Thursday, December 1, 2022

Wait ... did Boeing just take my advice?

Forgive me for interrupting myself. I was going to follow up my last post about customer requirements with one about meeting or exceeding expectations, but that has to wait. Right now there is a contretemps in the ISO 9001 community on LinkedIn, and it relates directly to a point I made in this very blog a few months ago. How can I resist such an opportunity?

It all started when Alan Daniels of Boeing gave an interview in a podcast where he discussed (among other topics) the importance of AS9100. You wouldn't expect this to be controversial. But when the podcast was advertised through a post in LinkedIn, a vigorous discussion broke out in the comments of that post between Christopher Paris, of Oxebridge International, and Doug French, retired from Boeing.

Paris asked, If Boeing thinks AS9100 is so important, why don't they hold an AS9100 certification, validated by external auditors?

French replied, We do think the standard is important, and we follow it carefully; but we've made an internal business decision not to spend the money for the certificate at this time.

Paris: Why should I believe you, if you don't back up your words with an objective certificate?

French: What part of the words "internal business decision" do you not understand?

And it kind of went downhill from there. 

What delights and fascinates me about this discussion is how exactly it echoes points that I've discussed in this blog. For example, Paris's objection that there is no reason to believe Boeing follows the rules of AS9100 without a certificate could have been copied verbatim from the last paragraph of my post two weeks ago about why we have standards in the first place. [Note: because Boeing is in aerospace, the discussion between Paris and French revolves around AS9100. My post is about ISO 9001. But the issues involved are identical.]

But what really caught my attention is that Boeing seems to be following the very advice I posted last March, in this post here, about whether or when to seek certification. If you remember, what I said was this:

"[W]hile every company benefits from doing things well, not every company benefits from having a certificate to hang on the wall attesting that they do things well. If having this certificate will bring you more new business than it costs you to get it ... then it is worth the money to get the certificate. If not, not."
That's exactly what Doug French said. 

How does this advice apply to Boeing? Companies often seek certification for a couple of reasons. One is that a customer demands it; another is that it sets them apart from the competition. But who exactly is Boeing's competition? There are only two major airplane manufacturing companies in the world that sell commercial jetliners: Boeing and Airbus. [Reference.] Yes, of course there are smaller manufacturers as well, but for all practical purposes no other company can compete with these two. So Boeing has no need to set themselves apart from competitors by seeking certification. And there are no customers demanding to see a certificate, because the relevant customers know that they don't have a wide choice of vendors. There is simply no compelling economic reason for Boeing to seek certification.

To be fair, Paris recognizes this. While he chastises Boeing for not seeking certification, the reason he offers is not economic. His reason is moral: noblesse oblige. While recognizing that of course Boeing can get along just fine economically without certification—business has gone swimmingly up till now, after all—he argues that if Boeing is going to champion the AS9100 standard (which they do), and if Boeing is going to require all their suppliers to be certified to AS9100 (which they do), then they should feel morally obligated to lead by example. So long as they don't, Paris argues, their protestations about the importance of standards and certification sound hollow.

Is he right? I guess it's a matter of opinion. But the way the airplane manufacturing business looks today, Boeing is probably safe in doing what they do. Even if a lot of people end up agreeing with Paris, how far will that cut into their sales? I predict that the effect will be negligible compared to the ups and downs of the worldwide demand for aircraft—and I'm certain Boeing is paying a lot of attention to that.

And if things change one day? If suddenly there is a material risk that Boeing will be penalized in the marketplace for not holding a third-party certificate of compliance to AS9100? The day that happens, Boeing will contract with a Certification Body and get their certification. That's what any company would do. If having this certificate will bring you more new business than it costs you to get it ... then it is worth the money to get the certificate.

I'm still tickled to think that Boeing is following my advice on this point.


Thursday, November 24, 2022

Requirements: theirs and yours

Quality is often defined as "meeting customer requirements" or "meeting customer expectations." (Longtime readers may recall that I discussed that definition along with others in this early post last year.) But in a post a couple weeks ago, when discussing how to handle ethical questions in your organization, I described the Bosch Product Development Code, an element of the Bosch Code of Business Conduct which states clearly that "Legality and the Bosch values take precedence over customers’ wishes." How can this be Quality? If Quality means "meeting customer requirements," what grounds does any company have for saying that other considerations are more important?
Image by Edar from Pixabay

At one level, this is easy. Any responsible company will review orders before accepting them, to make sure they can actually fulfil what is asked. (ISO 9001:2015 requires such a review in section 8.2.3.) If this review reveals customer requirements that the company is unable or unwilling to fulfil, the latter is generally within its rights to reject the order. The order might be impossible, or it might be illegal, or it might just be a bad fit for the kind of work the company does best: in any of those cases, the right response is, "I'm sorry but that's not for us."

