How to overcome "Cartesian anxiety"

A few months ago, James Pomeroy of the Arup consultancy group published an article in LinkedIn on what he called "Cartesian anxiety"—the fear that, without proper planning and metrics, we are all lost. And yet, Pomeroy continues, planning and metrics can never prepare us for every eventuality.

Pomeroy's argument should sound familiar to regular readers of this blog. He begins by describing a mindset that he finds to be common among professionals in Quality, safety, and environmental management. He calls this "a PDCA mindset," and describes its fundamental tenets as follows:

• Planning is Paramount
• Variance is to be Controlled
• Measurement is Everything
• Causality is King
• Hindsight Bias

We've discussed many of these topics before. (See the embedded links for some relevant posts.)

But then Pomeroy goes on to point out just how fragile these assumptions are. In normal operations, of course they are fine; in fact, in normal operations these principles more or less define how to function best. But "in situations of significant uncertainty, high levels of complexity or a continually emerging environment, deterministic methods such as PDCA become problematic." These methods break down because they rely on certain preconditions to operate.

• In order to plan, you have to know what the default future will look like (before you act), so that you can assess what to do. 
• In order to measure, you have to know what to measure and you need a way to observe it without disturbing it. 
• In order to form any kind of cause-and-effect analysis, you need enough data to understand what interacts with what, and you need a clear understanding of how they interact—an understanding, so to speak, of which direction the causal arrows point. 

And under conditions of serious uncertainty, high complexity, or rapid change, none of those preconditions obtain.

Does that mean that when things get crazy, then all is lost? Not at all, says Pomeroy. But at that point the organization has to rely on other tools besides planning and measuring. He tells the famous story of the Hungarian soldiers lost in the Alps, who were saved by following the wrong map.* And he argues that in times of crisis it is better for the organization to do something, see the outcome, and react promptly—"feeling" its way through the tumult—rather than to wait for things to settle down far enough that the planning process can engage. He concludes that "by embracing [this kind of] agility ... we can use trial and error to 'feel' our way through complex situations and navigate uncertainty. This is the focus on doing over planning, trialling things and seeing what works, and adapting to an ever-changing situation."

It's a reasonable argument, and in fact we have seen something like it before. Nearly four years ago, I wrote a series of posts** drawing on a talk by Jeff Griffiths about "People Before Process." Over the course of these posts, I talked about the difference between organizations that have a process focus and those that have a competence focus. Of course in real life, any organization needs both. But I concluded that while in many ways leaning into a process focus scales and replicates faster than leaning into a competence focus, it is also more fragile. A competence focus, by contrast, is more resilient when things go wrong. (See especially the long discussion in Part 3.) The reason is precisely the one Pomeroy highlights: in a crisis, you don't have enough time or data to use the conventional tools of the process focus. You have to be nimble and improvise. And the higher the overall competence of your people, the more capably and creatively you can improvise.

In fairness, I have to make one other point. Pomeroy is not arguing that any organization in crisis should throw its rational tools out the window to navigate purely on vibes. If you look at it, the approach he promotes is topologically identical to the PDCA cycle: decide to do something, do it, see what happens, and react. The difference is in the time-scale. Organizations in crisis don't have time for lengthy data collection or analysis, and often may not even know which data are relevant. So the selection, the analysis, and the decision all have to be done by informal methods. But those informal methods themselves rely on the competence, expertise, and intelligence of the executives making the decisions. Nobody's going to suggest leaving the decisions to the toss of a coin or to ChatGPT.

It's a good article—by all means go read it—and it supports the basic point I always try to make here. All of the Quality principles are sound, as principles. But the point is to get results, not to follow the rules. That's pragmatic.     

__________

* This story derives from a poem by Miroslav Holub, recounting a story told by Albert Szent-Györgyi about a scouting troop of Hungarian soldiers in World War One. You can find the poem here. Briefly, the troops got lost in the snow and expected to die. Then one soldier found he was carrying a map of the mountains. After the troop used the map to return to base, they realized it was not a map of the area where they had been! 

** Here are the links: Part 1, Part 2, Part 3.    

       

"Did you bribe the auditor?"

I've talked in earlier posts about how formally analyzing the Context of the Organization can support you in assessing the business risks you face, or the scope of your management system. But sometimes your context can have a huge impact even in a far less formal way.

