ISO 26000 for Corporate Social Responsibility: How to Get Started

corporate social responsibility

Organizations, including businesses, do not exist in a vacuum. Every organization is embedded in a wider web of societal, political, and environmental systems, that spans from smaller local networks to expansive and complex global systems.

As IAG puts it:

“Sustainability is neither a program nor an initiative, it’s considered simply good management.”

This statement recognizes the link between an organization and the social, environmental and economic wellbeing of the communities in which they operate.

An organization’s relationship to the society and wider environment in which they exist and operate is a key factor in their ability to succeed and thrive. It can also be an insight into their general performance.

ISO 26000 is a set of guiding principles for businesses and organizations to use to steer them in a more socially responsible direction.

In order to better contribute to the health and welfare of their supporting societies and environments, businesses must enforce principles of ethical and transparent behaviour.

In this post, I’ll look at:

  • A simple definition of ISO 26000
  • Why ISO 26000 is important
  • A brief overview of corporate social responsibility (CSR)
  • How ISO 26000 can help support sustainable development
  • 7 key principles of ISO 26000
  • 7 core subjects of ISO 26000
  • Benefits of using ISO 26000
  • What is social responsibility reporting?
  • How to get started with ISO 26000

Let’s start with a basic introduction to ISO 26000.

What is ISO 26000?

ISO 26000 is a standard that outlines a set of guiding principles for corporate social responsibility.

It is important to note that ISO 26000 is intended to provide guidance, as opposed to specific requirements. ISO 26000 is voluntary and as such can not be certified to.

Rather, its purpose is to help organizations to understand and clearly define what social responsibility means to them, and offer guidelines to assist with the deployment of best practice principles and actionable solutions.

ISO 26000 is aimed at any and all organizations, regardless of location, activity, or size.

By encouraging businesses and organizations to take social responsibility seriously, ISO 26000 helps contribute to global sustainable development.

ISO 26000:2010

ISO 26000:2010 is the most recent (and as of the writing of this article, only) ISO standard relating directly to guidelines for corporate social responsibility.

Because there is only one standard in the “family” of 26000, “ISO 26000” and “ISO 26000:2010” refers to the same thing. In this article I will be using these terms interchangeably.

This is in contrast to other families of ISO standards, like ISO 9000 or ISO 14000, which both refer to large groups of related but individual standards.

The 2010 suffix refers to the year the version of the standard was launched. ISO 26000:2010 was the result of five years of discussions and negotiations between many different stakeholders across the globe.

Last reviewed and approved in 2014, the 2010 version therefore remains the most current.

Development of ISO 26000:2010 involved actors and representatives from various industries, governments, NGOs, consumer groups and worker organizations from around the world, and as such it represents a truly international consensus.

ISO 26000:2010 provides guidance on:

  • Definitions, principles, and core issues of social responsibility
  • Social, political, environmental and cultural contexts of social responsibility
  • Best practice guidelines of social responsibility
  • Guidance on how to integrate, implement, and promote socially responsible behaviour both internally and externally
  • Identifying and engaging with stakeholders
  • Defining, implementing, evaluating commitments and performance of social responsibility
  • Distributing other information relating to social responsibility

Development of ISO 26000

Back in 2005, a whole bunch of stakeholders invested in defining standards for corporate social responsibility got together to try and work on a consensus.

These efforts were split between eight separate events, called “Working Group Plenary Sessions”, over the five years between 2005-2010.

Approximately five hundred different organizations and individuals participated in the process, with additional committee meetings and consultations via email during those initial five years.

Six main stakeholder groups were involved:

  • Industry
  • Government
  • NGO (non-government organizations)
  • Labor
  • Consumer
  • SSRO (Service, Support, Research, and Others)

Leadership of these efforts was split between both “developing” and “developed” countries, to ensure varying viewpoints and differing economic and cultural perspectives.

The final standards defined in ISO 26000:2010 was the result of this long process of deliberation and negotiation.

Importance of ISO 26000

What constitutes ethical and socially responsible behaviour by corporations and organizations is highly debated, and the question of how viable standardized solutions like ISO are to these kinds of complex problems is ongoing.

However, what ISO 26000 attempts to do is outline a clear middle-path between dense, strict legislation and open, un-regulated (or self-regulated) corporate freedom.

ISO 26000 attempts to promote respect and responsibility by providing reference points in the form of documented standards. This way, organizations have the freedom to work in a way that does not restrict their ability to function on a business level, while still calling them to hold accountability for their own social and environmental actions.