This highlights why it is inadequate to define Quality merely as "meeting customer requirements." Your organization likely has rules or considerations of its own that also have to be taken into account. These organizational considerations are the boundary conditions inside of which you operate. But critically, they count as requirements, and they have to be considered along with the other requirements that come externally, from the customer. Then you evaluate whether the whole package is something you can achieve or not.

Another way to describe your organizational requirements is that they are part of the Context of your Organization (COTO), and they should surface during your COTO analysis. But this means that your COTO analysis is in essence a requirements review for the organization. That is to say, ... well, we all know what a requirements review is for a product: you get the right people together in a room, and you generate a list of everything the product has to fulfil. You work through the list to ensure that it is consistent, that it complies with all applicable regulations or boundary conditions, and that it is achievable.

But that's exactly what you do in your COTO analysis: you identify all the interested parties who want something from you, list what they want, itemize any other issues you have to address, and then figure out what you are really going to do. In the end, your final list of constraints that form the framework of your management system has to be consistent (or else different departments will pull in different directions, guaranteeing failure); it has to comply with applicable regulations (if only to ensure nobody goes to jail); and it has to be achievable (or else, again, you guarantee failure). In other words, your COTO is the requirements list for your organization.

And that means that, conceptually, the rejection of this or that customer requirement on the grounds of ethics—or legality, or profitability, or anything else—is no big deal. It's just a case where one requirement conflicts with another. This happens all the time, and the answer is always to analyze the conflict until you figure out which requirement takes priority. That's what you are doing here.  


Thursday, November 17, 2022

Why do we have standards, anyway?

Last week's post triggered a lot of discussion, mostly on LinkedIn. One of the topics was over the fundamental purpose of the ISO 9001 standard: is it primarily a tool to use internally (for continual improvement), or externally (for certification)? In the end, Christopher Paris resolved the question by explaining in detail the history of the standard's development, and showing that external certification was baked into the concept from the beginning. 

But I'd like to suggest that the same conclusion should have been clear even without knowing the history in a lot of detail. It all stems from the basic nature of standards in general.

Why do we need standards? A standard is like a common language: it allows us to do business with strangers, because we know that we are both talking about the same thing. Whenever a market gets full or busy or complex, whenever there are many people buying and selling from each other, you need standards that everyone can align on. The alternative is chaos. This is many times truer when trade crosses international borders.

The Last Day of the Sale, by George Bernard O'Neill

And in fact many of the standards issued by the ISO are technical standards whose whole purpose is to ensure that common products align to uniform specifications around the world, so that you can buy them anywhere. ISO 3290-1 and ISO 3290-2 specify the uniform characteristics of ball bearings. (ISO 3290-1 covers steel ball bearings, while ISO 3290-2 covers ceramic ones.) As a result you can buy your ball bearings from any manufacturer, anywhere in the world, who complies with these standards—and you are guaranteed that they will fit your application interchangeably with the ball bearings you already have. Knowing you can rely on this uniformity is tremendously valuable.

In the same way, if a company follows ISO 9001, then we think we know something about them even before we place our first purchase order. We are not guaranteed that their products are flawless! But if they follow ISO 9001, then at the very least they should have (for example) some kind of system in place to evaluate orders before accepting them. They should have other systems in place for handling customer complaints, in case there are any. And so on. Knowing these things gives us greater confidence about doing business with them, or it should. (In exactly the same way, the whole point of the proposed management system standards to support the UN's sustainable development goals, which I discussed at some length last month, is to provide a common and uniform frame of reference so that companies who want to explain what they are doing to advance these goals can trust that they will be understood.)

But wait—if a company tries to persuade us that they have reliable systems in place because they follow ISO 9001, why should we believe them? Because they say so? People can say anything. The only way that the ISO 9001 standard can possibly do its job as a standard—the only way it can make good on its promise of uniformity—is if there is some objective way to tell the difference between companies that have implemented it and companies that have not. This is the point of certification (or it is supposed to be). Someone external, someone objective, someone who does not have a stake in the success or failure of the company under evaluation—that person has to come out, look around, and then tell us whether the company's implementation of ISO 9001 is real or sham. Without that step, ISO 9001 can no longer be a standard; and whatever residual value it might still have as a source of moral exhortation, it has always been sold to the world as a standard.

