Thankfully, the user’s “Bill of Rights” remains untouched. This is the paragraph that starts with “it is not the intent of this document…” and it is an invaluable tool for users who are harassed by uninformed auditors.<\/p><\/blockquote>\n
1.0 Scope<\/strong><\/p>\nNo changes<\/p>\n
2.0 Normative references<\/strong><\/p>\nNo changes; still only references ISO 9000.<\/p>\n
3.0 Terms and Definitions<\/strong><\/p>\nNow adds definitions for: organization, interested party (stakeholder), top management, management system, policy, objective, risk, process, competence, documented information, performance, continual improvement, effectiveness, requirement, conformity, nonconformity, corrective action, audit, measurement, monitoring.<\/p>\n
The definition of risk\u00a0still<\/strong><\/em>\u00a0<\/em>claims it can be either “positive or negative.<\/em>” Then a new<\/strong> <\/em>note\u00a0says, “the word ‘risk’ is sometimes used when there is the possibility of only negative consequences<\/em>.” So they can’t even be consistent. There are five notes on this definition, showing TC 176 really struggling with this whole “positive risk<\/em>” insanity.<\/span><\/p>\nStill no<\/strong><\/em> definitions for “strategic direction<\/em>” or “opportunity<\/em>,” despite the terms being crucial for understanding the standard. “Opportunity<\/em>” is 50% of the clause, and no one knows what it means. After nearly a decade!<\/p>\n4.0 Context of the Organization<\/strong><\/p>\nStill presents sub-clauses in the wrong order. This is made worse by the Annex A guidance; see below.<\/p>\n
4.1 Understanding the Organization and Its Context<\/strong><\/p>\nAdds climate change language from the ISO 9001:2015 Amendment 2024.<\/p>\n
4.2 Understanding the needs and expectations of interested parties<\/strong><\/p>\nAdds climate change language from the ISO 9001:2015 Amendment 2024.<\/p>\n
Minor language tweaks, no new requirements.<\/p>\n
4.3 Determining the Scope of the Quality Management System<\/strong><\/p>\nMinor language tweaks, no new requirements.<\/p>\n
Still does not require that the scope statement include locations<\/strong> <\/em>that fall under the QMS, despite this being a requirement for certification going back to the late 1980s. Still does not conclude that the scope statement is<\/strong> <\/em>the expression of the organization’s “context<\/em>“; the authors don’t understand how to interpret Annex SL for quality management.<\/p>\n4.4 Quality Management System and Its processes<\/strong><\/p>\nMinor language tweaks, no new requirements. Did not clean this up, unfortunately. The process approach remains as confusing as ever. This isn’t rocket science, but ISO has had 25 years to get this right and can’t do it. The process approach is then dropped by Clause 5 and never really mentioned again, breaking PDCA.<\/p>\n
5.0 Leadership<\/strong><\/p>\n5.1 Leadership & Commitment<\/strong><\/p>\n5.1.1 General<\/strong><\/p>\nAdds requirements for top management to promote “quality culture and ethical behavior.<\/em>” \u00a0More unenforceable platitudes, keeping the clause largely useless and un-auditable. Adds a note that tries to explain this, but it’s weak.<\/p>\nAnnex A later references ISO 10010 on Quality Culture, so expect that a lot of auditors will expect companies to implement that<\/strong> <\/em>standard in order to comply with this clause. Product placement for another ISO standard.<\/p>\n5.1.2 Customer Focus<\/strong><\/p>\nNo changes. Still a largely useless clause, as it simply refers to content already addressed elsewhere.<\/p>\n
5.2 Policy<\/strong><\/p>\nNo changes.<\/p>\n
5.3 Organizational Roles, Responsibilities and Authorities<\/strong><\/p>\nNo changes.<\/p>\n
6.0 Planning<\/strong><\/p>\n6.1 Actions to address risks and opportunities<\/strong><\/p>\nStrange; in this case, CD1 had improved the language and more clearly described the difference between risk and opportunity. That draft also broke up the clause into sub-clauses 6.1.1.1 for risks, and 6.1.1.2 for opportunities.<\/p>\n
