Let me start by saying that there are no current plans to update ISO 9001. ISO's technical committees review each standard every so often, and at the last review of ISO 9001 the vote was (by a narrow majority) to leave it as-is. I do not know the date of the next review.
But that doesn't stop people from having ideas about things that they'd like to see changed or improved. We've all got opinions about things we'd like to see changed in the world. And for those of us in the Quality business, it's no surprise if some of those opinions have to do with the international Quality standards. Why wouldn't they?Over the last several months, I've talked and listened to a number of people about this subject, and I've heard a lot of different opinions, both pro and con. So I thought today I'd just list some of the ideas I've heard, to give you an idea of the thinking that's out there in the world right now. And while you are reading, please ask yourself: How would YOU change ISO 9001, if it were up to you?
Please leave comments with your answers. I'd love to get a discussion going.
Address new topics
A lot of the people I've talked or listened to expressed that they would like to see ISO 9001 address topics where it is currently silent.
- One person wanted to see a better focus on business continuity management, because it is hard to ensure that you can perform reliably when you are at risk from any unexpected disaster.
- Another wished that ISO 9001 would tie process requirements to business results, so that leaders can see right away their return on any investment in their Quality Management System.
- A third pointed out that many different sectors of the economy write their own sector-specific standards based on ISO 9001, and added that we could slow the proliferation of this forest of specific standards if ISO 9001 itself took some cognizance of the needs of these sectors.
- And a fourth suggested that since ISO 9001 is so widely-accepted around the world, maybe it's time to "raise the bar" so that it no longer represents a "bare minimum" set of requirements.*
Quite a few people said that their opinions were based on the world's experience with COVID-19 over the last few years. They pointed out that the lessons from COVID-19 extend far beyond simple business continuity management to touch topics like workforce relations and supply chain disruption. And it goes farther than that. We all know there is a direct linkage between the Context of your Organization (COTO) and your risks; so just as COVID-19 showed us risks we might not have thought of before, it also suggested another dimension to our COTO analyses.
Some organizations have made the switch to a work-from-home (WFH) model, or else a hybrid between WFH and in-office work. Does that change how we engage with our workforce? It might—and so I've heard people suggest that we need to revisit Clause 5 (Leadership) and Clause 7 (Support). Likewise, some registrars are doing a large number of remote audits, which argues for a review of all the guidance to auditors. What is more, organizations with multiple locations are making greater use of remote internal audits, which suggests that we had better review Clause 9.2 (Internal Audit).
Of course, climate change is currently the occasion of much debate, and I've discussed it before in this venue (see here, here, and here). Since the London Declaration specifically commits the ISO to "foster the active consideration of climate science and associated transitions in the development of all new and revised International Standards and publications," some people have argued that there is now a strict requirement to update all standards (for example, ISO 9001) to include verbiage with the word "climate." Others have replied that "active consideration" doesn't have to require changing the text, so long as the committee can prove that they have fully evaluated all sides of the issue. The last time I heard any news on this question, it had not been definitively resolved.
Make editorial improvements
Other suggestions have been of a narrower and more practical sort.
- There are some clauses that always generate requests for a formal interpretation. There are others that users regularly say they find hard to implement.** Why don't we rewrite these to make them simpler and easier?
- Someone else pointed out that there are non-prescriptive clauses in the standard which are very hard to audit.*** Maybe we could rewrite these to be easier on auditors?
- A third person made the much bolder suggestion, "Why don't we just merge ISO 9000 into ISO 9001, instead of requiring so many references back and forth?"****
These are what I mean by "editorial improvements," and for the most part (except maybe that last one) I think they are pretty uncontroversial.
Think about how users see the standard
Some of the ideas I've heard have been more focused on protecting ISO 9001's "brand integrity," or making sure that users continue to see it in a favorable light. One of these came from someone who posed it as a rhetorical question this way: "Any time we decide to update a standard, it takes so long to get it through the review and approval cycle that if we don't hurry up and decide to change something the next edition won't come out till 2030. And who's going to take the standard seriously if it's15 years old?"
On the other hand, it was from people concerned with brand integrity that I heard the most cautionary voices against updating ISO 9001. These were people who all argued, in one way or another, that any change creates churn and uncertainty in industry, drives up supply chain costs, and introduces risk. So unless there is a compelling reason that forces a change, these people argued that the user base will see minor updates as frivolous and this will weaken the standard's prestige. Even people who acknowledged that there are big suggestions on the table—some of the "new topics" I listed above could potentially be huge—followed up by saying that there is no consensus on these topics across the relevant committees, so the warring opinions might cancel each other out and leave us with nothing but the editorial changes that are easy to agree on.
Other thoughts
Finally, a couple of people pointed out that a new edition of ISO 9001 would mean good financial news for ISO, because they sell copies of the standard; and also for consultants and trainers, who could sell more training courses. In almost the same breath, they admitted that the user community would probably resent having to buy an updated edition and pay for all those classes. So the financial argument supports both Pro and Con.
So there's a list of thoughts I've heard from people. I might have missed one or two, but I think it's pretty substantial anyway.
Now I want to hear from you. What's YOUR opinion on changing the standard? How would YOU change ISO 9001, if it were up to you?
Please leave a comment and let me know.
__________
* I didn't have the time right then to discuss this suggestion in detail with the person who proposed it; but in retrospect my own opinion is that we will always need something to define the "bare minimum" acceptable Quality requirements, so that we know the difference between "good enough to squeak by" and "bad enough you have to reject them." If we don't use ISO 9001 for this job, it has to be something else. But in that case, what? And until we define that "something else" I think we have to keep using ISO 9001 to fill that role.
** Sorry, I didn't think to jot down a list of examples at the time, so I can't offer you one.
*** Clause 7.4 (Communication) is an example, because it asks the organization to determine something but gives no requirement to document the determination in any kind of record or other auditable artifact.
**** My only comment on this suggestion is that it would more than double the length of ISO 9001.