You are ALL correct.
This lengthy debate around ISO / QMS / etc. reminds me of other recent debates around regulation (OSHA, accreditation for higher ed, etc.)
The problem always comes down to this: How can you
objectively determine that you're going to get the kind of [quality / safety / education / etc.] that you want? "I know good quality when I see it" - that's great, but how can I be sure you are assessing that every time? How can you
objectively determine and document this "I-know-it-when-I-see-it" quality? Answer: You draw up rules, or regulations, or ISO procedures, or accreditation standards, or whatever else, and then you assess compliance with those rules / regulations / procedures / standards.
Note that last part carefully: what gets objectively enforced, the only thing that can be objectively assessed, is compliance with the standards. Not quality, not safety, not education, but compliance with the standards. IF the standards are written well, and IF everyone approaches the process in good faith, then hopefully compliance with the standards actually means something with regard to quality / safety / education / etc.
But as we all know too well, there are two major problems with any regulation: First, regulations tend to be written (maybe have to be written?) as one-size-fits-all. ISO and higher ed accreditation attempt to mitigate that by focusing primarily on "doing what you say you will do" - what is actually measured is not the quality
per se, but the adherence to your own policies that are supposed to ensure quality. But even when you write your own policies, you inevitably run into the one-size-fits-all problem: policies by their nature are an attempt to categorize and summarize processes and procedures; they attempt to address every possible variation with one set of rules. Yes, you can write in exceptions and qualifications and so on, but if that goes very far, you don't have a policy any more; you have a jumbled mess. Or you can include in the policy a human judgment - whatever the [foreman / quality inspector / dean] says is the final word. But now we're back to the problem of objectively assessing "I-know-it-when-I-see-it."
Second major problem with regulations is that they are implemented by people ... who have to exercise judgment. If someone approaches the regulations as (or if the regulations require) a stickler for every jot and tittle, you get the ridiculous situations described above, where parts can't be approved for stupid reasons. If someone approaches the regulations with too much of a laissez-faire attitude, then you have bridges falling down.
Is the answer to throw out regulation / ISO / accreditation / etc.? That might work if everyone were like those of us who would do it right regardless, simply because we are driven to produce the very best quality we can no matter what. But as we all know, not everyone is like us.
The answer is simple, of course. All we need is for someone invents the magic solution to providing effective objective oversight to human nature.