Organizational Knowledge is Now Part of the Mix

ISO has now introduced the term “knowledge.” Since knowledge was not addressed previously the complexity of this subject and our approach to it are brand new. ISO 9001:2015 defines requirements for the handling of organizational knowledge in the following four phases, which are analogous to the PDCA cycle:

7.1.6 Organizational knowledge:

1. The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.
2. This knowledge shall be maintained and be made available to the extent necessary.
3. When addressing changing needs and trends, the organization shall consider its current knowledge, and,
4. Determine how to acquire or access any necessary additional knowledge and required updates.

NOTE 1 Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is used and shared to achieve the organization’s objectives.

NOTE 2 Organizational knowledge can be based on:

a) internal sources (e.g. intellectual property; knowledge gained from experience; lessons learned from failures and successful projects; capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products and services);
b) external sources (e.g. standards; academia; conferences; gathering knowledge from customers or external providers).

By introducing the term “knowledge,” ISO is trying to raise organizational awareness of the management and linking of know-how in order to position them for the future.


Knowledge is a very subjective term with individual definitions, so each organization must define it for themselves. Depending on the scope and context of the organization, their definition for knowledge can be completely different. A large-scale car manufacturer, for example, might define other target areas than a small law firm or Human Services provider.

These new requirements are not for the purpose of establishing administrative information or document management, but to ensure a controlled process for handling organizational knowledge in conformity with the quality management framework conditions.

Organizational knowledge: The two types

Knowledge Management best practices address both:

a) Explicit Knowledge – a type of knowledge that is formalized and codified, and is sometimes referred to as know-what, and
b) Tacit Knowledge – a type of knowledge that resides within an employee, sometimes referred to as know-how.

Organizational knowledge: The four phases

The four phases that define the requirements for obtaining and processing organizational knowledge include the many process points that provide purpose for the organization. It is a good idea to establish knowledge and competence objective up front – something (I would think) that has already been accomplished in most firms.

In phase 1, the organization should determine knowledge of customer expectations and requirements and the specific production / service-provision processes. Afterwards, they can plan how they can achieve the identified goals and objectives by means of learning, on the job training, certificate programs, etc.

knowledge-2In phase 2, the organization should determine specific methods to share knowledge in-house and to maintain this knowledge. Encouraging employees to pass on their experience from completed projects or failures to their colleagues as in “lessons learned” is a good start. Employees leaving the company (or refusing to share their experience and know-how) represent a major risk of loss of knowledge. Organizations wishing to mitigate these risks should collect and maintain the knowledge and know-how when it is available.

In phase 3 the organization should evaluate new knowledge, such as that communicated in a training session, interview with an employee on the status of knowledge, where appropriate, and identify opportunities for improvement. Another challenge involves monitoring changes in market trends or in technology and analyzing the extent to which they can influence the knowledge that the organization needs.

In phase four, the organization should identify opportunities for improvement in specific areas where targeted measures could be taken. Depending on circumstances, the organization might improve the processes for collection, storage and safeguarding organizational knowledge. It might also be a good idea at this time to re-validate critical knowledge or to improve the protection of existing know-how. In addition to continued training, the organization can use external sources including newsletters, industry magazines, strategic partnerships, etc. to expand their knowledge.

The Touchy-Feely Employee – Introduction of Human Factors

On December 13th the much awaited 2000 revision was released and the world changed forever! How significant the changes were, however, has taken sometime to fully realize. In a previous post we talked about the presence of Risk in the Standards – where it appeared and where it didn’t. Yes, 2000 was a big year… inclusion of so much but conspicuously devoid of risk (but that was then, this is now.)

Changes from 1994 to 2000

The text was reworded for easier adaptation to a wider range of organizations. Some definitions were changed. The standard had shifted from product to process-oriented thinking including a process model based on the Plan-Do-Check-Act cycle, which outlined the product and/or service cycle and the management control cycle.