So I think the need for external certification is necessarily part of the whole concept behind ISO 9001. And it does not surprise me, therefore, to learn that the history bears this out. 


Thursday, November 10, 2022

So how DO you talk about ethics?

Last week I wrote about whether ISO 9001 should be revised to address questions of ethics. In reply, Krishna Gopal Misra of published a detailed essay on LinkedIn about the role of ethics in relation to any management system. I am grateful for Mr. Misra's essay, which makes the important point that ethical principles are not so much a part of a management system as logically prior to it. A management system tells you how to organize in order to get what you want; but it cannot tell you what to want. That is the job of your Vision, and thereby of your strategy and policies. Without a Vision, the management system itself is blind,* and the organization is directionless. At that point there is nothing to stop the organization from doing very bad things, and Mr. Misra gives some chilling examples in his essay. 

What should you do instead? If you want to avoid the moral aimlessness that Mr. Misra warns against, how do you talk about ethical principles in your organization if not in the management system? Or to put the question another way, the management system defines a framework for how to run your organization: where in that framework do your ethical principles belong?

They have to come right at the beginning, so that they become ground rules to inform everything else. This means that your ethical principles have to be part of the Context of your Organization (COTO). They have to be among the fundamental requirements that you are in business to satisfy in the first place.

I used to work for Robert Bosch; and while I normally avoid discussing previous employers by name, I always admired Bosch's explicit and stated commitment to ethical behavior. This commitment grew out of the deep personal beliefs of Herr Bosch himself, back when he was still alive and steering the company personally. He once said—in a remark that every Bosch employee must surely know by heart—"I would rather lose money than trust." (If you are interested, you can find a copy of the Bosch Code of Business Conduct at this link here.)

And it has to be more than slogans. In order to be worth anything, a policy of corporate ethics has to be reinforced with action at every turn. Bosch promoted its ethical policies in several ways. One prominent way was through a corporate training program, which required every employee to take classes on specific topics. These classes repeated at stated intervals: some every year, or every two. The longest interval between repetitions was three years. The classes themselves covered topics like recognizing and avoiding conflicts of interests, or respecting the principle of legality in all daily work. Mr. Misra explained that sometimes companies resort to bribing government officials to get what they want; Bosch had a separate class all about how Bosch employees are strictly forbidden to engage in bribery. The instructors even explained that there are some countries in the world where bribery is expected as a normal part of doing business; and they freely admitted that Bosch's strict anti-bribery policies make it harder to compete in those markets. When someone asked "So what are we supposed to do in those countries?" the instructors just smiled and said the only thing to do was to make the products even better, so they would sell despite interference from disgruntled government officials who expected bribes but didn't get them.

No training program will ever turn men into angels. Somewhere along the line, somebody will make a mistake and do something wrong—even at Bosch. When that happens, it is important to take swift and visible action. You may remember back in 2015, when news broke about the Volkswagen emissions scandal (sometimes called "Dieselgate"). Volkswagen had been caught using software to circumvent laboratory emissions testing, so that their cars could be passed by the EPA and sold into the United States even though their NOx emissions in normal driving far exceeded the legal limits. Volkswagen was the company that perpetrated the illegal activities, not Bosch. But Bosch had sold them the software, a decade earlier. (Bosch even warned them not to use the software in the way Volkswagen used it, because that would be illegal.) 

When it became known what had happened, the Bosch Board of Directors addressed Bosch's (apparently peripheral) role in the scandal by issuing a new Product Development Code. This code had several parts; but among other things it prohibited Bosch from designing any product for any customer with features that a reasonable engineer could expect that customer to use illegally. If a customer asks for such features, even if the features themselves are (strictly speaking) perfectly legal, Bosch is now required to reply, "I'm sorry, Mr. Customer, but we can't do that for you. If that's what you want, we don't want your business." To implement this new Code, Bosch required training classes for every employee worldwide involved in product development, product management, project management, engineering, marketing, or sales. Bosch also required explicit changes to the product release process—enforced by an independent Quality organization—to ensure that the Code has been complied with before any product is released to the market. (This news article discusses Bosch's rollout of the new Product Development Code.)

