ISO -- International Organization for Standardization

Geneva, Switzerland · 166 national member bodies · Non-governmental international organization · Established 1947

Overview

The International Organization for Standardization -- universally known as ISO, derived from the Greek isos ("equal") rather than an English acronym, ensuring the name is the same in every language -- is the world's principal body for developing voluntary international standards. It was formally established on February 23, 1947, by delegates from 25 countries meeting in London in the aftermath of World War II, building on the work of two predecessors: the International Federation of the National Standardizing Associations (ISA, founded 1926) and the United Nations Standards Coordinating Committee (UNSCC, founded 1944). Its Central Secretariat has been in Geneva since its founding, beginning with just five staff members in the early 1950s.

ISO is a membership organization of national standards bodies -- one per country, representing 166 nations. Full members have full voting rights; correspondent and subscriber members participate with fewer privileges. The American member body is ANSI, the American National Standards Institute, a private organization. ISO covers all technical domains except electrical and electronic engineering (handled by the IEC) and telecommunications (handled by the ITU); all three are headquartered in Geneva and work in close coordination. Standards are developed through more than 840 technical committees, subcommittees, and working groups staffed by voluntary expert delegates. The process is consensus-based and entirely voluntary: ISO has no regulatory authority and cannot compel compliance, though many ISO standards are incorporated by reference into national regulation or required by commercial contract. ISO has published approximately 25,700 standards as of 2025.

ISO Standards for Newsrooms

The following five standards are directly relevant to the security, quality, crisis communication, and technical operations of news organizations.

Information Security

ISO/IEC 27001

Information Security Management Systems

What it is: The world's leading international standard for information security management systems (ISMS), published jointly by ISO and the International Electrotechnical Commission. It specifies requirements for establishing, implementing, maintaining, and continually improving a systematic framework for managing information security risks -- identifying information assets, assessing threats, implementing controls, and monitoring their effectiveness across the full scope of an organization's operations.

Why it matters for newsrooms: Investigative journalism depends on the security of sensitive information: whistleblower identities, unpublished evidence, source communications, financial records obtained under legal process, and pre-publication drafts. A newsroom's failure to protect this information can result in sources imprisoned, investigations compromised, and legal liability for the organization. ISO/IEC 27001 provides a structured, auditable framework for protecting against digital breaches, insider threats, and the specific vulnerabilities of distributed workforces using multiple devices and cloud platforms. Its Annex A controls address cryptography, access control, physical security, supplier relationships, and incident response -- all directly relevant to operational security for journalists. Certification demonstrates to sources, funders, and legal partners that an organization's security commitments are verified operational practice rather than aspiration. Smaller newsrooms may find the standard most useful as a risk assessment framework rather than a full certification goal.

In practice: A newsroom implementing ISO/IEC 27001 systematically inventories its information assets, assesses risks to each, implements proportionate controls, and documents everything. Secure drop systems, end-to-end encrypted communications, and compartmentalized investigation data management are all practices the standard provides a governance framework for organizing and auditing against defined criteria.

Quality Management

ISO 9001

Quality Management Systems -- Requirements

What it is: The world's most widely used quality management standard -- the foundation of the ISO 9000 family. ISO 9001 specifies requirements for a quality management system that enables an organization to consistently provide products and services that meet defined requirements, with a framework for continuous improvement based on documented processes and measurable performance.

Why it matters for newsrooms: Applied to journalism, quality management means consistent, documented, auditable processes for how stories are reported, edited, fact-checked, and published. A newsroom applying ISO 9001 thinking defines its editorial workflow as a system -- with assigned responsibilities, quality checkpoints (fact-checking, legal review, editorial sign-off), and mechanisms for capturing and learning from errors. The standard's emphasis on documented process rather than individual expertise addresses journalism's persistent vulnerability to institutional knowledge loss when experienced editors leave. It also provides a framework for evaluating and managing the quality of freelance contributors and external suppliers. Formal ISO 9001 certification is more common in large media groups; smaller newsrooms may use it most effectively as a diagnostic framework for identifying process gaps and standardizing practices that currently depend on individual memory.

Emergency and Crisis Communication

ISO 22329

Security and Resilience -- Guidelines for the Use of Social Media in Emergencies

What it is: An international standard providing guidelines for organizations -- including government agencies, emergency services, and media organizations -- on the use of social media and digital public platforms during emergencies and crisis events. It addresses how to verify information received through social media, how to communicate reliably through social platforms during a crisis, and how to manage the risks of misinformation amplification in emergency communication contexts.

