blogwriterThe test of whether ISO TC 176’s “risk based thinking” makes any sense is to see if the people promoting it actually practice it. Of course, they don’t.

Case in point: the standard talking point coming out of the committee was that ISO 9001 has always been about risk. It’s not true, of course, but they are retconning history and convincing the entire world that this has been the case. History is written by the victors, and all that.

But a viral talking point is one thing. Plagiarism is something else. In support of this idea that RBT has been there all along, one phrase keeps popping up in blogs, articles and PowerPoint presentations desperately trying to calm us all down about the new requirement:

The concept of risk has always been implicit in ISO 9001 – this revision makes it more explicit and builds it into the whole management system.

The original source appears to be an official ISO TC 176 presentation on the subject, numbered ISO/TC 176/SC 2/N065, originally published in December 2013 and then later revised in July 2014.


ISO fleshed this out further in an official July 2014 paper on the subject.

This was then picked up and quoted, without attribution, in a  White Paper published by BSI some time in July of 2014 entitled “The Importance of Risk in Quality Management: Approaching Change.” 


The usage by BSI is somewhat moot, since BSI dominates ISO activities; as a result, there isn’t  much of a problem if they share material. They should have, however, appled proper credit to the original source, or at least indicate the material was copied “with permission.” In effect, BSI appropriated the non-profit ISO materials for their own for-profit marketing purposes.

Soon, the sentence cropped up in a number of blogs, articles and training sessions, without crediting BSI or ISO anyone else. In fact, the authors just took credit for it themselves, and copied the sentence entirely, complete with the em dash. First up, here is Dutch consultant John Roskam’s presentation on the subject:


ISO registrar DQS-UL took the phrase, too, in a blog post by its’ Managing Director Michael Drechsel, who at least changed the punctuation:


Cognidox got into the game, too, with a more recent blog post in February of this year:


The interesting thing about the Cognidox post is that it was written by Michael Shuff, who claims to be a “freelance blogger and marketing writer specialising in cyber security.” One would expect a professional blogger to know not to plagiarize, and especially one claiming expertise in cybersecurity.

ISO consultant Pretesh Biswas not only copies the sentence, but the entire section from the TC 176 presentation, including the footbridge nonsense that the TC has used to explain it:


Registrar LRQA just goes all-in and steals the material outright, claiming their Technical Director David Lawson said it first:


ASQ’s Bob Deysher, a Senior Consultant with Quality Support Group, also grabbed it up and threw it back to an ASQ audience with this presentation, which did not name the source of the material in the final slide on references:



Innovative Quality Solutions Consulting just took the entire TC 176 presentation, complete with side banner, and threw their names on it:



You get the idea. I could do this for hours.

So to summarize: the people so adamant about selling us on the idea that risk-based thinking has always been around, and not pulled out of thin air by TC 176 (despite the facts), are themselves practicing exactly NO risk-based thinking, because they are busily publishing material written by someone else, and then denying the original source any credit.

Sounds about right.

[Image credit The Matrix Reloaded, (c) Warner Bros. / Village Roadshow Pictures 2003] 

[UPDATED 8 Feb 2014 to correct incorrect link to TC 176 presentation, and to correct incorrect numerical reference to same.]





About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 45001 Implementation