That's what I mean by "swift and visible action." And it was taken, remember, to respond to a scandal where Bosch was only peripherally involved—so that in the future the company can avoid even the appearance of illegal or unethical behavior.

It's not easy, but it's possible. However, to come back to the original point, these commitments belong in your COTO, along with information about the kind of work that you do and who your major customers are. These commitments are part of the content that is managed by the management system, and not part of the structure of the management system itself.     


* This pun was not exactly intended, but I think it is pretty much inevitable in the present discussion.            .

Thursday, November 3, 2022

Does ISO 9001 need a regulation about ethics?

"The key principle in selling is honesty. Once you know how to fake that, you’ve got it made."
— from Richard M. Huber, The American Idea of Success, cited by Quote Investigator.

Back in 2020, the ISO Technical Committee 176—they are the ones responsible for publishing ISO 9001 and its family of related standards—wrote a planning document N1308, called Future concepts. It identifies and explains a number of concepts which have to be considered in future revisions of ISO 9001, either because they have not been mentioned before (like "emerging technologies") or because stakeholders have found the existing treatment too thin (like "knowledge management"). Fair enough. This is exactly the kind of planning that you would hope to see.

But one of the topics listed is "Ethics and integrity." And I have to admit, I didn't expect to see that. It made me wonder, Does ISO 9001 need a regulation about ethics?

The report gives five reasons that ethics and integrity are important to Quality management:

  • If people in the organization lie to each other (or, especially, if they lie to their managers) then top management won't know what is really going on and will have trouble making good decisions.
  • If people in leadership roles do not model ethical behavior (if they are not seen to be ethical), then internal and external stakeholders won't trust them.
  • Auditors have to be able to provide audit results to top management without partiality or bias and without fear of retribution, or their audits are worthless.
  • If internal and external communications aren't honest, there is no way to maintain the effectiveness and integrity of the organization's activities and systems.
  • No organization can ever have enough resources to force its people to comply with the Quality Management System if they don't approach their jobs with basic integrity. 

All of these statements are true. All of them are perfectly valid reasons why a concern for ethics and integrity has to be at the root of any Quality system.

So where's the issue?

There are three things about the proposal to add ethical requirements into ISO 9001 that give me pause. I don't exactly disagree, but the proposal raises some questions for me.

My first concern is the simplest: The assumption of truthfulness and integrity is already implicit in the current standard. 

  • When clause 4.1 says, "The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system," that requirement is formally synonymous with saying, "The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system, and shall not lie about them."
  • When clause 9.1.3 says, "The organization shall analyse and evaluate appropriate data and information arising from monitoring and measurement," that requirement is formally synonymous with saying, "The organization shall analyse and evaluate appropriate and truthful data and information arising from monitoring and measurement, that have not been twisted or misreported by unethical employees or other intermediaries."

For that matter, when a cake recipe in a cookbook lists the required ingredients, there is never a note saying, "Do not substitute flour with sawdust, and do not substitute vanilla extract with battery acid." In general, whenever we read any kind of instruction or requirement anywhere, I think we always assume that the meaning is that we should really do whatever the thing is we are being told to do, and not just pretend. So it's fair to ask, What makes ISO 9001 any different? Why do we have to make the requirement for ethical behavior explicit here, when we never think of doing the same thing in a cake recipe?

My second concern is a little more delicate: How do we plan to audit ethical requirements, and to avoid the risk that ethical topics become politicized? Audits, after all, require objective evidence so that any observer can agree on the facts. But some ethical topics (at least in the United States) are also political topics, where such agreement cannot be assumed in advance. For example, the document Future concepts states that one element of ethical behavior is to "treat others fairly, courteously, with dignity, and without prejudice or discrimination." I assume everyone agrees with that principle. But this country has seen some difficult and painful litigation around the question of exactly what behavior counts as treating others "without prejudice or discrimination." And I do not look forward to a time when individual auditors might feel authorized to rush in where the courts fear to tread. We auditors are like everyone else: our personal opinions are all over the map. So if we are allowed to write audit nonconformities against ethical topics, I hope that we can be given some kind of guidance to ensure we do it in a uniform way.

