What is the primary objective of **ISO 26000**?

**ISO 26000 provides internationally recognized guidance on social responsibility for all organizations.** Published in November 2010 and confirmed current in 2021, it defines social responsibility as an organization's accountability for its impacts on society and the environment through transparent, ethical behavior that contributes to sustainable development, respects stakeholder expectations, complies with law, aligns with international norms, and integrates throughout the organization.

Who is legally or professionally required to comply with **ISO 26000**?

**No organization is legally required to comply with ISO 26000, as it is voluntary guidance applicable to all types regardless of size, location, or sector.** It targets private, public, and non-profit entities, including SMEs, multinationals, hospitals, schools, and charities, encouraging contextual adoption through stakeholder engagement to address relevant core subjects like governance and human rights.

Does **ISO 26000** require an external audit or third-party certification?

**ISO 26000 explicitly prohibits external audits or third-party certification.** Its Scope states it is not a management system standard, contains no requirements, and any certification claims constitute misrepresentation or misuse, emphasizing self-assessment, transparent reporting, and stakeholder validation instead.

How often should an assessment for **ISO 26000** be performed?

**ISO 26000 recommends periodic self-assessments at appropriate intervals aligned with organizational context and stakeholder needs.** Organizations should report performance on core subjects regularly, including objectives, achievements, shortfalls, and improvement plans, integrating into continuous improvement cycles like Plan-Do-Check-Act without prescribed frequencies.

What are the consequences of non-compliance with **ISO 26000**?

**There are no formal consequences for non-compliance with ISO 26000, as it imposes no legal requirements or penalties.** However, failure to address its guidance on core subjects risks reputational damage, stakeholder distrust, operational disruptions, and misalignment with international norms, potentially exposing organizations to indirect legal or market repercussions.

An **ISO 26000** be mapped to other international frameworks?

**Yes, ISO 26000 aligns with international frameworks through special agreements and linkage documents.** It connects to OECD Guidelines for Multinational Enterprises, UN Global Compact, GRI reporting standards, and UN 2030 Agenda/SDGs, enabling structured ESG assessments, human rights due diligence, and integrated reporting without replacing operational standards.

What is the first step to begin implementing **ISO 26000**?

**The first step is recognizing social responsibility and engaging stakeholders per Clause 5.** Organizations must understand their impacts, identify relevant issues across the seven core subjects, map stakeholders, and prioritize through dialogue to determine significance, forming the foundation for integration throughout governance and operations.

What is the primary objective of **AS9110C**?

**AS9110C's primary objective is to define quality management system requirements for aviation maintenance, repair, and overhaul (MRO) organizations to ensure consistent conformity to customer and regulatory requirements while enhancing safety and continual improvement.** It builds on ISO 9001:2015 using the High Level Structure (HLS), embedding aerospace-specific controls for configuration management, counterfeit parts prevention, human factors, and maintenance release processes. The standard supports continuing airworthiness through risk-based thinking (RBT), PDCA cycles, and documented evidence of operational effectiveness.

Who is legally or professionally required to comply with **AS9110C**?

**AS9110C applies to MRO organizations providing maintenance services for commercial, private, and military aircraft, including repair stations and OEM MRO divisions.** It targets entities seeking IAQG OASIS listing or customer contracts requiring certification, such as airlines, OEMs, and regulators (FAA/EASA Part-145 aligned). Compliance is professionally mandated for competitive supply-chain access, not legally universal, but regulatory approvals often demand equivalent QMS controls.

Does **AS9110C** require an external audit or third-party certification?

**Yes, AS9110C requires third-party certification through accredited registrars following a two-stage audit process.** Stage 1 reviews documentation and readiness; Stage 2 verifies implementation effectiveness via on-site audits. The QMS must be operational for at least three months, with internal audits and management review completed prior. Certification is valid for three years, with annual surveillance audits.

How often should an assessment for **AS9110C** be performed?

**Internal audits for AS9110C must be performed at planned intervals based on process risk, with higher frequency for critical maintenance processes like configuration control and release-to-service.** Management reviews occur regularly, tied to business cycles, using at least three months of operational data. Recertification audits happen every three years; surveillance audits are annual.

