As Oxebridge makes the slow crawl towards becoming an official CMMI Institute partner — the process is long, but will eventually differentiate us from the crowd of ISO 9001 consultants who falsely claim CMMI expertise — I find it consistently astounding how the Institute could get its approach to standards development and auditing so right, while the ISO/IAF scheme got it so wrong.

(A disclaimer: yes I know the CMMI models are not “standards,” per se, and the scheme is based on “appraisals,” not audits. Just bear with me for the purposes of this article anyway.)

Consider this: both ISO and the CMMI Institute are effectively monopolies, without any competition in their particular fields, and with growing support by national governments who embed their products into bid requirements. So while ISO has greater user numbers than the CMMI Institute, they still can be seen as a pairing of equals.

So the question is how one “equal” seems to have avoided making the mistakes the other has. This is not a full-throated apology for the Institute’s occasional weaknesses or missteps, but they pale in comparison with ISO’s institutionally-entrenched corruption and Orwellian existential identity.

Take, for example, the stark contrast between each organization’s definition of “consensus.” ISO claims its standards are based on obtaining consensus from its member nations and industry experts, and that they are thus the product of a group consensus. The CMMI Institute’s rules for conducting appraisals require the appraisal team to generate its final results on the “consensus” of the appraisers. Both those sentences make it appear that ISO and the CMMI Institute are in agreement on the concept, but they are actually in opposition.

The CMMI Institute views consensus as a general agreement between parties, such as between the members of the appraisal team. Specifically it:

Consensus is finding a proposal acceptable enough that all team members can support it, and no team member opposes it.

The Institute clarifies that “consensus” does not require a majority vote nor a unanimous vote. It doesn’t mean that every member will be “totally satisfied.” Instead, all members must agree that they can “live with” the given decision, even if they have a handful of reservations. If any single member has a significant reservation, and “can’t live with it,” then the process cannot proceed, since consensus was not reached.

Now compare this to ISO’s definition:

Consensus is the absence of sustained opposition.

As I have written previously, under ISO’s model, a single person can write a rough draft of a standard or make a proposal during a meeting, and it’s automatically accepted as a final decision unless opponents can launch “sustained opposition.” Under ISO’s published rules, it’s agents then reserve the right to subjectively decide when any pushback may be considered “opposition,” and then what constitutes “sustained.” During the development of the last ISO 31000 risk management standard, nearly half of the group viciously disagreed with the direction the standard was headed, but the committee chair arbitrarily decided that the disagreement did not meet his personal threshold for “sustained opposition.” Read that again: half of the committee disagreed — not one or two troublemakers — half. In fact, it was so heated, the members started threatening to sue each other in open meetings. Yet even that couldn’t overcome ISO’s made-up hurdles, and was dismissed. In the end, ISO released the new ISO 31000 standard insisting it was the product of “consensus.” A total lie that is subsequently repeated by ISO’ dutiful army of consultants.

But this is how “risk-based thinking” was foisted on the entire world’s trade sectors. It was dreamed up by a single person, automatically treated as accepted by the world, with detractors ignored and rejected. Nearly two dozen countries filed objections to the “risk-based thinking” concept, and they were all thrown out, without explanation. All of them. 

Now we see the term cropping up in government contracts, in high-minded journal pieces, and (of course) other ISO products. And yet it’s a total sham, since there’s no such thing as “risk-based thinking.” It was a term invented to replace “risk management,” which ISO felt would scare off potential standards buyers.

So the CMMI Institute’s approach to “consensus” is refreshing, but I concede we now live in a world where adopting a millennia-old common definition of something is only “refreshing” because ISO’s massive publishing empire can undo even the simplest definitions of words within a single year. In a practical sense, the CMMI definition allows an appraisal team comprised of an even number of participants to come to an intellectually-sound, logical conclusion without the need for a tie-breaker vote. All members must be able to live with the decision, or they have to go back and deliberate. Under the ISO model, a single member can hijack the process if he has ISO’s support, and ISO can still claim the end product was the result of group consensus.

CMMI’s approach is much like the criminal justice jury system; jurors must come to a universal conclusion or keep deliberating. Imagine ISO’s jury system, then: a single juror declares the defendant guilty, and that decision is automatically accepted as final unless that single juror arbitrarily yields to someone who disagrees. It makes the other jurors irrelevant, in the same way that ISO has ensured member nations and committee participants are irrelevant.

As a result, CMMI will continue to erode at ISO’s core product — ISO 9001 — as it makes inroads into ISO’s core customer base — manufacturing. And it should, too, since the Institute, for all its other flaws, gets a lot of things right that ISO has just refused to fix.




    About Christopher Paris

    Christopher Paris is the founder and VP Operations of Oxebridge. He has over 25 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.