Years ago, I worked for a small company here in Santa Barbara, California, that was acquired by a Big Company with headquarters in Europe. A couple of years after the acquisition, Big Company informed us that we had to certify to ISO 14001, the environmental management system standard.

So we set to work, building on our ISO 9001 quality system to create an integrated management system addressing both standards. We worked with an expert from another of Big Company's American offices, trained everyone at our location about the new system, and scheduled an audit. We passed the audit, and got our certificate. So far, so good.

The management from Big Company's home office back in Europe congratulated us, of course, but at the same time they expressed considerable incredulity. Our office had had a lot of trouble getting our initial certification to ISO 9001 some years before, so our European colleagues tended to think of us as chronically a day late and a dollar short. At the same time, when it came to ISO 14001 the European home office hadn't achieved certification until their third external audit! How did we—of all people—manage to score on our first? One vice-president even asked me, "Did you bribe the auditor?" I think he was joking—he made it sound like a joke—but clearly he was also rattled.

Just to be clear, no of course we didn't bribe the auditor. (Long time readers will remember this post from two years ago, where I explain exactly why bribery is a bad thing, as if that weren't already obvious!) I don't remember what I told our VP—the question was so unexpected that I probably fumbled it. But months later, in a very prolonged case of l'esprit d'escalier, I figured out the true answer to explain the seeming incongruity that was troubling him.

In the first place, certification to ISO 14001 generally involves implementing two kinds of measures in your organization: environmental measures and system measures.

• Environmental measures are the programs you put in place in order to address your environmental impacts. These can be simple things like recycling your waste paper and your printer toner cartridges, or they can be large programs to reduce pollution or toxic waste resulting from your manufacturing activities. It all depends on what your current environmental impacts happen to be.
• System measures are (in essence) a series of paperwork exercises, that integrate these environmental activities into an overall management system. These measures include assessing your current environmental impacts, planning which ones to address, planning the programs to address them, measuring the results (i.e., the effectiveness) of those programs, and then using the output of those measurements to replan for next year.  

Certification to ISO 14001 requires that both kinds of measures are in place and working smoothly. And the reason our European home office had so much trouble getting their certificate was that they had to implement measures like a recycling program (and others, of course) from scratch. But it took a while for their employees to develop new habits. 

So an auditor would come to the site and hear that the company had implemented a recycling program. Then he would see that all the recycling bins were empty, and that people discarded copier paper into the regular trash. Naturally he would write a nonconformity that the recycling program was ineffective. Multiply this one example by enough other instances of the same basic problem, and you can see why it took them three tries to get their certificate.

But in our office the project was a lot easier. Remember that we were located in Santa Barbara, California. Santa Barbara was the site of a major 1969 oil spill; public outrage at the spill kickstarted local environmental activism, resulting in the 1970 Environmental Rights Day, and (a few months later) the very first Earth Day. Consequently, state and local ordinances governing the environmental behavior of businesses are already very strict, and have been for many years. Any company operating here has to comply to keep their doors open, and employees take environ­mental measures for granted.

So when we began our project to achieve ISO 14001 certification, half the job was already done. All we had to implement were the system measures. We did the assessments, determined that our current environmental measures were appropriate, and set up metrics to track their effectiveness.

We didn't have to bribe the auditor. We didn't have to be smarter than our European colleagues, and we didn't have to work harder. We just benefitted from our location, and from all the extra requirements which that location implied. In that sense, our context did half the work for us.  

__________

         

Quality in voting, or, What's in ISO/TS 54001?

Last month, when I was writing about the proposed changes in ISO 9000, I noted that a lot of vocabulary had been imported from the sector-specific standard ISO/TS 54001, Quality management systems — Particular requirements for the application of ISO 9001:2015 for electoral organizations at all levels of government. At the time I thought it was an interesting curiosity, but I let it go. After a while, though, I began to wonder: What's really in this standard? How do you define a standard for quality in voting? 

That's a good question. Let me turn it around just a little bit: Suppose you had to write a quality standard for electoral bodies—what would you put in it?  

Where do you start?

First, I wouldn't want to start with a blank sheet of paper. I'd prefer to build on top of proven concepts. Since the question is about building a quality management system for electoral bodies, I'd start by using ISO 9001 as a framework.