It is important because it offers an actionable framework for social responsibility that is appealing to corporations because of its flexibility.

In short, ISO 26000 aims to:

  • Help businesses and organizations to address social responsibilities while acknowledging and respecting cultural, societal, environmental, legal and economic differences
  • Offer practical and actionable guidelines to enact principles of social responsibility
  • Help identify and communicate with stakeholders to improve the reliability and credibility of reports relating to social responsibility
  • Focus on and prioritize business performance, including principles of continuous improvement
  • Increase customer and stakeholder satisfaction
  • Integrate with and supplement existing ISO standards, international treaties, government regulations and international conventions
  • Define and promote a common language and terminology for talking about and communicating social responsibility
  • Increase general awareness of social responsibility

Corporate social responsibility

One of the fundamental ideas of ISO 26000 is that of corporate social responsibility.

Sometimes abbreviated to CSR, corporate social responsibility is a broad concept that involves pretty much anything a company does to uphold principles of sustainable development.

More specifically, it’s the collective “responsibility” a corporation or organization has to uphold certain standards of sustainability.

This responsibility refers to the concerns of society in general, as well as the concerns of individual organizations. Of course, these concerns are constantly changing, and the framework of ISO 26000 as a set of guidelines, rather than a rigid set of requirements reflects this.

It’s another way of saying companies need to be more economically viable, and consider the impact they have on the societies and environments that support them.

Sustainable development

The three pillars of sustainable development are:

  • Economy
  • Society
  • Environment

Sustainable development is simply the idea that the actions of a corporation should not be destructive.

At the very least, they should adopt reasonable business practices that serve to “sustain” the delicate systems of economy, society, and environment, as opposed to disrupting them.

ISO 26000, while focusing mainly on the societal aspect, nonetheless incorporates elements of each core pillar of sustainable development.

In this capacity, ISO 26000 as a standard incorporates core principles of sustainable development.

Structure of ISO 26000

ISO 26000:2010 is structured in seven main sections, like this:

  1. Scope
  2. Terms and definitions
  3. Understanding social responsibility
  4. Principles of social responsibility
  5. Recognizing social responsibility and engaging stakeholders
  6. Guidance on social responsibility core subjects
  7. Guidance on integrating social responsibility throughout an organization

I’ll try and give a brief outline of each section.

1. Scope

This is like a brief but comprehensive overview of the standard, and includes limitations and exclusions. Think of it like an introduction that provides important context.

2. Terms and definitions

Concepts important for understanding corporate social responsibility and the guidelines defined in this standard are defined here.

3. Understanding social responsibility

Essentially an overview of the concept of social responsibility, including what it means and how it applies to organizations.

This section includes the ongoing factors and conditions that influence the development and understanding of the concept of social responsibility.

There is also guidance for small-to-medium sized organizations for how to use and apply principles defined in ISO 26000.

4. Principles of social responsibility

An introduction to and expansion of the seven principles of social responsibility. I’ll cover these principles in the section of this article named “Seven key principles of ISO 26000”.

5. Recognizing social responsibility and engaging stakeholders

Two important practices are outlined in this section:

  • How organizations recognize their own social responsibility
  • How they identify and engage with their stakeholders

It also includes guidance on how organizations could/should relate to their stakeholders and society in the wider sense, from how these factors relate to the core principles and subjects of social responsibility defined in ISO 26000 to an organization’s sphere of impact.

6. Guidance on social responsibility core subjects

Similar to section 4, the core subjects of social responsibility are outlined and defined here.

I’ll take a look at these core subjects in the “Seven core subjects of ISO 26000” section of this article.

7. Guidance on integrating social responsibility throughout an organization

This section provides guidelines for practically implementing the principles and concepts of ISO 26000.

Included in the scope of these guidelines is:

  • Understanding an organization’s social responsibility
  • Integrating social responsibility throughout an organization
  • Communications of social responsibility
  • Improving organizational credibility
  • Process for reviewing progress towards social responsibility
  • Improving performance of social responsibility initiatives
  • Evaluating voluntary initiatives for social responsibility

Seven key principles of ISO 26000

So we’ve been over the structure of ISO 26000, which has seven main sections.

Coincidentally (and somewhat confusingly) there are also a couple of important lists that it’s worth getting to grips with, both of which also have seven elements:

  • Seven key principles of ISO 26000
  • Seven core subjects of ISO 26000

Firstly, the seven key principles, which are intended to be understood as the “roots of socially responsible behavior”, are:


In principle this means that organizations should be held accountable for their impacts on society, the economy, and the environment.

