Implementing KM standard ISO 30401: risks and opportunities
This article is part of a series of articles on the new international knowledge management (KM) standard, ISO 30401 Knowledge management systems – Requirements.
The draft of the new international knowledge management (KM) standard, ISO 30401 Knowledge management systems – Requirements, was released for public comment on Thursday 23 November 2017. The comment period has closed, and a comment resolution process is scheduled for later this year. The standard is subsequently expected to be approved and then published in January 2019.
The draft of ISO 30401 has received a mixed response. It has been welcomed by many, particularly those directly involved its development, but criticised by others, both for the closed nature of the development process and for the contents of the draft.
We’ve previously published a number of articles discussing and addressing these criticisms. In December last year, I wrote an article in which I endorsed the criticisms of the closed development process, expressing the view that it’s actually rather oxymoronic that the development process for an important knowledge management standard has not involved the widest diversity of relevant knowledge. In that article I also called for criticism to focus on the design and conduct of the development process, rather than on the people involved, and expressed the hope that if the International Organization for Standardization (ISO) technical committee responsible for ISO 30401 could move to facilitate open discussion on the draft, then it would still be possible for the KM community to unite in support of it.
In a subsequent article in early January, Stephen Bounds identified 11 recommendations which he contends would substantially improve the contents of the draft. Then, with there being no indication that the technical committee responsible for ISO 30401 is opening up the development process, I wrote a further article last month offering lessons from another sector in regard to open, inclusive, participatory processes.
In this new article, I move forward in time to the future implementation of ISO 30401, following its publication early next year, and explore some potential risks and opportunities. Attempting to predict the future is itself risky, but as I’ve previously discussed, active horizon scanning can help people and organisations to anticipate and respond to what could otherwise be “Black Swan” events.
Implementing ISO 30401
First, let’s look at what will happen when ISO 30401 is published.
ISO 30401 is a management systems standard (MSS), and it uses the same high level structure as a number of other ISO MSS including the well-known ISO 9001:2015 Quality management systems – Requirements and ISO 14001:2015 Environmental management systems – Requirements with guidance for use. This structure uses common text, terms, and definitions, which ISO advises can help organisations that operate a single or integrated management system to meet the requirements of two or more management system standards simultaneously.
As with ISO 9001:2015 and ISO 14001:2015, ISO 30401 is a Type A MSS, meaning that it contains requirements against which an organization can claim conformance. ISO advises that:
To claim conformance with a standard, an organization needs evidence that it is meeting the requirements. Such evidence gathering is generally done by undertaking an audit. There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits. A third party audit can result in certification.
ISO does not perform audits or certification. First-party audits are self-audits carried out internally by an organization. Second-party audits are external audits that are typically carried out by customers of an organization, or others on their behalf. Third-party audits are also external audits, and the parties carrying them out and providing certification can be accredited. ISO recommends choosing an accredited certification body, but advises that:
Accreditation is not compulsory, and non-accreditation does not necessarily mean it is not reputable, but it does provide independent confirmation of competence. To find an accredited certification body, contact the national accreditation body in your country or visit the International Accreditation Forum.
The International Accreditation Forum (IAF) is “the world association of Conformity Assessment Accreditation Bodies and other bodies interested in conformity assessment in the fields of management systems, products, services, personnel and other similar programmes of conformity assessment.” For example, the IAF national conformity body for the United Kingdom is the United Kingdom Accreditation Service (UKAS), which reports having accredited over 2,800 certification parties.
So, in short, after ISO 30401 has been published, organizations across the world will be able to use it for guidance, and will also be able to claim conformance with it through audit or certification. The audits and certification can be carried out by parties that may or may not be accredited, and there are a large number of accredited certification bodies.
Potential risks
A number of potential implementation risks can be identified from comments and concerns expressed about ISO 30401 and KM standards generally, and also from issues associated with other ISO standards.
Risk of low uptake
Skepticism has been expressed in regard to the likely uptake of ISO 30401, with for example Dave Snowden stating that “I doubt any C level exec will even notice it.”