Second, I'd recognize that voting is already governed by a lot of laws: national, regional, and local. They aren't going anywhere, so a general management system standard has to recognize those laws. There are even international compacts and conventions which touch on the right to vote; since these compacts are recognized around the world, a standard should be aware of them too.

Third, there is a very specific risk related to voting. All modern democracies rely on the secret ballot. But when ballots are filled out in secret, there is an enormous incentive for vote-counters to cheat in favor of the candidate they prefer. That doesn't mean a lot of cheating actually goes on; at any rate, I did a quick Google search just now which suggests that "documented cases of election fraud are relatively rare worldwide, particularly in established democracies." But the only thing that prevents it is that the world's "established democracies" have all implemented procedures to maximize the transparency of the electoral process and to minimize the opportunity for cheating. Therefore any management system standard governing an electoral body has to take the commitment to transparency very seriously indeed.

It turns out that those three points define the content of the ISO/TS 54001 standard pretty exactly. 

A sector-specific standard

In line with the first point above, ISO/TS 54001 is a sector-specific standard. Like many other such standards,* it is built on ISO 9001 in a very literal sense. It includes every word from the text of ISO 9001 (marked off in boxes) and then adds specialized requirements as needed which pertain to electoral bodies in particular. 

One of the important additions is that ISO/TS 54001 defines the high-level processes which electoral bodies have to address. You remember that ISO 9001 lets each organization define its own processes, because the standard is meant to cover any possible organization or industry. The electoral standard does not offer similar flexibility. The committee behind the standard determined that at a high level all electoral activity looks broadly similar, and they wanted to make sure all the elements are covered. Therefore one of the two largest additions which the electoral standard makes to ISO 9001 is in Annex B, which defines the eight electoral processes that must be considered:

1. Voter registration
2. Registration of political organizations and candidates
3. Electoral logistics
4. Vote casting
5. Vote counting and declaration of results
6. Electoral education
7. Oversight of campaign financing
8. Resolution of electoral disputes

Another important addition is that ISO/TS 54001 requires the electoral body to create an electoral service development plan, which is a document identifying all the requirements the electoral body has to meet, and spelling out how the body will meet them.

And there are a few updates to the rules of ISO 9001 that derive specifically from the periodic and cyclical nature of elections, as distinct from many other kinds of product or service provision which are more or less continuous.** 

Laws and compacts

To be sure, ISO 9001 recognizes the existence of legal requirements, as one of the factors that constrain an organization's choices.*** But there are a few points where ISO/TS 54001 addresses legal requirements more pointedly.

For example, clause 4.3 (Determining the scope of the quality management system) specifically forbids exclusions from the scope of the electoral quality management system, except in two cases:

• Exclusions are permitted from clause 8 (Operation), if applicable.
• Exclusions are permitted if they "resolve conflicts with the applicable legal framework." But in that case it is mandatory that the exclusions "not contravene the Universal Declaration of Human Rights or the International Covenant on Civil and Political Rights."

International law shows up again in clause 9.2.3 (Internal audit), which specifically requires that "The electoral body shall conduct further internal audits to determine whether the electoral quality management system conforms to international legal obligations for democratic elections."

There are smaller references as well, including one in clause 7.5.6.3 (For the registration of political organizations and candidates) which requires "an explicit statement indicating whether there are legal requirements for gender-specific quotas for candidate registration." In general, the topic of legal and international requirements is never far away.

Transparency    

The commitment to transparency drives the other huge addition to the requirements of ISO 9001. Under clause 7.5 (Documented information), ISO/TS 54001 adds more than five pages of explicit documentation requirements. 

This might surprise you. After all, in general the broad trend in quality management systems over the last couple of decades has been to reduce mandatory documentation. The key thought has been, "If you need to write it down, write it down. Otherwise why bother?"

But not for electoral bodies.

Here the rule is very clear: 

• Write down every requirement that pertains to you.
• Write down exactly how you are going to meet each requirement.
• Then keep records showing that you did exactly what you planned.  

There are specific documentation and records requirements for each of the eight electoral processes, and the ISO/TS 54001 standard requires you to meet all of them. To be clear, these rules are a minimum: you can always document or record more if you like. Never less.

This way, if there is ever a dispute—and remember that Dispute resolution is one of the eight electoral processes—there will be a clear paper trail showing exactly what happened. And if the paper trail is clear enough, it should be possible to resolve the dispute by conducting an audit rather than by massing in the streets.

