Introduction
In April 2018, I wrote a piece entitled “Whither ISO Certifications?” In that piece, I discussed the latest certification numbers as reported by the International Organization for Standardization (ISO). It was noted that overall certifications were down by 2% in 2017 compared to 2016. In addition, certifications for ISO 9001:2015 were down by 4%. ISO has released the numbers for 2018. This piece looks at these numbers and their implications for quality management.
ISO Presentation and Caveats
Unlike past presentations, where the number of valid certificates was shown for multiple years, this year ISO only shows 2018 numbers. New in this year’s presentation is the total number of sites. Thus, both the number of valid certificates and the number of sites is presented.
The failure to present multiple years has generated some criticism. However, ISO provides a link to the historical figures. Anyone interested in tracking trends can still do so. It will just take a little more effort.
In its presentation of the numbers, ISO indicates that“the overall total number of valid certificates was lower than in 2017.” ISO provides four caveats as to why the numbers are lower. They are:
- Some large certification bodies reported in past surveys the number of certificates that included the number of sites.
- The data reported by some large certification bodies fluctuates from one year to the next.
- Some certification bodies that are important in some countries did not participate.
- In prior surveys there was confusion because the number of certifications and the number of sites seemed linked.
Looking at the caveats, number 1 and 4 are interrelated. Of the two, number 1 is the most important. This is because the intermingling of the data artificially inflates the valid certificate numbers. If this has been going on for sometime, why did not ISO make the correction earlier? ISO publishes quality control standards (ISO 90001:2015). Where was the quality control? Further, what is the impact on the valid certificate numbers? ISO should have provided specifics, not generalities.
Number 4 is merely a response to 1. It tells the reader why ISO decided to report certificates and sites separately. This could have been appended to number 1. However, separation in the ISO report, does not necessarily prevent the continued intermixing of the figures provided to ISO.
As for 2 and 3, these issues are probably consistent problems through the entire historical data set. While nice to know, it should not significantly impact the historical trend, unless there is something unique about the two issues in 2018. In which case, specifics, not generalities, are more appropriate.
What is important to remember when reviewing the ISO valid certificate numbers historically, is that the intermingling of certificates and sites inflated the valid certificate numbers. Thus, the actual valid certificate growth trend is lower, and the decline steeper. Further, the decline may well have started earlier than the historical data indicates. (This assumes, of course, that, as is implicit in ISO’s caveat, the number of sites added to the valid certificate numbers has a significant impact.)
With the caveats in mind, it is time to look at the aggregate 2018 numbers. (For any who want to examine the specifics by country, the data can be obtained from theISO website. If anyone is interested in a detailed assessment of the ISO9001:2015 numbers, Oxbridge Quality Resources has a good analysis with excellent graphics.)
ISO 2018 Certificates Numbers
The total valid certificates for 2018 was 1,307,603. For 2017 the total was 1,559,758. This is a 16.2% decrease. This is on top of the decline from 2106 to 2017.
The table below shows the 2017 and 2018 ISO numbers by certification. It also shows the percentage change from 2017to 2018.
| Total Certificates by Certificates | ||||
| Certificate | 2018 | 2017 | Difference | Percentage Change |
| 9001:2018 | 878,664 | 1,058,504 | -179,840 | -17.0 |
| 14001:2015 | 307,059 | 362,610 | -55,551 | -15.3 |
| 27001:2013 | 31,910 | 39,501 | -7,591 | -19.2 |
| 22000:2005,2018 | 32,120 | 32,722 | -602 | -1.8 |
| 13485:2003,2016 | 19,472 | 31,520 | -12,048 | -38.2 |
| 50001:2011 | 18,059 | 24,501 | -6,442 | -26.3 |
| 20000-1:2011 | 5,308 | 5,005 | +303 | +6.1 |
| 22301:2012 | 1,506 | 4,281 | -2,775 | -64.8 |
| 28000:2007 | 617 | 494 | +123 | +21.7 |
| 39001:2012 | 547 | 620 | -73 | -11.8 |
| 45001:2018 | 11,952 | – | – | – |
| 37001:2016 | 389 | – | – | – |
| Total | 1,307,603 | 1,559,758 | -264,496 | -16.2 |
Of the ten certifications, where there is historical data, eight show a decline (9001, 14001, 27001, 22000:2005:2018, 5001, 13485, 22301 and 39001:2012), and two show an increase (2000-1, and 28000). While the growth certifications provide a degree of hope, their numbers are small compared with the overall decline, 426 versus 264,921.
Thus, there are two substantive long-term issues that ISO must confront. The first issue is that valid certificates are down in eight out of the ten certification areas, where there is historical data. This clearly indicates that the problem is not isolated to one or two certificates. It is very broad based.
The second issue is that 9001 makes up 67% of the certificate numbers as of 2018. The gain in certifications in the two growth areas do not come close to compensating for the loss in 9001 certifications. Further, since 2016, the number of valid 9001 certificates have declined 17% worldwide. If this rate of decline continues, ISO, oversight bodies and CB will all end up in financial difficulties, because of the dominance of 9001 certificates.
Given the steep decline in ISO 9001:2015 valid certificates and the fact that they make up 67% of all valid certificates, a question is: What is behind the 9001decline?
ISO9001:2015 Decline and Implications
There are many explanations as to why ISO 9001:2015 certificates are declining. The three most frequently mentioned are: 1. Loss of brand integrity. 2. Standard is too confusing. 3. The inclusion of Risk Based Thinking (RBT) was a mistake.