My third concern is maybe the most fundamental one: With respect to the topic of ethics and integrity, if you have to spell out the requirements in words, you've already lost the battle. We all know that as soon as any requirement is codified in words, people will start weighing the words on a balance scale to figure out how little they can get away with and still comply. We have all seen this, one time or another, whenever there is a written Quality Management System. I'm not saying that every organization just skates by! Not when you look at the big picture. (Of course there are always a few that do.) But even in the best organization, somebody in some department is having a bad day ... and is feeling overworked ... and is asking himself what's the bare minimum he has to do before he can go home. It's the way of the world. Put ethical requirements into the standard, and they become just one more requirement to be niggled to death. It's like the quote at the top of this essay.

Of course, maybe we've gotten to the point that we really need to require ethics and integrity in the standard, because we can't take them for granted otherwise. In other words, maybe the proposal to add ethical requirements should be seen as a symptom of a larger picture about the condition of organizations as a whole. But if that were true, it would make me very sad. And I think that's the kind of situation that no written standard can overcome, precisely because people treat standards as obstacles to be parsed and niggled and lawyered. I hope that ethics and integrity are broader and grander than that, but I might be disappointed.

"When the great Tao is in decline,
Benevolence and loyalty appear.
As wisdom arises, so does hypocrisy.
Only in a feuding family do filial piety and parental doting become conspicuous.
Loyal ministers emerge whenever the country is in chaos."

"When Tao is lost, there is goodness.
When goodness is lost, there is kindness.
When kindness is lost, there is justice.
When justice is lost, there is [compliance to standards]."

— from Lao Tzu, Tao Te Ching, chapter 18 [translated by Han Hiong Tan] and chapter 38 [translated by Gia-fu Feng and Jane English, 1989]    


Thursday, October 27, 2022

What's sustainable development? Says who?

Last week I learned that there is a proposal afoot for a brand new ISO management system standard, specifically to support organizations who are trying to address one or more of the United Nations' 17 Sustainable Development Goals. Monday I had a chance to sit in on a webinar that gave some information about this proposal. Here's what I learned. 


What exactly has been proposed?

The proposal is to create an "International Standard [which] specifies requirements for a Sustainable Development Goals Management System."

What do all those big words mean?

An "International Standard ... for a ... Management System" is any standard like ISO 9001, ISO 14001, or ISO 45001. 

More basically, a management system is the collection of policies, processes, and procedures, plus the corresponding assignment of roles and responsibilities that makes your organization run. I give a brief description of what management systems are in this post here. 

A management system standard is a generic standard that tells you how to set up your management system. It doesn't tell you exactly what words to write or exactly whom to assign to do what; but it says that you have to make sure to cover these topics and those activities, somehow or other. Then it leaves the details to you, because the operational processes for an aircraft manufacturer will be different from the ones for a laundromat.

The phrase "Sustainable Development Goals" refers to a set of 17 goals adopted by the United Nations back in 2015 as part of the 2030 Agenda for Sustainable Development, which the UN website describes as "a shared blueprint for peace and prosperity for people and the planet, now and into the future." These goals represent "an urgent call for action by all countries - developed and developing - in a global partnership," and the list of all 17 is as follows:

  • No poverty
  • Zero hunger
  • Good health and well-being
  • Quality education
  • Gender equality
  • Clean water and sanitation
  • Affordable and clean energy
  • Decent work and economic growth
  • Industry, innovation, and infrastructure
  • Reduced inequalities
  • Sustainable cities and communities
  • Responsible consumption and production
  • Climate action
  • Life below water
  • Life on land
  • Peace, justice, and strong institutions
  • Partnership for the goals

Therefore a management system standard to support the UN's sustainable development goals is a generic standard to tell you how to organize your business (or other group) in order to help you make progress towards one or more of the goals on this list.

Who proposed it?

The Danish Standards Foundation, one of the member bodies of the ISO.

Who wants it?

Companies are asking for guidance. Their stakeholders are asking them to work more sustainably, and then to prove it.

What good will it do? (Or, what needs will it satisfy?)

Some companies are being asked to prove that they work sustainably. Other companies have recognized that if they can offer proof of sustainable operations proactively, that will give them a competitive advantage. But how do you prove something like that? By comparing to a standard.

Then there are companies that don't (yet) feel forced to prove anything to someone else, but they care about the SDG's and want to help them forward. But they don't know where to start, and are asking for some kind of systematic guidance. 

Since there is no established standard right now, multiple private sources are issuing their own. But of course this means there is no consistency in requirements or reporting, so nobody can tell what this or that certification really means without reading all the fine print on each one. ISO is recognized as an international authority. So if ISO issues a standard, that common framework will clear up a lot of confusion. 

What will this involve?

