ISO Standards, such as ISO 9001:2015, ISO 14001:2015 and ISO 27001:2013, have a standard framework known as the High-Level Structure (HLS), that includes a unified layout where corresponding purposes can be optimised, with the benefit of easier integration. Individual Management System Standards will add additional “discipline-specific” requirements as required, whether it’s Quality, Environmental, Information Security or another topic. This structure is defined in Annex SL of the ISO Supplement to the ISO/IEC Directives and was created in 2012 to provide a harmonised approach for management system standards.
In May 2021, the latest version of the Directives was published and included a revised version of Annex SL. Although there is no requirement for existing standards to immediately transition to the new version of the HLS because of this new update, any new management system standards being developed or published will apply these amended requirements. They will also apply to any future revisions of standards such as ISO 9001 and ISO 14001, so it is worth reviewing the main changes that have been implemented as these will be relevant for certified organisations in the coming years.
Some of the changes include:
Scope – “Intended Results”: There will now be a greater emphasis on the “intended results” of a management system. The scope of all Management System Standards must now indicate the intended results of the management system, which will be an important reference point for determining the overall effectiveness of the system.
Terms and Definitions: It is now a requirement that the Terms and Definitions listed in Annex SL Appendix 2 are included in the standards. These are generic terms regarding management systems and can be supplemented with topic-specific terms. This will be a future change for ISO9001 where clause 3 just references ISO 9000:2015 and states that the same terms and definitions apply.
Removal of “Outsourcing”: The terminology of “outsourcing” has now been removed from Annex SL and will be replaced with “externally provided processes, products or services” in clause 8. This is already used within ISO 9001 and will be common to all standards in future.
Management of Change: Clause 6 will now include sub-clause 6.3 Planning For Change that describes the need for changes to the management system to be carried out in a planned manner. This is already used within ISO 9001 but will be used in all standards in future.
Needs of Interested Parties: Organisations already determine the needs and expectations of interested parties related to the management system but there is now more emphasis on those needs being met through the management system. It will now be required to determine which of these requirements will be addressed, as already specified in ISO 14001 and ISO 45001.
“Available” Document Information: The revised Annex SL has adopted a change in terminology regarding documented information to ensure flexibility when implementing management systems. The terminology now stipulates that Documented Information “shall be available” as opposed to stipulating how it should be recorded.
Continual Improvement: Clause 10 has been reordered so that the statement of continually improving the suitability, adequacy and effectiveness of the management system will come before the nonconformity sub-clause, aiming to promote improvement rather than corrective action.
All standards published or revised from May 2021 will conform to these changes and even ISO 37301:2021 Compliance management systems, published in April 2021, is already based on the new HLS. It’s unknown how long it will be until we see the new revisions to core standards such as ISO 9001 and ISO 14001 but with this update to Annex SL, we have learnt that ISO are continually looking at ways to align the standards and enable easier integration of multi-discipline systems.
Vassallo Associates can help you to implement Integrated Management Systems and enhance your organisations’ performance, align business strategies, and help embed the principles of continuous improvement deeper within your company. If your organisation has multiple management systems managed separately or are looking to add a second standard to your management system, then we support you to develop a tailored operating model that aligns the common structures alongside your existing ISO Management Standard as well as implementing the discipline-specific requirements.
