Over the past few years, I have noticed growing interest in ISO 37000, the international standard for the governance of organisations. At the same time, I have also observed considerable misunderstanding about what the standard is intended to achieve.
Many organisations initially approach ISO 37000 expecting another management system standard similar to ISO 9001, ISO 14001 or ISO 22301.
It is not.
This misunderstanding often leads to confusion, unrealistic expectations and missed opportunities to improve organisational governance.
ISO 37000 is not a certification standard.
There is currently no accredited ISO 37000 certification scheme and, importantly, that was never the intention of the standard. ISO 37000 provides guidance rather than requirements. It offers principles that organisations can use to strengthen governance arrangements and improve organisational performance over the long term.
The focus is not compliance.
The focus is effective governance.
This distinction is critical.
Many organisations have traditionally viewed governance through the lens of policies, committees, reporting structures and regulatory obligations. Whilst these elements remain important, ISO 37000 takes a much broader view.
The standard asks a fundamental question:
How can an organisation be governed in a way that supports sustainable success?
That question extends well beyond compliance.
It encompasses purpose, culture, leadership, accountability, decision-making, stakeholder relationships and organisational performance.
One common misunderstanding is that governance only applies to Boards.
Whilst Boards play a central role, ISO 37000 recognises that governance influences behaviour throughout the organisation. Decisions made by leaders at all levels contribute to governance effectiveness.
Good governance is not something that happens exclusively in the boardroom.
It is reflected in everyday decision-making across the organisation.
Another misconception is that governance and management are the same thing.
ISO 37000 clearly distinguishes between the two.
Governance focuses on direction, oversight and accountability.
Management focuses on execution and delivery.
The distinction matters because many governance weaknesses occur when these responsibilities become blurred. Boards can become overly involved in operational management, while management teams may find themselves making decisions that properly belong within governance structures.
Effective organisations understand the difference and maintain clarity between the two functions.
Perhaps the most significant misunderstanding concerns the relationship between governance and resilience.
Many organisations still treat governance as a compliance activity and resilience as an operational activity.
ISO 37000 suggests a different perspective.
Strong governance should actively support organisational resilience.
A governance framework that works only during periods of stability is not necessarily effective governance. Organisations today operate in increasingly uncertain environments shaped by cyber threats, supply chain disruption, economic volatility, regulatory change and reputational risk.
The ability to anticipate, adapt and recover has become a governance issue as much as an operational one.
This means Boards should be asking questions such as:
→ How resilient are our critical services?
→ Do we understand our key dependencies?
→ Are accountability structures clear during disruption?
→ Can leadership teams make effective decisions under pressure?
→ How quickly can the organisation recover from major incidents?
These are governance questions because they relate directly to organisational sustainability and long-term success.
Another area frequently misunderstood is organisational culture.
Many governance frameworks focus heavily on structure but pay insufficient attention to behaviour.
ISO 37000 places significant emphasis on culture because culture influences how decisions are made, how risks are managed and how people behave when formal controls are absent.
Organisations can possess excellent policies yet still experience governance failures if the culture discourages challenge, transparency or accountability.
Conversely, organisations with strong governance cultures often identify and address issues before they develop into significant problems.
Culture is therefore not separate from governance.
It is a fundamental component of governance effectiveness.
The standard also highlights the importance of purpose.
This is sometimes overlooked because organisations naturally focus on objectives, targets and financial performance.
ISO 37000 encourages leaders to consider a broader perspective.
Why does the organisation exist?
Who does it serve?
How does it create value?
How are stakeholder interests balanced?
When governance loses sight of organisational purpose, decision-making can become short-term, reactive and disconnected from long-term sustainability.
Effective governance aligns decisions with organisational purpose whilst balancing stakeholder expectations and managing risk appropriately.
Perhaps the greatest lesson from ISO 37000 is that governance should not be viewed as a collection of documents.
It is a living system.
Policies, committees and reporting structures remain important, but they are only part of the picture.
Effective governance requires:
→ Clear purpose
→ Ethical leadership
→ Accountability
→ Transparency
→ Stakeholder engagement
→ Organisational resilience
→ Sound decision-making
→ Continuous learning
These principles help organisations navigate uncertainty while supporting sustainable success.
At Thamer James Ltd, we often help organisations examine governance from both strategic and operational perspectives. Our experience shows that the strongest organisations are not necessarily those with the most documentation. They are the organisations that successfully connect governance principles with everyday operational reality.
ISO 37000 provides a valuable framework for achieving exactly that.
Because ultimately, governance is not about creating more processes.
It is about helping organisations make better decisions, build greater resilience and achieve sustainable long-term success.
Marcus Allen
Director | Thamer James Ltd
Management Consultants
Master’s Degree in Management Learning and Change – University of Bristol
Diploma in Governance, Risk and Compliance (GRC) – ICA
Member, BSI G/01 Governance Committee
Thamer James Ltd
Governance • Resilience • Business Continuity • Risk Management
#ISO37000 #Governance #CorporateGovernance #Leadership #OperationalResilience #BusinessContinuity #RiskManagement #BoardEffectiveness #GRC #GovernanceFrameworks #BusinessResilience #OrganisationalCulture #StrategicLeadership #CorporateRisk #ThamerJamesLtd