The 20-element format was replaced. The text of the standard was now organized into four major processes:

  • Section 5. Management Responsibility
  • Section 6. Resource Management
  • Section 7. Product Realization
  • Section 8. Measurement, Analysis, and Improvement

Management Responsibility

  • Top management had to provide evidence of its commitment to the development and improvement of the quality management system.
  • The evidence needed to include communicating to the organization the importance of meeting customer needs, as well as regulatory and legal requirements.
  • The quality objectives were now measurable, had to be consistent with the quality policy and had to include a commitment to continual improvement.
  • Quality planning had to include continual improvement of the quality management system.
  • Top management had to ensure that customer needs and expectations were determined, converted into requirements, and fulfilled with the aim of achieving customer satisfaction.
  • Top management had to ensure communication of quality management system processes and of process effectiveness took place at all levels and functions of the organization.

Resource Management

  • The organization had to identify, provide and maintain the facilities it needed to achieve conformity of product, including: workspace and associated facilities; equipment, hardware and software; and supporting services.
  • The organization had to identify and manage the work environment with consideration of the human and physical factors needed to achieve conformity of product.

Product Realization

  • The organization had to determine customer requirements including: product requirements not specified by the customer but necessary for intended product use; and obligation related to the product, including regulatory and legal requirements.
  • The organization had to identify and implement arrangements for customer communications relating to: inquiries, order handling, or contracts (including amendments); customer feedback (including complaints).

Measurement, Analysis and Improvement

  • The organization had to collect and analyze appropriate data to determine the suitability and effectiveness of the quality management system and to identify potential improvements. Data had to be generated by measuring and monitoring quality system implementation and/or maintenance activities.
  • The organization had to analyze collected data to provide information on customer satisfaction and/or dissatisfaction and conformance to customer requirements. These methods had to confirm the continuing ability of each process to satisfy its intended purpose.
  • At appropriate stages of the product realization process, the organization had to measure and monitor the characteristics of the product to verify that requirements are met.
  • The organization had to plan and manage the processes necessary for the continuous improvement of the quality management system. The organization had to facilitate the continuous improvement of the quality management system through the use of the quality policies, objectives, audit results, data analyses, corrective and preventive actions, and management review.
  • The organization had to monitor information on customer feedback – satisfaction and/or dissatisfaction as one of the measurements of quality management system performance. The methodologies for obtaining and using this information had to be determined.

Human Factors was not expressly called out in ISO 9001:2000 Element 6.4 Work environment, which only required, “The organization shall determine and manage the work environment needed to achieve conformity to product requirements.” ISO 9004 screamed it out…

ISO 9004:2000 6.4 Work environment

Management should ensure that the work environment has a positive influence on motivation, satisfaction and performance of people I order to enhance the performance of the organization. Creation of a suitable work environment, as a combination of human and physical factors, should include consideration of:

  • Creative work methods and opportunities for greater involvement to realize the potential of people in the organization,
  • Safety rules and guidance and the use of protective equipment,
  • ergonomics,
  • workplace location,
  • social interaction,
  • facilities for people in the organization,
  • heat, humidity, light, airflow, and
  • hygiene, cleanliness, noise, vibration and pollution.

The 2008 revision of ISO 9001 continued with the same language but did add the guidance note below:

NOTE The term “work environment” relates to those conditions under which work is performed including physical,environmental and other factors (such as noise, temperature, humidity, lighting or weather).

This note then becomes the bridge between ISO 9004 (Guidance document) and ISO 9001 (Requirements) and although the term Human Factor is not specifically defined, it is categorized among ‘other’ factors such as, health & safety and environmental.

Finally, the 2009 revision of ISO 9004 took the subject to a whole new level with:

human-factorsISO 9004:2009 (current revision) 6.6 Work environment

The organization should provide and manage a suitable work environment to achieve and maintain the sustained success of the organization and the competitiveness of its products. A suitable work environment, as a combination of human and physical factors, should include consideration of:

  • creative work methods and opportunities for greater involvement to realize the potential of people in the organization,
  • safety rules and guidance and the use of protective equipment,
  • ergonomics,
  • psychological factors, including workload and stress,
  • workplace location,
  • facilities for people in the organization,
  • maximization of efficiency and minimization of waste,
  • heat, humidity, light, airflow, and
  • hygiene, cleanliness, noise, vibration and pollution.

The work environment should encourage productivity, creativity and well-being for the people who are working in or visiting the organization’s premises (e.g. customers, suppliers, and partners). At the same time, the organization should ensure that its work environment complies with applicable statutory and regulatory requirements and addresses applicable standards (such as those for environmental and occupational health and safety management).