But, no, we can’t have nice things. CD2 undoes<\/strong> <\/em>those edits and reverts the clause back to the original (confusing) language. The Annex A guidance then makes this much worse<\/strong><\/em>, saying, “opportunities are not risks<\/em>,” after having said the opposite in clause 0. It’s a mess, and it’s clear that the entire risk thing has baffled TC 176 to the point of satire.<\/p>\nStill no requirement for procedure, process, records, root cause, or any legacy preventive action language, so this will remain a huge flaw in ISO 9001. TC 176 predictably ignored the world\u2019s feedback on \u201crisk-based thinking<\/em>.\u201d<\/p>\n6.2 Quality Objectives and Planning to Achieve Them<\/strong><\/p>\nThe addition of language that says objectives are to be measurable only \u201cif practicable<\/em>\u201d comes from a terribly wrong edit made to Annex SL. Since BSI and those folks are slaves to the ISO Technical Management Board, they are refusing to fix this mistake, which will dramatically weaken all quality management systems. Obviously, objectives must be measurable in a QMS. This will push users into “management by slogans,” which Deming warned against.<\/p>\nThis is an example of cowardly bureaucrats winning over actual subject matter experts.<\/p>\n
TC 176 still does not close the loop on the process approach as the core of a QMS, and thinks process metrics and quality objectives are different things. They are not, but sure, let’s be unnecessarily redundant.<\/p>\n
6.2.2 maintains the cringeworthy \u201cwho, what, where,<\/em>\u2026\u201d language of Annex SL and ISO 9001:2015. Remains a blank clause, with no actual requirements. Still, no editors are stepping in to fix this glaring flaw.<\/p>\n6.3 Planning of changes<\/strong><\/p>\nNo changes.<\/p>\n
7.0 Support<\/strong><\/p>\n7.1 Resources<\/strong><\/p>\n7.1.1 General<\/strong><\/p>\nNo changes.<\/p>\n
7.1.2 People<\/strong><\/p>\nNo changes.<\/p>\n
7.1.3 Infrastructure<\/strong><\/p>\nNo changes. Continues to put the requirements into the note, keeping the error from ISO 9001:2015.<\/p>\n
7.1.4 Environment for the Operation of Processes<\/strong><\/p>\nContinues to put the requirements into the note, keeping the error from ISO 9001:2015. Maintains the bonkers language on \u201csocial and psychological\u201d factors such as \u201cemotionally protective<\/em>\u201d workplace. Adds new suggestions to consider \u201ctechnological<\/em>\u201d and \u201ccultural<\/em>\u201d aspects. This is ten augmented by a section in the Annex on “emerging technologies<\/em>.”<\/p>\nSide note: it is cringeworthy to watch how consultants are praising ISO for discussing “emerging technologies<\/em>” as if this is somehow tied to a requirement. It’s not.<\/strong> <\/em>The term is just used in passing, and there are actionable requirements here that a user of the standard has to do, so it’s all fluff.<\/p>\nNone of use need ISO 9001 to tell us to be aware of emerging technologies. Imagine reading the 1987 version of the standard and seeing a clause in there that says, “hey, there’s this thing called the internet coming, you should pay attention to it<\/em>.” Just silly. But low-information consultants are praising this, because they have no ability to think critically.<\/p><\/blockquote>\n7.1.5 Monitoring and Measuring Resources<\/strong><\/p>\nNew paragraph added that requires validation of any software used for calibration. But a note suggests this is still under discussion and may yet get deleted. My gut tells me it will stay.<\/p>\n
A new note was added to help define metrological traceability and push readers towards ISO 10012.<\/p>\n
7.1.6 Organizational knowledge<\/strong><\/p>\nNo changes.<\/p>\n
7.2 Competence<\/strong><\/p>\nNo changes.<\/p>\n
7.3 Awareness<\/strong><\/p>\nNo changes.<\/p>\n
7.4 Communication<\/strong><\/p>\nNo changes. Still unauditable, still doesn’t include customer communication (which instead appears in 8.2, out of place.)<\/p>\n
7.5 Documented information<\/strong><\/p>\nNo changes. Continues to mix up \u201cdocuments<\/em>\u201d and \u201crecords<\/em>,\u201d keeping the section confusing and rambling. A lot of people complained about this in the 2015 version, but TC 176 ignored them.<\/p>\n8.0 Operation<\/strong><\/p>\n8.1 Operational planning and control<\/strong><\/p>\nMaintains ISO 9001:2015\u2019s errors of (a) not clearly explaining that the standard views \u201coperational<\/em>\u201d and \u201corganizational<\/em>\u201d processes differently, (b) not fixing the clause so that it can in any way be understood without a consultant.<\/p>\nInexplicably, they made the \u201coutsourced processes<\/em>\u201d thing worse<\/strong><\/em>, not better. Whereas ISO 9001:2015 referred readers over the 8.4, this draft removes that reference entirely. So now outsourced processes have no actual requirements to bite into. This will dramatically injure all quality systems, as there is no longer any language telling you what to do with an outsourced process.<\/p>\nThis clause desperately needed guidance in Annex A, as it’s a complex clause that few understand. Annex A does not<\/strong> <\/em>provide that guidance, however.