Why it matters for newsrooms: Breaking news and crisis coverage is the context in which speed and accuracy are most acutely in tension. Social media is simultaneously the most rapid source of first reports and the most unreliable: unverified images, fabricated posts, and deliberate disinformation circulate fastest when public anxiety is highest. ISO 22329 provides a structured framework for newsrooms covering emergencies: establishing verification procedures before amplifying social media content, maintaining consistent communication standards during fast-moving events, coordinating with official sources while independently verifying their claims, and managing the organization's own social media presence to avoid amplifying unverified information. For journalists covering disasters, civil unrest, and public health emergencies -- events where the cost of amplifying false information is highest -- this standard provides a documented methodology for responsible real-time coverage.

Digital File and Image Standards

ISO 32000

Document Management -- Portable Document Format (PDF)

What it is: The international standard defining the Portable Document Format (PDF). Originally developed by Adobe and standardized by ISO in 2008 (ISO 32000-1), with PDF 2.0 published as ISO 32000-2 in 2017. It specifies the syntax, structure, and semantics of PDF documents, ensuring consistent rendering across all conforming readers. The derived standard ISO 19005 (PDF/A) specifies requirements for PDFs intended for long-term archiving.

Why it matters for newsrooms: News organizations routinely work with documents as primary source material -- leaked government records, court filings, financial disclosures, and official reports, almost all arriving as PDFs. ISO 32000 underpins the tools used to analyze, annotate, redact, and publish these documents. For investigative journalism specifically, PDF forensics -- analyzing metadata, identifying editing history, detecting redaction failures where text remains computationally readable beneath blacked-out overlays -- relies on precise understanding of the PDF specification. ISO 32000 compliance also ensures that documents a newsroom publishes will render consistently across platforms. The PDF/A variant (ISO 19005) is directly relevant to newsrooms managing archives of published documents and source materials for long-term preservation.

ISO 12234

Electronic Still Picture Imaging -- Removable Memory and Related Matters

What it is: A family of standards governing digital camera memory and file formats, including the TIFF/EP specification underlying professional camera RAW formats and the Exif (Exchangeable image file format) metadata standard embedded in digital photographs. Exif data records the time and date of capture, GPS coordinates, camera model, and exposure settings in every image from a digital camera or smartphone.

Why it matters for newsrooms: Digital image metadata is both a journalism tool and a security concern. As a verification tool, Exif GPS and timestamp data can confirm or contradict claims about where and when a photograph was taken -- essential for authenticating images submitted by freelancers or sourced from social media. As a security concern, metadata can inadvertently expose the location of confidential sources who submit images, requiring newsrooms to implement systematic metadata-stripping workflows before publication. Understanding ISO 12234 supports both image authentication -- a core visual verification skill for modern journalists -- and source protection in an environment where every smartphone photograph carries embedded location data by default.

ISO Standards for Museums, Archives, and Libraries

The following standards are foundational to the digital preservation, records management, and information exchange operations of cultural heritage institutions -- including the journalism archives, news libraries, and media collections that share their technical infrastructure and long-term stewardship challenges.

Digital Preservation and Repository Certification

ISO 14721

Open Archival Information System (OAIS) Reference Model

What it is: The Open Archival Information System Reference Model -- originally developed by the Consultative Committee for Space Data Systems and adopted as ISO 14721 in 2003, updated in 2012 and again in 2025. OAIS defines a conceptual framework describing the environment, functional components, and information objects required for an archive to provide permanent or indefinite long-term preservation of digital information. Its core functional entities are Ingest, Archival Storage, Data Management, Administration, Preservation Planning, and Access. The information packages that flow through the system -- Submission Information Packages (SIPs), Archival Information Packages (AIPs), and Dissemination Information Packages (DIPs) -- have become the standard vocabulary of digital preservation internationally.

Why it matters for archives, libraries, and museums: OAIS has become the conceptual foundation for virtually all serious digital preservation work worldwide. NARA, the Library of Congress, the British Library, and hundreds of other major cultural heritage institutions structure their digital preservation programs around OAIS. For a journalism archive maintaining a permanent collection of published articles, investigative documents, photographs, audio, and video, OAIS provides the framework for understanding what preservation actually requires: not merely storing files, but maintaining the context, provenance, and technical metadata required to ensure that preserved materials remain accessible, authentic, and usable by future researchers. The OAIS terminology has become the shared language of the digital preservation field.

ISO 16363

Audit and Certification of Trustworthy Digital Repositories

What it is: The standard for auditing and certifying the trustworthiness of a digital repository -- i.e., that it has the organizational, procedural, and technical infrastructure to fulfill its digital preservation mandate over the long term. Built on OAIS (ISO 14721), it provides comprehensive metrics across three dimensions: organizational infrastructure, digital object management, and infrastructure and security risk management (which explicitly references ISO/IEC 27001). The Primary Trustworthy Digital Repository Authorisation Body (PTAB) was the first organization accredited to perform ISO 16363 audits; the US Government Publishing Office was among the first repositories certified.

