1. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
2
Day 3: ISO background & ISO use in the public
sector
Nick Thijs, OECD/SIGMA & Tihana Puzić, EIPA
SERVICE DESIGN AND DELIVERY IN A DIGITAL AGE
Academies for EaP countries
Quality management
systems and quality
culture

2. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
3
ISO: Let us hear your voices & expirience!
Day 3: ISO background & ISO use in the public sector
Which ISO standards do you know?
Do you use some of the ISO standards?
What about standardisation bodies in your contry?
Cooperating?
How do you perceive the usefullnes of ISO standards?

3. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
Photo source: https://www.iso.org/about-us.html
„In London, in 1946, 65 delegates from 25 countries meet to
discuss the future of International Standardization. In 1947, ISO
officially comes into existence with 67 technical committees
(groups of experts focusing on a specific subject)“
https://www.iso.org/about-us.html
These founding members laid the groundwork for
ISO's mission to develop and publish international
standards that would facilitate global trade, collaboration,
and interoperability.

4. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
5
Day 3: ISO background & ISO use in the public sector
Source: https://www.iso.org/about-
us.html

5. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
6
•Non-Governmental Organization: ISO is a non-governmental organization (NGO) with a unique
status. It's not part of any government, but rather a collaborative entity that brings together
representatives from various countries and industries to develop consensus-based international
standards.
This structure ensures that standards are driven by technical expertise and not influenced by
political factors.
•Comprised of National Standardisation Bodies: ISO consists of national standards bodies from
different countries, each designated by their respective governments.
•These national standards bodies represent the interests and expertise of their industries and ensure
that the developed standards align with regional and national needs. This collaborative network
enhances the global reach and applicability of ISO standards.

6. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
7
ISO's primary mission is to develop and publish international standards that address a wide range of subjects and
industries.
These standards cover diverse areas, including technology, safety, quality, environment, and management systems...and
the public sector as well.

7. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
ISO use in the public sector
8
ISO 18091
ISO37000
Governance of organizations
ISO 14001
Environmental management s
ISO 50001
Energy
management
ISO 27001 Information security
management systems
ISO45001
Occupational health and safety
management
ISO 26000
Social responsibility
Guidelines for the application of ISO 9001 in local government
ISO 9001 Quality management
ISO 31000
Risk management

8. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
9
ISO 18091 is an essential map for local governments to organize themselves in a comprehensive
way, focusing on continual improvement where it matters. It will:
• Empower citizens and governments together
• Produce not only effectiveness but legitimacy
• Provide a common language and understanding between politicians and technicians, and enable
comparability among countries and other local governments
• Serve the local population by making politically viable those things that are technically indispensable
• Create a useful tool for the UN millennium goals and objectives for a sustainable world and smart
cities
• Produce reliability – essential for society
Although it is meant for the local administration, a huge part of this standard can be applied to all size
public institutions.
Having this in mind, let us introduce the:

9. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
10
ISO37000:2021
Governance of organizations — Guidance
This document gives guidance on the governance of
organizations. It provides principles and key aspects of
practices to guide governing bodies and governing groups
on how to meet their responsibilities so that the
organizations they govern can fulfil their purpose. It is also
intended for stakeholders involved in, or impacted by, the
organization and its governance.
It is applicable to all organizations regardless of type, size,
location, structure or purpose.

10. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
11
Source: iso/standard/

11. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
12
ISO 27001:2022 – Information security management systems
Enhancing Public Sector Security
In a world where government IT systems often lag behind private
sector counterparts, managing risk demands proactive
measures.
ISO 27001, a vital management system for the public sector,
offers robust tools to counter cyber threats, vandalism, and online
risks. This standard stands out for its technology-neutrality,
making it adaptable to any existing infrastructure.
For government contractors, especially in defense, aerospace,
and intelligence sectors, ISO 27001 safeguards critical
intellectual property.

12. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
ISO 27001:2022
13
1.Confidentiality
1. Definition: Ensuring that only authorized individuals can access the
organization's information.
2. Risk Scenario: Criminals acquiring clients' login credentials and
selling them on the Darknet.
2.Information Integrity
1. Definition: Ensuring that critical data is securely stored and
remains unaltered or deleted.
2. Risk Scenario: Accidental deletion of data by a staff member while
processing.
3.Data Availability
1. Definition: Guaranteeing timely access to information for the
organization and its clients, meeting business needs and customer
expectations.
2. Risk Scenario: Enterprise database becoming inaccessible due to
server issues and inadequate backup.

13. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
14
ISO 31000:2018 - Risk Management – Guidelines offers a comprehensive approach encompassing
principles, a framework, and a process for risk management. This standard's applicability spans
organizations of all sizes, activities, and sectors.
Leveraging ISO 31000 aids organizations in enhancing the likelihood of objective attainment, refining the
identification of opportunities and threats, and optimizing the allocation and utilization of resources for risk
mitigation.
It's important to note that ISO 31000 doesn't serve as a certification system, but it does furnish guidance
for both internal and external audit programs.
Organizations adopting this standard can measure their risk management practices against a globally
recognized benchmark, furnishing reliable principles for effective management and corporate governance.

14. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
15
„ISO 26000:2010 provides guidance rather than
requirements, so it cannot be certified to unlike
some other well-known ISO standards. Instead,
it helps clarify what social responsibility is, helps
businesses and organizations translate principles
into effective actions and shares best practices
relating to social responsibility, globally. It is
aimed at all types of organizations regardless of
their activity, size or location.
The standard was launched in 2010 following five
years of negotiations between many different
stakeholders across the world. Representatives
from government, NGOs, industry, consumer
groups and labour organizations around the
world were involved in its development, which
means it represents an international consensus.“
Source: https://www.iso.org/iso-26000-social-responsibility.html
Source: https://www.iso.org/publication/PUB100418.html
Source:
https://www.iso.org/publication/PUB100401.html

15. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3: ISO background & ISO use in the public sector
16
ISO 9001 - More details........

16. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
17
Quality management system - Why?
94% of the problem is in the system
6% of the problem is people
A bad system beats a good employee.

17. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
18
A few notes from the area:
ORGANIZATION MANAGEMENT

18. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
19
▪ planning
▪ organizing and
allocation of resources
▪ troubleshooting
▪ decision making
▪ business management
▪ monitoring
▪analysis and improvement
▪learning
Requiring defining
objectives and good
organization
(understanding what has
priority)
Good management – skillful organisation of functions:

19. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
20
b) Know our own:
✓processes (flows)
✓critical performance and critical success factors
✓objectives and plans to achieve them
✓benchmarks and methods of measuring results / success
✓information about events within the process
An appropriate (suitable) quality management system (QMS)
is a good approach for an effective and efficient management.
And we shall:

20. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
21
We must get rid of conservatism in the understanding
of quality:
Quality is a luxury
Quality goes without saying
Quality is a purely technical issue
Quality is achieved through control
A modern approach to quality

21. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
22
QUALITY
Dimensions
Influential
quantities
that are
valued
Size
Image
References
Qualifications
Know-how
Presentation
Characteristics
products or
services are
agreed upon,
are clearly
measurable
Process capability
Behavior
Communications
Information
Values
Culture
--- what users
can entrust us
--- the results
users expect from
us
--- expectations
from the way we
execute the
services
Quality of
potential
Product quality Process quality

22. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
23
Origin of the „standard“
-Standard lat. "norma", line for marking the direction, protractor
-EN European Norm
-ISO International Organization for Standardization
-ISO 9000 ff: 1987 first published, unified international standards for the
development and establishment of QMS

23. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
24
Day 3 - ISO 9001 more details...
Basic standards related to QM
ISO 9000 QM-systems–basics and concepts
ISO 9001QM-systems - requirements
ISO 9004 QM-systems–performance improvement guide
ISO 19011A guide to auditing in the field of management systems
ISO 10012 Requirements for a measurement system

24. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
25
Day 3 - ISO 9001 more details...
Every organization should:
Determine needs and expectations from the customers/users and others
interested parties
Determine the vision, mission, policy, general objectives, strategy and concrete
measurable goals
Determine and, as necessary document, processes and critical success factors
Determine risks and opportunities for success
Identify and secure resources
Connect everything together in one harmonious system
Ensure effective communication
Manage processes and the overall system
Monitor, measure and analyse the results while keeping the risk under control
! Take necessary action
corrections, corrective actions,
and future improvement actions

25. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
26
Day 3 - ISO 9001 more details...
Structure of the ISO 9001:2015 standard
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
4.1 Understanding the organization and its
context
4.2 Understanding the needs and expectations
of interested parties
4.3 Determining the scope of the quality
management system
4.4 Quality management system and its
processes
5 Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organizational roles, responsibilities and
authorities
6 Planning
6.1 Actions to address risks and
opportunities
6.2 Quality objectives and planning to
achieve them
6.3 Planning of changes
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
8 Operation
8.1 Operational planning and control
8.2 Requirements for products and
services
8.3 Design and development of products
and services
8.4 Control of externally provided
processes, products and services
8.5 Production and service provision
8.6 Release of products and services
8.7 Control of nonconforming outputs
9. Performance evaluation
9.1 Monitoring, measurement, analysis and
evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
9.2 Internal audit
9.3 Management review
10 Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement

26. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
27
Day 3 - ISO 9001 more details...
Source: https://www.concentricglobal.co/blog/iso-9001-2015-documentation-requirements

27. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
28
Day 3 - ISO 9001 more details...
Source: https://www.iso.org/standard/62085.html

28. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
29
Day 3 - ISO 9001 more details...
THE PROCESS
o a series of related and interacting activities that transform input
elements into output elements (ISO 9000:2005, item 3.4.1.)
PROCEDURE
o defined (specified) way of carrying out an activity or process (ISO
9000:2005, item 3.4.5.)
DOCUMENT
o information and the medium on which the information is located (ISO
9000:2005, item 3.4.2.)

29. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
30
Documented information of ISO 9001:2015 quality management system is
categorized as Maintain Documented Information and Retain Documented
Information.
The former is basically all the documents of the management system.
Examples of such documents are:
- Quality Manual
- Policies
- Procedures
- Standard operations procedures
- Plans
- Instructions and manuals, standards, normative documents, etc.
Retain Documented Information refers to forms, registers and other records of the
management system. Records are evidence of the results achieved and that the
system is followed.
Source: https://cpduk.co.uk/news/iso-9001-2015-documentation-structure-and-its-requirements

30. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
31
Quality Manual:
•Outlines Quality Policy and QMS structure.
•Applies to all or specific organizational activities.
•Reflects products/services, processes, regulations, etc.
•Serves as a primary QMS document.
•Expresses management's intent for system fulfillment.
•Acts as a lasting reference for system maintenance.
Differentiating Quality Manual and Quality Plan:
•Quality Manual covers entire company's QMS.
•Quality Plan outlines system implementation for ISO 9001:2015 requirements.
Procedures:
•Vital for QMS process operation.
•Ensure confidence in the system.
•Detail meeting ISO 9001:2015 clauses.
•Designed for internal and external use.
•Must be safeguarded against unintended exposure.

31. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
32
Determine the
necessary
documentation
Develop the
document
Review and
approve before
use
Distribution at
the point of use
Update the
document
Mark if saved
Documents required in QMS must be
managed
(ISO 9001:2015 – requirement 7.5.3)
Change
?
Obsolete?
Ensure that the document is
accessible and readable at all
times
General rule:
The right document must be
available at the right time in
the right place
Prevent
unintended use
Mark revision and
status

32. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
33

33. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Day 3 - ISO 9001 more details...
34
Keep your ISO 9001 QMS:
- Simple
- Updated
- Communicated
While:
- Investing into the quality culture by: employee satisfaction management, client/user
satisfaction management, agile and lean work