Thursday, October 27, 2022

What's sustainable development? Says who?

Last week I learned that there is a proposal afoot for a brand new ISO management system standard, specifically to support organizations who are trying to address one or more of the United Nations' 17 Sustainable Development Goals. Monday I had a chance to sit in on a webinar that gave some information about this proposal. Here's what I learned. 

Basics

What exactly has been proposed?

The proposal is to create an "International Standard [which] specifies requirements for a Sustainable Development Goals Management System."

What do all those big words mean?

An "International Standard ... for a ... Management System" is any standard like ISO 9001, ISO 14001, or ISO 45001. 

More basically, a management system is the collection of policies, processes, and procedures, plus the corresponding assignment of roles and responsibilities that makes your organization run. I give a brief description of what management systems are in this post here. 

A management system standard is a generic standard that tells you how to set up your management system. It doesn't tell you exactly what words to write or exactly whom to assign to do what; but it says that you have to make sure to cover these topics and those activities, somehow or other. Then it leaves the details to you, because the operational processes for an aircraft manufacturer will be different from the ones for a laundromat.

The phrase "Sustainable Development Goals" refers to a set of 17 goals adopted by the United Nations back in 2015 as part of the 2030 Agenda for Sustainable Development, which the UN website describes as "a shared blueprint for peace and prosperity for people and the planet, now and into the future." These goals represent "an urgent call for action by all countries - developed and developing - in a global partnership," and the list of all 17 is as follows:

  • No poverty
  • Zero hunger
  • Good health and well-being
  • Quality education
  • Gender equality
  • Clean water and sanitation
  • Affordable and clean energy
  • Decent work and economic growth
  • Industry, innovation, and infrastructure
  • Reduced inequalities
  • Sustainable cities and communities
  • Responsible consumption and production
  • Climate action
  • Life below water
  • Life on land
  • Peace, justice, and strong institutions
  • Partnership for the goals

Therefore a management system standard to support the UN's sustainable development goals is a generic standard to tell you how to organize your business (or other group) in order to help you make progress towards one or more of the goals on this list.

Who proposed it?

The Danish Standards Foundation, one of the member bodies of the ISO.

Who wants it?

Companies are asking for guidance. Their stakeholders are asking them to work more sustainably, and then to prove it.

What good will it do? (Or, what needs will it satisfy?)

Some companies are being asked to prove that they work sustainably. Other companies have recognized that if they can offer proof of sustainable operations proactively, that will give them a competitive advantage. But how do you prove something like that? By comparing to a standard.

Then there are companies that don't (yet) feel forced to prove anything to someone else, but they care about the SDG's and want to help them forward. But they don't know where to start, and are asking for some kind of systematic guidance. 

Since there is no established standard right now, multiple private sources are issuing their own. But of course this means there is no consistency in requirements or reporting, so nobody can tell what this or that certification really means without reading all the fine print on each one. ISO is recognized as an international authority. So if ISO issues a standard, that common framework will clear up a lot of confusion. 

What will this involve?

Will organizations be able to certify to it?

Yes.

Will organizations be required to certify to it?

No. It will be a voluntary standard, like ISO 9001.

Let me say that a little more precisely. Some organizations find themselves required to certify to ISO 9001 because their customers insist. But there is no legal requirement anywhere to certify to ISO 9001. In the same way, if your customers ask you to certify to this new standard that's between you and them. But there is no intention that your government will require it.

How will this standard be structured?

Just like all the other modern ISO management system standards.

If we already have an established management system, will we have to scrap it and create a new one to comply with this standard?

Of course not. You should never do that anyway. Set up your management system in whatever way works for you. Just make sure it covers the things that the standard asks it to cover.

Since this one will be structured exactly like ISO 9001, ISO 14001, and the rest of them, it should be very easy for you to plug a few extra requirements into your existing management system and scarcely notice the difference. 

What will this standard actually require an organization to do?

We haven't written it yet, so it's hard to be sure of the details. 😀 But our proposal is that you don't have to address all 17 SDG's to get certified. Pick the ones that are relevant to your business. 