<\/p>\n8.2 Requirements for Products and Services<\/strong><\/p>\n8.2.1 Customer communication<\/strong><\/p>\nAdds a cringeworthy note defining what \u201ccustomer communication”<\/em> is \u2013 really? Did we need that? \u2013 then namedrops terms like \u201cweb site content, Frequently Asked Questions<\/em>\u201d as if it was written during the AOL era. (I like how “web site<\/em>” is two words, as if it was written in 1990.)<\/p>\n8.2.2 Determining the Requirements Related to Products and Services<\/strong><\/p>\nNo changes. Maintains bizarre language that this applies BEFORE a customer even exists (\u201cproducts and services to be<\/span><\/strong> offered to customers\u2026<\/em>\u201d) Still haven\u2019t fixed that.<\/p>\n8.2.3 Review of Requirements Related to Products and Services<\/strong><\/p>\nNo changes. Still a mess (\u201cto be offered\u2026<\/em>\u201d) and largely repeats what was said in 8.2.2. Old 2000 language was better, but they still won\u2019t restore it.<\/p>\n8.2.4 Changes to Requirements for Products and Services<\/strong><\/p>\nNo changes.<\/p>\n
8.3 Design and Development of Products and Services<\/strong><\/p>\nNo changes. Maintains the jumbled nature of this clause from 2015, implying that design validation happens before you create design outputs, Again, the \u00a02000 language was better, but they won\u2019t restore it. Agile folks, you will still hate this.<\/p>\n
The fact that this was not touched at all so far suggests that none of the TC 176 authors understand product design. The clause STILL<\/strong> <\/em>does not discuss service design, despite it being in the title of the clause. This speaks to a gross lack of subject matter experts on the committee.<\/p>\n8.4 Control of Externally Provided Processes, Products and Services<\/strong><\/p>\nNo changes. This maintains the confusing repetition of requirements in 8.4.1 and 8.4.2. Also (again) this suggests no actual subject matter experts are working on this. TC 176 doesn\u2019t know how supply chain management and procurement work.<\/p>\n
Still doesn\u2019t require that you communicate with suppliers in actual writing.<\/p>\n
Outsourced processes still get no love.<\/p>\n
8.5 Production and Service Provision<\/strong><\/p>\n8.5.1 Control of Production and Service Provision<\/strong><\/p>\nNo changes.<\/p>\n
8.5.2 Identification and Ttraceability<\/strong><\/p>\nNo changes.<\/p>\n
8.5.3 Property Belonging to Customers or External Providers<\/strong><\/p>\nNo changes.<\/p>\n
8.5.4 Preservation<\/strong><\/p>\nNo changes.<\/p>\n
8.5.5 Post-delivery activities<\/strong><\/p>\nNo changes. This clause still doesn\u2019t know what it wants to say.<\/p>\n
8.5.6 Control of changes<\/strong><\/p>\nNo changes.<\/p>\n
8.6 Release of Products and Services<\/strong><\/p>\nNo changes. Still maintains the horrid 2015 error or switching terms mid-standard.; see notes on 9.1.3 below. The clause is not<\/strong> <\/em>about \u201crelease<\/em>\u201d (delivery) at all.<\/p>\nOh, and still no actual delivery clause! So, per ISO 9001, product never needs to be shipped. Astonishing.<\/p>\n
8.7 Control of Nonconforming Outputs<\/strong><\/p>\nNo changes, and we desperately needed fixes here.<\/p>\n
9.0 Performance evaluation<\/strong><\/p>\n9.1 Monitoring, Measurement, Analysis and Evaluation<\/strong><\/p>\n9.1.1 General<\/strong><\/p>\nNo changes, remains nearly entirely useless. Never ties back to process approach, so breaks PDCA entirely.<\/p>\n
9.1.2 Customer satisfaction<\/strong><\/p>\nNo changes.<\/p>\n
9.1.3 Analysis and Evaluation<\/strong><\/p>\nNo changes. Again, never ties back to process approach, so breaks PDCA entirely. Treats \u201cperformance and effectiveness of the quality management system<\/em>\u201d as something totally apart from process approach.<\/p>\nKeeps \u201cstatistical techniques<\/em>\u201d as an afterthought note, ensuring problems for companies that use them.<\/p>\nFails to alert the reader to the (idiotic) fact that now, in clause 9, TC 176 is using the term \u201cmonitoring and measurement<\/em>\u201d in an entirely different context. Now it is NOT about inspection testing, despite that being understood up until clause 8.7. So, for those keeping track at home:<\/p>\nClauses 4 through 8.5<\/strong>: \u201cmonitoring and measuring<\/em>\u201d means inspection and testing.<\/p>\nClause 8.6:<\/strong> now, inspection and testing are referred to as \u201cplanned arrangements<\/em>\u201d you do prior to \u201crelease<\/em>.\u201d<\/p>\nClauses 9 & 10:<\/strong> \u201cMonitoring and measurement<\/em>\u201d now means a more holistic (and literal) monitoring and measurement of data related to the QMS, and not inspection and testing.<\/p>\n
![\"\"](\"https:\/\/www.oxebridge.com\/emma\/wp-content\/uploads\/2024\/12\/cd2insanity.png\")
<\/a><\/p>\n