That's certainly the hope, at any rate.

Demonstrations in Mozambique after a disputed vote in October 2024.

It's not clear to me how widely the standard has been adopted, but at least now I know how it holds together.

__________

* Consider, for example, IATF 16949 for automotive companies or AS9100 for aerospace, to name only two.

** For example, there is an addition to clause 5.3 (Organizational roles, responsibilities and authorities) which requires that "responsibilities and authorities are communicated within the electoral body prior to the election process" [my emphasis]. Again, clause 9.3.1 (Management review) requires the organization "to conduct management reviews with sufficient frequency to ensure adequate oversight of the entire electoral quality management system and all of its electoral processes." Depending on how often elections are held, one review a year might not be the best frequency to keep the system running reliably. 

*** See, for example, clause 4.1, NOTE 2: "Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local." [Emphasis mine.]   

        

On sabotage

It's been a while since I posted anything funny here. Let me know if this counts as funny.

Some years ago, the CIA declassified a document published by the Office of Strategic Services (OSS) back during World War Two. The document was called Simple Sabotage Field Manual (Strategic Services Field Manual No.3), and it was written to support our allies trapped behind enemy lines as they tried to disrupt Axis war-fighting capability and Axis society generally. It discusses motivation, timing, and tools, and then gives a lot of specific recommendations. You can download a copy of the document from here (or here).

What could be funny about this, you ask? Well, the book got the attention of management consultants and other business excellence experts, because there is a section on how to sabotage "organizations and production." And the advice in that section just sounds so ... normal! 

Here are just a few highlights:

• Organizations and Conferences
• Insist on doing everything through "channels." Never permit short-cuts to be taken in order to expedite decisions.
• When possible, refer all matters to committees, for "further study and consideration." Attempt to make the committees as large as possible- never less than five.
• Haggle over precise wordings of communications, minutes, resolutions.
• Managers and Supervisors
• Don't order new working materials until your current stocks have been virtually exhausted, so that .the slightest delay in filling your order will mean a shutdown.
• Hold conferences when there is more critical work to be done.  
• Multiply paper work in plausible ways. Start duplicate files.
• Apply all regulations to the last letter.
• Office Workers
• Misfile essential documents.
• Tell important callers the boss is busy or talking on another telephone.
• Spread disturbing rumors that sound like inside dope.
• Never pass on your skill and experience to a new or less skillful worker.

The list goes on and on. And, as I say, the actions mostly sound like normal human clumsiness, short-sightedness, officiousness, and inefficiency. I've seen some of these measures with my own eyes, and I bet everyone I know can say the same thing—not always and not everywhere, but at some jobs, from some people, at some times.

The thing to remember is that while you or I might call this inefficiency, the OSS called it sabotage! When our organizations stumble through the day allowing these things to go on, we are in fact sabotaging ourselves. Now, in spite of all that, most of us get through the day intact anyway. Most of our organizations live to do business again tomorrow. We don't shut ourselves down. 

But think how amazing our performance would look if we didn't sabotage ourselves!  

If you have time for a longer-form discussion, Kyle Chambers and Caleb Adcock from Texas Quality Assurance chatted about this very topic in two back-to-back podcasts back in early March. The first is half an hour, and the second is just about 45 minutes. As always, they discuss the issues with their trademark humor and pragmatism. 

  
      

Auditing the climate amendment

In February of last year, the ISO formally adopted an Amendment to ISO 9001, relating to climate change. (In a stroke of ironic timing, I published an article with Quality Digest just days before the decision, on the subject, "What would it mean if this amendment were adopted?") And right away, voices began calling out, "How do we audit the new requirement?"

Strictly speaking the Amendment added one new requirement to ISO 9001:2015, and one note. The requirement is added to clause 4.1, which discusses Context of the Organization (including the internal and external issues facing the organization), and it provides:

The organization shall determine whether climate change is a relevant issue.

The note is added to clause 4.2, which discusses the needs and expectations of the organization's interested parties, and it reminds the reader:

Relevant interested parties can have requirements related to climate change.

That's it.

Now, the note is literally just a reminder. It is not auditable, which means that there is no need for the organization to show an auditor any objective evidence related to it. But whenever the ISO standard uses the word "shall," that word creates a requirement. The organization has to do it, and has to be able to prove it to an auditor.

