At this point, it’s expected that ISO won’t follow any of its pesky rules for standards development, especially any that get in the way of it making money or helping Sergio Mujica run for United Nations Secretary-General. ISO is an international joke, a mafia run by sidewalk clowns, and enabled by greedy self-promoting consultants like Nigel Croft and Devindra Chattergoon.

Yesterday, ISO released mandatory “amendments” to dozens of management system standards, including ISO 9001, to inject language on “climate change” whether or not the topic is germane to the subject matter of the actual standard. (ISO 27001 cybersecurity folks are going nuts about this, trying to wrap their heads around how a policy on 2FA and server hardening affects the environment. What, if their servers use too much electricity, they’re supposed to NOT apply the 27001 controls?)

To do this, of course, they had to ramrod the updates without any formal approvals or voting. So let’s look at the official procedures for standards development, published under what’s called the “ISO Consolidated Supplement,” to see just which rules ISO violated to force this update on the world.

First, per the rules, ISO standards are allowed to undergo minor changes which are then published as an “amendment”:

An amendment alters and/or adds to previously agreed technical provisions in an existing International Standard and its prior amendment, if any. An amendment is considered a partial revision: the rest of the International Standard is not open for comments.

An amendment is normally published as a separate document, the edition of the International Standard affected remaining in use.

Unlike the ISO 9001:2008 “amendment,” which was published as a full standard, forcing users to buy it, at least the 2024 climate change amendments met this rule.

But how are amendments issued? Per the Consolidated supplement, “the procedure for developing and publishing an amendment shall be as described in [section] 2.3.” So let’s see what that says (emphasis added):

[The technical] committee shall pass a resolution containing the following elements: 1) target dates, 2) confirmation that the scope will not be expanded, 3) the Convenor or Project Leader and 4) UN Sustainable Development Goals. The committee shall also launch a call for Experts (Form 4 is not required).

A two-thirds majority resolution is required for… a revision or an amendment that results in an expanded scope.

The Secretary/Committee Manager shall ensure that the appropriate group that will develop the project with the newly approved scope shall comply with the requirement for at minimum 4 or 5 P-members actively participating as specified in item b) of clause 2.3.5.

Given all the bluster by Croft and Mujica, yes, the addition of climate change would constitute an “expanded scope” of each standard. You can’t toss climate change in a quality management or cybersecurity standard and pretend you didn’t expand the scope.

The referenced clause 2.3.5 then says (emphasis added):

Acceptance requires:

a) approval of the work item by a 2/3 majority of the P‑members of the technical committees or subcommittees voting — abstentions are excluded when the votes are counted; and

b) a commitment to participate actively in the development of the project, i.e. to make an effective contribution at the preparatory stage, by nominating technical Experts and by commenting on working drafts, by at least 4 P‑members in committees with 16 or fewer P‑members, and at least 5 P‑members in committees with 17 or more P‑members; only P‑members having also approved the inclusion of the work item in the programme of work [see a)] will be taken into account when making this tally. 

The rules then go on to explain how standards —including amendments! — have to go through the normal revision steps, such as Working Draft (WD), Committee Draft (CD), Draft International Standard (DIS), and Final Draft International Standard (FDIS). Each of those needs to be published and voted on (although the CD can be skipped.) Emphasis added:

Where it is decided that the International Standard needs to be revised or amended, it becomes a new project and shall be added to the programme of work of the committee. The steps for revision or amendment are the same as those for preparation of a new International Standard (see ISO/IEC Directives, Part 1, clauses 2.3 to 2.8), and include the establishment of target dates for the completion of the relevant stages.

Mujica ordered the changes to 31 (as in thirty-one) management system standards without following any of those rules.

Justify This

Now, mind you, shit peddlers like Croft are insisting that the changes are an omelet crucial for saving the planet, and thus justify the need to break a few eggs in the process. There are a few problems with this argument:

  1. If climate change is that important, why hasn’t ISO implemented policies reducing — or eliminating — physical travel to conduct its meetings and sessions? Why does it still require members to burn up fossil fuels on airplanes to travel to far-flung locales around the world, to conduct business that can easily be done over web conferences? (Answer: ISO only gets participation by international delegates on the promise they can fly to fancy beach resorts and write the trip off as a “business expense” on their taxes.)
  2. Why has ISO only applied the climate change demands to end-user organizations, and not to certification or accreditation bodies? They are the ones flying auditors all around the world every day. (Answer: ABs and CBs dominate the standards committees at CASCO, which writes the rules for those bodies, and aren’t about to do anything to restrict themselves.)

Croft and others have also insisted that convening a Joint Technical Committee (JTC) that did vote for the changes, this somehow meets the need for consensus. To be clear, though, there’s nothing in the rulebook that allows Croft to create his own committee (populated by his pals, who will vote his way) to draft and revise standards while disregarding all the rules that do exist. Croft’s JTC was formed only to give the proceedings a veneer of bureaucratic authenticity, while in total violation of both the spirit and letter of Consolidated Supplement rules.

What Are They Afraid Of?

But the biggest question is if ISO and Croft and Mujica are so sure that climate change is crucial, why were they so terrified to put the suggested changes through the normal voting and approval process, allowing TC members to perform their required duties? (Answer: this had to be fast-tracked before Mujica’s term limits run out, so he can run for a UN position in 2026. Croft likewise hopes for a similar career boost.)

Croft, meanwhile, won’t answer any of these questions, and instead spends his time blocking critics and avoiding detractors. With this self-filtered experience, Croft can insist — to himself, anyway — that he’s made the right decisions, since he never sees any of the thousands of comments from people outraged by his antics.

Mujica doesn’t really engage on social media, except to post press releases and videos of himself sweating like a pig (does this guy ever take a shower?), so he also isolates himself from the howls of end users who are infuriated with this mess.

Governments — including the United States (FDA, take particular note) need to understand that Mujica has crossed a red line. He is now personally impacting the content of both technical and management system standards for his own personal and political gain. TO do this, he relies on goons like Croft to muscle changes through, completely bypassing official ISO Consolidated Supplement rules, which were, themselves, created to comply with official World Trade Organization (WTO) requirements for the development of ISO standards.

There is no rule or regulation that Mujica won’t break. He’s a toxic narcissist, a would-be world dictator with an allergy to bath water, and a danger to the world. The US and other nations should be holding him accountable, not enabling this asshat.

Advertisements
Traditional Tri-System