How do you suppose an auditor is going to assess an ‘emotionally protective’ environment? Truth…They’re not! They’re going to keep auditing the way they have done so since 2000, going merrily along ignoring the fact that it’s there. So what about now? The concept is now codified in ISO 9001 in this latest 2015 revision

ISO 9001:2015 7.1.4 Environment for the operation of processes

The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services.

NOTE A suitable environment can be a combination of human and physical factors, such as:

a) social (e.g. non-discriminatory, calm, non-confrontational);
b) psychological (e.g. stress-reducing, burnout prevention, emotionally protective);
c) physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise).

These factors can differ substantially depending on the products and services provided.

And now the fun starts…

Change Management and ISO 9001:2015

To be compliant, ISO 9001:2015 requires the organization to identify and implement any changes to the quality management system, its processes or its outputs (products or services) in a planned manner.

The following clauses of ISO 9001:2015 focuses on change management:

1. Clause 4.4.1 g) evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results;

2. Clause 5.3 e) ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

3. Clause 6.3 Planning of changes: When the organization determines the need for changes to the quality management system, the changes shall be carried out in a planned manner (see 4.4).

The organization shall consider:

a) the purpose of the changes and their potential consequences;
b) the integrity of the quality management system;
c) the availability of resources;
d) the allocation or reallocation of responsibilities and authorities.

4. Clause Control of Documented information c): control of changes (e.g. version control)

5. Clause 8.1 Operational planning and control: The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

6. Clause 8.2.1 b) Communication with customers shall include; handling inquiries, contracts or orders, including changes;

7. Clause 8.2.4 Changes to requirements for products and services: The organization shall ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.

8. Clause 8.3.6 Design and development changes The organization shall retain documented information on: The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements:

a) design and development changes;
b) the results of reviews;
c) the authorization of the changes;
d) the actions taken to prevent adverse impacts.

9. Clause 8.5.6 Control of changes: The organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements. The organization shall retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.

10. Clause 9.2.2 a) The organization shall plan, establish, implement and maintain an audit program including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits;

11. Clause 9.3.2 b) (Management Review inputs) The management review shall be planned and carried out taking into consideration: b) changes in external and internal issues that are relevant to the quality management system;

12. Clause 9.3.3 b) the outputs of Management review shall include decisions and actions related to: any need for changes to the Quality Management System.

13. Clause 10 NOTE Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation and re-organization.

14. Clause 10.2.1 f) when a nonconformity occurs, including any arising from complaints, the organization shall: make changes to the quality management system, if necessary.

The three stages of Controlled Change Management:


Change management starts with identifying the change requirement. The following are the some of the changes that generally take place in an organization:

1. Change in the scope of the Quality Management system

2. Policy change

3. Product change (technology improvement, raw material change, change in customer requirement etc.)

4. Process change (Quality Improvements and Productivity increase)

5. Procedure change (equipment changes, new equipment, Raw material changes etc.)

6. Change in Employees (new positions, New recruitments, resignations, Long leave etc.)

7. Change in Management (Mergers, take-overs etc.)

8. Changes in Requirements (customer requirements, Legal requirements, QMS requirements etc.)

The change control process is as follow:



Simple Change Management Plan as per clause 6.3 of ISO 9001:2015:


(This template may be used as input to Management review, as required by Clause 9.3.2)

Quality objectives and planning to achieve them – Part 2

Last time we talked about the problem of have trying to balance auditor acceptance with ISO compliance. So now we’ll discuss how to ‘beat ‘em at their own game.’ If you looked at the graphic in the last post, you may have noticed the diversity of Top Quality Management Objectives by industry. You may have also noticed that not all reflect ‘strategic direction’ and even fewer are easily measured quantitatively in present form. And, there lies the secret.

The intent of the Standard is that the organization determines its context (4.1,) Interested Parties and their requirements (4.2,) scope and boundaries (4.3,) processes and how they interact (4.4,) mix it all together with a heavy dose of customer focus (5.2) and create an ‘Elevator Speech’ that encompasses the Mission and Vision of the organization – The Quality Policy. And then the Standard tells us we have to write it all down in (5.2.2) tell people about it and pass it out to anyone who wants it.

