As you know, ISO is dead-set on doubling-down on its mistakes, and is revising the much-loathed Annex SL. ISO and its attendant cronies are actively rejecting any argument that Annex SL is the core problem affecting ISO 9001:2015, which requires them to then ignore the fact that the latest version of the standard is the worst-received in ISO’s history. Because, well, I don’t know… China, or something.

Meanwhile, presumably to address flagging sales of its flagship standard, ISO ordered its TMB shocktroopers to force an early revision to Annex SL, even if that causes even more disgruntlement and panic among user organizations. If they update Annex SL, that means ISO 9001 will have to get updated, too. And companies are not looking forward to another forced update, accompanied by forced “upgrade” audits from their registrars. But the TMB doesn’t really care what you think, and is pushing ahead.

Nigel Croft, Dick Hortensius and a secretive gang of White Walkers are leading the work, and recently concluded a special meeting in Atlanta where 35 non-elected people showed up to represent every industry in every trade market in every country on the planet, and figure out how they were going to make ISO 9001 worse. Mind you, these are the same geniuses who dreamt up “risk-based thinking” and crippled ISO 9001 the last time. Because making the same mistake over and over always results in improvements, in case you didn’t know.

Member Dolf Van der Haven released a tidbit of info from the Atlanta meeting. First, TMB is really, really, really trying to emphasize that this is a “limited” revision, a move clearly designed to help them save face. But the big news is that ISO is yet again rushing the project, the same way they rushed the release of ISO 9001 and refused to pause to take in feedback from affected industries and stakeholders. ISO is demanding the TMB produce a final draft by February 2021 and then they will hit print three months later, in May of 2021.

The more interesting snippet from van der Haven’s post is consistent with other reports I’ve gotten, and describes how the main sticking point is ISO’s ongoing inability to obtain international consensus on standardizing the definition of “risk.” This has become an international embarrassment for ISO, whose sole job is to — you know — standardize stuff. Meanwhile, ISO has over 40 different definitions of the work appearing in dozens of its standards. The thought was that by publishing ISO 31000 — the standard on risk management — the argument would be finished once and for all. But users rejected ISO 31000’s controversial view that “risk is positive,” and other Technical Committees haven’t universally lined up to adopt the definition in their standard.

Then comes the sectors, like aerospace, which added a note in AS9100 Rev. D which essentially undermined ISO’s definition, slapping them square in the face. Yet again, the Croft Cabal isn’t listening to aerospace, and they are confident that 35 unknown, un-elected, un-vetted standards nerds you never heard of are capable of making decisions for millions of companies across the globe.

This means, of course, that the minimum we can expect is yet another new definition of the term “risk,” forcing another rewrite of every other ISO standard that uses the word, including ISO 31000 itself. That will trigger more turf wars within ISO committees, which are fun to watch. The TC that wrote ISO 31000 nearly broke into fisticuffs amongst themselves, so I can’t wait to see what they will say when Nigel and his pals take the edit pen to their work. There will be blood.


ISO 17000 Series Consulting

Let’s pause on that note and consider this: ISO releases standards before understanding the meaning of the words it’s trying to standardize. This is like buying a manual on boat-building from a guy who thinks a boat is a vegetable.

There may be some good news, however. The last edition of ISO 9001 came out in Sept. of 2015. This means it’s due for the start of the revision period in 2020; typically ISO does not issue a major revision immediately after a prior major revision, and had previously telegraphed that the next edition would be a minor one. It typically takes ISO about 3 years to release a revised standard once the review is begun, meaning that history would have a minor edit to ISO 9001 released in 2023.

Still, that’s only four years from now. Yes, you’re still catching your breath from the last revision. And as the 2008 edition shows, even if they opt to change nothing at all, ISO will still publish a revised edition and then use the IAF to force the entire world to buy a copy of the new standard and pay for additional audits to “upgrade.” Not fun.

But ISO shouldn’t release anything of ISO 9001 until after Annes XL 2.0 is released, since the new standard will have to comply with Annex SL 2.0. That would mean the standard shouldn’t undergo any initial review until 2021, one year later than usual. That may push the final revised ISO 9001 standard to a date around 2024 or even 2025.

But let’s not assume ISO won’t find a way to muck it up. They could issue an early release of 9001 and then another one a few years later, thus doubling the revenue of sales of new ISO 9001 standards, as well as doubling the number of required update audits by CBs. ISO is craven enough to pull that stunt, too, don’t think otherwise. Ultimately, this entire debacle is caused by greed.

And the crop of consultants who led the ISO 9001:2015 authoring initiative are still around, fully empowered and unleashed without any restraint, with their older, more cautious elders long gone. Pissing on the grave of Deming has become competitive sport. There’s nothing stopping these guys from putting all sorts of nonsense in even a minor edition, since it means more consulting gigs for them later to explain it all. Remember, these guys inserted “calm and emotionally protective workplace” in the last one. At the same time, they’ve spent the last decade telling you, to your face, they don’t care what your opinion is. So long as governments and companies keep putting ISO 9001 into contract requirements because they’re too lazy to do their own quality vetting, ISO will keep publishing whatever they want, without answering to consumers or users.

Don’t look to professional societies like the Risk and Insurance Management Society (RIMS) to come to the rescue either, because they’re busy literally recruiting Freemasons. Because apparently praying while wearing a doily over your crotch is some newfangled means of risk management. This is why you can’t have nice things, people.

So, yes, we’re back arguing what “risk” is even though the Egyptians practiced risk management a few years back when they built the pyramids. Sigh.