Only, ... what questions can the auditor ask to check whether the organization made the determination they are required to make? Auditors started asking for guidance.

And the ISO 9001 Auditing Practices Group rode to the rescue! I don't remember if I've mentioned this group before, but they write papers on how to audit to ISO 9001. They have a website here, which hosts a large library of these papers available for free download. If you ever want official advice on how to audit some part of the ISO 9001 standard, check their library first.

Sure enough, just a month after the Amendment went into effect, the APG published ISO 9001 Auditing Practices Group Guidance on: Auditing Climate Change issues in ISO 9001. You can find it online for free, located here.

As a side note ... I remember when this document first came out, somebody on LinkedIn remarked that the paper is ten pages long. He argued that for it to be so long "proves" that the new requirement "must be" heavy and onerous. I no longer remember if he went so far as to accuse the Lizard People of using this requirement to crush small businesses, and I have lost the link so I can no longer re-read his post to check. But I almost expected him to.

So as a public service, let me reassure you: There is no sign that any Lizard People wrote this paper, and the requirements are not heavy or onerous.

Fine, what does it say?

The basic advice is simple:

• Stay objective.
• Ask if the organization has decided climate change is relevant to them?
• If yes, what steps are they taking?

Let's look at each of these briefly.

Stay objective

When this amendment was first debated, I heard one person say:

"It is impossible for anyone to pretend they aren't affected by climate change. Therefore the answer to the question 'Is it relevant?' has to be Yes, and if someone says No you can write him up!"

The APG rejects this line of thinking. They point out that each organization has a right to make this decision for themselves. The APG paper goes on to say:

In some parts of the world climate change and its causes are controversial topics. Consistent with ISO 19011:2018 Guide­lines for auditing management systems, auditors are to maintain objectivity and neutrality when auditing climate change issues. They should not express personal beliefs relating to climate change. The role of the auditors is to assess whether the organization determined if climate change issues are relevant or not in relation to their QMS and its intended results and, if that is the case, then how it is addressed within the QMS.

This amendment does not require an organization to have climate change initiatives unless it has been identified as a relevant issue to achieve the intended results of the QMS.

Is it relevant?

So the first thing to ask is whether the organization thinks climate change is relevant to them? This means: Do they think that there is a credible risk that climate change can affect their ability to supply their goods or services to customers?

While you are asking that, the paper suggests that you might also check whether the organization has any statutory or regulatory requirements that could affect the answer? And likewise, do they have any contractual requirements that could affect the answer? Obviously you (as an auditor) want to see that the organization's decision on this point is aligned with their legal or contractual requirements.

And then the paper suggests other directions you might explore:

• Is the organization starting to use renewable materials?
• Have they been asked to move to carbon neutral products and services?
• Have energy issues pushed them to reorganize their operations or infrastructure?
• Are they seeing a greater frequency of storms, floods, fires, or drought? And if so, do those developments affect their employees, their supply chain, or their distribution?

And so on. The paper lists many more questions that you might consider.

What steps are they taking?

If the organization determines that climate change is out of scope for their Quality Management System, the discussion ends there. But if they decide that it is a relevant issue, then the basic logic of ISO 9001 requires that they address it one way or another. Naturally the details will be different for every organization. But you can follow the climate theme as a thread throughout the rest of the audit:

• When you audit the scope of the QMS in clause 4.3, you can check whether they still use the same industry codes as before. Are they still making the same products, or in the same line of work?
• When you audit risks and opportunities in clause 6.1, what risks and opportunities have they explicitly identified that relate to the climate? How have they evaluated them? Have they assigned actions to address the risks or capitalize on the opportunities?
• When you audit changes in clause 6.3, consider all the other changes listed here. Has the organization handled them in a planned and controlled way?
• When you audit the work environment in clause 7.1.4, has it been affected by the climate in any way? Has the organization taken any steps?
• When you audit operations in clause 8, how have their operations been affected? (The APG paper offers a full page of suggested questions for clause 8 alone, but of course the details will always depend on the individual organization.)
• When you audit performance evaluation in clause 9, what aspects of climate impact or climate mitigation are the organization monitoring and measuring? Are they monitoring and measuring data that are related to the impact or the risks they have identified? Are the tools and methods that they use for this monitoring and measuring actually fit for purpose? And how is the organization checking to ensure that the changes they have implemented really work?

