auditorsgargantuasComing off of a my latest speaking thing where the audiences were users of ISO 9001, the viewpoint was clear and nearly universal: the biggest problem facing any implementation of ISO 9001:2015 will be the CB auditors, who are already causing chaos in the marketplace.

The chief accolade granted to the new ISO 9001 standard is that it’s lack of firm requirements allows the user organization more flexibility in implementation; that’s a good thing, users say. But along with that silver lining comes the dark cloud sitting in the middle of it: that flexibility is an allergen to CB auditors, who will not have a clue as to how to audit a standard that (gasp!) allows the user to do what they want.

Now the rules make this all very simple, if the CBs would actually follow them. The rules say they are supposed to come in, read the client’s documentation, and learn how they company set up its processes. The CB doesn’t judge the implementation except for where there are overt and indisputable nonconformities. For example, a procedure says “the company will not conduct internal audits”… that would be a problem.

Instead, auditors audit against their experience, previous employment, and “what I’ve seen in other companies,” and it’s all packaged as “value-added auditing.” Sure, it’s a clear violation of the rules, but they do it anyway, and the Accreditation Bodies look the other way.

gargantuas2So with ISO 9001:2015, user organizations may feel free to expand their ideas on interpreting the standard, but doing so will bring a nearly 100% chance that they will have a difficult conversation with their auditor about it. That might be as simple as the auditor being confused, or it might get so severe the auditor writes nonconformities and threatens the client with all sorts of badness.

Without having any required training for auditors, and without having an approved curriculum for the voluntary training they may (or may not) be getting, the fact that CB auditors are unprepared to audit against ISO 9001:2015 is an absolute certainty, and unassailable fact.

In previous years, in the US anyway, we saw a massive drop in ISO 9001 certificates each time the 3-year deadline of a new standard kicked in. The US lost the most certificates in 2003, three years after the “process approach” rewrite. It’s likely now that the 2015 version will have the same effect, with much of it driven by CB auditors who insist they are right, and harass clients into doing things against their will. I predict the US will fall below 10,000 certificates — that’s only four digits — around the 2018 time frame as a result.

Ironically, this means less companies seeking ISO 9001, and thus less need for CBs. CB auditors will be cut loose, and some CBs will shut down entirely. So their dogged insistence on telling clients “this is what I’ve seen in other companies” will ultimately cost them their jobs, but they’re too dumb to figure this out.

Instead, the ABs should enforce proper training, and the training bodies should develop a user-derived training curriculum. None of that happened, and it’s too late, since they’ve already started issuing ISO 9001:2015 certs. But the ABs — through the IAF — could try to fix this now, before it worsens. They’ve routinely showed that they lack the will to stand up to the CB sales reps, so don’t hold your breath.


About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 45001 Implementation