The quality policy shall:
a) be available and be maintained as documented information;
b) be communicated, understood and applied within the organization;
c) be available to relevant interested parties, as appropriate.

So we distill the ‘Elevator Speech’ down to fit on the back of a business card which we’ll hand out to all our employees.They in turn will carry said cards around in hopes that an auditor will ask them ‘what their quality policy is’ at which point they smile, reach into their back pocket and present the card to the auditor. The auditor will then offer praise and say ‘that’s great, now what does that mean to you?’ to which the employee says I don’t know, I can’t read.’ By the way, this is a true story – it happened to me during an audit I performed down in Aikin, SC.

But we drift slightly off course.

The purpose of the policy, in addition to crystalizing our commitments to quality and improvement is to provide a basis for establishing our Quality Objectives. Which, if you’ve been paying attention, you’re starting to realize is not an easy task. The Standard is ‘suggesting’ these objectives identify areas of improvement and then be deployed throughout the many levels and functions to bring about positive change with the ultimate goal of enhancing customer satisfaction. On top of which, these need to be written down:

The organization shall maintain documented information on the quality objectives.

When planning how to achieve its quality objectives, the organization shall determine:
a) what will be done;
b) what resources will be required;
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.

Holy – Moly, that’s quite a mouthful. What’s involved? Well, the auditor is going to expect a manageable number of ‘action items’ objectives with five (5) components; a) what is to be achieved, b) how it will be achieved – what’s involved, c) who is responsible, d) when it will be done, and e) how it will be measured. How the hell are we going to do that! Easy, two sets of books and no, this isn’t cheating. It makes perfect sense when you consider the logistics of satisfying both ISO and the auditor. Two sets of books (objectives.) The first is the organization’s strategic plan, accomplishments, goals and objectives for the year (2-year, 5-year) or other appropriate target. These Corporate Goals (collectively that you will not show the auditor – “intellectual property’) will be the basis of the Quality Objectives you will show the auditor.

Most organizations document high-level objectives within the Quality Policy, such as: 100% quality product or service; 100% on-time, in-full delivery; 100% compliance with requirements; and, continual improvement to our QMS. So why not build on them! Create a Corporate Goal Statement and back-fill from relevant established processes.

But, before we develop our Quality Objectives, that will be deployed at relative functions and levels throughout the organization, let’s think about what the auditor is looking for.

  • ISO 9001:2015 now requires organizations to set quality objectives at functions, levels and processes that are relevant to conformity of product and the enhancement of customer satisfaction. The auditor is looking for evidence that the established quality objectives add value to the relevant functions, levels and processes within the organization.
  • Organizations are now required to determine what resources will be required to achieve quality objectives, who will be responsible for them, what will be done and when, as well as how achievement of the objectives will be evaluated. In many cases, this will require organizations to undertake more detailed monitoring of objectives and targets than they have in the past.
  • Auditors are going to insist that you provide evidence that you are complying with these new requirements.So, now what? I suggest something like this.

Objectives 1

The beauty of documenting objectives like this is:
1) There is no doubt as to the Corporate Goal,
2) Quality Objectives are color coded (Blue,)
3) Measurable in Red,
4) Satisfaction is Green (or dis-satisfaction in Brown,)
5) It is clear who is responsible,
6) What will be done, and,
7) When it will be done by.
8) Resources could be optional here, either by adding or not.

Now, tie it together with your KPIs and you’ve got the whole package.

Objectives 2

In this case, column 1 is the process (shown in the Interaction of Processes,) column 2 is that which will be measured,column 3 is the planned performance objective (and in this example, how the measurement is calculated) and column 4 the running total of achievement which can be updated monthly or quarterly.

That wraps up objectives, see you next time with Change Management.

Quality objectives and planning to achieve them – Part 1

It has always been a curiosity of mine, with 20 years in manufacturing and another 20 in quality (yes – I’m THAT old!) I wonder how organizations come up with quality objectives. I wonder even more at the conversations…

The obvious first question is, “Have you established quality objectives?” The Standard says we must do so in section 6.2.1. The organization shall establish quality objectives at relevant functions, levels and processes needed for the quality management system.