What are the consequences of non-compliance with **AS9110C**?

**Non-compliance with AS9110C risks regulatory sanctions like FAA/EASA Part-145 certificate suspension, fines up to $100k per day, contract termination, and loss of OASIS listing.** It leads to market exclusion from OEM/airline bids, increased liability from safety incidents, rework costs, and reputational damage from poor traceability or counterfeit parts issues.

An **AS9110C** be mapped to other international frameworks?

**No, AS9110C FAQs stand alone and do not map to other frameworks per independent content rules.**

What is the first step to begin implementing **AS9110C**?

**The first step to implement AS9110C is conducting a formal gap analysis mapping existing processes to all clauses using IAQG matrices.** Secure executive sponsorship, define QMS scope with regulatory alignment (e.g., EASA/FAA Part-145), and produce a prioritized gap register to initiate a phased project with SOW and RACI.

ISO 26000 vs AS9110C

Standards Comparison

ISO 26000

Voluntary

2010

International guidance standard for social responsibility

AS9110C

Mandatory

2016

Aerospace QMS standard for aircraft MRO organizations.

Quick Verdict

ISO 26000 offers voluntary social responsibility guidance for all organizations, emphasizing principles and stakeholder engagement without certification. AS9110C mandates certifiable QMS for aviation MROs, focusing on safety, traceability, and compliance. Companies adopt ISO 26000 for ethical leadership; AS9110C for market access and regulatory alignment.

Social Responsibility

ISO 26000

ISO 26000:2010 Guidance on social responsibility

Cost

€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Non-certifiable guidance avoiding certification burdens
Seven principles underpinning all SR decisions
Seven core subjects for holistic impact assessment
Multi-stakeholder consensus from 500+ global experts
Applicable to all organization types universally

Quality Management

AS9110C

AS9110C Quality Management Systems for Aviation Maintenance

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Configuration management and traceability controls
Counterfeit parts prevention and detection
Risk-based thinking in maintenance planning
Human factors and competence requirements
Maintenance release and airworthiness assurance

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 26000 Details

What It Is

ISO 26000:2010 is a non-certifiable international guidance standard providing a framework for social responsibility (SR). It applies to all organizations regardless of size, type, or location, focusing on impacts on society and environment through transparent, ethical behavior. Its principles-based approach emphasizes stakeholder engagement and contextual prioritization over rigid requirements.

Key Components

**Seven principlesaccountability, transparency, ethical behavior, respect for stakeholder interests, rule of law, international norms, human rights.
**Seven core subjectsorganizational governance, human rights, labor practices, environment, fair operating practices, consumer issues, community involvement.
Built on multi-stakeholder consensus; no certifiable requirements, promotes self-assessment and reporting.

Why Organizations Use It

Enhances sustainability commitment, risk management, ESG alignment, and stakeholder trust. Drives operational resilience, competitive differentiation, and credibility without certification costs. Supports compliance with norms like OECD, UNGPs, SDGs.

Implementation Overview

Phased approach: materiality assessment, stakeholder engagement, integration into governance/management systems (e.g., ISO 14001), policy development, training, reporting. Applicable universally; uses PDCA for continuous improvement, no audits required.

AS9110C Details

What It Is

AS9110C is the international quality management system (QMS) standard for aviation maintenance, repair, and overhaul (MRO) organizations. It extends ISO 9001:2015 with aerospace-specific requirements focused on safety-critical processes like configuration management and airworthiness. It employs risk-based thinking (RBT), PDCA cycles, and the High Level Structure (HLS).

Key Components

Core clauses (4-10) covering context, leadership, planning, support, operation, evaluation, improvement.
Aviation additions: counterfeit parts prevention, human factors, traceability, release controls.
Built on ISO 9001; voluntary certification via accredited registrars with internal audits and management reviews.

Why Organizations Use It

Meets customer/OEM contracts and regulatory alignment (FAA/EASA Part-145).
Mitigates safety risks, reduces rework, ensures traceability.
Gains market access, competitive edge, supply-chain trust.

