Implementing KM standard ISO 30401: risks and opportunities

This article is part of a series of articles on the new international knowledge management (KM) standard, ISO 30401 Knowledge management systems — Requirements.

The draft of the new international knowledge management (KM) standard, ISO 30401 Knowledge management systems — Requirements, was released for public comment on Thursday 23 November 2017. The comment period has closed, and a comment resolution process is scheduled for later this year. The standard is subsequently expected to be approved and then published in January 2019.

The draft of ISO 30401 has received a mixed response. It has been welcomed by many, particularly those directly involved its development, but criticised by others, both for the closed nature of the development process and for the contents of the draft.

We’ve previously published a number of articles discussing and addressing these criticisms. In December last year, I wrote an article in which I endorsed the criticisms of the closed development process, expressing the view that it’s actually rather oxymoronic that the development process for an important knowledge management standard has not involved the widest diversity of relevant knowledge. In that article I also called for criticism to focus on the design and conduct of the development process, rather than on the people involved, and expressed the hope that if the International Organization for Standardization (ISO) technical committee responsible for ISO 30401 could move to facilitate open discussion on the draft, then it would still be possible for the KM community to unite in support of it.

In a subsequent article in early January, Stephen Bounds identified 11 recommendations which he contends would substantially improve the contents of the draft. Then, with there being no indication that the technical committee responsible for ISO 30401 is opening up the development process, I wrote a further article last month offering lessons from another sector in regard to open, inclusive, participatory processes.

In this new article, I move forward in time to the future implementation of ISO 30401, following its publication early next year, and explore some potential risks and opportunities. Attempting to predict the future is itself risky, but as I’ve previously discussed, active horizon scanning can help people and organisations to anticipate and respond to what could otherwise be “Black Swan” events.

Implementing ISO 30401

First, let’s look at what will happen when ISO 30401 is published.

ISO 30401 is an management systems standard (MSS), and it uses the same high level structure as a number of other ISO MSS including the well-known ISO 9001:2015 Quality management systems — Requirements and ISO 14001:2015 Environmental management systems — Requirements with guidance for use. This structure uses common text, terms, and definitions, which ISO advises can help organisations that operate a single or integrated management system to meet the requirements of two or more management system standards simultaneously.

As with ISO 9001:2015 and ISO 14001:2015, ISO 30401 is a Type A MSS, meaning that it contains requirements against which an organization can claim conformance. ISO advises that:

To claim conformance with a standard, an organization needs evidence that it is meeting the requirements. Such evidence gathering is generally done by undertaking an audit. There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits. A third party audit can result in certification.

ISO does not perform audits or certification. These are done by external parties engaged by the organization, and these parties can be accredited. ISO recommends choosing an accredited certification body, but advises that:

Accreditation is not compulsory, and non-accreditation does not necessarily mean it is not reputable, but it does provide independent confirmation of competence. To find an accredited certification body, contact the national accreditation body in your country or visit the International Accreditation Forum.

The International Accreditation Forum (IAF) is “the world association of Conformity Assessment Accreditation Bodies and other bodies interested in conformity assessment in the fields of management systems, products, services, personnel and other similar programmes of conformity assessment.” For example, the IAF national conformity body for the United Kingdom is the United Kingdom Accreditation Service (UKAS), which reports having accredited over 2,800 certification parties.

So, in short, after ISO 30401 has been published, organizations across the world will be able to use it for guidance, and will also be able to claim conformance with it through audit or certification. The audits and certification can be carried out by parties that may or may not be accredited, and there are a large number of accredited certification bodies.

Potential risks

A number of potential risks can be identified from comments and concerns expressed about ISO 30401 and KM standards generally, and issues associated with other ISO standards.

Risk of low uptake

Skepticism has been expressed in regard to the likely uptake of ISO 30401, with for example Dave Snowden stating that “I doubt any C level exec will even notice it.”

Risk of low-quality certification

Allegations have been made in regard to unaccredited ‘certificate mills’. For example, Christopher Paris, a manager of the LinkedIn ISO 9001 group, states that:

There are three areas where the mills operate: certification of persons, through bogus unaccredited professional credentials; certification of organizations through unaccredited management system certs; and unaccredited certification of products, the most nefarious and dangerous of them all … Without accreditation, the only reliance is on the law, and cert mills know how to work up to the very limits of lawbreaking, without crossing that line, making them unanswerable to anyone.

Risk that organizations implement the standard symbolically rather than meaningfully

Organizations can adopt ISO standards in an effort to increase their legitimacy, but without a genuine commitment to implementing the requirements of the standards. For example, a 2016 paper[1] looking at ISO 14001 found that:

Firms with symbolic profiles try to gain legitimacy through the adoption of ISO 14001 but they do not necessarily achieve improvements in environmental performance. Consequently, this symbolic adoption of ISO 14001 results in corporate behavior that contributes to the degradation of confidence in the standard.

