Featured Product
This Week in Quality Digest Live
Standards Features
Dawn Bailey
A legacy of forward thinking kept medical center on its award-winning path
UC Berkeley NewsCenter
Important confirmation that scale-up will work
Emily Newton
Consumers want to know that EVs are safe and reliable
Eliot Dratch
Responding to the organization in the mirror
Taran March @ Quality Digest
The Olympus CIX100 inspection system enables 21 CFR Part 11 compliance

More Features

Standards News
First trial module of learning tool focuses on ISO 9001 and is available now
Both quality professionals and their business leaders agree that openness and communication is essential to moving forward
July 8, 2021, at 12:01 p.m Pacific standard time, 12 p.m GST, and 10 a.m Beijing time
ISO 37301 provides everything needed to develop, implement, maintain, and improve an effective compliance management system
Two new standards join the ISO series
Design, develop, implement, continually improve risk management in systems and software engineering
ISO/IEC/IEEE 16085 has just been updated
Patient safety is a key focus in update of ISO 14155, the industry reference for good practice in clinical trials.

More News

Denise Robitaille

Standards

What Takes So Long?

The labor-intensive road to ISO 9001:2015

Published: Wednesday, September 10, 2014 - 13:22

Unless you’ve been hiding under a rock for the last two years, you can’t help to have noticed that the ISO 9001 standard is in the middle of its revision process. Seems like people have been talking about this revision for ages. And, it’s not even a whole new standard. They’re not starting from scratch. They’re changing an existing document that’s supposed to replace the one that’s been around since 2008—which everyone knows wasn’t that much different from the one that came out in 2000.

In this 21st century, where just-in-time enterprise resource planning systems have been honed to rival the precision of Olympic time keepers and the speed of Alpine downhillers, why does it take so long to revise this document? It’s less than 30 pages long, including the front matter and annexes! What gives?

Believe it or not, there’s genuine and deliberate justification for the time it takes. And, most of it has to do with making sure that the document has integrity and has been developed using a consensus process that ensures global involvement by technical experts representing myriad industries and fields of interest. It takes time to get it right.

So, let’s walk through the process (and, it is a process, although sometimes it resembles a slow motion crawl through the slogging morass that is the realm of all things quality geek).

The rules for creating new standards, revising existing ones, and even withdrawing those whose relevance has long expired resides within the ISO/IEC Directives, specifically Part 1—“Consolidated ISO supplement—Procedures specific to ISO,” and Part 2“Rules for the structure and drafting of international standards.” Combined, these directives run to more than 230 pages. Within them are rules for (among other things) submitting new projects, setting up working groups or new technical committees, document structure, language, the balloting process, and ultimate release.

The directives require that all standards undergo a systematic review at a maximum interval of five years after their latest release date. Note that this is not the same as saying that the standards get revised every five years. The systematic review can begin earlier, if the technical committee has a justifiable reason. The revision process can’t begin until after the systematic review is complete, along with a few other steps we’ll get to shortly. So, if the leadership decides to wait the full five years, which is typical, the clock starts ticking after the ballot results from the systematic review. The ensuing steps generally take two to three years. This rounds things out to about a six- to eight-year cycle in between revisions.

Preparing for the systematic review

What happens before the systematic review? These activities aren’t all specifically covered in the directives, but you’ll see that they make good sense.

In anticipation of a systematic review, input is sought, which informs the decision-making process. In the case of this latest revision of ISO 9001, there were multiple meetings, a large international survey was conducted, concepts were developed, white papers published, and options explored. Forums were created to allow the technical experts to opine on the global and technological changes that have impacted the usability of the standard. Factors such as the burgeoning use of ISO 9001 by service and software industries, as well as governmental, educational, and not-for-profit entities, were discussed.

All of this information was gathered and analyzed so that when the systematic review was initiated, the member bodies would have the information they needed for the ensuing ballot.

The member bodies who comprise TC 176, the technical committee on quality management and quality assurance, currently represent 94 countries from around the globe. There are an additional 25 countries with observer status that can attend meetings, but that do not have voting privileges.

