Welcome to The O-Forum! Read this first! Then, feel free to introduce yourself here! If you need immediate, real-time support for the Oxebridge ISO 9001 or AS9100 Template Kits, click here to join our Slack chat channel.

Please consider registering
Forum Scope


Forum Options

Minimum search word length is 3 characters - maximum search word length is 84 characters
Register Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Exactly 4,000 Years Later, ISO Still In-Fighting to Standardize "Risk"
sp_BlogLinkWhite Read the original blog post
Christopher Paris
Forum Posts: 656
Member Since:
5 December, 2012
sp_UserOfflineSmall Offline
5 May, 2019 - 12:55 PM
sp_Permalink sp_Print

Image EnlargerAs you know, ISO is dead-set on doubling-down on its mistakes, and is revising the much-loathed Annex SL. ISO and its attendant cronies are actively rejecting any argument that Annex SL is the core problem affecting ISO 9001:2015, which requires them to then ignore the fact that the latest version of the standard is the worst-received in ISO’s history. Because, well, I don’t know… China, or something.

Meanwhile, presumably to address flagging sales of its flagship standard, ISO ordered its TMB shocktroopers to force an early revision to Annex SL, even if that causes even more disgruntlement and panic among user organizations. If they update Annex SL, that means ISO 9001 will have to get updated, too. And companies are not looking forward to another forced update, accompanied by forced “upgrade” audits from their registrars. But the TMB doesn’t really care what you think, and is pushing ahead.

Nigel Croft, Dick Hortensius and a secretive gang of White Walkers are leading the work, and recently concluded a special meeting in Atlanta where 35 non-elected people showed up to represent every industry in every trade market in every country on the planet, and figure out how they were going to make ISO 9001 worse. Mind you, these are the same geniuses who dreamt up “risk-based thinking” and crippled ISO 9001 the last time. Because making the same mistake over and over always results in improvements, in case you didn’t know.

Member Dolf Van der Haven released a tidbit of info from the Atlanta meeting. First, TMB is really, really, really trying to emphasize that this is a “limited” revision, a move clearly designed to help them save face. But the big news is that ISO is yet again rushing the project, the same way they rushed the release of ISO 9001 and refused to pause to take in feedback from affected industries and stakeholders. ISO is demanding the TMB produce a final draft by February 2021 and then they will hit print three months later, in May of 2021.

The more interesting snippet from van der Haven’s post is consistent with other reports I’ve gotten, and describes how the main sticking point is ISO’s ongoing inability to obtain international consensus on standardizing the definition of “risk.” This has become an international embarrassment for ISO, whose sole job is to — you know — standardize stuff. Meanwhile, ISO has over 40 different definitions of the work appearing in dozens of its standards. The thought was that by publishing ISO 31000 — the standard on risk management — the argument would be finished once and for all. But users rejected ISO 31000’s controversial view that “risk is positive,” and other Technical Committees haven’t universally lined up to adopt the definition in their standard.

Then comes the sectors, like aerospace, which added a note in AS9100 Rev. D which essentially undermined ISO’s definition, slapping them square in the face. Yet again, the Croft Cabal isn’t listening to aerospace, and they are confident that 35 unknown, un-elected, un-vetted standards nerds you never heard of are capable of making decisions for millions of companies across the globe.

This means, of course, that the minimum we can expect is yet another new definition of the term “risk,” forcing another rewrite of every other ISO standard that uses the word, including ISO 31000 itself. That will trigger more turf wars within ISO committees, which are fun to watch. The TC that wrote ISO 31000 nearly broke into fisticuffs amongst themselves, so I can’t wait to see what they will say when Nigel and his pals take the edit pen to their work. There will be blood.

Let’s pause on that note and consider this: ISO releases standards before understanding the meaning of the words it’s trying to standardize. This is like buying a manual on boat-building from a guy who thinks a boat is a vegetable.

There may be some good news, however. The last edition of ISO 9001 came out in Sept. of 2015. This means it’s due for the start of the revision period in 2020; typically ISO does not issue a major revision immediately after a prior major revision, and had previously telegraphed that the next edition would be a minor one. It typically takes ISO about 3 years to release a revised standard once the review is begun, meaning that history would have a minor edit to ISO 9001 released in 2023.

Still, that’s only four years from now. Yes, you’re still catching your breath from the last revision. And as the 2008 edition shows, even if they opt to change nothing at all, ISO will still publish a revised edition and then use the IAF to force the entire world to buy a copy of the new standard and pay for additional audits to “upgrade.” Not fun.

But ISO shouldn’t release anything of ISO 9001 until after Annes XL 2.0 is released, since the new standard will have to comply with Annex SL 2.0. That would mean the standard shouldn’t undergo any initial review until 2021, one year later than usual. That may push the final revised ISO 9001 standard to a date around 2024 or even 2025.

