warrisbuildingcollapseUnless you dig like I do, it’s hard to know who, exactly, created ISO’s controversial Annex SL mandate, since most of the authors have run into hiding after controversy struck. given that ISO standards developers can remain hidden as much as they like, provided they don’t start showing up at conferences, it’s easy to do. The few that have come forth include Susan LK Briggs (USA), Stefan Tangen (Sweden), Jose Alcorta (UK), Dick Hortensius (Netherlands) and the “Ghost-Who-Roams-All-Halls” Charles Corrie of BSI (UK). These are nearly all (if not all) career standards authors, who never have to work under the rules they develop, and who are thus divorced of the experiences of real-life standards users. To them, this is all a challenging intellectual exercise that they later use to promote their consulting practices or certification bodies (CBs), or to keep their jobs inside the ISO publishing house.

Whereas some of them blathered before, now you’d be hard pressed to get any of them to talk on the record about Annex SL. Now that their work is released and the subject of near universal lambasting, they’ve moved their communication on the subject inward. Suddenly, bragging about having created Annex SL is a black mark, as it should be. Worse, if you do get a response to any pointed question, they get outright pissy about it.

Now meet Dr. Anne-Marie Warris, a former LRQA cert-pusher and environmental standards author who Chaired the ISO Joint Task Co-ordination Group (JTCG) from 2011. The JTCG, created by ISO’s Technical Management Board (TMB) is the group that drafted Annex SL and its precursor, ISO Guide 83.

If you’ve forgotten, Annex SL imposes mandatory content in every future ISO management system standard. It was developed by the TMB and JTCG, and originally published as ISO Guide 83; that standard never made it out of draft, which was then cancelled so that the text could be shoved into the mandatory ISO Consolidated Supplement (literally as “Annex SL” of that document). The ISO Consolidated Supplement defines mandatory rules and procedures for all TCs, and those rules cannot be ignored or disobeyed. This also means that the Annex SL text did not have to undergo the normal consensus-development and pesky voting by ISO member nations, as is required for actual ISO standards. The whole thing circumvented ISO’s rules on ensuring standards are built by consensus, although the Warris Gang subsequently have — let’s call it what it is — lied, and insisted that the TCs voted on it. They didn’t. There was some symbolic polling and “liaising” with TC Chairs, but none of it was binding, and none of it resulted in changes to the language Warris and her friends came up with. It was theater, designed to force Annex SL rules on the TCs and thus skirt international consensus on controversial issues that ISO needed to pass in o

Annex SL was originally only supposed to provide structure, not content, since any content of ISO standards must be developed through consensus-driven committees comprised of international delegates from ISO member bodies; the TMB is not a consensus body, with membership limited to only 15 permanent nations, and its output not subject to approval by anyone other than ISO’s accountants and top execs. Quickly, however, the TMB granted the JTCG an extension of power, and allowed them to dictate content, thus violating ISO rules and even WTO regulations against barriers to free trade. And so Annex SL dictated controversial definitions of terms, mandatory content such as risk management, and other previously untouchable subjects.

The Cone of Silence

I — and others —  protested this, of course, having understood that the JTCG was violating these core principles, even as ISO was ignoring them. I lobbied the usual suspects in ISO and the TCs, begging them to reject Annex SL, not only on the grounds that it had been developed contrary to ISO procedures, but also that it would be impossible to implement and even more impossible to audit. The TC 176 leadership ignored me, driven by their desire to make ISO 9001 as confusing as possible so they could later sell books and seminars designed to decipher it; had they written a clear, easily understood standard, they would have cut into the only way they could monetize their ISO TC “volunteer” work, after all.

Then, as you may remember, I published the “Public Call” white paper, which asked ISO to take a temporary pause in the development of ISO 9001, primarily to listen to user feedback from the automotive and aerospace industries, who were also screaming that the new standard would be un-auditable. I sent a copy to everyone, including Warris and others in the TMB. ISO responded by attempting to sue me for copyright infringement (they lost) and pushed ahead, driven by a publishing deadline set by the ISO home office. Remember, ISO is a book publisher, not a standards developer, and it makes no money when standards languish in development committees, and so have to get them published on the ISO webstore as quickly as possible.

Stefan Tangen

Stefan Tangen

So, at every turn, ISO rejected feedback from entire industries, and from a very public campaign by Oxebridge, which explained that Annex SL would clearly cause confusion for both end user organizations and Certification Body (CB) auditors. And, at every turn, ISO toadies like Anne-Marie Warris refused to take action, and instead doubled-down. Alongside Voldemort stunt double Stefan Tangen, Warris wrote PR pieces for ISO, promoting Annex SL and spinning it as a means of resolving problems realted to “confusion and difficulties at the implementation stage” of ISO management system standards. Warris also promised that her group would work to clarify things for users:

Any change represents challenges and opportunities. And this is no exception. Over the next few months, we will promote understanding of what this change means to avoid confusion and improve understanding among the affected technical committees, as well as among the users of the standards.

Now, understand this: if you gave Anne-Marie Warris a piece of paper and a pencil, and asked her to draw a circle, she would become so confused that she’d likely put the pencil in her eye and use the paper to start an orphanage fire. She’s that incompetent. But she’s a loyal ISO toady with the right friends in Geneva, so they keep giving her these assignments anyway. Remember, ISO needs people who will work for free, which thus rules out the participation of anyone with basic business acumen.

