#63 – IS ISO STILL RULING THE WAVES? – UMBERTO TUNESI

Umberto Tunesi pixThe Way We Are

This is a  question that is very difficult to answer.  I therefore askl for your comments as stakeholders in a risk management-oriented magazine.

ISO’s 2013 survey’s figures are not very clear to me: on their website they show figures here and there but there’s really no clear picture of how ISO’s standards impact certifications or move the market.  

ISO states something less than 1,5 million certificates have been issued worldwide and  other sources mention slightly more than one million certificates and personally I don’t care for the number of ISO certifications in Afghanistan, it’s a marginal market to me.

What I would prefer are ISO’s forecasts on the next ISO 9001:2015 revision, which is said to be risk oriented or Risk Based Thinking.

ISO 9001 has probably been since the late 1987, the standards’ best-seller and, though being often criticized, it still is the #1 ISO best-seller.

It has to be noted, however, that starting with ISO 9001:2000, markets increasingly requested product-oriented certification standards.  This might explain the slow growth of ISO certifications in 2012 some four percent plus.

The general approach of the ISO 9000 series  and its spin-offs like ISO 14001, ISO/TS 16949, and others has always been quite generic and therefore not actually satisfying specific industry requirements.  What do I mean?

When an auditor looks at quality records – even at the more advanced ISO/TS 16949 control charts – he or she usually finds never ending lines of meaningless OK’s.

Of course, the auditor thinks:

  1. Why not reduce sampling frequency?
  2. Why not introduce more detectable signals than the typical OK?  It would help to reduce process’s risks.

But the ISO 9000 series doesn’t give the auditor the authority to offer such suggestions.    Any company or organization being allowed to establish the management system it thinks most suited.

A further certification risk is represented by the auditee paying for the registrar, making therefore independent certification a true daydream.

The Way We’ll Probably Be

The ISO 9001 2015 DIS (Draft of International Standard) should be pretty much the same as the final standard due to be published by the end of 2015, then a three year period of grace is granted for implementation.

But more and more companies, especially the smaller and the more innovative ones, look at the ISO standards as a set of very stringent, compelling rules that don’t help them to be more efficient.

And that don’t help to sell more, nor to better satisfy their customers.

The more innovative ones plan to establish self-control and self-certification systems that assure their customers that product quality meet the contractual conditions they promise.

The Way We Would Like to Be

There’s no joking these days.  Marketing, charlatans are too easily spotted.

ISO with its continuous passion for documents seems to keep ignoring the difference between actual facts and paperwork.

Much like a government when a law can be good but its implementation is very expensive.      Important issues arise, much like ISO 9001.  Who, how and when are critical questions in law and ISO arise about the control implementation?

At what cost?

New concepts have been introduced into ISO standards such as risk based thinking (RBT).  Do we need how effective RBT is in different sector such as its aero-ability, car-ability, ship-ability, and so on.  Do we know how risk will fit into each sector?

Risk concepts are not new in themselves.  Actually, what’s new is that we’ve long forgotten to put them into practice.

These could – maybe should – be the basis to develop more advanced efficiency and effectiveness indices.

Think about it:  capability indices should be more clearly connected to risk indices.  Cp’s, Cpk’s, Cmm’s and so on are no fantasy figures but I seldom find them quoted in risk analysis studies.

I might be wrong, however I would like risk-oriented literature to be clear on these connections.  The risk being that readers or students would not see that both languages –  risk and quality have very much in common.

To my knowledge, ISO keeps developing its standards, but it doesn’t bridge quality and risk clearly

We may have therefore to do it.  The risk for everyone is that we have to spend resources to hunt for and follow ISO’s risk requirements so that all of our efforts will may result in mass certification exodus.  .

It seems to me that ISO people keep living in their own ivory tower, while we have to fight the everyday battle of profits, marketshare, and customer satisfaction.

I have worked with ISO standards since 1985.  I think therefore that I have a fair knowledge of their processes and of what’s behind them.

I sincerely hope they become more technical and applicable like – just to name some examples – AIAG, ASTM, BS, DIN.

Should we sing God save our precious ISO?  But they’re Swiss not English.

As per agreement with CERM Risk Insights e-magazine, what I write is my sole responsibility.  Thus, if any of you interpret what I’ve said as criticism to ISO, CERM Risk Insights e-magazine has nothing to do with it.

Leave a Reply

Your email address will not be published. Required fields are marked *