On the other hand this means you have to have a defined process for selecting which SDG's are relevant, not just that you pulled numbers out of a hat. You should have a systematic way to define a sustainable strategy for your business, and then be able to deliver to that strategy.

How will progress be measured?

Already today, each SDG has several "targets and indicators" defined to measure the status of the goal. (Go to the SDG website, and click on each goal in turn for more information, including the complete list of targets and indicators defined for that goal.) These targets and indicators will have to be built into the KPIs for this standard, to keep the measurements consistent and objective, and to avoid the risk of "SDG-washing."

How does this relate to any other standards or committees?

We already have ISO 37101, which is a management system standard for sustainable communities. How does this relate to that?

There will be overlap, to be sure. But sustainable communities are only one of the 17 SDG's. Certainly the committee writing this standard will appreciate all the help we can get from other existing sources.

Will this standard end up replacing ISO 9001?

It shouldn't. They are about different things.

ISO 9001 is still about the quality of goods and services. Yes, it has some very valuable requirements that help your organization run in a successful way: identifying key stakeholders, defining a strategy, settling KPIs, and so on. And ISO 9004 is a great standard for assessing your organizational maturity. But neither of those is really focused on the content of the SDG's, the way this standard would be.

Or did you mean "Will this standard end up becoming the most popular management system standard, the ISO flagship standard, the way ISO 9001 is today?" Well of course we don't know. We do know that the UN SDG's are coming ever more clearly into focus in markets clear across the global economy. We know that people understand how important they are. But I don't think the committee that writes ISO 9001 has anything to worry about.  

Is there already an existing ISO committee who will be responsible for this?

No. If the proposal is accepted, a new committee will have to be created.

Is there already an existing national standard that covers the same subject, so the committee can just copy it and be done?

No.

What is the timeline?

How does the process look from here? What is the timeline?

From now until December 8, 2022, the national standards bodies that comprise ISO will collect input and vote on the proposal. (ANSI's deadline for comments is October 28!)

December 8, 2022, ISO counts the votes. If a majority vote "No," that's the end of it. If a majority vote "Yes," then ISO will establish a committee.

Early 2023, the committee holds meetings on scope, title, and content.

September 1, 2023, the committee circulates the first working draft to experts for comments.

November 1, 2024, the committee submits a Draft International Standard.

November 15, 2025, ISO publishes the completed International Standard.

Wait, ... you don't expect to publish until 2025, and the UN's SDG's are supposed to be due in 2030? That's just five years. How do you expect that timeline to do any good at all?

None of the proposers believes that the SDG's will expire in 2030. They might be updated or reissued or renamed. But if anything, they are likely to become even more important after 2030. So there should be plenty of time for this standard to offer support.

Final questions

How do I join the committee?

Talk to your national standards body and tell them you are interested in helping. Work with them to meet whatever requirements they have in order to make that happen. Or if you already belong to some other entity that will need to establish a liaison with tis committee, approach that entity and this committee directly.

Where can I get more information?

The Danish Standards Foundation has set up a website for the proposal here. That website contains a lot of information, including a flyer, plus recordings and presentations from the information webinars. It also contains links to other information sources.

There will be another informational webinar on November 2, 2022, from 8:00-9:00am UTC. That's the middle of the night here in the United States, but in other parts of the world it is a friendlier hour. You can join it by clicking this link.

ANSI's announcement about the proposal is located here.

A complete copy of the proposal can be found here.

I hope this helps.       

      

Thursday, October 20, 2022

Can ISO 9001 stop climate change?

By itself? No, of course not. But can it support the work of others? I'm still dubious, but on that point opinions differ.*

Image by Gerd Altmann from Pixabay

Last year the ISO published the London Declaration. According to the ISO website, "the London Declaration to combat climate change through standards defines ISO’s commitment to achieve the climate agenda by 2050." Among other things, the London Declaration states formally and unequivocally that the ISO will "Foster the active consideration of climate science and associated transitions in the development of all new and revised International Standards and publications." [Emphasis added.] This means that whenever ISO 9001 is next revised, the relevant committees will have to consider climate science and "associated transitions" when writing it.

