The initial journey to create “sustained success” got off to a difficult start in 1987 when the intent was for quality managers to implement ISO 9004 followed by ISO 9001 for certification purposes. ISO 9004 was viewed as being associated with TQM. The extra work that was needed to fulfill TQM led organizations to use ISO 9001:1987 alone to certify their processes. Continue reading
In my previous blog (Issue 222), it was noted that ISO clearly states – “There is no requirement to certify an ISO management system standard.[i]” This statement by ISO is unqualified. It means any ISO management system standard. ISO also states in the management system standards with the high-level structure – “This International Standard[ii] contains the requirements used to assess conformity. Continue reading
Why did your company decide not to certify to ISO 9001:2015?
Many companies decided not to seek certification for a transition to ISO 9001:2015. On September 15, 2018, their certification to ISO 9001:2008 was no longer valid unless they entered into an agreement with a certification company. No one has yet conducted a thorough post-mortem on this situation. However, there are some clear deficiencies in how ISO 9001:2015 was written and how it was presented to the companies that were already certified to ISO 9001:2008. Continue reading
On My Left is COSO ERM:2017! On My Right is ISO 31000:2018!
Many companies are in the process of conducting the risk management taste test. The problem is that many of these companies are not yet sold on risk management. However, stakeholders, institutional investors and the US Securities and Exchange Commission have other ideas. Continue reading
ISO 14001:2015 placed its position on risk management in the Annex (A.6.1.1): “Although risks and opportunities need to be determined and addressed, there is no requirement for formal risk management or a documented risk management process. It is up to the organization to select the method it will use to determine its risks and opportunities. The method may involve a simple qualitative process or a full quantitative assessment depending on the context in which the organization operates.” However, they neutralized the confusing “risks and opportunities” phrase by defining it (3.2.11) as: “potential adverse effects (threats) and potential beneficial effects (opportunities).” Continue reading