| |

Another ISO management standard - and another barrier to entry

Nigel Morris-Co...

This week the International Standards Agency launches ISO37002. It's much needed, dealing as it does with whistleblowing and compliance.

But as with all the ISO's management standards, it comes with a barrier to entry that limits its use.

It's time for a different model.

I have a couple of points of dispute with the ISO: first is that it doesn't understand the term "billion" and that it doesn't understand that a square metre is not the same as a metre squared with the result that the world points at ISO's mistakes and says "they say it so it must be right."

But where I have no dispute, at least in principle, is with the concept of global management standards. In the 1980s, in the UK, we had "British Standard 5750." While I, with my tiny law firm, saw no purpose in spending money on "accreditation," given that those creating the systems and performing the inspections were, almost universally, people who had been consultants in some other field until Total Quality Management became a fad, I did see the benefit in the approaches that the Standard set out.

The British Standards Agency was a casualty of EU centralisation, its primary function of issuing the "Kite Mark" being subsumed into the mechanism for the CE mark. And BS5750 was folded into the ISO. BS5750 related to management standards. There was a second Standard relating to manufacturing processes.

The ISO has made multiple changes to the names of these standards, starting with the ISO9000 series. And it has added more and more sub-sets.

The end result is that, instead of taking BS5750 and applying it to all the management and administrative aspects of a business, there is now a raft of Standards for businesses to adopt or not. I'm going to continue, for the very specific purpose of differentiating it and its successors from other standards, to refer to BS5750 in this article.

It's many years since I said that financial services businesses should bolt their compliance regimes into their BS5750 processes.

BS5050 was a framework. It was not a process manual. BS5750 said, in essence, design your own processes, document them, train staff on them, identify exceptions and document and remedy them. So long as companies did that they were entitled to "Accreditation" and to maintain it. A whole industry of auditors sprang up.

For those in financial services, read the previous paragraph again. That is, in essence, exactly what money laundering compliance measures are designed to do. They are, it follows, not a special case. In fact, they are more likely than not to be accepted by staff if they are treated as a part of business-as-usual.

It follows, then, that there should be no need for additional "Standards." But the ISO, which is a commercial organisation masquerading as a supra-national body, keeps producing new ones.

And they are contrary to the original ethos of BS5750. Now they have become process manuals on a variety of politically-endorsed subjects.

They have become a set of guidelines, even rules, that businesses follow to avoid public criticism.

It should be clear, then, that I consider the publication of new "Standards" as a poor idea: they are expensive (ISO9001, the development of BS5750) costs about GBP5,000 to obtain Accreditation and then about GBP1,000 a year to maintain it - excluding internal costs which, for even a small business, can amount to several days' staff time) and each individual Standard requires starting again. Even to purchase the Standard to read it requires several documents and costs several hundred pounds. See https://the9000store.com/what-... .

It's time that ISO reformatted its approach.

First: documents should be available for free download
Secondly, Standards on bribery, whistleblowing and so on should not be a discrete Standard. They should be bolt-ons to a Standard with the original ethos of BS5750 for it is in that, the individual management systems and processes of businesses, that the greatest benefits and acceptance are gained.

If ISO needs funding for this - as of course it does - then it should not come from businesses for the simple reason that the pricing becomes a source of discrimination: those that can afford it buy the badge and the (assumed) credibility that comes with it; small businesses are priced out of the process before they have even read about it.

This, one has to consider, would be a suitable cause for the very public spending of money by e.g. Bill Gates but, of course, it doesn't meet the self-aggrandisement objectives of so many that style themselves philanthropists. Perhaps Warren Buffett, who is far more attuned to quality in the businesses he invests in and who does not make obvious his charitable works, would be a more suitable candidate to sponsor the ISO's revisiting of its approach and its policy of charging for what do, in many cases, serve a very valuable purpose.

Should they be "Standards"? No. But here's the thing: each of those Standards has been created by a team of people experienced in the field to which the Standards refer. They should be influential but should not be considered evidence of good practice.

After all, in its documentation relating to the Whistleblowing Standard, the ISO says "The guidelines of this document are generic and intended to be applicable to all organisations, regardless of type, size, nature of activity, and whether in the public, private or not-for profit sectors."

And it says "The whistleblowing management system can be stand-alone or can be used as part of an overall management system."

Kinda makes my point for me, albeit belatedly.

For an extract from the Standard, see https://www.iso.org/obp/ui/#is...

---------------- Advertising ----------------