Will organizations be able to certify to it?


Will organizations be required to certify to it?

No. It will be a voluntary standard, like ISO 9001.

Let me say that a little more precisely. Some organizations find themselves required to certify to ISO 9001 because their customers insist. But there is no legal requirement anywhere to certify to ISO 9001. In the same way, if your customers ask you to certify to this new standard that's between you and them. But there is no intention that your government will require it.

How will this standard be structured?

Just like all the other modern ISO management system standards.

If we already have an established management system, will we have to scrap it and create a new one to comply with this standard?

Of course not. You should never do that anyway. Set up your management system in whatever way works for you. Just make sure it covers the things that the standard asks it to cover.

Since this one will be structured exactly like ISO 9001, ISO 14001, and the rest of them, it should be very easy for you to plug a few extra requirements into your existing management system and scarcely notice the difference. 

What will this standard actually require an organization to do?

We haven't written it yet, so it's hard to be sure of the details. 😀 But our proposal is that you don't have to address all 17 SDG's to get certified. Pick the ones that are relevant to your business. 

On the other hand this means you have to have a defined process for selecting which SDG's are relevant, not just that you pulled numbers out of a hat. You should have a systematic way to define a sustainable strategy for your business, and then be able to deliver to that strategy.

How will progress be measured?

Already today, each SDG has several "targets and indicators" defined to measure the status of the goal. (Go to the SDG website, and click on each goal in turn for more information, including the complete list of targets and indicators defined for that goal.) These targets and indicators will have to be built into the KPIs for this standard, to keep the measurements consistent and objective, and to avoid the risk of "SDG-washing."

How does this relate to any other standards or committees?

We already have ISO 37101, which is a management system standard for sustainable communities. How does this relate to that?

There will be overlap, to be sure. But sustainable communities are only one of the 17 SDG's. Certainly the committee writing this standard will appreciate all the help we can get from other existing sources.

Will this standard end up replacing ISO 9001?

It shouldn't. They are about different things.

ISO 9001 is still about the quality of goods and services. Yes, it has some very valuable requirements that help your organization run in a successful way: identifying key stakeholders, defining a strategy, settling KPIs, and so on. And ISO 9004 is a great standard for assessing your organizational maturity. But neither of those is really focused on the content of the SDG's, the way this standard would be.

Or did you mean "Will this standard end up becoming the most popular management system standard, the ISO flagship standard, the way ISO 9001 is today?" Well of course we don't know. We do know that the UN SDG's are coming ever more clearly into focus in markets clear across the global economy. We know that people understand how important they are. But I don't think the committee that writes ISO 9001 has anything to worry about.  

Is there already an existing ISO committee who will be responsible for this?

No. If the proposal is accepted, a new committee will have to be created.

Is there already an existing national standard that covers the same subject, so the committee can just copy it and be done?


What is the timeline?

How does the process look from here? What is the timeline?

From now until December 8, 2022, the national standards bodies that comprise ISO will collect input and vote on the proposal. (ANSI's deadline for comments is October 28!)

December 8, 2022, ISO counts the votes. If a majority vote "No," that's the end of it. If a majority vote "Yes," then ISO will establish a committee.

Early 2023, the committee holds meetings on scope, title, and content.

September 1, 2023, the committee circulates the first working draft to experts for comments.

November 1, 2024, the committee submits a Draft International Standard.

November 15, 2025, ISO publishes the completed International Standard.

Wait, ... you don't expect to publish until 2025, and the UN's SDG's are supposed to be due in 2030? That's just five years. How do you expect that timeline to do any good at all?

None of the proposers believes that the SDG's will expire in 2030. They might be updated or reissued or renamed. But if anything, they are likely to become even more important after 2030. So there should be plenty of time for this standard to offer support.

Final questions

How do I join the committee?

Talk to your national standards body and tell them you are interested in helping. Work with them to meet whatever requirements they have in order to make that happen. Or if you already belong to some other entity that will need to establish a liaison with tis committee, approach that entity and this committee directly.

Where can I get more information?

The Danish Standards Foundation has set up a website for the proposal here. That website contains a lot of information, including a flyer, plus recordings and presentations from the information webinars. It also contains links to other information sources.

There will be another informational webinar on November 2, 2022, from 8:00-9:00am UTC. That's the middle of the night here in the United States, but in other parts of the world it is a friendlier hour. You can join it by clicking this link.

ANSI's announcement about the proposal is located here.

