Information obtained by Oxebridge appears to indicate that the “High Level Structure” (HLS) requirements affecting all future ISO management system standards was not developed in accordance with consensus-driven, multi-stakeholder processes as touted by the International Organization for Standardization (ISO).
The HLS contains structural and content mandates for all ISO management system standards, including a harmonized clause structure and “identical core text, common terms and core definitions.” The “identical core text” dictates mandatory content for the affected standards, such as requirements that all standards address risk, and perform management by objectives. These points in particular have been controversial: the “risk” approach defined in the HLS deviates or contradicts previous ISO standards as well as other industries with well-established risk management disciplines and protocols. The requirement for management by objectives contradicts quality “guru” Edwards Deming, and would continue to veer ISO 9001 off of the Deming path.
The HLS requirements were mandated through the official ISO document, ISO/IEC Directives, Part 1 — Consolidated ISO Supplement — Procedures specific to ISO, and reside in the Annex SL of that document, thus resulting in the HLS requirements often being referred to as “Annex SL.” This document was produced as a work product of the ISO Tecnhical Management Board (TMB) which oversees all ISO technical committees, including TC 176 for ISO 9001. As an oversight body, the TMB does not abide by the same consensus rules for standards development as the TCs, but is instead granted with broad management powers.
Public statements made by ISO TC 176 members, including the US representatives Jack West (here and here) and Alka Jarvis, imply the inclusion of risk and the other changes were in response to ISO User Survey data. So prevalent is this position, that a “talking point” has arisen that claims the 9001:2015 changes were based on an “analysis of data from an extensive web-based survey of users and potential users.” The statement is repeated nearly exactly in reporting over the entire world (for example here, here, here, here and here.) An analysis of the data, however, does not bear this out; for example, “risk” ranked lower than other desired topics in the survey, such as “knowledge management,” which ranked highest.
According to one source within TC 176, speaking to Oxebridge on condition of anonymity:
As far as other ‘user wants’, there is a tiny bit (3 sentences) about knowledge management (clause 7.1.6), that is TC, not Annex SL stuff. The term “knowledge” does come up in Annex SL core text, but in a very generic sense, and “knowledge management” doesn’t come up at all in the annex. But other than that, there is little attention to User Survey data.
Originally, the TMB formed a Joint Technical Coordination Group (JTCG) to develop the High Level Structure, and produced a document named ISO Guide 83. This document never progressed past the draft stage; instead, ISO issued TMB Resolution 18/2012 which called that the Guide 83 HLS requirements be included in Annex SL, and “requests all ISO committees (including project committees) to adhere to the policy when developing Management System Standards.”
While ISO claims this is a “request,” it is unclear if ISO will allow deviations. When asked if TC’s could opt out of adhering to the Annex SL requirements, TMB Secretariat Francesco Dadaglio wrote to Oxebridge:
Annex SL permits Technical Committees to deviate from the High Level Structure, provided that it is reported to the ISO TMB. This is for what regards the HLS (Annex SL Appendix 2). The remainder of Annex SL (core text of Annex SL and Appendices 1 and 3) are strictly procedural and do not have any implication on the technical content of Management System Standards.
The TMB Resolution does allow TC’s to notify the TMB of an intent to deviate from the HLS, but the language of that Resolution indicates the TMB will “review” the request; it is not specific on what actions the TMB can take — including, possibly, denying the request — after such “review.” In fact, the TMB Resolution 17/2012 rejected a request for such a waiver by TC 228, the group responsible for standards related to tourism.
Representatives from TC 228 declined to comment on the background of this decision, nor what drove the original request.
When asked about the consensus makeup of the TMB and JTCG committee that developed Annex SL, Mr. Dadaglio said:
The membership of the JTCG consists of chairs and secretaries of ISO technical committees involved in the development of MSS. ISO Guide 83 went through a formal approval vote at the TMB level. As with other ISO deliverables, the current Annex SL was developed by consensus.
However, Oxebridge sources within TC 176 indicate this was not the case, at least regarding ISO 9001:
As far as the membership of the JTCG, I don’t recall that the TC 176 secretary participated, unless he was being very close-mouthed about it. The JTCG name always comes up in discussions, but I’ve never seen a published list of members. From my understanding, the TC Chairs were only involved peripherally. The membership did get to review versions of Guide 83, but I didn’t see a lot of acceptance of the comments/concerns submitted. The [ISO 9001] User Survey, and about 20-odd other documents (along with Annex SL) are input documents for the ISO 9001 revision work, but the evidence indicates they were looked at early on, and then forgotten.
A second source within TC 176 confirmed:
There was never a lot of back-and-forth between the TC 176 Chair and the members regarding development of ISO Guide 83 or the later Annex SL content. If the leadership did participate, they did it without the interaction of members because for most of us, and unless you were really paying attention, the first time we saw the High Level Structure was after [Guide 83] was published, not before. And even then, it wasn’t a “lock” that we’d have to abide by it, until it showed up in Annex SL.
Sources within other TCs, including TC 207 for ISO 14001, have consistently reported a feeling of rancor after being told by the TMB what content their individual ISO management system standards must include. Said one source:
We were interested in getting away from objectives, which are poorly understood, or at least defining them better. Annex SL has tied our hands, and we are stuck with them now. Overall, we felt bypassed, as if our job was pointless, since [the TMB was] doing our work for us.
One example of the non-participatory nature of the Annex SL mandate is evident in its definition of the term “risk”, which is proving both problematic and controversial. The definition deviates from that of ISO’s own risk management standard, ISO 31000, as well as other standards on the subject, such as ISO 14971. In some cases, the definition distinctly contradicts those in industries with well-established risk management disciplines, such as insurance and medicine. This slide, from a presentation by the Institute for Risk Management (IRM) reveals some of the chaos:
One source with direct ties to the development of ISO 31000 told Oxebridge:
18 months or so ago we became aware that [Guide 83] had morphed into Annex SL and became horrified at the errors there: the way that risk management had be added and even that the definition of risk was nonsensical. Some of us [then] tried to find out how it had ended up like that. The only explanation ever given was that the environmental lobby succeeded in watering down [the] definition of risk because they could not understand what ‘objectives’ had to do with risk.
A representative of TC 207 on environmental management systems denied the claim:
They may have blamed it on us, but that argument didn’t come from anyone I know [on the TC]. We’ve had objectives in ISO 14001 for a long time. I think we are being used as an excuse.
ISO touts its standards development process as being “based on global expert opinion” and “developed through a multi-stakeholder process”:
ISO standards are developed by groups of experts from all over the world, that are part of larger groups called technical committees. These experts negotiate all aspects of the standard, including its scope, key definitions and content. The technical committees are made up of experts from the relevant industry, but also from consumer associations, academia, NGOs and government. Developing ISO standards is a consensus-based approach and comments from stakeholders are taken into account.
ISO procedures require that such standards be voted on by the representatives within a given Technical Committee through a number of drafting stages, from Working Draft to Committee Draft, through to Draft International Standard (DIS) and finally, International Standard (IS). In the case of the Annex SL mandate, this was not developed in accordance with such procedures, and the content was imposed on the Technical Committees without proper voting, and despite of a lack of consensus among not only the Technical Committees themselves, but even within the given TCs.
A comparison of the current word count of ISO 9001:2008’s auditable clauses (4.0 through 8.0) and the HLS requirements of Annex SL reveal that the requirements will comprise over 50% of the content, meaning more than half of the content of ISO 9001:2015 will not have undergone consensus voting per ISO’s own requirements, but instead mandated by the Technical Management Board. The figure jumps higher when comparing ISO 9001:2015 CD text with the Annex SL language.