Naturally — naturally — she screwed it up. Annex SL is, despite all the promotional hype published by ISO and it’s marketers, largely seen as a disastrous failure, and it has led to entire industries decoupling from ISO, such as automotive and aerospace — the exact thing my Public Call document warned them of. Now, ISO is losing two of the three main sources of revenue it has: book sales (since the industries will publish their own standards, not ISO) and licensing fees. It gets worse: if things continue as expected, ISO may wind up paying the aerospace and automotive industries to license their standards, reversing the roles so that ISO’s expenditures outstrip its revenue; ISO will become a consumer of standards, not a publisher of them. Now you know what I meant about the orphanage fire joke for ISO: it’s a disaster of cataclysmic proportions.

Oops, I Did It Again

Now I want you to meet the brand-new Anne-Marie Warris 2.0. The good doctor is now caught whining openly about how CB auditors are fucking up her work, because — as predicted — the vague language and lack of specific requirement she and her droogs dreamed up is utterly un-auditable.

Warris has just wrote an official appeal to the ISO gods, using her position as Chair of TC 207 for environmental management systems, and which is circulating all through the undulating innards of ISO. In short, she has come to the conclusion that the new requirements of ISO 14001 are not being audited properly by the CBs. It is based on three “Case Studies” which is ISO-speak for “cherry-picked anecdotes.” Despite it being presented as about ISO 14001, the arguments she makes are nearly entirely about Annex SL and apply equally to any standard that has adopted it, including ISO 9001. Of course, she never mentions “Annex SL” explicitly — that would require her to call her own baby ugly — but there is no other way to interpret her memo.

You can read the whole thing here (PDF), but here are the highlights:

We have a growing repository of anecdotal evidence of concerns with conformity assessment, specifically third party certification.


… persons involved in accredited certification activities for ISO 14001:2015 may be ‘interpreting’ requirements in ISO 14001:2015 differently from what is stated in ISO 14001:2015. A few examples of inconsistent application are attached to this letter. Verbally, discussion covered other issues such as requirement for ‘documented information’ where none is required and requiring senior management to act as the guide for the auditor to demonstrate their commitment.


If the reputation of third party certification is impugned, [Warris’ subcommittee] SC1 and member countries will feel the repercussions of this in the market’s adoption of our new standard.

Within the Case Studies presented, Warris makes the following conclusions:

Conclusion: Auditors do not understand the relationship between aspects and risks (and opportunities)

Conclusion: Auditors are not trained in the new relationships that occur in ISO 14001:2015. Auditors should not be dictating to the organization how to apply their EMS.

Conclusion: Auditors are not trained in the new requirements in ISO14001:2015 or are asking for the organization to take on a level of bureaucracy for the convenience of the auditor.

Conclusion: The auditor did not understand the relationships expressed in ISO 14001:2015, the full range of situations captured by risk (and opportunities) or the relationship between the EMS and the business’s core activities.

Conclusion – Auditors are not receiving proper training on the content of the standard, how the relationships within the standard need to be understood, and how these elements must be considered in the larger context of the organization’s core strategy, relevant to its purpose and its intended outcomes.

Even a glancing skim of the details shows what we already know: CB auditors are complete idiots. Why this is a surprise to Warris — who managed LRQA, which has its fair share of idiots — is yet another example of how insulated CB reps are, and how divorced from the ISO user experience they keep themselves.

Told You So, The World Did

Remember now the Public Call document, published in 2013, clearly pointed out the user feedback of Annex SL was telegraphing exactly these problems:

… about 50% of those who have a concern over it are also convinced that it will be impossible to audit. Like a film receiving early negative reviews which later fails at the box office, ISO must consider this early user feedback as another reason to pause and solicit additional input. 

So I’m not sure if I should be basking in schadenfreude or popping a Xanax, since the entire debacle could have been avoided had ISO — and Dr. Warris — just listened to users, rather than rely on their bloated sense of self-importance. Operating in the echo chamber where the only feedback they get is each other, Warris and the rest refused the input of professionals around the world that told them exactly what would happen, and now we get to read their all-too-late whining.

Of course the auditors can’t audit standards that lack firm requirements, and are written in Elvish with fluffy rainbow dreamscape idioms.

Of course the CBs were never going to spend a dime training their auditors.

Of course the industry was going to reject this. You would have to have a railroad spike impaled through your brain not to realize this, but to know that you were warned — in writing — and then still chose to ignore it? It’s incompetence of an entirely new level. Maybe we don’t even have words for this. Maybe ISO needs to standardize apocalyptic negligence, since that seems to be the only thing they are good at these days.

So, to Anne-Marie Warris I say, welcome to the henhouse. The chickens have come home to roost, and you get to muck around in the droppings. You can’t say you weren’t warned.

And to ISO I say, if only for your teetering publishing empire, you can still make a course correction. Fire the TMB bureaucrats who got you into this mess, and begin work on a early update of ISO 9001 and ISO 14001 to undo the damage. Enforce the rules and ensure full and consensual participation, and reject your obsession with profit over quality. Don’t wait another 10 years, but instead begin the work now and treat it as a product recall of sorts; when a proper set of standards is finally released, offer them for free, as a means of making up for the mess you’ve caused. If you make a fantastic set of management system standards, the world will reward you. The path you’re on now will only result in the loss of your only sources of revenue, and possibly sanctions before the WTO, which will permanently end ISO forever.

And for God’s sake, take away Anne-Marie Warris’ pencils. Someone is going to get injured.


About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 14001 Implementation