Annex SL as Driver for Integrated Management Systems (IMS)

Posted by Martin Holzke on 10th October 2016

Integrated Management Systems (IMS) have long since been associated with the combination of quality, environmental and health & safety management systems that is rather common in various industries – or in insider ISO speech 9-14-18 referring to the associated standards ISO 9001, ISO 14001 and OHSAS 18001.

A major obstacle for IMS and hence their acceptance has always been the fact, that each of the three standards – or as a matter of fact all ISO management system standards – historically are structured very differently from each other while in means of content there are obvious similarities. All these standards require a policy, objectives, internal audit, management review and control of documents and records to name just a few of the similarities. For an IMS hence the “matching game” of clauses caused the biggest headaches.

But all this is about the change and make the integration of management systems much easier and appealing, and actually the way to go.

In 2012, ISO, the International Organization for Standardization, issued Annex SL as a normative document. The most important aspect of Annex SL is, that it devises a template structure including templated text blocks for management system standards. This structure serves as a starting point to cover common requirements in a set way with requirements specific to each standard to be added resulting in the actual standard. Its normative character means, that all ISO management system standards are required to adopt Annex SL on their next revision.

The first standard to implement Annex SL was the initial version of ISO 22301:2012 covering business continuity. The revision of the information security standard ISO 27001:2013 followed as well as a few other standards.

However, the real leap ahead for Annex SL came in October 2015 with the publication of ISO 9001:2015 and ISO 14001:2015. Not only are they probably the most important and widely-used management system standards, but also part of that historic IMS trio. Their publication means that a vast number of business are required to transition to these new versions within 3 years – or lapse their certification. Finally, OHSAS 18001 is due to be replaced by ISO 45001, according to ISO in December 2017, of course likewise following Annex SL.

So, what is the structure of Annex SL?

Clauses 1 and 2 set out the scope of the standard and normative references, i.e. relevant linked standards, so these naturally vary from standard to standard, and are not templated at all.

Clause 3 lists terms and definitions with a number of common ISO terms already templated.

Clause 4 focuses on the context of the organisation, i.e. understanding of internal and external issues as well as needs and expectations of interested parties that impact and determine the scope of the management system and hence need to be identified and considered.

Clause 5 revolves around leadership, i.e. top management’s commitment to the management system as expressed in a policy and relevant organisational structures.

Clause 6 is about planning of the management system and focusses on two aspects: actions to address risks and opportunities, as well as objectives of the management system and planning to achieve them. While this risk-based approach is well established in the likes of ISO 22301 and ISO 27001, it is new to many other management systems standards.

Clause 7 is headlined support and covers the aspects resources, competence, awareness, communication and documented information, the latter being the term used in Annex SL for documentation and records including their control.

Clause 8 talks about the operation of the (planned) management system, in particular change control and operational planning. For example, ISO 9001:2015 dramatically expands this clause with virtually all aspects relating to development, delivery and maintenance of products and services, arguably the heart of quality management.

Clauses 9 and 10 round off the well established Plan-Do-Check-Act-Cycle (PDCA), that is still present, just labelled slightly different, in Annex SL, by mandating performance evaluation consisting of monitoring, measurement, analysis and evaluation, internal audit and management review, and improvement consisting of corrective actions for nonconformities and continual improvement requirements.

Whether you already operate one or multiple management systems, need to transition these, add further, or are just starting out on the management system journey, this is the ideal time bring them all together in an Integrated Management Systems (IMS) based on ISO Annex SL.