Again, the paper gives many more suggestions besides these. And of course you would never use every single question. It all depends on what fits, based on the details of the organization.

None of it is heavy or onerous. And it all flows logically from the actual requirements. But I am glad to know that the suggestions are available, as a support.

If you're not familiar with the Auditing Practices Group, be sure to check out their library.     

    

"The paradox of Quality"

A couple months ago, Anthony Lenarz of GE Vernova posted an article in LinkedIn called "The Paradox of Quality." His point was much like that of an Innovation Manager I once worked with who joked, "You and I are mortal enemies, because we pull the company in opposite ways. You work in Quality, so you want to eliminate variation; I work in Innovation, so I want to inject change everywhere." 

This is exactly what Lenarz says:

"Quality is a profession that thrives on confusion. It's like being told to walk in a straight line while doing the tango. On the one hand, we're told to standardize everything, make it all uniform, reduce variation to a whisper. It's a bit like telling a jazz band to play the same note over and over again—consistently—until they all fall asleep.

"But on the other hand, in the same breath we say, 'Take the initiative, drive change, and continually improve.' It's as if we want our jazz band to suddenly break into a solo, each musician playing a different tune but somehow making it all sound like a symphony."

It's funny, of course. And I love the image. But in the end I disagree with the basic point. And I think it misrepresents (no doubt unintentionally) what Quality is all about. 

Part of the error is that Quality isn't really about standardization, or reducing variation, or any of those things—any more than profitability is "really about" eliminating waste. Those are just means to an end. The real heart of Quality is a lot more basic: Quality means getting what you want. And all the rules and procedures in the whole Quality toolchest are just gimmicks to get you there.

Maybe it looks like I'm playing games by drawing this distinction, because we all know that in practice implementing a Quality system means doing work in a consistent way and guaranteeing a consistent output. You can say that's just a technique, but it's still what we do every single day.

Yes that's true, but there's an issue of scale. To the extent that Quality does involve reducing variation, it means making each widget like the next in the same production run, which in turn simply means executing the design correctly. If you make one-foot rulers, Quality means (among other things) that Customer A doesn't get an 11-inch ruler on the same day that Customer B gets a 13-inch ruler. It means that when you sell a one-foot ruler, that's what you deliver.

This doesn't impede innovation, because innovation isn't about shipping rulers that might randomly be 11 inches long, or 13 inches long, or somewhere in between. Innovation is about developing new kinds of rulers, to meet new needs: yardsticks, meter sticks, other kinds of measuring tools. 

It's true that there is no foolproof procedure for designing brand-new ideas, any more than there are any other foolproof processes. But when you succeed in designing these new measuring tools, Quality ensures that your design gets to the customer correctly, as you planned it—and not mucked up by a bunch of random accidents.

Of all Lenarz's tantalizing images, I think the one that best captures the true interrelation between Quality and Innovation is the symphony. A symphony is only possible if there is a score, if each musician is using the same score, and if each musician is well-enough trained to produce a consistent melody from that score, without fail, during every single performance. Also, each instrument has to be tuned (calibrated), and good enough for orchestral work (fit for purpose). Standardization, the reduction of variation. and the other traditional Quality tools go so far.

At the same time, there is a level of craftsmanship and mastery that comes in below the level of the score, where each musician has to make subtle accommodations to get the best sound out of each instrument. This craftsmanship depends on individual skill and cannot possibly be standardized. Therefore Quality systems impose requirements for training and expertise. 

The conductor interprets the piece in ways that are always consistent with the score but that nonetheless express a personal spirit or vision. This vision and interpretation are part of the job of Leadership, which is one of the principles undergirding Quality management.

And Innovation? Well after all, who writes the score? This is the role of the composer, be it Mozart, Beethoven, Wagner, Copland, or Salonen. Without innovation—without a score—the members of the orchestra sit idle and have nothing to do. But it takes all of the orchestra's Quality processes to deliver that score to the audience.

   

__________

          

What's in the new ISO 9000?

Two years ago* I wrote about some changes that had been proposed in the ISO 9000:2015 standard, Quality management systems — Fundamentals and vocabulary. Since that time, the responsible committee TC176 decided to move forward with an update, and they have recently posted a Draft International Standard (ISO/DIS 9000) for review and voting. This draft contains numerous changes and updates. And to be clear, the DIS has not been formally approved yet. Something might still change. On the other hand, since the document is now public, the confidentiality rules on committee work no longer apply and we can discuss it publicly.