Risk of low-quality certification
Allegations have been made in regard to unaccredited ‘certificate mills’ that provide substandard certifications. For example, Christopher Paris, a manager of the LinkedIn ISO 9001 group, states that:
There are three areas where the mills operate: certification of persons, through bogus unaccredited professional credentials; certification of organizations through unaccredited management system certs; and unaccredited certification of products, the most nefarious and dangerous of them all … Without accreditation, the only reliance is on the law, and cert mills know how to work up to the very limits of lawbreaking, without crossing that line, making them unanswerable to anyone.
Risk that organizations implement the KM standard symbolically rather than meaningfully
Organizations can adopt ISO standards in an effort to increase their legitimacy, but without a genuine commitment to implementing the requirements of the standards. For example, a 2016 paper1 looking at ISO 14001 found that:
Firms with symbolic profiles try to gain legitimacy through the adoption of ISO 14001 but they do not necessarily achieve improvements in environmental performance. Consequently, this symbolic adoption of ISO 14001 results in corporate behavior that contributes to the degradation of confidence in the standard.
Risk that the KM standard is too specific
There are arguments that the specific requirements of a standard could be counterproductive for KM. For example, in a blog post, John T. Maloney expresses his outright opposition to KM standards:
Contrary to the notion of Standards, today’s stunning productivity growth, knowledge economy and disruptive innovation depends entirely on originality, network combination, conceptual blending, cognitive diversity, knowledge variation and disequilibrium. Codification inhibits understanding and attenuates prosperous knowledge creation. These facts alone makes standards for knowledge or KM utterly preposterous.
Risk that the KM standard is not specific enough
The standard appears to have been prepared with concerns like those expressed by John T. Maloney in mind, to some extent at least. For example, a participant in the ISO 30401 development process advises that “Every organisation is different, so the standard doesn’t tell you exactly what to do – it tells you how to work out what to do.”
However, a standard that doesn’t specify exactly what people should do potentially increases the risk of low-quality certification and the risk that organizations implement the standard symbolically rather than meaningfully.
Amplifying this risk, a large number of parties that are not companies specializing in KM are likely to seek accreditation as certification bodies for ISO 30401. Accredited certification bodies typically offer certification across a number of management systems standards, and they will potentially want to add ISO 30401 to their list.
Risk that the standard exacerbates divisions in the KM community
As can be seen from discussions in some online KM forums, there are deep divisions within the KM community, and strong criticism has already been leveled at ISO 30401 and its development process. As I’ve previously discussed, a KM standard development that fails to adequately involve all relevant stakeholders can lead to people completely abandoning the process and never wanting to return.
Opportunities
The risk of low uptake of ISO 30401 can be expected to be mitigated by the apparent strong KM community support for the standard and certification against the standard, which will likely see many companies that specialize in KM actively encouraging their clients to seek certification. As David Rozental advises, these companies can set an example for their clients by first conducting audits of their own knowledge management systems:
…on October 30th, 2011 the Standards Institution of Israel published the first Knowledge Management standard (ISO Israeli Standard 25006) … As expected from a company which specializes in Knowledge Management, we didn’t hesitate and decided to set an example for our clients, and check and assess our company’s Knowledge Management system.
The low uptake risk can also potentially be addressed by linking ISO 30401 to ISO 9001:2015 Clause 7.1.6 Organisational knowledge. The requirements of this clause are:
The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.
This knowledge shall be maintained and be made available to the extent necessary.
When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access the necessary additional knowledge and required updates.
As discussed above, ISO 30401 has the same high level structure as ISO 9001:2015, which can help organisations that operate a single or integrated management system to meet the requirements of two or more management system standards simultaneously. And, the second and third most popular articles in RealKM Magazine both deal with ISO 9001:2015 Clause 7.1.6, suggesting a strong need for guidance on meeting the requirements of this clause. ISO 30401 can meet this need, and while adopting ISO 30401 would require an additional commitment of resources, this could be minimised by integrating ISO 9001:2015 and ISO 30401 into the same management system.
