BSI has begun issuing “Statements of Compliance” for ISO 31000, the ISO standard on risk management, despite that standard clearly stating that such usage is not intended. In December, Tata Power became the first Indian company certified to the ISO 31000 standard.

In the current published version, ISO 31000 reads: “this international standard is not intended for certification purposes.” As previously reported by Oxebridge, a BSI rep had issued a memo declaring that the next version of the standard would have to remove the language.

In February 2012, BSI representative Mick Maghar wrote an interpretation on ISO Technical Management Board Resolution 8/2012 which directed the sentence be removed. Mr. Maghar, who is also the Secretary for ISO/TC 262 which authors the ISO 31000 standard, justified this by saying:

I have been led to believe that this means that statements such as “This International Standard is not intended for the purpose of certification.” are no longer allowed in the scope.

Oxebridge raised concerns that BSI may be  infecting the consensus standards development process by altering standards to suit the business interests of BSI’s certification division.

TC 262 Chair Kevin Knight has consistently refused to consider ISO 31000 for certification purposes, saying,  “I have never seen the management of the effect of uncertainty on objectives as a suitable area for Certification.” But a source within TC 262 told Oxebridge, upon conditions of anonymity, that BSI was positioning to counter Knight on this subject.

If [Knight] wasn’t chairman, the current “limited revision” would have been a complete revision which would make the ISO 31000 a certifiable management system. [This is] what BSI wants. You should have seen their proposals, they were unbelievable.

BSI’s issuance of ISO 31000 “Statements of Compliance” to its clients provides evidence that it has already established a business model for certifying risk management systems, and is collecting revenue doing so.   This ultimately raises questions as to whether Mr. Maghar was manipulating the ISO consensus development process to suit BSI’s unique interests, over those of other TC 262 members and ISO 31000 users.

Mr. Maghar, as well as ISO representatives, had initially defended his memo as being required under WTO rules prohibiting standards from including limitations on their use. In 2012, the ISO TMB re-interpreted decades of precedence to say that by indicating a standard was “not intended for certification”, this presented a limitation on use, and so such statements would have to be removed from all ISO standards. Oxebridge has asserted that this argument is false, since such statements do not in any way limit the use of that standard, but merely provide clarity on the authors’ intent. Furthermore, Oxebridge argued that the WTO rules have been in effect for decades, and ISO had never before faced an issue with the statements of intent.

As expected, and consistent with Mr. Maghar’s directive, the current CD of ISO 31000 has removed the sentence, and replaced it with the following:

This international standard is not a management system standard. It provides guidelines for organizations for managing risk and does not contain normative requirements.

According to another source within TC 262, during a September 2014 meeting in Istanbul, Mr. Maghar was asked to provide a “legal” basis for the change:

… both Mick Maghar and Brian Stanton (ISO) were asked to [provide] a copy of the legal advice on which the unacceptability of the present text was based. Ultimately after weaving and diving, it was said that there was no legal advice and that it was a TMB decision.

Based on that ISO TMB interpretation, the revised statement that “this standard is not a management system standard” could still be interpreted as a limitation, specifically to those organizations that wish to use it as such. Therefore, it appears the ISO interpretation does not stand up to scrutiny, further supporting the theory that it was done to open up the standard for certification, upon the prompting of BSI.

BSI, the ISO TMB and ANSI have been invited to comment.

 

Advertisements
ISO 17000 Series Consulting

Why we report on these topics

Since 2000, Oxebridge has worked to improve ISO and related certification schemes by identifying problems and then proposing solutions. We report on issues affecting standards users because so few other news outlets do. Our belief is that in order to fix the problems in these schemes, we must first understand the nature and breadth of those problems. Our reporting aims to do just that. Elsewhere on the Oxebridge site you will find White Papers and other articles proposing ideas to correct these problems.