How to hold them accountable? This basically involves an obligation on management to be answerable to the impact and interests of their organization, and similarly on the organization to be answerable to legal regulation and authority.

Organizations should have to account for:

  • How their decisions and activities impact society, the environment and the economy
  • Remedial or preventative actions taken in response to or anticipation of unintended and unforeseen negative impacts


For decisions and activities that impact society, environment, and economy, organizations should be transparent.

They should disclose in clear, unambiguous terms all policies, decisions, documentation, and activities for which they are responsible.

Such information should be easily available for relevant interested parties, especially those who have been or might be affected in any capacity by the actions of the organization.

However, this doesn’t mean that proprietary information must be made public, or that sensitive information otherwise protected by legal or personal privacy policies must be disclosed.

At the very least, organizations should strive to be transparent about:

  • Internal policies and procedures, including standards and criteria the organization uses to evaluate its own performance relating to social responsibility
  • Known and potential impacts of decisions and activities on the organization’s stakeholders, as well as the economy and the environment
  • How the organization itself defines its stakeholders. That includes a clear definition, and the processes used to identify, select, and engage with them

Ethical behavior

Organizations should behave ethically. Their behaviour should be influenced by clearly defined values of honesty, equity, and integrity.

Ethical behavior implies a genuine concern for the welfare of people, animals, and the environment at large, beyond the conveniently one-dimensional use of the term “stakeholder”.

With this principle an organization commits to addressing the impact of its activities and decisions, including but not limited to:

  • Respecting the wellbeing of animals in terms of how the organization’s activities might impact their lives and existence
  • Providing adequate and decent conditions for keeping, breeding, producing, transporting, and using animals in any capacity

Respect for stakeholder interests

Stakeholders are defined as individuals or groups who are affected by, or have the ability to impact, the organization’s actions.

In principle, organizations, should respect the best interests of its stakeholder, which might include:

  • Clearly identifying its stakeholders
  • Assessing and considering the ability of stakeholders to engage with and influence the organization
  • Considering the views of stakeholders who might be impacted by decisions or activities of the organization, whether they are formally involved in the organization or not

Respect for the rule of law

The principle here is that organizations should accept and respect the rule of law in the capacity to which it applies to them.

Perhaps it goes without saying, but ISO likely included this clarification in their standard for compliance reasons, and to further the incentive that ISO 26000 should be compatible with any existing framework of regulations and standards.

For example, organizations will have to:

  • Comply with legal and regulatory requirements in all jurisdictions in which they operate
  • Adequately review compliance policies and procedures with any applicable laws and regulations

Respect for international norms of behavior

Quite simply, organizations should respect international norms while also “respecting the rule of law” as it applies to them locally.

For example:

  • When the law doesn’t adequately define environmental, social, or economic safeguarding procedures, an organization should strive to respect, at a minimum, the norms of behavior for the relevant location in which they are operating
  • Organizations should also avoid being complicit with other organizations who are obviously not respecting international norms of behavior

Respect for human rights

Organizations should respect and recognize the importance and universality of human rights.

That includes, but isn’t limited to:

  • In situations where human rights aren’t protected, not to take advantage of these situations, and to ensure steps are taken to respect human rights
  • In situations where the law isn’t as clear as it could be on certain aspects of human rights, to adhere to the principle of respect for international norms of behavior

Seven core subjects of ISO 26000

corporate social responsibility

Similar to the seven key principles, the seven core subjects of social responsibility (as defined by ISO 26000) are:

Organizational governance

Or, how your business makes decisions and takes steps to achieving its objectives.

The decision making process of an organization should be structured so that principles of social responsibility can be effectively applied.

Human rights

This is also one of the seven key principles.

In this case it refers to how businesses should respect and support basic human rights both internally and externally; within their own operations and when collaborating with stakeholders.

Labor practices

Labor practices must be in line with all other policies of social responsibility.

All practices and policies that relate to the working conditions of the organization, including subcontracted work, are within the scope of this core subject.

That includes, but isn’t limited to:

  • Health and safety of workers
  • Hiring
  • Promotion
  • Training
  • Skill development


Organizations should be aware of how each and every action and decision they take will impact the environment.

This is typically but not exclusively related to how organizations utilize resources, the location of their activities, waste, and pollution.

Fair operating practices

This refers to ethical codes of conduct, and how organizations should practice accountability and fairness when doing business with others.

