Dick Hortensius’ pet project to ensure his relevance — that being the rewrite of ISO’s dreaded Annex L text — has officially crashed and burned. The main justification for updating Annex L (previously known as Annex “SL”) was to fix the conflict between its definition of “risk” with the definition provided by the actual risk management experts of TC 262, who published ISO 31000 on Risk Management.

Now, Hortensius has been forced to announce that he and his pal Nigel Croft (convener of Task Force 14 on the Annex L rewrite) have failed utterly, and will be releasing Annex L without any changes to the definition after all. This after untold hundreds of thousands of dollars have been spent by TMB goons flying around the world to two years of Annex L meetings, all for Hortensius’ little vanity project. In an official ISO TF 14 Communique, Hortensius writes:

One of the most important tasks … was to resolve the definition of ‘risk’. This was one of the priority topics defined in the project specification and had been extensively debated throughout 2019. At the Vienna meeting (in July 2019) the option of having no definition was discussed as a possible way forward. It was agreed that a sub-group would prepare a ‘white paper’ to elaborate on the feasibility of this option, and how it might affect the remaining text in appendices 2 and 3 of Annex L.

Just pause there. Hortensius’ and Croft’s make-work project for morons had then tasking people to prepare a White Paper on not defining it. That literally means they wrote a project paper on how to do nothing. I’m betting it took them 400 pages and lots of graphs, too.

OK, continue…

After extensive discussions, however, it was decided that although there might be merit in agreeing a single aligned definition in future, changing the current Annex L definition would be a ‘step too far’ for this limited revision. Many committees have only very recently adopted Annex L as a basis for their MSS, and there was general concern among these committees that changing the current definition of risk would only serve to confuse the users of those standards. TF 14 therefore made the conscious decision not to change the current Annex L definition.


No one asked for Annex SL, and they certainly didn’t ask for a rapid rewrite coming on the heels of the fact that ISO 9001 certifications are in the dumpster, thanks largely to people hating the Annex SL portions of the standard. No one asked for them to rewrite it, only to repeat their disaster. But ISO is intent on ensuring that Technical Committee members don’t write standards anymore, because they take too damn long. ISO only makes money when standards are in print, not when they are in development.

ISO really thinks if you keep doing the same thing, you will get a different result.

Dick Hortensius

Hortensius, Dick

Couple that with people like Hortensius, Croft and UK’s Mark Braham who desperately need to feel some kind of relevance in the standards development field they have (in my view) clearly failed in, and you have a recipe for disaster. ISO put these guys in charge of updating Annex L, and now they have to admit they blew it.

Keep in mind, each of these guys claims to be some kind of world class “management” expert, and they couldn’t even get consensus among a tiny, selective subset of people of their own choosing. That’s because the room is filled with sniping, self-promoting charlatans who hate each other and just want power and money. God forbid anyone with actual sense should be invited.

And remember, the clause they are so worried about is the one called “Actions to Address Risk and Opportunity.” ISO still hasn’t defined “opportunity.” They bungled the definition of “risk” so badly, they are just going to continue to ignore half of the entire clause and hope you didn’t notice.

(My standard, by the way, defines both in a way that is clear, easily understood, and actually aligns with the dictionary. And it’s free.)

The debacle is Exhibit A on just how ISO’s bureaucratic, 15th-century model for standards development has been left behind. Even when they circumvent their own rules to break logjams, they create new logjams! It’s comical.

What does Hortensius think about the fact that his work to date has resulted in the greatest loss of ISO 9001 certificates in the standard’s history?

For a number of years I lost interest in the details of this survey because the way of data gathering is changing from time to time and now a new way of ‘counting certificates’ has initiated that makes it even more difficult to analyze trends.

So much for “factual approach to decision making.” If the data doesn’t support your product, ignore the data.

Remember, Annex L is mandatory text that is imposed on the Technical Committees who are supposed to write ISO’s management system standards, like ISO 9001 or ISO 14001. The imposition of Annex L violates ISO’s own rules of procedure, and World Trade Organization regulations, by stripping away the role of standards development from the delegate-driven TCs, and putting in the hands of Hortensius’ unnamed, un-vetted secret band of idiots. Technical Committees are then prohibited from altering the Annex L text, or even voting on it, except as an all-or-nothing vote on the entire standard it’s shoved into. ISO will then lie, and insist that standards like ISO 9001 were written by industry experts operating through delegate-driven TCs. But it will be a lie.

And they’re not done. Not only was the fact that ISO had to so quickly rewrite Annex L an admission of just how badly Hortensius failed, he’s already threatening more changes in the future (emphasis added):

For several suggestions, it was concluded that they are beyond the limited scope of the project specification or are discipline specific. They will also be archived for potential consideration in future, more extensive revisions of Annex L.

So TMB and the TF 14 guys are not only not done, they will never be done, because this is a way for Hortensius and Croft to keep writing ISO standards for committees they aren’t even on. And they get to do it without worrying about the text ever being voted down, since no one can vote on it.

The question now is how many ISO awards will Hortensius and Croft get this year, for having failed so publicly and spectacularly?

I’m betting an even 100 apiece.

Meanwhile, read my in-depth piece on just why Annex L is Toxic to Industry.



About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


Traditional Tri-System