ISO 9001:2015 and its Legal Ramifications

kzachawk

Involved In Discussions
Lets face it, Quality folks are not Attorneys, however the QMS or an integrated system of Management System Standards, provides litigants with a vast repository of facts to be gained under discovery, which can be used very effectively against any company.

Looking at this current revision I see the potential for litigation against a company to increase because the scope of affected litigants increases. Clause 4.2 now requires Interested parties to be addressed and from the definition of those interested parties (3.02), one can easily determine the flood gates of opportunity for litigation appear to have been opened so to speak.
?(3.02) Person or organization that can be affected by, or perceive themselves to be affected by a decision or activity.? From ISO DIS 9001​

In the old days, liability was limited to the end user of a product or service offered by the company, however with this latest proposed revision that scope of effected persons changes because of the definition of who is considered and the term Perceived, and the term "the organization shall determine" in 4.2

With all the other things to consider with the latest revision, throwing a legal bone into the mix just makes for more things to consider. However, I have attached a link to an article which discusses this very subject, that folks in the Management System area should consider sooner rather than later. With each successive release of ISO 9001 the exposure to litigation increases, and this current proposed release (now at stage DIS) appears to greatly amplify this potential, especially with its focused language which on the surface initially appears mundane.

I?m opening this topic up for discussion if Marc will allow it, and hoping to get the collective brains working in those countries where liability litigation is a valid possibility.

Here is the reference to the topic of liability litigation and ISO 9001? it?s in three parts so you need to read all three. very interesting and sobering article.

https://jameskolka.typepad.com/inte...001-for-liability-exposure-to-lawsuits-1.html
 
I have been following this aspect of 2015 since I first heard about it years ago. There are many who believe as you do, that documenting risk in this way could be potentially harmful. (email disappearance anyone?).
The GM interlock issues and numerous other examples (air bags) come to mind as well.
I have advised my company against upgrading to 2015, we will simply remain 9001:2008 compliant until I see evidence otherwise. FMEAS will now be confidential internal documents as well. Anything for an audit will be redacted. Since they are sensitive items I am thinking of putting a expiration date (destroy by) on them as well.
Maybe the whole mess will work itself out and we will have some guidance down the road, but for now I feel better circling the wagons.
I know many on this forum may disagree with this approach, but my focus is on defense right now until I see more evidence.
 

Marcelo

Inactive Registered Visitor
Well, the older version already required compliance with "customer, statutory and regulatory requirements". This change to "interested parties" mainly came from the realization that there may be other "stakeholders" needs besides the customer, statutory or regulatory needs.

I really don?t see toooooo much of a difference in fact, the only main difference being the need for the organization to clearly analyze the needs in a more general way (but I do agree that it may take a lot more work).

Anyway, the standard is still voluntary in general, so if you do not agree with it, simply do not follow it (but this may obviously impact your business due to perceived needs for compliance with the standard).
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
I guess I'm naive but my concerns about liability are centralized around knowingly deciding to ignore risk to the customer that your product or service presents. This means deciding not to replace a faulty latch (Chrysler minivan) or trying to cover up acceleration problems after reports of crashes blamed on the issue (Toyota).

In other words, having an FMEA is not a problem so much as deciding to ignore it.
 

John Broomfield

Leader
Super Moderator
kzachawk,

Knowingly deciding to ignore the national quality management system standard also is a risky decision as Dr James Kolka explained in his papers leading to his 1999 book:

ISO 9000: A Legal Perspective

It goes like this:

A customer or group of customers suffered damage due to negligent provision of services or products. Imagine explaining to the court why your organization did not use the national management system standard for ensuring your management system prevented defective services or products.

Defense is particularly problematic for defendants whose industry commonly adopts ISO 9001. Defense may be aided by evidence that shows the defendant organization took reasonable measures to prevent defects.

So, instead of "going through the motions" to gain a certificate, organizations are advised to develop, use and improve their management systems for the benefit of all stakeholders.

John
 

Golfman25

Trusted Information Resource
Unfortunately X doesn't equal Y here. Liability based on ISO QMS is a great over reach.

Liability (in the US) attaches based on foreseeability. That has been the law for 100s of years, well before ISO was a twinkle in anyone's eye. If anything, clause 4.2 seems to adopt that concept.

As far as the ISO system itself and the documentation it creates. Well that cuts both ways.
 

Helmut Jilling

Auditor / Consultant
I have been following this aspect of 2015 since I first heard about it years ago. There are many who believe as you do, that documenting risk in this way could be potentially harmful. (email disappearance anyone?).
The GM interlock issues and numerous other examples (air bags) come to mind as well.
I have advised my company against upgrading to 2015, we will simply remain 9001:2008 compliant until I see evidence otherwise. FMEAS will now be confidential internal documents as well. Anything for an audit will be redacted. Since they are sensitive items I am thinking of putting a expiration date (destroy by) on them as well.
Maybe the whole mess will work itself out and we will have some guidance down the road, but for now I feel better circling the wagons.
I know many on this forum may disagree with this approach, but my focus is on defense right now until I see more evidence.

I think you are over-thinking it significantly. There are currently over 1 million companies certified to this standard. I simply don't believe there will be a wholesale move away from this upgrade, or it would have become apparent by now.

If you are really that concerned, I would suggest your company's legal support folks should review it and provide their specific recommendations to your team.
 
Top Bottom