I’d like to welcome ISO Technical Committee 262 into the warm embrace of overwatch and independent investigation. They join a loving cadre of other ISO committees, standards bodies and certification scheme participants who enjoy the benefit of having their work examined closely by end users of their products, as well as the public.
TC 262 is responsible for the ISO 31000 series of risk management standards, and we’ve recently uncovered some troubling developments that I am sure the TC Chair, Kevin Knight, and the rest of its members would love to clarify, clean up and provide transparency for in order to dissuade the public from the notion that the Committee is as functional as a child’s model airplane made of refrigerator doors.
In coming weeks and months, we will be running a series of articles on the backroom dealings and interpersonal disputes which threaten not only to tear TC 262 in half, but also which have resulted in tangible problems in the ISO 31000 series of standards.
I’ve maintained that attempting to standardize risk management was a fool’s errand to begin with; different industries have entirely contradictory ideas on what “risk” is, and certainly how it should be managed, and assuming a single standard would bring all those parties together was madness. Having said that, I’m a fan of ISO 31000: I think it’s a great first step, especially given the monumental obstacles that stood in its path.
But now key interests tied to consulting firms and certification bodies stand to destroy it, in order to create a bullshit “risk management system standard” designed to help the charlatans and certificate mills steal more money from end users. Let me be clear: you can’t certify risk management, and companies that try to do it are inviting massive fraud lawsuits when things go wrong. And I suspect TC reps won’t pay the court judgments.
Meanwhile, Chair Kevin Knight is so busy with his “mic addiction” (he never turns down an opportunity to speak in public), he’s utterly lost sight of what’s going on in his committee. Knight was probably never the right guy to run a monstrously political machine like an ISO Technical Committee anyway, and his personal views on risk were never universally accepted, no matter how much he wants to believe it. He owes his position due to a tiny handful of individual supporters with connections, and for the fact that he managed to get his foot into the door at the ISO TMB before anyone else did. It’s probably time for Knight to step down, to say the least. The problem will then be whether his slot is filled by one of the profiteers calling for a certification standard, or someone who actually knows risk management from the users’ perspective.
This new-found interest also means more scrutiny for the US TAG to TC 262, with whom we’ve already had some “uncomfortable” dealings with. In 2014 I attempted to join the US TAG, and was instead greeted by vein-bursting shouting from TAG Secretary Tim Fisher who threatened legal action after he falsely accused me of having “stolen” an ISO 31000 draft document. Then-Chair Doroty Gjerdrum assured me all was put to bed, but ISO nevertheless hired lawyers to carry out Fisher’s threat, showing Gjerdrum wasn’t really in control either. The lawsuit was defeated before it went to court (again), but no action was ever taken against Fisher, sending the message that he is allowed to harass, threaten and defame members of the international standards community with impunity. Well, I haven’t ruled out suing him, so he may yet face some “punity.”
ISO and its Technical Committees enjoy freedom from oversight largely because they are obscure, and no one really knows what the hell they do. But let’s hope the TC is willing to reject obscurity, and accepts its new place in the spotlight with grace and does the right thing: it corrects its course, works only to develop standards that benefit user organizations, and kicks out those who seek to turn it into a profit center for the CBs and their cronies.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 35 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
