The draft international standard (DIS) of ISO 9001:2015 is available. CQI members can access it for free via the CQI website, it’s £25 otherwise. I’ve had a scan through it and a few things struck me.
First, I don’t think there is anything actually wrong with most of its new departures – I’ll pick out a few later in this post. There has been an attempt to make it more effective as a general QMS standard however it has, in the main, become more general (i.e. less specific). There are fewer mandatory documentary requirements and a focus more on what the management system should ACHIEVE rather than an attempt to dictate any prescriptive methods for achieving the outcome. In essence nothing wrong with that, but it does concern me. My main concern is based on past experience where the concept and the consequent reality have ended up being poles apart.
The more specific you make something, the easier it is to break it into bite size components that either are or are not there. Prescriptive requirements are easier to audit and therefore require lower innate competence levels. A more flexible, less specific standard that focuses on outcomes and the appropriateness of non-prescribed controls requires a highly competent, thinking auditor.
Can you see where I am going with this?
A lot of auditors have been able to feign competence via a formulaic process. Take them one centimetre outside of their limits and you may as well have removed their lungs. How will they cope? My fear is that they will cope just fine, not by becoming competent, but because the standard will adopt some “customs and practices” that enable incompetents to get by. As an example, just look at how Preventative Action or Monitoring and Processes is audited now. They are roundly ignored as an inconvenience and nobody blinks an eye. Apparently “process based” management systems will now be mandatory. I’m sorry, but if that requirement can be ignored for 15 years, it can be ignored in the future.
The biggest worry for me is not so much the general auditor competences that will be required (they are required now, after all) it is the additional knowledge requirements. Various concepts are to be introduced such as;
- Knowledge management
- System design
Exactly how are auditors to be determined as competent to assess these management system aspects? Knowledge management is a specialism in itself with its own concepts, methods and respected practitioners. It isn’t something you can simply self-declare expertise in, or work out for yourself. Same with system deign. Leadership, whilst important, is infamous for its inability to generate consensus. It is a topic awash with alternative theories and saturated with unfathomable uninformed opinion and drivel. Will this create a new breed of Armchair Tom Peters’? Probably.
Anyway, I’m concerned. Not so much with the shape and content of the emerging standard, but with what I fear will be the result. The race to the bottom will no doubt ultimately find where the bottom is, it always does.
The $10,000 question – Is it what purchasing organisations want?
The primary use of ISO 9001 and certification is to help purchasing organisations choose suppliers. Therefore the criteria of ISO 9001 should be aligned with attributes that are important to purchasers (the automotive, aerospace, pharma, oil & gas, manufacturers etc) and their supply chain. Unfortunately I have my doubts as to whether the changes that have been made have been influenced to a very high degree by the wants and needs of the main customer, and that makes me sad. Customer focus? Irony?