In the old days, standards were developed by serious people, often without any anticipation of recognition, fame, or fortune, and without hubris. They were made by government agencies, paid for by tax dollars, and published for free. Then Ronald Reagan happened, and “government” became a four-letter word so a washed-up actor could sit in 1600 Pennsylvania Avenue.
Ever since, politicians have been bad-mouthing their own job, in order to keep it. It makes no sense, but we are way beyond the era of enlightenment, and deep into the area of leadership-by-bullshit.
Bill Clinton wasn’t about to go “full Carter,” so played himself as Reagan Lite. He continued dismantling key government functions under the guise of lowering taxes, even as they increased. One of the victims was the idea of US national standards, and the Federal Government decided it would offload all standards development activities to private companies, like ISO in Switzerland. They promised this would lower costs, but of course, had the exact opposite effect. Not only are standards infinitely more expensive now (remember, they were free before), but implementation of them has become a nightmarish cost for many.
But if you go back and look at standards from the 1950s, we see them share several features:
- They were short. Requirements were defined quickly and succinctly.
- They were easy to understand. Requirements were written with a certain educational level of the reader assumed, and it wasn’t a PhD.
- They were focused. Standards discussed a single topic, and eac standard discussed its own topic, without stepping on the toes of other standards.
- They did not invoke product placement. Standards were standalone and did not require users to buy additional standards to understand them.
- They didn’t prop up private publishing companies. The point of standards was to standardize — it’s in the name — and not to create an endless stream of revenue for ISO or ANSI, and their executives.
Initially, ISO 9001 reflected this, and the 1987 version was not the monstrous, complicated, baffling standard we have now. But by 2000, private consultants realized there was money to be had in participating in standards development committees, where they could not only steer the language of a standard to require consulting, but they could brag afterward that they were “Big Important People” from the committees.
So ISO and ANSI standards have grown into huge, long-winded, and confusing messes, conveniently requiring you to hire the people who wrote them to decipher them. And so this trend continued through the 2000s and 2010s.
Enter the Incompetents
The dirty secret about private standards consulting is that it doesn’t require any actual experience or ability to launch a practice. There are no certification programs for consultants, nor any oversight bodies or ISO certification schemes applicable to them. A High School student can make a website and become an ISO standards consultant overnight.
As a result, the quality of people working on ISO and ANSI standards has dramatically declined from the days when serious people worked on them. Worse, politics and personal ambition have infected the committees: the only way for a new member to succeed is if they agree to suck up to the incumbent “leader” and help that person’s career. Then, just maybe, they will be able to hitch their star onto that person and gain success for themselves.
With this toxic brew, we have a crop of standards authors that have no training nor prior experience in writing standards and have little interest in actually learning. Companies like ISO and ANSI don’t care, either, since their main goal is just to get books on the website and available for sale. The quality of standards no longer matters; the quantity does.
And so we have unqualified, untrained, and highly conflicted people throwing anything that comes into their heads into the standards. Without adult supervision, the standards become complicated, convoluted, and overlapping messes.
Emotionally Protective Bullshit
We saw this first with the injection of language into the 2015 draft of ISO 9001, calling for the inclusion of an “emotionally-protective workplace.” The language was actually snuck in during a period where no new text was allowed to be added, but no one noticed. When I wrote to ISO and told them they needed to remove it, in order to comply with their own drafting procedures, ISO wrote back and said “nope“… it was too late since the document was already being sold on their website, and that’s all that really matters.
Clearly what happened was someone — and we think it was Stefan Tangen from Sweden — saw creating “emotionally protective workplaces” as a personal pet project for himself, likely because he was slighted at the coffee machine one day, so he thought he’d make his mark on the world by sneaking it in. Likewise, Kevin Knight of Australia had pressured ISO for years to get “risk” thrown into every ISO standard, because that was his pet project. And so “risk and opportunity” got shoved into Annex SL, which landed in ISO 9001:2015. That was then re-branded as “risk-based thinking” by another pet project aficionado, Nigel Croft, the UK expat living (at the time) in Brazil. For Annex SL itself, Dutch nerd Dick Hortensius tossed in all sorts of pet project language into that document, which became “mandatory text” for all ISO management system standards.
For most of these guys, their efforts succeeded in benefitting them personally. Knight became the world’s expert on “risk management” despite having won mixed results in his home country of Australia, and having managed the ISO Technical Committee on the subject nearly to the point of disbandment. Under his lack of leadership, the members of the TC were in such disarray, they were threatening to sue each other, when they weren’t preparing to literally throw hands. But Knight found himself on the speaker circuit, which is exactly what he wanted. He was now a Big Important Person.
Croft parlayed his work with ISO and the United Nations International Development Organization (UNIDO) into a profitable consulting gig, through the UN, and has since gone on to nearly take over ISO itself. Croft has recently floated a plan that would give himself personal authority of Hortensius’ TMB.
