Since the original ISO 9001 standard was written by ancient Nordic scholars in a dimly lit cave high on the cliffs of Strökenheim in the 11th century, it has included a requirement for organizations to develop a single, overarching “Quality Policy.” The superstitious Norseman believed that all human actions could be driven by a short set of divinely-inspired words written on the back of a napkin. Or, in those days, the dried skin of a sheep’s ear.
Shortly after that, the scholars were wiped out by the illiterate tribes of Belchinheim, who apparently couldn’t give a crap about policies. Infidels.
And so to this day we have the Quality Policy mandated to us by ISO 9001, a requirement that is set to survive yet another decade or two with the upcoming 9001:2015 revision. This, despite decades of history that proves the Quality Policy is, in the words of my Britishy pals, utter bollocks.
I am unlikely to get a single ISO consultant or auditor to agree with me on this, but bear with me through this brave declaration of godless sacrilege.
Those Who Ignore History are Doomed to Ignore It Some More
First, let’s look at the anthropological angle. There is no evidence to show that human beings are capable of governing their actions on the basis of short, simple declarations, no matter how powerful the source. If we still haven’t managed to obey the Ten Commandments (or Jesus’ subsequent Cliff’s Notes version), and continue to wage war despite being told by the Creator “don’t kill,” then what hope is there for a policy about quality products, written by a sullen, slovenly ISO consultant? Humans have built entire, massive legal infrastructures to implement even the simplest laws, such as for parking or petty theft, never mind the bigger ones regarding murder, rape and war. We have law schools, attorneys, courts, appellate courts, supreme courts and even a death penalty… all because humans are incapable of just “following a policy.”
Seriously — did you really read your Microsoft agreement before downloading that Windows 8 security patch, or did you just click that little button?
Which segues us into the next aspect: the business environment. There is no proof that a company which operates under a single Quality Policy fares any better than those that do not. In fact, it appears nearly entirely irrelevant, or possibly the opposite. Apple, one of the most successful companies on the planet, has no Quality Policy. Facebook doesn’t have one either. Nor Wal-Mart. In fact, nearly every one of the Fortune 500 top companies don’t have a Quality Policy. Somehow they seem to muddle through, and rake in billions of dollars every year, servicing millions of people across the entire world.
ISO would have us believe that managing an organization is simple, and that the people within it are mindless dupes ready to be programmed with whatever simple code the senior management can dream up. Meanwhile, in the real world, organizations are highly complex systems involving people, equipment, environments, laws, rules, expectations and all the infinite interactions between those aspects. Then there’s interpretation: a single paragraph Quality Policy can be interpreted a number of different ways by different people; so who’s right? (See how well Google’s policy of “Don’t Be Evil” worked out?)
Long Live the King
In the early post-industrial revolution era, we got away with this Management by Dictate mindset, because we happened to also be coming out of an era run by dictatorial monarchies. As democracy, stock markets, consumer awareness and labor rights grew into maturity, we moved away from the notion that a company runs only on the will of a single Old White Guy. ISO, however, never learned that lesson, and is stuck a century behind the times.
Next, the Quality Policy is entirely ineffective. It requires one to believe that you can sum up the goals of an organization in a few sentences, and that such a policy is capable of applying to all situations at all times. After all, any evidence of violating the Quality Policy can result in an ISO 9001 nonconformity. This is, of course, utter madness. Managers know this, too, which is why such policies are vague, vacuous drivel, devoid of any true meaning or teeth, and usually not at all representative of the company’s true goals. ISO is happy if it contains the words “continual improvement” because in its thinking, this will ensure all the employees work towards that end. ISO thinks that even if the end is better achieved through the means of quality objectives, leadership, empowerment, process controls, etc., this all cannot exist without a Quality Policy. We can suppose, then, that ISO believes the only thing preventing a barn from collapsing is the little weather vane on the roof.
So the vague wording gets written down and put on posters and the back of employee badges and websites and letterhead, and ISO 9001 auditors walk away with the completely unfounded assurance that the company is just fine, thank you. And then we have the situation we currently see: employees who don’t remember what the hell the policy is, but can yank it out and then rush some “personalized” summary of it from the top of their head. So long as they say things like “we try to make the customer happy” the ISO auditors are satisfied. Because, you know, without that policy everyone would no doubt shout “the customers suck chicken balls!” as if infected with a viral, airborne version of Tourette’s Syndrome. The only thing keeping employees from spitting in the soup is that Quality Policy. Riiight.
Finally, the endless tinkering to the Quality Policy requirements in ISO 9001 costs companies real money. After acquiescing to the inane interpretations of dimbulb auditors and having the damn things printed on huge, $500-a-pop posters, now they find they will have to pull them all down and have them reprinted, because 9001:2015 is adding a new requirement to include a sentence about “commitment to satisfy applicable requirements.” If those words aren’t there, expect a nonconformity, even if every other policy, procedure, process and practice proves without a doubt that you comply with applicable requirements.
Think about that. Apple could not ever achieve ISO 9001 certification because it doesn’t have a compliant Quality Policy. One sixth of the planet’s population uses Facebook, but they could never get ISO 9001 certified.
Ancient. Ineffective. Costly. These are the reasons ISO needs to drop the Quality Policy requirement entirely. Every aspect of it is already addressed elsewhere in the standard, in much better ways. It’s time to bring the ISO 9001 standard into the 21st century. Hell, bring it into the 12th century.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.