In addition to the “P” (voting) and “O” (nonvoting) members, there are organizations that have liaison status. They participate in meetings but, like “O” members, can’t vote. These liaison groups represent countries’ quality organizations, industries, and interests ranging from automotive and aerospace to international nongovernmental bodies and academia. They often bring additional perspective and voice sector-specific concerns that might otherwise go unconsidered.

The secretariat of the subcommittee (within the technical committee) having responsibility for the standard—for ISO 9001 it’s TC 176/SC 2—initiates the systematic review. This involves a ballot with three possible choices: affirm, revise/amend, or withdraw. There is a specified period for the vote, generally about 60 days. At the end the results are published.

The revision process

When the vote is to revise, the leadership of SC 2 establishes a working group to develop the revision, selects a convener (much like a chairman), and issues a call for nominations for experts to populate the working group. There are usually no more than two technical experts from any one member body. Each member body uses its own internal criteria for selecting those it nominates. Experts may come from industry, quality organizations, government bodies, academia, or any other user group. In the United States, technical experts are generally (although not always) drawn from among members of the U.S. technical advisory group to ISO/TC 176.

Concurrently, some technical experts, having participated in the collection and analysis of information for the review, begin the process of writing the design specification. This document defines the scope of the revision project. It includes data derived from the surveys, white papers, and other inputs that were previously mentioned. They will also develop the timeline for the project. The “ISO 9001:2015” designation that’s currently being used in all publications, notifications, and other media, is based on this timeline and the anticipation that the document will be ready in September 2015.

At the same time, the subcommittee leadership, with input from some of the members, begins the process of securing a venue for the first meeting of the working group. Although some of the early up-front stuff may be accomplished virtually, the working groups require face-to-face meetings, usually lasting three to five days.

Once the design specification is complete, it is balloted. This ballot generally takes about two months. As part of the balloting process, voting members may also submit comments. These comments must be considered and properly dispositioned. If there are many substantive changes, the design specification may need to be reballoted. In the case of this 9001 revision, the comments and resulting changes did not warrant a second ballot.

For those of you who are keeping track, we haven’t had the first meeting, and yet we’re already more than six months into the project. Apart from the balloting periods, other factors that protract the lapse between phases are things like paperwork, scheduling conflicts of key players, holidays, and availability of an acceptable venue for meetings.

Working with the working draft

The working group comes together and creates a working draft (WD) of the document. The group creates (or revises) the structure of the document, achieves consensus on basic concepts, and develops the requirements based on the design specification. The WD is circulated only among the working group members. They are prohibited from publishing the WD or sharing it outside of the scope of the group. They may make summary comments describing highlights of the document or talk in general terms about changes to be anticipated. This actually protects users from charlatans and soothsayers who’ll confuse and frustrate people with predictions and disinformation that will end up creating havoc in the marketplace and resentment toward the standards developers—which, in turn, undermines the integrity of the finished document.

Once the working group decides the document has reached an appropriate level of maturity, the subcommittee members vote to move it on to the committee draft (CD) phase. The working group convenes (again, after having found an acceptable venue and all the other logistical stuff) and begins work on the CD. It’s not uncommon for there to be follow-up activities and even additional meetings before the CD is ready to be sent to the ISO secretariat for formatting. Once that’s done, the CD is issued for balloting and comments. Unlike the WD, the CD is publicly available, and public commenting is encouraged.

This ballot generally takes three months and includes a request for comments. There is a comments template that technical experts are required to use. It is formatted to allow insertion of specific reference to text, the concern, and a recommendation for correction or improvement. The template brings some measure of uniformity to managing the comments. All comments from all member bodies are collated by the secretary of SC2 and then prepared for the next meeting of the working group. For the CD ballot of ISO 9001, there were slightly less than 3,000 comments received.

The working group has three giant tasks at this meeting. It has to disposition all the comments, which means accepting them into the document, using part of the guidance found in the comments or rejecting the comment as incorrect or inappropriate. The ISO directives require that the disposition of every comment be recorded. This serves the purpose of guaranteeing transparency and reassuring members that comments are not being ignored or cavalierly dismissed. The second task is to take all the good ideas that came out of the comments and use them to improve the document. The third task is to edit the text to increase its homogeneity, consistency, readability, translatability, and maturity.