Why it matters: ISO 16363 certification provides audited assurance that a digital archive is not merely claiming trustworthiness but has been independently verified against comprehensive criteria. For any institution -- a news organization's digital archive, a public library's special collections repository, a museum's digital asset management system -- seeking to demonstrate to funders, depositors, and the public that its preservation commitments are real and operational, ISO 16363 provides the most rigorous available certification framework. ISO 14721, ISO 16363, and ISO 16919 (requirements for auditing bodies) form a closely related family defining the complete framework for trustworthy digital repositories.

Records Management

ISO 15489

Information and Documentation -- Records Management

What it is: The international standard defining principles and requirements for records management -- the systematic control of records from their creation through their maintenance and disposition. ISO 15489 establishes what records management systems must do to ensure that organizations create and maintain authentic, reliable, and usable records, and that those records are protected for as long as required. It covers records regardless of form or medium: paper, digital, audio-visual.

Why it matters for archives, libraries, and newsrooms: Every institution that creates records with legal, evidential, or historical value requires a records management framework. For news organizations, this includes editorial correspondence, source material documentation, contracts, and the provenance records for investigative findings. For libraries and archives, ISO 15489 provides the framework for managing administrative records and for advising depositing institutions on records management practice. The standard's emphasis on authenticity -- ensuring that records are what they purport to be -- directly supports both the evidentiary needs of accountability journalism and the integrity requirements of archival research.

Bibliographic Exchange and Vocabulary Standards

ISO 2709

Information and Documentation -- Format for Information Exchange

What it is: The international standard defining the exchange format for bibliographic records -- the technical specification underlying MARC (Machine-Readable Cataloging), the standard format used by virtually every library catalog system in the world. ISO 2709 defines how bibliographic records for books, journals, articles, and other materials should be structured for exchange between library systems, enabling a catalog record created at the Library of Congress to be shared and imported by a university library in another country.

Why it matters for libraries and archives: ISO 2709 / MARC is the technical infrastructure of the global library catalog network. For research libraries and archives maintaining catalog records for journalism collections, news archives, and media-related special collections, ISO 2709 compatibility is a prerequisite for participation in cooperative cataloging networks, integration with discovery systems, and contribution to shared bibliographic databases.

ISO 25964

Thesauri and Interoperability with Other Vocabularies

What it is: The standard for building and managing thesauri -- the controlled vocabularies used by libraries, archives, and information systems to index and retrieve information consistently. ISO 25964-1 covers thesaurus structure and format; ISO 25964-2 covers how thesauri interoperate with other vocabularies including ontologies, classification schemes, and name authority files.

Why it matters for archives and libraries: Controlled vocabularies are the foundation of consistent information retrieval. A thesaurus built to ISO 25964 ensures researchers can find all relevant materials in a collection regardless of the specific terminology used by individual catalogers. The interoperability component (25964-2) enables archives to connect local vocabularies to linked data resources and external ontologies -- increasingly important as cultural heritage institutions participate in the broader ecosystem of open linked data.

ISO 21127 (CIDOC CRM)

A Reference Ontology for the Interchange of Cultural Heritage Information

What it is: The CIDOC Conceptual Reference Model -- developed by the International Council of Museums' Documentation Committee and published as ISO 21127. It defines a formal ontology for describing the relationships between objects, events, people, places, and time in cultural heritage contexts, enabling semantic interoperability between museum databases, archival finding aids, and library catalogs across institutions and national boundaries.

Why it matters for museums and archives: CIDOC CRM is the backbone of semantic interoperability in the cultural heritage sector. It provides the shared conceptual framework that allows a photograph held by a museum, a written account in a library special collection, and a diplomatic record in a national archive to be linked and understood as part of the same historical event. For journalism archives and news organizations maintaining historical collections, CIDOC CRM provides the ontological foundation for building finding aids and databases that can be searched and queried in relation to other cultural heritage collections, enabling researchers to trace a story's context across institutional boundaries.

Accessing ISO Standards

ISO standards are sold publications and are not freely downloadable, with the exception of a small number that ISO has made publicly available. The ISO website at iso.org provides free browsing of standard titles, scope descriptions, and status; purchase is through the ISO store at iso.org/store.html. National member body stores (ANSI in the US, BSI in the UK, DIN in Germany) also sell ISO standards. Many university libraries subscribe to standards databases providing institutional access. For newsrooms and smaller nonprofits, the most practical approach is often to use publicly available summaries, implementation guides, and national adaptation documents to understand the standards' requirements before purchasing specific texts for implementation.