Hortensius, meanwhile, has likewise gained global influence, now taking over the ISO Technical Management Board and becoming answerable to no one, even if he is hated by everyone. He now writes nearly a third (if not more) of every ISO management system standard, without having to degrade himself by having his material edited or proofread.
Tangen didn’t fare too well, as his career has largely stalled, and he’s reportedly pretty pissed about it. His sucking up couldn’t overcompensate for his generally noxious personality, apparently.
Throw In The Kitchen Sink
For my international readers, in English-speaking countries we have a phrase that suggests something is overloaded with nonsense when “they threw everything and the kitchen sink.” So we are now in the Kitchen Sink phase of standards, where these unqualified, non-elected idiots are including nearly infinite off-topic subjects, aimed at satisfying some personal agenda without regard for the overall purpose of the standard or its use.
The next edition of ISO 9001 will include mandatory text on “climate change” because Croft and ISO Secretary-General Sergio Mujica are trying to position themselves for higher offices at the United Nations.
The next edition of AS9100 (to be called IA9100) will include requirements on cybersecurity because someone told the IAQG that “cyber is hot right now,” and they don’t want to be left out. Likewise, IA9100 will include more feel-good language on ensuring an “ethical” and self-affirming work environment, which is rich coming from the corrupt origins of Boeing, Lockheed, and Raytheon. I guess it’s time you guys stop fighting the labor unions, then, huh?
BSI, meanwhile, has been pushing the branding of “business resilience” for the past ten years, and this has resulted in some success in getting those words thrown into standards, even though even BSI struggles to define what the phrase actually means.
Meanwhile, outright idiots are pushing to have 2023 buzzwords tossed into standards now, before they fade from view by 2026. So expect to see phrases like “large language models” and “prompt engineering” bandied about, in reference to AI. Maybe someone will even toss an “algorithm” in there for good luck.
Whereas older standards stood largely independent of other standards, the new ISO and ANSI models are like a duller, more annoying version of the Marvel Cinematic Universe. If you missed a clause in one standard, you won’t understand some unrelated standard that comes out two years later. It’s a great sales gimmick for ISO and ANSI, which now force you to buy dozens of standards just to support one.
The IAQG has latched onto this sales scam like no one else. Now, just to understand AS9100 properly, you have to buy at least a half dozen other standards, with that number growing. Consider AS9146 for FOD, AS9145 for APQP, AS6081 for counterfeit part control, etc.
This madness only makes sense when you look at it from the point of view of the people making money selling books. More books = more money. Screw the consumer.
Worse, though, the authors can’t keep track of these standards themselves. So instead of creating a standalone standard on aerospace cybersecurity, the IA9100 authors are going to inject weak — but damaging — requirements which will no doubt conflict with similar such weak requirements in other standards, like IA13100. Sources tell me they plan on creating an aerospace standard on cybersecurity later anyway, which will likely contradict IA9100. An absolute mess.
The feel-good workplace environment language, like the “emotionally-protective, calm, nonconfrontational” wording from ISO 9001:2015, soon finds it steps on other standards entirely, like ISO 45001 or SA9000. ISO doesn’t pay enough attention to even know they might be cannibalizing their own product catalog.
Damage to Systems
The damage this brings to management systems is real. first, adding off-topic subject dilutes and confuses the actual topics relevant to the standard. AS9100 currently includes a clause on product safety, which is aimed and ensuring companies that design aircraft components ensure they can work properly once installed on an airplane. The clause is routinely confused by poorly trained auditors, however, as requiring a workplace safety program, or ergonomics.
The new draft of IA9100 is about to muddy the waters further, by requiring a workplace safety program. Not only will this confuse readers of the “product safety” clause — making it more likely products will be less safe, as a result — it won’t result in a fully-functioning workplace safety program either. Both topics will suffer. No one wins.
What about ISO 9001’s inclusion of a note suggesting companies ensure they maintain a “nondiscriminatory” workplace? This risks having the company’s discrimination compliance program be included in ISO 9001 internal audits, where auditors are wholly not qualified to be auditing such things. So the result is less oversight of anti-discrimination controls, as companies toss the whole thing over to the Quality Manager, who takes it on alongside their other roles managing environmental, safety, and health systems.
With ISO’s promise to turn its standards into “Smart Standards,” that are accessed electronically through a subscription service, and updated “in real time” (instead of every decade or so), we can expect more of this bad behavior. As any random Big Important Person thinks of a new pet project, it will get shoved into the ISO standard and appear as a new requirement overnight.
The only solution is a drastic one, and one not likely to happen any time soon. Governments must take back standards development activities from private publishing companies like ANSI and ISO, and purge the entire system of the wannabe consultants and self-appointed Big Important People. But so much has been abandoned since governments handed the keys to ISO, it would be a monumental task clawing it all back. And politicians aren’t much better than Mujica or Croft, so we can’t expect much.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