A complete copy of the proposal can be found here.

I hope this helps.       


Thursday, October 20, 2022

Can ISO 9001 stop climate change?

By itself? No, of course not. But can it support the work of others? I'm still dubious, but on that point opinions differ.*

Image by Gerd Altmann from Pixabay

Last year the ISO published the London Declaration. According to the ISO website, "the London Declaration to combat climate change through standards defines ISO’s commitment to achieve the climate agenda by 2050." Among other things, the London Declaration states formally and unequivocally that the ISO will "Foster the active consideration of climate science and associated transitions in the development of all new and revised International Standards and publications." [Emphasis added.] This means that whenever ISO 9001 is next revised, the relevant committees will have to consider climate science and "associated transitions" when writing it.

What will this look like? I've emailed people who know more than I do, to get some idea of what the current thinking is. I haven't heard back from them yet. One person suggested in casual conversation** that there might be no more than a line added to clause 4.1 that the organization "shall consider the implications of climate change" when identifying the "issues ... relevant to its purpose" that make up its Context. But somebody else answered back that, "Some aspects affecting climate change should be addressed in design and development of products and services. Otherwise it's too late." So I have no idea where this will end up. 

My own opinion—and I emphasize, for reasons spelled out below, that this is a personal opinion—is that ISO 9001 should stay in its lane. In the first place ISO 9001 is a Quality management system standard. It's directly focused on the satisfaction of customers and other interested parties. But a company can satisfy its customers without taking any action on climate change, ... unless the customers themselves demand such action, in which case presumably the company is already working on it. In this sense, adding requirements to consider climate change is a distraction from the standard's true job. 

In the second place, ISO 9001 is a generic Quality management system standard, equally applicable to a global manufacturing concern or to a neighborhood five-and-dime. If a local hamburger restaurant wanted to implement ISO 9001, they should be able to do so. But small enterprises like that are unlikely to spend much time or effort considering the implications of climate change. So depending on what new requirements are finally added to the standard, I can see a couple of possibilities.

The requirements might be deep and substantive. In this case, we should expect small and medium-sized enterprises to opt out, because meeting the requirements will be too difficult. If we follow this route, the number of companies who seek new certifications—or maintain their existing ones—will drop significantly. A result like that won't be good for the ISO brand.

The requirements might be superficial. In this case—if the requirements can be satisfied by adding a few words to your Quality Policy and then taking literally no other action—companies probably won't opt out. Quality Policies are easy to edit. But in this case, we should expect the customers of ISO 9001 to get pretty cynical about the exercise. They'll get the idea that they can take credit for fighting climate change just by updating a document that hangs on the wall; they'll know how ineffective that action is; and then how seriously will they take anyone else's statements about climate change? How seriously will they take the ISO brand? This result won't be any better than the last one.

Maybe there's a sweet spot between these two bad outcomes. I sure hope so. But it seems like the easiest way to avoid this dilemma is to stay out of the arena. If ISO 9001 never had to say anything about climate change in the first placeif ISO 9001 left consideration of climate change to other standards that are directly focused on the topic—then it could continue to focus on the areas where it really does some good: on the quality of processes, products, and services; and on the satisfaction of customers and interested parties.

Just an opinion.  


* In the interests of strict compliance with all applicable regulations, it is my duty to inform you that I recently joined TAG 176: that's the American component of ISO/TC 176, who are responsible for writing the ISO 9001 family of standards. As a result, there are formal rules about what information I am allowed to discuss about the committee's work. In particular:

  1. I'm not allowed to reveal the personal data of any other committee member. But that's fine, because I have no interest in talking about individuals. My topic is always the ideas and principles.
  2. I'm not allowed to reveal how any particular individual or National Standards Body voted. But that's fine too. See above.
  3. I'm not allowed to share any presentations or working documents. But I never planned to.
  4. I am allowed to share my personal opinions, so long as I clearly identify them as such (and to be clear everything in the body of this post is hereby identified as a personal opinion), and so long as I don't criticize the committee. But that's fine too, because you should absolutely not take anything I say here as a criticism of the committee. I am confident that the committee will do the best it possibly can, given the parameters that have been mandated by the ISO central authorities.
** This discussion took place during the 2022 ISO/TC176 Plenary Meeting, which is going on this week.


Quality and the weather

“ Everybody complains about the weather, but nobody does anything about it. ” The weather touches everybody. But most people, most of the ti...