A few days ago, ISO released its free ISO 9001:2015 AMD 1:2024 document, which adds language about climate change to the ISO 9001 standard. The same day, IAF released a set of memos essentially indicating they expect this to be implemented immediately, and ordering CBs to start verifying this. The IAF memos were not clear on how, but it’s implied that CBs will do this at your next scheduled audit. If that’s next week, then you have to do this by next week.

And, yes, this affects AS9100 users as well. In this case, because this is an odd-duck “amendment” with immediate effect, we don’t have to wait for AS9100 to formally adopt it. (Although I suspect IAQG will be issuing some statement on this soon.) But it means that AS9100 auditors will be verifying your compliance with the climate change addendum, too, at your next audit.

So what do you have to do?

Download the Damn Thing

First, you must download the free amendment from ISO. You can grab that here. It’s free, but the idiots at ISO require you to enter a credit card anyway. If you already have a card on file, then nothing happens. If you are purchasing from ISO for the first time, they will run a quick $1 transaction on your card, then credit it back, to test the card. Annoying.

If you don’t have a credit card, then you’re shit out of luck, and have to pirate the thing. That is what ISO gets for hiding a mandatory “free” update behind a credit card firewall. Again, they are complete bell-ends.

Alternatively, just read this leaked text which matches what appears in the final version anyway.

Essentially, the requirement is that:

  1. From the perspective of stakeholders, you must determine if stakeholders (interested parties) have any requirements applicable to your company relative to climate change, and
  2. You must “determine” the requirements and issues applicable to your company relative to climate change.

COTO Log to the Rescue

For users of Oxebridge’s COTO Log (for “Context of the Organization” Log), whether you got the generic one from the ISO 9001 template kit or AS9100 template kit, or if you’re an existing Oxebridge client, then we have a quick and easy way to tackle this change.

Despite ISO 9001 / AS9100 requiring you only to “determine” these things, and not actually requiring you to write them down, CB auditors are not so forgiving. You have to produce something during an audit, as evidence you did this. So you need to have a record here, despite the literal words within the standards.

Here is where the COTO Log will help.

Working left to right in the COTO Log:

Parties Tab – there are likely no changes necessary here, as climate change would not drag an entirely new set of stakeholders into your QMS scope. That might be true for your ISO 14001 system, but not your ISO 9001 or AS9100 system.

Issues Tab – For the stakeholder group of “Customers,” I suggest adding a new issue that reads, “May flow down climate change related requirements” and enter the bias for this as a MIXED. (I’ll explain why later.)

Risk Register Tab – within the Risk Register, now enter a few specific risks related to the issue of climate change. At a minimum, I think these should include:

  • Customer imposes requirements related to climate change that we cannot meet through normal business practices
  • Climate change impacts on our products
  • Climate change impacts on our QMS processes
  • Our activities have an impact on climate change

Now, remember, I can’t predict the risks for every possible company out there, so you should add risks that are relevant to your particular company.

Once you’ve got these entered, then rank each climate change risk using the columns on the right (probability, consequence, detectability) to generate your risk rating for each. If you know the risk of climate change is low for your company, this should fall under your risk appetite threshold, and the final column will be grayed-out. Otherwise, it will turn yellow or red, and you have to add a mitigation strategy.

Even if they end up being grayed-out, you can now prove you “considered” climate change risks, and this will shut up the CB auditors.

If you’re in an industry where you do have some control over climate change, well, that’s a whole other box of cheese, and you’ll now face having this matter dragged into your QMS.

Opportunity Register Tab – Unfortunately, the IAF memos indicate that they aren’t solely sufficient with you dealing with climate change as a risk, and they seem to suggest they expect to see something related to opportunities here, too. This is yet more indication of just how crazy this entire situation has gotten. Not only are you supposed to come up with risks related to a topic that ISO pulled out of thin air to be included in your QMS — while they ignore actual quality-related topics like cost of quality, systems thinking, etc. — now you’re supposed to put a positive spin on it, as well.

So this is why I suggested you enter the issue as “Mixed” instead of purely as a risk.

I always urge COTO Log users to keep their Opportunity Register light, with far fewer entries, so you don’t look like you are chasing unicorns and are instead focused on minimizing risk. So for climate change, I suggest adding only one opportunity, such as, “implementing QMS controls related to climate change could improve our reputation in the industry and/or the community.”

Then, rank that opportunity accordingly. If you likely won’t see much benefit from the climate change efforts, this opportunity should rank low, and the “Opportunity Pursuit Plan” column will gray out, and you don’t need to do anything else. If the opportunity doesn’t gray out, you have to enter a plan on how you intend to maximize your climate change activities to your benefit. This one will likely remain open forever since it would be an ongoing, perpetual activity.

Congrats, You Just Saved Florida from Drowning

That’s it, and you’re done. You’ve now satisfied the new ISO 9001 climate change amendment.

Until, at least, the time when Nigel Croft sees some other squirrel and gets distracted again. Remember in 2015 when he insisted that “risk” was the new thing we need to worry about? Now, in 2024, it’s “climate change.” I presume that in a few years, he will be forgetting all about risk and climate change, and ranting about “AI” or “sex robots” or something, and shoving those into ISO 9001.

This is what happens when you let non-elected morons create standards and don’t hold them accountable to official delegates or subject matter experts.

Advertisements

ISO 17000 Series Consulting