The number of management system standards has grown from a mere handful in the 1990s to over 40 today, and there have been a number of initiatives by ISO and the IEC to harmonize them. This resulted in the development of a common “High-level Structure” for all ISO management system standards, common vocabulary and core text, that was initially published in 2012 as “Annex SL” to the ISO Directives (defining the criteria that have to be followed by all of ISO’s standards) and that was subsequently adopted by the IEC in 2019 to become “Annex L” of the ISO/IEC Directives.
In this article, I will describe the experiences of the various management system standards in applying “Annex L” over the last 7 years, the benefits and difficulties encountered, and the reasons that led to the decision in late 2018 to begin its revision.
Experiences in the application of “Annex SL” and “Annex L” of the ISO/IEC Directives
The experiences in the application of Annex L can be divided into two categories:
• Development of new management system standards (such as ISO 30401 for Knowledge Management, ISO 37001 for anti-bribery management and others)
For the development of such new standards, Annex L has generally been well accepted, and provides a “ready-made” framework on which the standard can be based. This has advantages both for the standards-writers and also for those who wish to implement the new standard within their existing management system structure.
• Revision of existing management system standards (such as ISO 9001, ISO 14001, ISO 27001 and the revision of OHSAS 18001 to become ISO 45001)
The revision of pre-existing standards to incorporate the structure and content of Annex L was not so well received by the standards-writers, mainly because it required significant changes to the traditional approaches that had been adopted by ISO 9001 and ISO 14001 over many years. In general, though, it has been welcomed by users of the standards by facilitating the integration of several management system standards into a single, holistic management system.
Reasons for the Revision of Annex L
The formation of the WTO and the subsequent adoption of the WTO Technical Barriers to Trade Agreement (WTO/TBT) placed an obligation on ISO to ensure that the international standards it develops, adopts and publishes are globally relevant – that is, the standards can be used and implemented as broadly as possible by affected industries and other stakeholders in markets around the world.
The Systematic Review process is ISO’s main tool for collecting this information, and every standard it publishes is automatically subjected to such a review every 5 years. The results of the review can result in the following options;
• If the standard continues to be relevant, and needs no improvements, then it is reconfirmed for another 5 years, without any revision
• If the results show that the standard is not widely used around the world (by at least 5 countries), its global relevance is called into question and it would likely be proposed for cancellation/withdrawal
• If the standard is considered still to be relevant, but needs some improvement or updating, then a revision process is initiated
Because Annex L is not a standard in itself (it only forms the basis for all management system standards) its development did not follow the traditional approach adopted for other standards. It was developed by a Task Force of ISO’s Joint Technical Coordination Group (“JTCG”), under the overall responsibility of the Technical Management Board, and not by a single Technical Committee. It was not, therefore, subject to the usual systematic review process, but instead of this an extensive survey was conducted in 2017 among National Standards Body members of ISO (representing the users in their respective countries) and among the ISO Technical Committees responsible for the various management system standards. The JTCG also reviewed the deviations from the “Annex L” common text that had been adopted by Technical Committees over the past three years, as well as editorial and other change requests. A meta-analysis of a sample of the most commonly used standards was used to identify common changes, additions, and deletions. This resulted in a decision by the JTCG to conduct a limited revision to Annex L, to be completed by 2021, primarily to improve the following topics (as defined in the Project Specification):
• To review and improve harmonization about how the topic of risk is addressed in the various management system standards. Although Annex L had included a common definition of “Risk” (that was different from the definition of the ISO 31000 Risk Management Standard) and had introduced the concept of “Risks and Opportunities” in the planning of the management system, the ways in which each individual management system standard had incorporated these was different, and is causing some confusion and inconsistencies among users. These inconsistencies include:
- Some standards deviating from the “Annex L” definition of “Risk” and adopting the ISO 31000 definition.
- ISO 9001 adopting the concept of “Risk-based thinking”, which stops short of requiring organizations to adopt a full “Risk Management” approach.