Risk that the KM standard is too specific

There are arguments that the specific requirements of a standard could be counterproductive for KM. For example, in a blog post, John T. Maloney expresses his outright opposition to KM standards:

Contrary to the notion of Standards, today’s stunning productivity growth, knowledge economy and disruptive innovation depends entirely on originality, network combination, conceptual blending, cognitive diversity, knowledge variation and disequilibrium. Codification inhibits understanding and attenuates prosperous knowledge creation. These facts alone makes standards for knowledge or KM utterly preposterous.

Risk that the standard is not specific enough

The standard appears to have been prepared with concerns like those expressed by John T. Maloney in mind, to some extent at least. For example, a participant in the ISO 30401 development process advises that “Every organisation is different, so the standard doesn’t tell you exactly what to do — it tells you how to work out what to do.”

However, a standard that doesn’t specify exactly what people should do potentially increases the risk of low-quality certification and the risk that organizations implement the standard symbolically rather than meaningfully.

Risk that the standard exacerbates divisions in the KM community

As can be seen from discussions in some online KM forums, there are deep divisions within the KM community, and strong criticism has already been leveled at ISO 30401 and its development process. As I’ve previously discussed, a KM standard development that fails to adequately involve all relevant stakeholders can lead to people completely abandoning the process and never wanting to return.


The risk of low uptake of ISO 30401 can potentially be addressed by linking ISO 30401 to ISO 9001:2015 Clause 7.1.6 Organisational knowledge. The requirements of this clause are:

The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.

This knowledge shall be maintained and be made available to the extent necessary.

When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access the necessary additional knowledge and required updates.

As discussed above, ISO 30401 has the same high level structure as ISO 9001:2015, which can help organisations that operate a single or integrated management system to meet the requirements of two or more management system standards simultaneously. And, the second and third most popular articles in RealKM Magazine both deal with ISO 9001:2015 Clause 7.1.6, suggesting a strong need for guidance on meeting the requirements of this clause.

ISO 30401 can meet this need, and while adopting ISO 30401 would require an additional commitment of resources, this would be minimised by integrating ISO 9001:2015 and ISO 30401 into the same management system.

Recommendation 1: That uptake of ISO 30401 is encouraged through linking ISO 30401 to ISO 9001:2015 Clause 7.1.6 Organisational knowledge.

The risk that the KM standard is too specific is addressed in a 2009 paper[2] that looks at standards, guides, frameworks and models for KM. It contends that:

Complexity thinkers must acquiesce that the management paradigm that produces documented standards, frameworks and guides is still dominant in organisations and consider this reality. Yet the existence of a KM Standard does not prescribe the way in which it will be used. KM Standards and frameworks can be considered as part of the rich complex environments in which knowledge work takes place. Emergence will see knowledge workers responding to their environment and creatively using whatever objects are available to the benefit of their practice.

The paper explored whether the (now withdrawn) Australian KM standard Knowledge management — a guide resulted in any benefits to large Australian government agencies. It found that the standard was held in reasonable regard, and had been useful.

Recommendation 2: Opponents of KM standards should accept that standards and frameworks are part of the rich complex environments in which knowledge work takes place.

The risks of low-quality certification, organizations implementing the standard symbolically rather than meaningfully, and the standard not being specific enough can be addressed through the development and publication of a range of other standards and guidelines that provide advice and guidance in regard to ISO 30401 and its implementation.

These standards and guidelines should be developed by an organisation that has the support and participation of the widest range of people in the global KM community. This organisation would also be able to address the risk that the standard exacerbates divisions in the KM community.

The standards development work of the Project Management Institute (PMI) provides a good example of what can be achieved in this regard. In contrast to the draft ISO 30401 development process, PMI actively encourages the widest possible stakeholder participation:

[PMI] global standards are developed through a voluntary consensus process that brings together volunteers and subject matter experts with an interest in the standards’ topics. The process relies on public feedback, and there’s multiple ways for you to get involved in the activities.

KM already has the basis of such an international organization — the Knowledge Management (KM) Global Network. Arthur Shelley, an Australian knowledge manager and collaboration advocate, has recently started to facilitate discussions aimed at expediting the establishment of the KM Global Network. His efforts should be supported.

Recommendation 3: The establishment of the KM Global Network (KMGN) should be expedited, and the KMGN should lead the development and publication of a range of other standards and guidelines that provide advice and guidance in regard to ISO 30401 and its implementation.

Recommendation 4: The KM Global Network (KMGN) and its member organisations should be established as inclusive bodies that conduct, facilitate, and advocate open participatory processes.


  1. Vílchez, V. F. (2017). The dark side of ISO 14001: The symbolic environmental behavior. European Research on Management and Business Economics, 23(1), 33–39.
  2. Burford, S., & Ferguson, S. (2009). Managing knowledge by intention: The role of standards, frameworks and models. Actkm Online Journal of Knowledge Management, 5(1), 3–14.

Originally published at RealKM.