What will this look like? I've emailed people who know more than I do, to get some idea of what the current thinking is. I haven't heard back from them yet. One person suggested in casual conversation** that there might be no more than a line added to clause 4.1 that the organization "shall consider the implications of climate change" when identifying the "issues ... relevant to its purpose" that make up its Context. But somebody else answered back that, "Some aspects affecting climate change should be addressed in design and development of products and services. Otherwise it's too late." So I have no idea where this will end up. 

My own opinion—and I emphasize, for reasons spelled out below, that this is a personal opinion—is that ISO 9001 should stay in its lane. In the first place ISO 9001 is a Quality management system standard. It's directly focused on the satisfaction of customers and other interested parties. But a company can satisfy its customers without taking any action on climate change, ... unless the customers themselves demand such action, in which case presumably the company is already working on it. In this sense, adding requirements to consider climate change is a distraction from the standard's true job. 

In the second place, ISO 9001 is a generic Quality management system standard, equally applicable to a global manufacturing concern or to a neighborhood five-and-dime. If a local hamburger restaurant wanted to implement ISO 9001, they should be able to do so. But small enterprises like that are unlikely to spend much time or effort considering the implications of climate change. So depending on what new requirements are finally added to the standard, I can see a couple of possibilities.

The requirements might be deep and substantive. In this case, we should expect small and medium-sized enterprises to opt out, because meeting the requirements will be too difficult. If we follow this route, the number of companies who seek new certifications—or maintain their existing ones—will drop significantly. A result like that won't be good for the ISO brand.

The requirements might be superficial. In this case—if the requirements can be satisfied by adding a few words to your Quality Policy and then taking literally no other action—companies probably won't opt out. Quality Policies are easy to edit. But in this case, we should expect the customers of ISO 9001 to get pretty cynical about the exercise. They'll get the idea that they can take credit for fighting climate change just by updating a document that hangs on the wall; they'll know how ineffective that action is; and then how seriously will they take anyone else's statements about climate change? How seriously will they take the ISO brand? This result won't be any better than the last one.

Maybe there's a sweet spot between these two bad outcomes. I sure hope so. But it seems like the easiest way to avoid this dilemma is to stay out of the arena. If ISO 9001 never had to say anything about climate change in the first placeif ISO 9001 left consideration of climate change to other standards that are directly focused on the topic—then it could continue to focus on the areas where it really does some good: on the quality of processes, products, and services; and on the satisfaction of customers and interested parties.

Just an opinion.  

__________

* In the interests of strict compliance with all applicable regulations, it is my duty to inform you that I recently joined TAG 176: that's the American component of ISO/TC 176, who are responsible for writing the ISO 9001 family of standards. As a result, there are formal rules about what information I am allowed to discuss about the committee's work. In particular:

  1. I'm not allowed to reveal the personal data of any other committee member. But that's fine, because I have no interest in talking about individuals. My topic is always the ideas and principles.
  2. I'm not allowed to reveal how any particular individual or National Standards Body voted. But that's fine too. See above.
  3. I'm not allowed to share any presentations or working documents. But I never planned to.
  4. I am allowed to share my personal opinions, so long as I clearly identify them as such (and to be clear everything in the body of this post is hereby identified as a personal opinion), and so long as I don't criticize the committee. But that's fine too, because you should absolutely not take anything I say here as a criticism of the committee. I am confident that the committee will do the best it possibly can, given the parameters that have been mandated by the ISO central authorities.
** This discussion took place during the 2022 ISO/TC176 Plenary Meeting, which is going on this week.

      

Thursday, October 13, 2022

What if ISO had to explain their changes?

Last week, Al Smith posted a suggestion to the ISO 9001 community in LinkedIn as follows:

When a change to ISO 9001 is under consideration, should it require a clear and understandable documented statement of the actual value the change will provide to the user and the QMS performance? Should it also be a requirement that this documented statement be made public [and easily accessible] and also be a required item before approval can be considered?

Would not this aid in [eliminating] the risk of change just for the sake of change?


It's a really good idea; and the longer I thought about it, the more use-cases I came up with. In the first place, of course, it would help the process of rolling out changes to the standard, exactly as Smith described. It seems like there should be less risk of frivolous changes in case each change had to be justified in public. And when a change is made, it should cause correspondingly less trouble to persuade the international community of its necessity. Surely both of these consequences are wins.

