What It Is

ISO 26000:2010 is a non-certifiable international guidance standard providing a framework for social responsibility (SR). Applicable to all organizations regardless of size, sector, or location, its primary purpose is to help integrate SR into governance, strategy, and operations through stakeholder-informed, context-specific approaches.

Key Components

• Seven **core principlesaccountability, transparency, ethical behavior, respect for stakeholder interests, rule of law, international norms, human rights.
• Seven **core subjectsorganizational governance, human rights, labor practices, environment, fair operating practices, consumer issues, community involvement.
• Built on multi-stakeholder consensus; no requirements, emphasizing holistic integration over checklists.
• No certification model; uses self-reporting and ISO Communication Protocol for claims.

Why Organizations Use It

Enhances sustainability commitment, aligns with SDGs/OECD/GRI, mitigates risks (reputational, operational), builds stakeholder trust, supports ESG reporting without certification burdens, and drives resilience/competitive advantage.

Implementation Overview

Phased approach: materiality assessment, stakeholder engagement, policy integration, training, monitoring. Integrates with ISO 9001/14001/45001; suits all sizes via prioritization; no audits, focuses on transparent reporting and continuous improvement. (178 words)

What It Is

NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) comprises mandatory reliability standards enforcing cybersecurity and physical security for the Bulk Electric System (BES) across North America. Primary purpose: mitigate cyber risks causing BES misoperation or instability. Employs a risk-based, tiered model categorizing BES Cyber Systems as High, Medium, or Low impact.

Key Components

• Core standards: CIP-002 (scoping), CIP-003 (governance), CIP-004 (personnel), CIP-005/006 (perimeters), CIP-007 (system security), CIP-008/009/010 (response/recovery/config), up to CIP-014 (supply chain/physical).
• Recurring cycles: 15/35-day reviews, annual audits.
• Built on executive accountability, evidence retention (3 years), FERC enforcement.

Why Organizations Use It

• Legal mandate for BES owners/operators; fines up to $1M+ per violation.
• Enhances grid resilience, reduces outages, lowers insurance costs.
• Builds stakeholder trust, enables market access.

Implementation Overview

Phased: scoping, gap analysis, controls deployment, audits. Targets utilities/transmission entities in US/Canada/Mexico. Requires annual audits, no formal certification but ongoing compliance.