Recommendation 1: In addition to actively encouraging their clients to seek certification against ISO 30401, companies that specialize in knowledge management should set an example for their clients by first conducting audits of their own knowledge management systems using ISO 30401.
Recommendation 2: Uptake of ISO 30401 can be encouraged through linking ISO 30401 to ISO 9001:2015 Clause 7.1.6 Organisational knowledge.
The risk that the KM standard is too specific is addressed in a 2009 paper2 that looks at standards, guides, frameworks and models for KM. It contends that:
Complexity thinkers must acquiesce that the management paradigm that produces documented standards, frameworks and guides is still dominant in organisations and consider this reality. Yet the existence of a KM Standard does not prescribe the way in which it will be used. KM Standards and frameworks can be considered as part of the rich complex environments in which knowledge work takes place. Emergence will see knowledge workers responding to their environment and creatively using whatever objects are available to the benefit of their practice.
The paper explored whether the (now withdrawn) Australian KM standard Knowledge management – a guide resulted in any benefits to large Australian government agencies. It found that the standard was held in reasonable regard, and had been useful.
Recommendation 3: Opponents of KM standards should accept that standards and frameworks are part of the rich complex environments in which knowledge work takes place.
The risks of low-quality certification, organizations implementing the standard symbolically rather than meaningfully, and the standard not being specific enough can be addressed through the provision of advice and guidance in regard to ISO 30401 and its implementation. This can be achieved through the development and publication of a range of guidelines and other standards, and the development and delivery of training.
The guidelines, standards, and training activities should be coordinated by an organisation that has the support and participation of the widest range of people in the global KM community. This organisation would also be able to address the risk that the standard exacerbates divisions in the KM community.
The standards development work of the Project Management Institute (PMI) provides a good example of what can be achieved in this regard. Community and engagement are guiding concepts for PMI, and, in contrast to the draft ISO 30401 development process, the widest possible stakeholder participation in standards development is actively encouraged:
[PMI] global standards are developed through a voluntary consensus process that brings together volunteers and subject matter experts with an interest in the standards’ topics. The process relies on public feedback, and there’s multiple ways for you to get involved in the activities.
KM already has the basis of such an international organization – the new Knowledge Management Global Network (KMGN) which was formalized in 2015. As the Knowledge Management Society (KMS) Singapore advises, the KMGN is bounded by three key principles:
- Sharing with no boundary. The network promotes responsible sharing facilitated via both electronic and face-to-face channels, breaking down geographical and time barriers.
- Learning from everybody. The network promotes individual as well as collective learning among members in a respectful and cordial manner.
- Collaborating with expert bodies. The network promotes collaboration among members, leveraging on individual as well as expert bodies embodied in the network. It is also the vision to continuously identify and grow the expert pool to serve its members and community.
Arthur Shelley, an Australian knowledge manager and collaboration advocate, has recently started to facilitate discussions aimed at expediting the development of the KM Global Network. His efforts should be supported.
Recommendation 4: The development of the Knowledge Management Global Network (KMGN) should be expedited, including adding new network members for other regions of the world.
Recommendation 5: The Knowledge Management Global Network (KMGN) should coordinate the provision of advice and guidance in regard to ISO 30401 and its implementation, through the development and publication of a range of guidelines and other standards and the development and delivery of training.
Recommendation 6: The Knowledge Management Global Network (KMGN) and its member organisations should be established as inclusive bodies that conduct, facilitate, and advocate open participatory processes.
References:
- Vílchez, V. F. (2017). The dark side of ISO 14001: The symbolic environmental behavior. European Research on Management and Business Economics, 23(1), 33-39. ↩
- Burford, S., & Ferguson, S. (2009). Managing knowledge by intention: The role of standards, frameworks and models. Actkm Online Journal of Knowledge Management, 5(1), 3-14. ↩
Also published on Medium.