Loss of Brand Integrity
The loss of brand integrity is a result of consultants trying to make a profit and not totally caring about the quality of their work. For instance, a recent complaint is that some Certification Bodies (CB’s) are low balling the price of certification audits. They are essentially pricing a multiday certification audit, as if it was a one-day drive by. This problem could be handled by oversight bodies enforcing the auditing rules. However, oversight bodies are dependent upon revenue from the CB. It is the CBs who send out the auditors. Thus ,there is no incentive for the over sight bodies to clamp down on the CB. But, the shoddier the audits, the less their value to the customer.
Several personal examples demonstrate this problem. I worked for the United States Postal Service (USPS). I have two quality certifications from ASQ, a Six Sigma Green Belt and Manager of Quality/Organizational Excellence. USPS has a Lean Six Sigma Program. Many of their supervisors are required to obtain a Lean Six Sigma Green Belt. When I talked with these Green Belts about quality related issues, it was like I was speaking a foreign language. For them, the certification was merely a ticket to be punched. It meant nothing. Further, when I mentioned my certifications were from ASQ, that too meant nothing. As far as they were concerned, my ASQ certifications were lower than their certifications. This is a clear demonstration that ASQ allowed its certification brand to be diluted.
The dilution of the quality brand generally was demonstrated when a Lean Office Team came to the post office where I worked. The purpose of the team was to make the work process more efficient. To make it a Lean Office. What resulted was an OSHA fine and an undoing of the lean office plan, because it increased, not decreased, processing time.
To get a sense of why the lean office plan diluted the purpose of lean management, let me provide some details. Instead of allowing the large pallets of parcel to be brought directly off the dock and straight into the work area, as was being practiced, the lean office arrangement had these pallets moved to the other side of the building. This meant the pallets had to turn around corners and be moved about thirty feet further. In addition, the new distribution work area had a pillar in the way. This pillar required employees to walk further to place parcels into appropriate containers. The new approach added twenty to thirty minutes to the processing time. Further, carriers had to walk to the other side of the building to get these parcels. This added to their office time. There was nothing Lean about the results.
The OSHA fine was the result of the fact that the space between carrier workstations, under the Lean Office arrangement, was so narrow that, when the carriers moved the parcel containers next to their workstation, the isle way was clogged. If you were a carrier at the end of the line, next to the wall and there was a fire, there was no way out. You were trapped. You would die. OSHA did not think this layout was appropriate.
The Lean Office effort was a travesty and damaged the idea of a Lean Management. Poor quality audits do the same thing for the value of a 9001:2015 certification.
ISO is letting its brand be diluted. More problematic is that the more the 9001:2015 certification is viewed as failing to protect or enhance product quality, the less likely organizations are too btain the certification. This, not the four caveats, may be the real reason the number of valid 9001:2015 certificates have declined.
Standard is Confusing
The second complaint is that the ISO 9001:2015 standard is confusing. This is a fact. I saw how members of my ASQ Local Chapter struggled with the idea of Risk Based Thinking (RBT) and the process outlined in ISO 9001:2015.
Risk Based Thinking
The last issue is perhaps the most troublesome for quality management. This is because ISO’s Technical Management Board (TMB) included RBT in ISO 9001:2015. Consequently, the Technical Advisory Group cannot eliminate it from the standard. Further, because the TMB mandated inclusion in one standard, risk management is to be included in all future ISO standard revisions.
The inclusion of risk management in the ISO standards may change how quality management is viewed within the organization. By requiring that an organization recognize all the risks it faces and develop a mechanism for treating these risks, the consequences of poor product quality or not having an ISO 9001:2015 certification, becomes just two of multiple risks.
Other risks include the impact of a weather-related event, a cyber-attack, fraud, mismanagement, supply chain issues and damage to the organization’s reputation. When all the risks are evaluated and prioritized, the consequence of poor product quality or not having a 9001:2015 certification may be less than a cyber-attack, fraud and mismanagement. Further, the organization’s leadership may decide that the mitigative action it takes to reduce any adverse impact of poor product quality is enough. A9001:2015 certification is not needed.
Regardless of reason, one thing is clear, increasingly companies no longer see significant value in obtaining ISO 9001:2015.
Conclusion
The latest ISO valid certificate numbers indicate a dramatic decrease in ISO certifications. The 17% decline in ISO 9001:2015 valid certificates indicates that companies are questioning the value of ISO 9001:2015 certification. Since ISO 9001:2015 makes up 67% of all valid certificates, ISO, oversight bodies and the CBs could end up in an increasingly difficult financial position. This is because the decline of 9001:215 certifications cannot quickly be compensated for by growth in other certification areas. Finally, the inclusion of risk management in the certifications may result in management deciding that the mitigative efforts used to reduce any adverse impact of poor-quality products may be enough. Thus, ISO 9001:2015 certification is not necessary.
James J. Kline is a Senior Member of ASQ,a Six Sigma Green Belt, a Manager of Quality/Organizational Excellence and a Certified Enterprise Risk Manager. Heh as over ten year’s supervisory and managerial experience in both the public and private sector. He has consulted on economic, quality and workforce development issues for state and local governments. He has authored numerous articles on quality in government and risk analysis. His book, Enterprise Risk Management in Government: Implementing ISO 31000:2018, is available on Amazon. jeffreyk12011@live.com