But ISO has muddied the waters a bit by adding the relevant functions, levels and processes needed for the quality management system part, which strikes me as an over-statement, a cry for of common-sense where there is none. At least we get the point. Quality objectives are for the whole company, not just the quality department. But then the Standard goes on to say:

The quality objectives shall:
a) be consistent with the quality policy;
b) be measurable;
c) take into account applicable requirements;
d) be relevant to conformity of products and services and to enhancement of customer satisfaction;
e) be monitored;
f) be communicated;
g) be updated as appropriate.

Lordy, Lordy, Lordy! Now the fun starts. By intention, the International Standard is not crafted to be prescriptive, in fact, that’s the last thing ISO wants but here it is in all its glory and in my opinion the prescription begins and ends with a little troll sitting behind a desk in Geneva, Switzerland trying to justify his existence because this element is only a small piece of the big business pizza puzzle. And, if the 2015 revision is to be taken seriously as a ‘business model’ this element is sorely in need of a re-do. And, then there’s that relevant functions and levels part – but we’ll get there. First, let’s break it down into manageable pieces. The standard says:

Top Quality Management ObjectivesThe quality objectives shall: a) be consistent with the quality policy;

Well, that’s fairly straight forward because the Standard also tells us what the Quality Policy must say (again with the prescriptiveness.)


Top management shall establish, implement and maintain a quality policy that:
a) is appropriate to the purpose and context of the organization and supports its strategic direction;
b) provides a framework for setting quality objectives;
c) includes a commitment to satisfy applicable requirements;
d) includes a commitment to continual improvement of the quality management system.

The requirements for the Quality Policy resides in Clause 5 and the Objectives in Clause 6 so it’s clear which must come first and inclusion of and supports its strategic direction makes sense if the Standard is a business model. But this element goes on to include a commitment to satisfy applicable requirements, whatever they may be and commitment to continual improvement of the quality management system which explains all the ‘cookie-cutter’ quality policies we see out there that fail to address and supports its strategic direction.

It all ends up being some regurgitated Pablum devoid of the loftiness envisioned by the little troll and usually documented as:

  • Meet or exceed customer requirements for the purpose of enhancing customer satisfaction

By making content mandatory, the Standard diminishes its role as a business model and re-directs focus back to the quality function. But, we digress – On to establishing quality objectives and my major concern. The Standard says:

The quality objectives shall:
b) be measurable;

Again, I understand the intent here and realize my concern is with the verbiage (the tip of the much bigger ‘communication iceberg’) because I don’t think it says what they think it says. Alright, stay with me on this because we’re going for a linguistics journey…

As with any word, the meaning is part ‘general acceptance’ and part ‘colloquial’ which means the same word can have many meanings depending on interpretations between issuer and receiver. This is why the Standards’ review and revision process is such a challenge – translation into all the various languages is almost insurmountable.

Word Origin and History for measurable adj. c.1300, “moderate,” from Old French mesurable “restrained, moderate; sensible; restricted”

Word origin courtesy of Online Etymology Dictionary, © 2010 Douglas Harper

1. Able to be measured.
2. Of significant importance.

Regardless of colloquialism, there is always a resonance with word origin, in this case “restrained, moderate; sensible; restricted.” These words connote a go / no-go state, an either or, qualitative relationship with the world, yet when we consider ‘general acceptance’ of the word measure, we want to perceive a quantitative component – a finite judgement as to value – to measure in comparison with something else.

Could one not argue, however, that the binary system (0s and 1s) might be used to ‘measure’ the open or closed state value and be true to the definition, in short, a yea or nay and because they’re assigned integers, could it not be argued that quantitative measurement has been achieved? The problem with this argument is there are very few auditors who are linguistically inclined and the connotation of quantitative measurement translates, in their minds, as a Likert Scale (1 – 5, least to best) at minimum.

Now you see my dilemma – to be true to the Standard, you may alienate the auditor but to satisfy the auditor you may lose the intent of the Standard! And, doesn’t it explain a lot because by using this one small example the whole auditing schema becomes laid bare? It is the auditor, not ISO, who determines the rules and as many of you have seen, especially if you’ve had to deal with multiple auditors, the rules change.

