing on BS 5750. And ISO 20000 is, in effect, the ISO version of ITIL, a UK government standard. I'm not familiar with the remaining MSSs but I wouldn't be surprised to discover several of them are also based on British standards. I don't know why that would be: the Brits are certainly not alone in understanding the value of governance structures, assurance and compliance.
* I've found 14 of them anyway. A couple of them aren't listed by ISO's website search engine, for some reason. Maybe there are more.