For those who want to follow along at home:

⇒⇒ YOU CAN BUY A COPY OF ISO/DIS 9000 FROM THIS WEBPAGE HERE. ⇐⇐   

What's changing?

Remember that ISO 9000 is like a dictionary: it contains definitions of technical terms, and it contains explanations of fundamental concepts. So the changes include new technical terms, and new fundamental concepts. In addition, the committee rewrote many existing passages even while keeping their substance. 

Rewriting passages

I tried to keep track of the changes in wording, to see if I could discover a common thread, and finally gave up. In many cases the changes seemed no more than another way to say the same thing; other times they introduced qualifiers which might be helpful but were probably not really essential. In some places the new text backs away from promising that Quality management will bring you success,** but in other places it adds those suggestions where they weren't before.*** 

The only absolutely consistent change that I detected was that ISO DIS 9000 no longer refers to itself as an International Standard. Time and again the phrase "this International Standard" has been replaced with "this document." Where the Introduction to the current edition promises that "This International Standard … provides the foundation for other QMS standards" [Emphasis mine.] the Draft says more modestly that "This document … provides the foundation for quality management and quality management systems (QMS) standards." In fact there is only one point in the whole document where the Draft retains the words "this International Standard," and I am certain it represents a copy-paste error.****

Does anyone know why? Is there a technical reason that ISO 9000 will no longer count as an "Inter­national Standard" after this edition is published? I don't know, but I'd love to understand it better.

New technical terms

The new Draft standard defines a lot of new words. Oddly enough, it also deletes a few old ones.

There are five technical terms deleted from the vocabulary definitions in the new Draft, and they all relate to configuration management. In this version, you can no longer find definitions for: change control, configuration authority, configuration control board, configuration management, or dispositioning authority. Again, does anyone know why? It's not like these concepts aren't important. Nor has the committee taken a principled stand to move configuration management topics into a different document, because the new Draft still contains definitions for configuration baseline and configuration status accounting.***** So I'm puzzled. Do you understand it?

At the same time, the committee added far more terms than it deleted. I count eighty-six new terms. A few of these relate to traditional Quality topics, which makes their earlier exclusion look like an oversight: complainant, form, good practice, result, work instruction. There are even two new terms related to configuration management (configuration information and configuration item), which makes the loss of the others still more of a puzzle. Then there are terms related to ancillary disciplines like project management (project life cycle, project phase), or to tools that have become popular enough to be considered more or less standard (change matrix, dashboard).

But over half the new terms—forty-five in all—relate to government and voting. These terms aren't used anywhere else in the new Draft, so it's not like they are part of the regular conceptual infrastructure. They seem to come from ISO/TS 54001:2019, Quality management systems: Particular requirements for the application of ISO 9001:2015 for electoral organizations at all levels of government: terms like electoral body, outsourced electoral process, ballot proposal, electoral service development plan, and so on. I assume that the committee wants to pull all the technical vocabulary for all specialized applications of quality management into one large pool where they can be kept consistent with each other, rather than letting them hide in specialized documents where they can be scattered and hard to find. But I wasn't part of the subcommittee which decided this point, so I am only guessing. 

New concepts

Then there are the principles and the concepts. Here there has been both rearrangement and addition.

In the first place, whole sections have been rearranged. The 2015 edition broke up clause 2 as follows:

2.1 General

2.2 Fundamental concepts

2.3 Quality management principles

2.4 Developing the QMS using fundamental concepts and principles

The new DIS 9000 swaps the position of concepts and principles, and then splits concepts into "fundamental" and "additional" as follows:

2.1 General

2.2 Quality management principles

2.3 Fundamental quality management concepts

2.4 Additional concepts relevant to quality management

2.5 Developing the QMS using fundamental concepts and principles 

Here in this blog, we just finished a two-month series on the Quality management principles (starting here and ending last week), so I'm happy to report that there were no important changes to that section. I won't have to rewrite two months' worth of posts. 😀 Of course all the paragraph numbers changed when the principles moved from clause 2.3 to clause 2.2. And there were minor wording changes like I described above. But that's it.