Different interpretations of the requirements by different auditors (or if you have a really good auditor, who learns from experience, a change in position from one audit to another) and all the many BS explanations of why this happens is the root of all evil. So, what can one do?

We’ll look at how to deal with it in part 2 …

To Risk or Not to Risk – Part 3

Last time we looked at the evolution (or DEVO) of Risk in ISO 9001 up through the 2008 revision. This time we will start with ISO 9004:2009, which is still the current revision.

…But first a little story. ISO 9004 is a companion to ISO 9001. It is not an auditable guidance document but specifically drafted to give additional guidance, explanation and advice to Top Management. It is not what you might call ‘spellbinding,’ it is ‘chock-full’ of ideas the will improve the ROI on registration.

Analogy – Think of Cadillac or Lincoln passing down their innovations to subsequent year models of Chevy or Ford and you can better understand ISO 9004. What is in there today will be in your auditable Standard tomorrow.

I had my Eureka-moment back in 2000. I was auditing and consulting for a major CB (Certification Body) who provided the 2000 revision suite (ISO 9000, 9001 and 9004.) I actually read it! I could not understand why all ‘this extra stuff’ was in there but (being still, fairly new) I thought if it was there, it must be there for a reason. I looked back to my copy of ISO 9004:1994 (which I had never paid attention to) and said to myself, “Ah Ha!” I was hooked! I tracked down a copy of the ISO 9001 and 9004:1987 Standards and finally MIL-Q-9858 so this post is a long time coming.

Guess what ISO 9004:2009 now brings home the ‘risk’ idea in Section 4.3 The organization’s environment, “An organization’s environment will be undergoing change continually, regardless of its size (large or small), its activities and products, or its type (for profit or not-for-profit); consequently this should be monitored constantly by the organization. Such monitoring should enable the organization to identify, assess, and manage the risks related to interested parties, and their changing needs and expectations. Top management should make decisions for organizational change and innovation in a timely manner in order to maintain and improve the organization’s performance. NOTE: For more information on risk management, see ISO 31000.” Up until now, there has been no clear guidance on how to satisfy the requirements, but now, a non-auditable guidance document is given as a nominal reference. Risk is here to stay!

Thank (your own designated) God the auditors missed all this because CB auditors are not expert at Risk Management. In fact, CB auditors are not experts at many things coming down the pike!

Not needing to repeat the pattern, I will just jump forward to tomorrow (with qualification.) I believe I know where this is all going but I do not know when. Face it, ISO (International Organization for Standardization) is not a compliance organization, it is a publisher. It only makes money if we buy their publications. Therefore, since they write the Standards… How many do you think they want us to buy? All of them!

Moving forward, I believe, the next revision ISO 9001:202x will add additional aspects of Financial Resources (Lean,)Work Environment (Human Factors,) Knowledge Management, Self Assessment and Innovation. Guess what, standards for these either exist or are in development. I will say more about these in a future blog series.

In addition, I believe a future revision may have auditable requirements for Environmental Management (ISO 14001) and Occupational Health & Safety (ISO 45001) but this is not a bad thing because an Integrated Management System might just satisfy the new requirements. In the very least, it positions you for SHARP or VPP recognition (depending on company size) and that is a really, good thing. Every State has a local OSHA office, which offers ‘voluntary status consultation.’ Do the prep work (the Kilpatrick Group has assisted 25% of all RI recognized SHARP participants) and go for the ‘brass ring.’

Although ISO 31000:2010 Risk management guidance document (and ISO 30010 listing the multiple and popular assessment tools) are non- auditable, guidance documents, there are some CBs lobbying to make them full-blown, auditable quality management system status. I saw this coming and began building full-blown Enterprise Risk Management Frameworks back in 2011 in anticipation of the 2015 revision.

Based upon ISO9004 revision history (Cadillac Analogy) my thought is that the following revision of ISO 9001 will roll in full-blown Risk Management, Corporate Social Responsibility (ISO 26001), Information Security (ISO 27001 & 2) and Energy Management (ISO 50001) sometime around 2030. God help us because the auditors will not be qualified to audit these new competencies. I guess you will just have to follow my postings to keep up to date!

Note: These are only the opinions of this author. What happens in the future remains to be seen.