The assumption at this point is that the ballot passed, and the document is being further edited, revised, and improved toward the goal of creating a draft international standard (DIS). If the ballot had failed, then much of the work would be the same, except there would be more focus on concepts and basic requirements, and the output of the working groups work would be a CD 2—a second committee draft. It’s not uncommon for documents to go to CD 2—or even CD 3—if there’s a concern about the maturity of basic concepts. However, this revision of ISO 9001 sailed through the CD process and moved forward to the creation of the DIS.

Creating the DIS

The work on the DIS progresses in the same manner. Similar logistics must be addressed. Additional meetings (either face-to-face or virtual) get scheduled. Holidays intrude on attempts at time management. The standards developers carve out time from their usually busy schedules.

So, we’ve added another eight months to the process. Now the DIS gets sent to the ISO secretariat again for formatting, and then gets issued for a five-month ballot. For the current project, that’s where we are now. The DIS ballot closes in October 2014. Based on the results and on the nature of the comments, the document will go forward for development of the final draft international standard (FDIS). At this stage, most of the work deals with improving text, correcting errors, and polishing the document. The structure, concepts, and requirements have already been established and elaborated upon.

Once the document is ready, it gets sent to the ISO secretariat again and then gets issued for a two-month ballot. There are generally no requests for comments with an FDIS, although some voting members can’t resist the inclination to make further comments.

Once the results of the ballot are known, the document either goes back to the working group (if the vote was no), or it moves back to the ISO secretariat (if yes), who does the final edit and then publishes the standard.

Again, there are lots of rules and steps in this process. What’s been described here is an overview. All of this serves to demonstrate the rigor inherent in the document that finally ends up being used by more than 1.2 million organizations around the world.

And that is why it takes so long.

Discuss

About The Author

Denise Robitaille’s picture

Denise Robitaille

Denise Robitaille is the author of thirteen books, including: ISO 9001:2015 Handbook for Small and Medium-Sized Businesses.

She is chair of PC302, the project committee responsible for the revision to ISO 19011, an active member of USTAG to ISO/TC 176 and technical expert on the working group that developed the current version of ISO 9004:2018. She has participated internationally in standards development for over 15 years. She is a globally recognized speaker and trainer. Denise is a Fellow of the American Society for Quality and an Exemplar Global certified lead assessor and an ASQ certified quality auditor.

As principal of Robitaille Associates, she has helped many companies achieve ISO 9001 registration and to improve their quality management systems. She has conducted training courses for thousands of individuals on such topics as auditing, corrective action, document control, root cause analysis, and implementing ISO 9001. Among Denise’s books are: 9 Keys to Successful Audits, The (Almost) Painless ISO 9001:2015 Transition and The Corrective Action Handbook. She is a frequent contributor to several quality periodicals.

Comments

Int'l Std's Organization

One international, two standards, three organization, but first of all STANDARDS: if ISO were adaptable enough, which is a basic feature of living beings, we wouldn't talk so much about HOW ISO release their standards but we would be more concerned of their contents. Which we apparently don't care for, so far, until we're compelled to put them in place. Along the years and apart from published figures, ISO 9001 has revealed itself a quality black hole: some kind of Masoch's creature. 

The laborious process

Both comments reflect a reasonable frustration with an undeniably cumbersome process. There are two points to be garnered. One, the market should have a better sense of why the process takes so long. And two, most of the delays reflect a genuine commitment to ensure participation and parity in the consensus building process for a standard that affects millions of users.

Comment

Nothing Google Docs, discipline and web access couldn't fix.

Somewhere along the line, "instruments" became "devices". Please provide the fascinating story of the brave, bold individuals who sacrificed their time for that foundational shift.

What's your response to all the intelligent folks who know that injecting Risk into ISO 9001:2015 is at best unauditable and IMHO an impending train wreck?

There's the rub

In the words of the great bard: "There's the rub." There isn't global uniform access to technology - and, frankly, some things are more effectively worked out face-to-face. Changes in terms are an attempt to bring better alignment with multiple standards. And risk-based thinking may be challenging to audit, but will probably pay dividends for the users in the long run.

Graphics are your friend

Sorry, my eyes glazed over in the middle of the second page. I think this article might contain some wisdom, so I'll try again soon.

Finished it.