Navigating the language of ISO standards can be challenging, especially when interpreting terms like “shall,” “should,” “can,” and “may.” Understanding these terms is crucial for ensuring compliance and effectively implementing management systems.
In this blog, we’ll break down these key terms and explore how their meanings impact the implementation of ISO standards. We’ll also look at how different interpretations may arise and how an ISO consultancy, like Assent Risk Management, can help clarify these terms to ensure your organisation meets its compliance obligations.
Understanding Key Verbs in ISO Standards
ISO standards use precise language to outline requirements and recommendations. The terms “shall,” “should,” “can,” and “may” carry specific meanings, and understanding them can make a significant difference in how your organisation applies these standards.
- Shall: This term is perhaps the most crucial to understand. It indicates a mandatory requirement within the standard. When a clause of an ISO standard uses the word “shall,” it means that the organisation must comply with that requirement in order to achieve certification or compliance. Non-compliance is not an option here, and organisations are expected to take the necessary actions to meet these requirements.
- Should: Unlike “shall,” the term “should” indicates a recommendation. While organisations are not required to follow these recommendations, doing so will typically help to meet the objectives of the standard or improve the effectiveness of the management system. However, failing to adopt such recommendations could make it more challenging to demonstrate the effectiveness of your management system during an audit.
- Can: This term is used to indicate possibility. It outlines actions that are feasible or permissible, but they are not mandatory or necessarily recommended. “Can” shows that an organisation has the flexibility to take certain actions, provided they are consistent with the goals of the standard.
- May: Similar to “can,” the term “may” is used to express permission. It implies that an organisation is allowed to undertake certain actions but is not required to do so. This offers a level of flexibility. For example, an ISO standard may state that an organisation “may” consult external experts for advice on the implementation of specific measures. This leaves room for discretion, but it doesn’t make such things compulsory.
How Interpretation of Standards May Differ
The interpretation of ISO standards can differ based on various factors, including industry context, geographical location, and even the size of the organisation. For example, a large multinational organisation may apply a requirement for “shall” differently from a small business due to the resources available and the scale of operations. Different industries also have different priorities.
Additionally, certain terms may have varying levels of enforcement depending on the regional or national regulations that align with the standard. For instance, in some jurisdictions, the “shall” requirements of ISO 9001 (quality management) may be more rigidly enforced than in others.
Given these variations, there’s a risk that organisations could misinterpret or inconsistently apply ISO standards. This is where expert guidance from a consultancy like Assent Risk Management becomes invaluable.
How Assent Risk Management Can Help
At Assent Risk Management, we understand that the precise language of ISO standards can sometimes create confusion. Our team of experienced consultants is here to help you interpret the standards and ensure that your organisation is not just ticking boxes, but implementing practices that provide genuine value.
Here’s how we can help:
- Consultancy Services: We work closely with your team to help interpret the specific requirements of ISO standards and tailor them to your unique business context. This ensures that the language of “shall,” “should,” “can,” and “may” is understood in the right way, and the most effective practices are implemented.
- Auditing Services: Our impartial internal audits evaluate your organisation’s adherence to ISO standards, ensuring that your internal processes align with the “shall” requirements and that you’re making the most of the recommendations indicated by “should.” We help identify any gaps or areas for improvement that may arise due to misinterpretations.
- Training Programs: We provide training to ensure your team fully understands the meanings behind the language of ISO standards. This includes interpreting mandatory, recommended, possible, and permitted actions so that your team can make informed decisions during implementation.
By partnering with Assent Risk Management, you can demystify the complexities of ISO standards, ensuring compliance and enhancing your business’s operational efficiency.
In conclusion, understanding the terms “shall,” “should,” “can,” and “may” is essential for interpreting and applying ISO standards effectively. By ensuring compliance with mandatory requirements, taking advantage of recommendations, and using the flexibility offered by “can” and “may,” businesses can meet ISO requirements more effectively. With expert guidance from Assent Risk Management, you can navigate these nuances with confidence, ensuring that your ISO certification journey leads to real business improvements and success.
If you’re looking to optimise your ISO standards implementation, we’re here to help. Contact Assent Risk Management for consultancy, auditing, and training services tailored to your needs.