Issues such as corruption (and anti-corruption measures), respect for local law, and the promotion of key principles of social responsibility throughout the organization are all part of the singular initiative of striving towards fairer operating procedures.

Consumer issues

Customers must be provided with all relevant information about an organization’s services and products, including issues of:

  • Fair marketing
  • Consumer service
  • Support
  • Data collection and protection
  • Privacy

Community involvement and development

It’s important that organizations acknowledge the value of communities, and how these communities both support and are impacted by their business.

Community involvement is crucial in achieving truly sustainable development.

This might include:

  • Providing support for skill development programs
  • Creation of new jobs within a given area
  • Other social investments that are mutually beneficial

Who should use ISO 26000?

Part of the design of ISO 26000 was to ensure that it could be used by all organizations, not just businesses and corporations.

This is in contrast to other ISO standards, which are typically focused on a particular type of organization.

Hospitals, schools, charities, and other such non-standard organizations can all use ISO 26000.

So far, the main use of ISO 26000 has been by multi-national corporations based all across the world, from Europe, America, and East Asia.

Why use ISO 26000?

ISO 26000 is a guideline. As such, its practical value has been debated, because clear steps to solving complex social problems are not as clear as, say, the quantifiable policies and procedures utilized by more rigidly defined management systems like ISO 9001’s QMS, or ISO 14001’s EMS.

That said, organizations seeking practical results should approach ISO 26000 as more of a framework of guidance, coupled with actionable strategies for achieving the social responsibility goals they deem most important.

In short, organizations should use ISO 26000 to lay foundations for building and implementing sustainable systems, and to ultimately reap the long-term benefits of socially responsible operations.

Benefits of using ISO 26000

ISO identifies benefits of successfully utilizing the ISO 26000 guidelines for social responsibility as:

  • Attracting and retaining workers, members, and clients
  • Improving brand image and reputation
  • Improving marketing effectiveness and customer engagement
  • Increasing commitment and productivity of employees
  • Improving relationships with stakeholders such as governments, the media, other companies and communities

Social responsibility reporting

An important idea of the ISO 26000 standard is how organizations implementing the guidelines should prioritize reporting to stakeholders on their performance on social responsibility.

This kind of reporting should be conducted at reasonable intervals, and include information about:

  • Objectives and performance on core subjects and key principles of social responsibility
  • How and when stakeholders are or have been involved in the reports
  • A balanced and comprehensive overview of performance, including achievements and shortcomings
  • Clearly defined methods for analyzing and improving processes

How to get started with ISO 26000

ISO 26000 is an expansive and complicated subject, and it might be difficult to know where to start.

To begin with, your first steps are to understand what principles and core subjects are most important and relevant to your organization.

Actionable steps in the form of a well-defined process are also necessary if you want to achieve any real results.

For that, you might want to consider how Process Street could help you build strategies for implementing and integrating ISO 26000 in your organization.

Using Process Street for ISO 26000

Process Street is a BPM software for managing workflows and automating recurring tasks. You can also use it for your standard operating procedures, and most importantly, since the 2015 revisions to ISO standards, it’s easier than ever to manage and implement standards like ISO 26000 with Process Street.

At its core, Process Street is a tool for creating, editing, organizing, and optimizing processes. As such, it can help your organization deploy actionable solutions to core issues of social responsibility, as outlined in ISO 26000.

Check out this intro webinar for everything you need to get started with Process Street:

You can also use it to outline complex policy and procedure templates.

Take for example this ISO 9000 structure template, which outlines the implementation of a quality management system, as defined by ISO 9001:

And below, the same template filled in using the example of a fictional marketing company:

This is just an example of how you can use Process Street to fulfil ISO requirements. There’s a whole lot more you can do, from conditional logic and dynamic due dates to automate manual tasks, task assignment to streamline organizational workflows, or one of the many premade templates you can find in our library, like this selection of marketing processes.

More ISO resources

We’ve put out a lot of ISO related content, and that collection keeps on growing. Check out some of these posts we’ve done on ISO and SOP related topics:

Do you have experience with using ISO 26000 guidelines for social responsibility? We’d love to know your thoughts on how the standard performs out in the wild – so let us know in the comments below.

Get our posts & product updates earlier by simply subscribing

Oliver Peterson

Oliver Peterson is a content writer for Process Street with an interest in systems and processes, attempting to use them as tools for taking apart problems and gaining insight into building robust, lasting solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Take control of your workflows today