But let’s not assume ISO won’t find a way to muck it up. They could issue an early release of 9001 and then another one a few years later, thus doubling the revenue of sales of new ISO 9001 standards, as well as doubling the number of required update audits by CBs. ISO is craven enough to pull that stunt, too, don’t think otherwise. Ultimately, this entire debacle is caused by greed.

And the crop of consultants who led the ISO 9001:2015 authoring initiative are still around, fully empowered and unleashed without any restraint, with their older, more cautious elders long gone. Pissing on the grave of Deming has become competitive sport. There’s nothing stopping these guys from putting all sorts of nonsense in even a minor edition, since it means more consulting gigs for them later to explain it all. Remember, these guys inserted “calm and emotionally protective workplace” in the last one. At the same time, they’ve spent the last decade telling you, to your face, they don’t care what your opinion is. So long as governments and companies keep putting ISO 9001 into contract requirements because they’re too lazy to do their own quality vetting, ISO will keep publishing whatever they want, without answering to consumers or users.

Don’t look to professional societies like the Risk and Insurance Management Society (RIMS) to come to the rescue either, because they’re busy literally recruiting Freemasons. Because apparently praying while wearing a doily over your crotch is some newfangled means of risk management. This is why you can’t have nice things, people.

So, yes, we’re back arguing what “risk” is even though the Egyptians practiced risk management a few years back when they built the pyramids. Sigh.




Forum Posts: 9
Member Since:
18 June, 2018
sp_UserOfflineSmall Offline
7 May, 2019 - 6:27 AM
sp_Permalink sp_Print

The only reason any organization would register to ISO 9001 is so they have access to international markets … to sell their goods or services.  Other than that registering to any ISO management system is a waste of time and precious resources.  An organization looking to improve will achieve little improvement under the ISO schemes.  Trust me I have operated and audited those schemes for nearly 40 years now and they are all simply a scam for Registrars (auditors), Certification Bodies, and ISO to make money.  

Most countries already have regulatory bodies who require organizations to control key aspects of the business (Environmental, Safety, Financial etc).  What I have found through auditing these systems for decades is that most registered organizations, only work to meet the bare minimums of the ISO standard.   The 9000 series of standards don’t even offer organizations the incentive or registration to the (supposed to be much better) ISO 9004.   That should tell one all they need to know about the ISO MSS’s. 

I hate to be derogatory about the beloved ISO standards however in truth, I have found that they provide little to any organization and actually cause bureaucracy and an over extension of documentation which becomes so vast and ridiculous that no one within the organization actually reads the documents, much less follows them. 

Secondly there is the use of non-business-related terms to define their various functions to which an organization is supposed to register to.  The concepts and terms are so non-standard as to require extensive discussion as to what they actually mean.  Further there is the misconception of what the terms mean and their intent which is driving vast confusion and variation between the registrars, the clients, and the so-called experts.   Attempt to get two people in a room full of ISO experts, to provide a similar answer to the terms “Context of the Organization” or “Risk Based Thinking” or worse “Interested Parties”.    One cannot get a solid or consistent answer on any of these concepts and terms conjured up by the ISO Technical Boards and Committees.

Business has and will operate the same way for hundreds of years.  One will not get the attention of any business executive unless one speaks financial language (P&L or Cash Flow or Balance sheet etc.).   What is amazing to me is that the so called Quality gurus at ISO are completely inept to these concepts, in any of their management system standards.  No business executive is going to respond to “Context of the organization” of that concept is not derived from the business financials… one might as well be speaking in Greek to and audience who only understands English.

Until ISO understands the concept of business, that its bound up in the financial performance of the organization, and the satisfaction of its Customers, they will continue to loose market share and eventually wind up in the dust bin of time (as they so deserve).   ISO would be better off to hire housewives who are the experts at customer expectation and relations and accountants who are the experts of financial performance and put them in a room to construct a valid business management system.  These quality experts that ISO uses today, obviously know nothing of either concept.

Forum Timezone: America/New_York
Most Users Ever Online: 64
Currently Online:
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mu Beta: 54
dozza: 32
royplchan: 28
jo9977: 23
annie: 23
KH: 20
wayintense: 14
jdgill1963: 13
Richard Billings: 12
lukeB312: 9
Newest Members:
Bernard Wilson
Thomas Tao
Forum Stats:
Groups: 13
Forums: 43
Topics: 754
Posts: 1592


Member Stats:
Guest Posters: 1
Members: 1685
Moderators: 1
Admins: 1
Administrators: Christopher Paris
Moderators: OQRI