But let's take it farther. Suppose we extend the requirement for public justification to cover not only changes but the full clauses themselves, so that requirements for document control or corrective action would have to be accompanied by boxed text explaining why they are a good idea.* In some cases it would be pretty easy: anyone who has ever tried to do business without a functioning system for document control or corrective action will know why immediately. Other clauses might require more words, especially if they introduce new concepts like "risk-based thinking" or "context of the organization." But the availability of explanations or examples would make it a lot easier for companies to implement ISO 9001 (or any other management system standard) because they would have a much better idea than they do today what each requirement is for.

This also means that companies could see right away when requirements don't apply. After all, it is simply not true that every clause applies to every organization. The standard may require that such-and-such a function has to be handled in a certain way; but if your organization simply doesn't have that function or anything like it, those clauses don't apply to you. Anyone who is truly familiar with the standard understands this implicitly. The problem is that many organizations who seek to implement ISO 9001 and to be certified to it aren't familiar with the standard. So they end up implementing procedures that they don't need, to protect against failure modes that will never happen because those failure modes pertain to functions that these organizations don't have. This is pure waste.

In some cases, maybe an organization like this will hire a Quality Manager or a Quality Consultant who can tell them they are wasting their time. If he can get them to back off from the unnecessary measures, maybe he can justify some of his salary in the form of cost savings. But (as things stand today) there is always the risk that the company will be assigned an external auditor who doesn't understand the point either, and who writes them up for failing to do something they don't need to do. In that case the Quality Manager or Consultant has a chance to justify a little more of his salary by rejecting the findings, and either educating the auditor or appealing over his head.**

But think how much simpler life would be if all companies understood what the requirements of the standard are there for, and when they apply! All of the added complication, the arcane specialization, and the clerical disputations over transcendental principle could be eliminated. It might put people like me out of a job, but not for long. We're all clever, and we'd find somewhere else to add value. But it would simplify the entire Quality enterprise enormously.

We can always dream.

Of course in the real world it sometimes happens that reforms have unintended consequences. I can imagine a reform like this one going wrong if the people tasked to write all that explanatory text just write for each other, and not for the outside world. Then we'd get "explanations" full of shorthand and unreferenced acronyms, and that wouldn't help anyone. So I guess this idea is not a panacea after all, at any rate not unless we figure out how to put some guardrails around its implementation.

Too bad. I kind of liked it.   

__________

* This is not exactly a new suggestion. Writing in the 4th century BCE, Plato recommended that legislation should always be preceded by an explanatory introduction to say what problem the law was supposed to solve, and to encourage people to follow it. See, in particular, the discussion of "preludes" in his Laws, Book 4, starting around 721B and continuing for several pages. 

** Strictly speaking it is also possible that the company might hire an unethical Consultant who knows perfectly well that they don't need to address this or that clause, but who develops a system that addresses it anyway in order to secure more billable hours of work. I don't like to think about this possibility, so I won't discuss it any further. I hope it is vanishingly rare. But there is nothing today which actually prevents it.   

      

Thursday, October 6, 2022

"A gang with a logo ...."

Back in April I wrote about how the current Russo-Ukrainian war could lead to the unraveling of the system of global certification. Just recently I got the chance to discuss this very issue live, with Kyle Chambers of Texas Quality Assurance and Christopher Paris of Oxebridge International. It was a lot of fun. Kyle brings an infectious energy to any conversation he's a part of, and Chris has a wealth of knowledge about the international certification scheme; so the two of them together fleshed out my original thesis in ways I hadn't expected. (The fun quote in the title is an adaptation of something Chris says, but you have to listen to the podcast to find out who he's describing and what his actual words are!)

So please check us out, and leave a comment!

You can find the podcast version here: #QualityMatters episode 151.

Or there's a version on YouTube that also includes video, which you can find here:


I look forward to hearing your feedback!

     

Five laws of administration

It's the last week of the year, so let's end on a light note. Here are five general principles that I've picked up from working ...