Could point.
The Future Structure of ISO Management System Standards - from HLS to HS (Harmonized Structure) September 2023
- Thread starter Sidney Vianna
- Start date
J
JaneB
Great article, Sidney and it's good to see the direction they're taking. Thanks a lotfor keeping us informed.
You are welcome. This "new" direction for the ISO Management System standards will certainly impact the discussions on the What should be changed in the ISO 9001:2014 Standard? thread, I hope....
Without a doubt (in my mind), this common direction for future ISO MS Standards should be a positive change. It will make life easier for the enlightened organizations that want to integrate the separate management systems into a more coherent one and make such systems an integral part of their business operating system.
Last edited:
J
JaneB
Sidney,
Yes it does (or should) impact the discussions in that thread
Yes it does (or should) impact the discussions in that thread
I do agree. It's quite confusing for many people new to the world of management systems standards trying to get to grips with the various structures and directions. Having a common direction should make that more consistent, more coherent and easier. All very good things in my opinion.
One of the concerns over this possible route with the ISO Management System Standards, including the (cash cow) ISO 9001 is the fact that several Industry sector standards, such as the ISO/TS16949, AS9100, AS9110, AS9120, TL-9000, etc. use ISO 9001 as a baseline.
If the IATF, IAQG and other similar stakeholders don't agree with the direction of a future ISO 9001 along the lines of the article in the original post, they might start to de-couple such sector standards from ISO 9001, what would be not desirable for the users of the standards who have to demonstrate conformance with multiple standards.
The ISO JTCG has to manage this risk very carefully.
If the IATF, IAQG and other similar stakeholders don't agree with the direction of a future ISO 9001 along the lines of the article in the original post, they might start to de-couple such sector standards from ISO 9001, what would be not desirable for the users of the standards who have to demonstrate conformance with multiple standards.
The ISO JTCG has to manage this risk very carefully.
An early draft of the proposed common language for future ISO Management System Standards is attached.
Interesting to note that section 10 deals with nonconformity and corrective action. No mention whatsoever to preventive action. Could they have seen the light?
Also, the term and definition of risk is introduced.
Interesting to note that section 10 deals with nonconformity and corrective action. No mention whatsoever to preventive action. Could they have seen the light?
Also, the term and definition of risk is introduced.
We can only hope. I think it should be evident to most people with a steady pulse that continualous improvement can't happen without preventive action, so establishing PA as a distinct requirement is superfluous and has led to much pain and suffering. I say this notwithstanding those folks who, despite witnessing the confusion the requirement has caused, claim that the requirement is perfectly clear to them.An early draft of the proposed common language for future ISO Management System Standards is attached.
Interesting to note that section 10 deals with nonconformity and corrective action. No mention whatsoever to preventive action. Could they have seen the light?
And the definition has been badly botched, imo. It's given as "effect of uncertainty on objectives." The definition, which is bad enough to begin with, is further muddied by two notes:
"NOTE 1 An effect is a deviation from the expected — positive and/or negative.
NOTE 2 Uncertainty is the state, even partial, of deficiency of information related to an event.
The combination of consequence and likelihood of an event can be used to characterize risk. "
First, "risk" is the possibility or probability of undesirable results. Given Note 1, we must also characterize serendipitous results as part of risk, which is antithetical to the concept, especially in this context.
Note 2 describes "uncertainty" as deficiency of information, which is partially correct but ignores the role of probability in risk. In other words, we may have all of the information we need and understand the probability of a negative result, but accept the probability (and thus the uncertainty) because of the information we have.
I'm not a big fan of the definition of risk here either. The definition of risk in AS9100 seem much more clear and applicable to management systems:
I've definitely seen what I consider to be worse definitions for this application though:
AS9100:2009 said:
I've definitely seen what I consider to be worse definitions for this application though:
Risk Management Guide for DoD Acquisition said:
I'd like it better if "likelihood" were changed to "possibility."
V
vanputten
The definition of Risk comes from the TMB (Technical Management Board) on Risk Management (ISO 31000 et al.)
ISO Guide 73:2009*Risk management – Vocabulary
ISO 31000:2009 Risk management -- Principles and guidelines
ISO/IEC*31010:2009*Risk management -- Risk assessment techniques
The definition of Risk from ISO Guide 73 (2002 revision) was "Combination of the probability of an event and its consequence."
The insurance industry is the largest group represented in TMB on Risk Management and apparently the insurance industry is driving most of this work.
ISO Guide 73:2009*Risk management – Vocabulary
ISO 31000:2009 Risk management -- Principles and guidelines
ISO/IEC*31010:2009*Risk management -- Risk assessment techniques
The definition of Risk from ISO Guide 73 (2002 revision) was "Combination of the probability of an event and its consequence."
The insurance industry is the largest group represented in TMB on Risk Management and apparently the insurance industry is driving most of this work.
