The Annex SL is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed-upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS (and B where appropriate) are aligned and the compatibility of these standards is enhanced. [1] [2] [3] [4]
Before 2012, various standards for management systems were written in different ways. Several attempts have been made since the late 90s to harmonize the way to write these but the first group that succeeded to reach an agreement was the Joint Technical Coordination Group (JTCG) set up by ISO/Technical Management Board.
Various of Technical Committees within ISO are currently working on revising all MSS published before Annex SL was adopted. Many standards are already following Annex SL such as ISO 9001, and ISO 14001.
According to Annex SL, a Management System Standard should follow the structure: [5]
Two kinds of standards for management systems are defined by the Annex SL: [6]
Sector specific to ISO 9001
Sector specific to ISO 9001
Sector specific to ISO/IEC 27001
Wikipedia List of ISO standards
Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.
The ISO 9000 family is a set of international standards for quality management systems. It was developed in March 1987 by International Organization for Standardization. The goal of these standards is to help organizations ensure that they meet customer and other stakeholder needs within the statutory and regulatory requirements related to a product or service. The standards were designed to fit into an integrated management system. The ISO refers to the set of standards as a "family", bringing together the standard for quality management systems and a set of "supporting standards", and their presentation as a family facilitates their integrated application within an organisation. ISO 9000 deals with the fundamentals and vocabulary of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. A companion document, ISO/TS 9002, provides guidelines for the application of ISO 9001. ISO 9004 gives guidance on achieving sustained organizational success.
The ISO 14000 family is a set of international standards for environment management systems. It was developed in March 1996 by International Organization for Standardization. The goal of these standards is to help organizations (a) minimize how their operations negatively affect the environment ; (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above. The standards were designed to fit into an integrated management system.
A management system is a set of policies, processes and procedures used by an organization to ensure that it can fulfill the tasks required to achieve its objectives. These objectives cover many aspects of the organization's operations. For instance, a quality management system enables organizations to improve their quality performance, an environmental management system enables organizations to improve their environmental performance, and an occupational health and safety management system enables organizations to improve their occupational health and safety performance, can be run in an integrated management system.
ISO 19011 is an international standard that sets forth guidelines for management systems auditing. The current version is ISO 19011:2018. It is developed by the International Organization for Standardization (ISO).
ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.
ISO 22000 is a food safety management system by the International Organization for Standardization (ISO) which is outcome focused, providing requirements for any organization in the food industry with objective to help to improve overall performance in food safety. These standards are intended to ensure safety in the global food supply chain. The standards involve the overall guidelines for food safety management and also focuses on traceability in the feed and food chain.
The ISO/IEC 27000 family comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
'ISO/IEC 27007' — Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing is a standard providing guidance on:
ISO 28000:2022, Security and resilience – Security management systems – Requirements, is a management system standard published by International Organization for Standardization (ISO) that specifies requirements for a security management system including aspects relevant to the supply chain.
Nigel Howard Croft is a globally recognized authority on quality management and conformity assessment. He retired as Chairman of the ISO Joint Technical Coordination Group for Management System Standards in December 2023 after serving a three-year term, having been appointed by ISO's Technical Management Board in December 2020. During his tenure, he coordinated the deployment of the ISO London Declaration on Climate Action into all ISO Management System Standards, requiring organizations that implement these standards to determine the extent to which climate change can affect their results and the ways in which their activities can have a impact on climate change. This can then lead to the implementation of risk-based adaptation and mitigation strategies. Dr Croft was previously Chair of the ISO Technical Committee TC 176/SC 2 from February 2010 until December 2018, with overall responsibility for the ISO 9001 standard, used worldwide as a basis for certification of quality management systems, and the ISO 9004 guidelines standard aimed at improving organisational performance, among others. In 2019 and 2020 he led the revision of "Annex SL" of the ISO Directives, that forms the basis for over 40 management system standards including those on environmental management, Occupational Health and Safety, Information Security, Anti-bribery, Food Safety, Artificial Intelligence and many more.
DQS Holding GmbH based in Frankfurt am Main is the holding company of the worldwide DQS Group. The group provides assessments and certifications of management systems and processes of any type.
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit.
ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience.
ISO 22313:2020, Security and resilience - Business continuity management systems – Guidance to the use of ISO 22301, is an international standard developed by technical committee ISO/TC 292 Security and resilience. This document provides guidance for applying the requirements for a business continuity management system (BCMS) in accordance with the requirements set out in ISO 22301:2019.
ISO 22301 is an international standard for business continuity management systems. It was developed in March 2012 by International Organization for Standardization. The goal of the standard is to specify requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. The standard was designed to fit into an integrated management system. It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.
ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.