Among the concepts, … well, the existing concepts that were carried forward didn't change much, though some were put in clause 2.3 and others in clause 2.4.****** But there were a lot of new concepts added. Some of these "new concepts" are familiar terms that Quality professionals have been using for decades, but which were never before now brought into this standard. Others are … a lot newer. Here's the list of new concepts that have been added:

Quality management

Quality assurance

Quality control

Quality planning

Process management

Risk-based thinking

Organizational quality culture

Continual improvement

Integrated management system

Circular economy

Emerging technologies

Innovation

Change management

Customer experience

Knowledge management

Information management

People aspects

Business continuity

It's quite a list. Each one gets a short essay of a couple paragraphs (the longest is a page), explaining what it is and why it is listed.

Where does this leave us?  

I think the committee is trying to do too much. Most of the new Draft is fine, of course. But that list of new concepts is too long. Or rather, it's not the length that troubles me. It's that a few of the concepts—circular economy, for example, or emerging technologies—have only the thinnest connection to Quality.

To be clear, I don't think these concepts are unimportant. And I recognize that the committee is trying to encourage businesses to look past tomorrow, to take account of the issues that lurk in the shadows, waiting for them in the wider world. Emerging technologies affect all of us, like it or not. Innovation has become a fact of life in the marketplace. And the more we can adopt the perspective of a circular economy, the less strain we will put on our resource base, our supply chains, and our natural environment. These topics are all important ones to think about, and the actions stemming from them are valuable things to do.

But they're not about Quality. Quality is about satisfying the needs and expectations of customers and other interested parties. And while it is important to understand the impact that our actions will have on the natural environment or on future generations, it's a stretch to identify either the environment or our successor generations as "interested parties." What's more, I worry that trying to do too much will distract us from focusing on the topic at hand. For this reason, I'm inclined to think that ISO 9000 should stay in its lane.  

This is exactly the same argument I made when we discussed whether the Quality standards should address climate change. You may remember that the majority disagreed with me last time, so I won't be surprised if they disagree with me this time too. It happens.

To put the best face on it, I do understand that the committee is trying to nudge businesses and other organizations into considering these important issues. And in a sense, this document is a good place to put these topics, precisely because it is explanatory and not directive. ISO 9000 never tells you what to do; that's ISO 9001's job. ISO 9000 just tells you what things mean, words and concepts. So if you really don't care what circular economy means, you can skip that part and no harm done. No auditor is going to quiz you about it later.

It almost looks as if the committee has decided to make ISO 9000 into an overall Generic Framework for Organizational Management. Maybe that's even a useful thing to do. But it's not what I was expecting from the document title.

__________

* Has it really been that long? Time flies when you're having fun! 

** In the 2015 edition, clause 2.3.1.2 begins, "Sustained success is achieved when an organization attracts and retains the confidence of customers and other relevant interested parties." The new Draft deletes this sentence in its entirety. It does retain a later sentence which offers no more than that "Understanding current and future needs of customers and other interested parties contributes to the sustained success of the organization." [My emphasis.] Also, for some reason the new Draft shuffles around the order of the sentences—not just here, but in most of the clauses that were otherwise retained more or less intact.

*** In the 2015 edition, clause 2.1 para. 1 ends, "The impact of quality extends beyond customer satisfaction: it can also have a direct impact on the organization’s reputation." The new Draft adds the words "and sustained success" before the period. 

**** Note 2 to definition 3.2.10 ("quality management system consultant") says, "This International Standard provides guidance on how to distinguish a competent quality management system consultant from one who is not." [Emphasis mine.] Now in fact ISO DIS 9000 says nothing at all about the competence of quality management system consultants. But another standard does discuss this subject: ISO 10019:2005, Guidelines for the selection of quality management system consultants and use of their services. What is more, the definition of "quality management system consultant" that we find in the new DIS 9000 appears word-for-word in ISO 10019:2005, along with two notes. The two notes are also repeated word-for-word in the new Draft, and the second of those notes promises to distinguish competent consultants from incompetent ones. 

***** The Alphabetical index of terms at the end of the new Draft standard also lists configuration object, but the item reference pointer is wrong and the term never appears in the text of clause 3. It has been replaced by configuration item, which has the exact same definition here in the Draft that configuration object has in the 2015 edition.

****** The concept "Support" from the 2015 edition is covered by the concept "People aspects" in the new DIS.