- ISO 14001 developing a separate compound definition of “Risks and Opportunities” that is in conflict with the definition of risk in other standards
- The new ISO 45001 Health & Safety Management System standard introducing the idea of risk at different levels within an organization (at the strategic/organizational level; at the tactical level and at the operational level)
- A general lack of acceptance among management system standards developers and users of the (theoretically correct but poorly understood) ISO 31000 definition of risk that includes both negative and positive effects of uncertainty. This is contrary to the generally-accepted use of the word “risk” as something with a negative effect, that is to be avoided or mitigated.
• To review and consider the following topics that have been introduced by SOME standards, to see if they can be generically applied to all management system standards.
- Governance
- Change management
- Organizational Knowledge / Knowledge management
- Compliance management
- Emergency/contingency response
- Outsourcing
• To ensure consistent and simple language used throughout Annex L including the use of the following terms:
- “applicable”, “relevant”, “appropriate”
- “shall”, “shall consider”, “shall take into account”
- “results”, “outcomes”,
- “factors”, “issues”
• Any other changes must be subject to an “impact/benefit” justification, in order to avoid making unnecessary changes
• Countries
Argentina; Australia; Belgium; Brazil; Canada; China; Colombia; Cyprus; Ecuador; France; Germany; Ghana; Ireland; Israel; Italy; Jamaica; Japan; Netherlands; Norway; Senegal; Singapore; Sweden; Switzerland; Tanzania; Trinidad and Tobago; UK; USA.
• ISO/IEC Technical Committees
- ISO/TC 176 (ISO 9001 – Quality Management)
- ISO/TC 207 (ISO 14001 – Environmental Management)
- ISO/TC 210 (ISO 13485 – Medical Devices)
- ISO/TC 232 (ISO 21001 – Educational Services)
- ISO/TC 241 (ISO 37001 – Road Traffic Safety)
- ISO/TC 251 (ISO 55001 – Asset Management)
- ISO/TC 262 (ISO 31000 – Risk Management)
- ISO/TC 267 (ISO 41001 – Facility Management)
- ISO/TC 283 (ISO 45001 - Occupational health and safety management)
- ISO/TC 286 (ISO 44001 - Collaborative business relationship management)
- ISO/TC 292 (ISO 22301 - Business continuity management)
- ISO/TC 301 (ISO 50001 – Energy Management)
- ISO/TC 309 (ISO 19600 – Compliance Management)
- ISO/TC 309 (ISO 37001 – Anti-bribery Management)
- ISO/TC 34 (ISO 22000 – Food Safety Management)
- ISO/TC 46 (ISO 30301 - Archives/records management)
- ISO/TC 67 (ISO/TS 29001 – Oil and Gas Quality Management)
- ISO/IEC JTC 1/SC 27 (ISO 27001 – Information Security)
- ISO/IEC JTC 1/SC 40 (ISO 20000 – IT Service Management)
- ISO/CASCO (ISO Conformity Assessment Committee)
The schedule for the revision of Annex L is as follows:
- December 2018 – Nomination of experts and Task Force convener (Nigel Croft)
- Jan 2019 – Meeting of Convener and Secretariat (Netherlands Standards Body NEN)
- Feb 2019 – 1st Task Force Meeting (Atlanta, USA)
- March – July 2019 – Web meetings to discuss specific topics related to the revision
- July 2019 – 2nd Task Force Meeting (Vienna, Austria)
- Aug – November 2019 – Circulation of 1st draft of the revision for comment
- Jan 2020 – 3rd Task Force Meeting (Sydney, Australia)
- Feb – May 2020 – Circulation of 2nd draft of the revision for comment
- June 2020 - 4th Task Force Meeting (Cartagena, Colombia)
- June – Sept 2020 Circulation of final draft for formal ballot
- Oct 2020 – 5th Task Force Meeting (if necessary)
- Dec 2020 – Submission to ISO and IEC for incorporation into the 2021 Directives
To conclude, existing standards will not be required to undergo a revision specifically to align with the new Annex L but will be required to align when they are revised.
Nigel H Croft
Convener of ISO/IEC Task Force for "Annex L" revision (Management System Standards) at ISO