Implementation Overview

Phased: gap analysis, process design, training, pilots, audits.
Applies to MROs of all sizes globally; requires 3+ months operational data pre-certification.

Key Differences

Aspect	ISO 26000	AS9110C
Scope	Social responsibility guidance across 7 core subjects	Aerospace MRO quality management system
Industry	All organizations, all sectors worldwide	Aviation maintenance organizations globally
Nature	Non-certifiable voluntary guidance	Certifiable management system standard
Testing	Self-assessment, stakeholder engagement, reporting	Internal audits, management reviews, certification audits
Penalties	No formal penalties, reputational risks	Loss of certification, market exclusion

Scope

ISO 26000

Social responsibility guidance across 7 core subjects

AS9110C

Aerospace MRO quality management system

Industry

ISO 26000

All organizations, all sectors worldwide

AS9110C

Aviation maintenance organizations globally

Nature

ISO 26000

Non-certifiable voluntary guidance

AS9110C

Certifiable management system standard

Testing

ISO 26000

Self-assessment, stakeholder engagement, reporting

AS9110C

Internal audits, management reviews, certification audits

Penalties

ISO 26000

No formal penalties, reputational risks

AS9110C

Loss of certification, market exclusion

Frequently Asked Questions

Common questions about ISO 26000 and AS9110C

ISO 26000 FAQ

AS9110C FAQ

You Might also be Interested in These Articles...

The SOC Maturity Roadmap: A 5-Step Blueprint for Scaling from Ad-Hoc to Optimized Operations

Unlock SOC excellence with our 5-step maturity roadmap. Compare SOC-CMM, NIST CSF, and CMMC frameworks to scale from ad-hoc to automated operations. Start your

The Tool Landscape for Reaching and Maintaining ISO 27701 Compliance

Discover the top tools for ISO 27701 compliance. Compare functionality, complexity, costs, and benefits to choose the best solution for your privacy program. Ac

DORA Third-Party Risk Management: A Consultant’s Guide to Mapping Critical ICT Service Providers in 2026

Navigate DORA's complex third-party risk pillar. Step-by-step consultant guide to identify critical ICT providers, remediate Article 30 contracts, and build the

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

RoHS vs SAMA CSF

Compare RoHS vs SAMA CSF: EU hazardous substance bans for EEE vs Saudi finance cyber framework. Unlock compliance strategies, exemptions, maturity models & enforcement to thrive globally. Dive in!

FISMA vs CMMI

Compare FISMA vs CMMI: Federal cybersecurity law (FISMA/NIST RMF) meets process maturity model (CMMI Levels 1-5). Boost compliance, resilience & performance—discover key differences now.

CMMC vs UL Certification

Compare CMMC vs UL Certification: DoD cybersecurity for defense vs product safety standards. Uncover key differences, compliance paths & benefits to secure contracts & markets now!

ISO 26000

AS9110C

Quick Verdict

ISO 26000

Key Features

AS9110C

Key Features

Detailed Analysis

ISO 26000 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

AS9110C Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

ISO 26000 FAQ

What is the primary objective of ISO 26000?

Who is legally or professionally required to comply with ISO 26000?

Does ISO 26000 require an external audit or third-party certification?

How often should an assessment for ISO 26000 be performed?

What are the consequences of non-compliance with ISO 26000?

An ISO 26000 be mapped to other international frameworks?

What is the first step to begin implementing ISO 26000?

AS9110C FAQ

What is the primary objective of AS9110C?

Who is legally or professionally required to comply with AS9110C?

Does AS9110C require an external audit or third-party certification?

How often should an assessment for AS9110C be performed?

What are the consequences of non-compliance with AS9110C?

An AS9110C be mapped to other international frameworks?

What is the first step to begin implementing AS9110C?

You Might also be Interested in These Articles...

The SOC Maturity Roadmap: A 5-Step Blueprint for Scaling from Ad-Hoc to Optimized Operations

The Tool Landscape for Reaching and Maintaining ISO 27701 Compliance

DORA Third-Party Risk Management: A Consultant’s Guide to Mapping Critical ICT Service Providers in 2026

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

RoHS vs SAMA CSF

FISMA vs CMMI

CMMC vs UL Certification