The Annex SL (also known as Annex L in the 2019th edition) is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed-upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS (and B where appropriate) are aligned and the compatibility of these standards is enhanced. [1] [2] [3] [4]
Before 2012, various standards for management systems were written in different ways. Several attempts have been made since the late 90s to harmonize the way to write these but the first group that succeeded to reach an agreement was the Joint Technical Coordination Group (JTCG) set up by ISO/Technical Management Board.
Various of Technical Committees within ISO are currently working on revising all MSS published before Annex SL was adopted. Many standards are already following Annex SL such as ISO 9001, and ISO 14001.
According to Annex SL, a Management System Standard should follow the structure: [5]
Two kinds of standards for management systems are defined by the Annex SL: [6]
Sector specific to ISO 9001
Sector specific to ISO 9001
Sector specific to ISO/IEC 27001
Wikipedia List of ISO standards
Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.
The ISO 9000 family is a set of five quality management systems (QMS) standards by the International Organization for Standardization (ISO) that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success.
ISO 14000 is a family of standards by the International Organization for Standardization (ISO) related to environmental management that exists to help organizations (a) minimize how their operations negatively affect the environment ; (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above.
ISO 19011 is an international standard that sets forth guidelines for management systems auditing. The current version is ISO 19011:2018. It is developed by the International Organization for Standardization (ISO).
ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.
Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
ISO 22000 is a food safety management system by the International Organization for Standardization (ISO) which is outcome focused, providing requirements for any organization in the food industry with objective to help to improve overall performance in food safety. These standards are intended to ensure safety in the global food supply chain. The standards involve the overall guidelines for food safety management and also focuses on traceability in the feed and food chain.
The ISO/IEC 27000-series comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
ISO 31000 is a family of international standards relating to risk management codified by the International Organization for Standardization. The standard is intended to provide a consistent vocabulary and methodology for assessing and managing risk, resolving the historic ambiguities and differences in the ways risk are described.
ISO 28000:2022, Security and resilience – Security management systems – Requirements, is a management system standard published by International Organization for Standardization (ISO) that specifies requirements for a security management system including aspects relevant to the supply chain.
Nigel Howard Croft is a globally recognized authority on quality management and conformity assessment. He retired as Chairman of the ISO Joint Technical Coordination Group for Management System Standards in December 2023 after serving a three-year term, having been appointed by ISO's Technical Management Board in December 2020. During his tenure, he coordinated the deployment of the ISO London Declaration on Climate Action into all ISO Management System Standards, requiring organizations that implement these standards to determine the extent to which climate change can affect their results and the ways in which their activities can have a impact on climate change. This can then lead to the implementation of risk-based adaptation and mitigation strategies. Dr Croft was previously Chair of the ISO Technical Committee TC 176/SC 2 from February 2010 until December 2018, with overall responsibility for the ISO 9001 standard, used worldwide as a basis for certification of quality management systems, and the ISO 9004 guidelines standard aimed at improving organisational performance, among others. In 2019 and 2020 he led the revision of "Annex SL" of the ISO Directives, that forms the basis for over 40 management system standards including those on environmental management, Occupational Health and Safety, Information Security, Anti-bribery, Food Safety, Artificial Intelligence and many more.
ISO/TC 176 is Technical Committee 176 of the International Organization for Standardization (ISO), responsible for Quality management and quality assurance - the ISO 9000 family of standards.
DQS Holding GmbH based in Frankfurt am Main is the holding company of the worldwide DQS Group. The group provides assessments and certifications of management systems and processes of any type.
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.
ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience.
ISO 22313:2020, Security and resilience - Business continuity management systems – Guidance to the use of ISO 22301, is an international standard developed by technical committee ISO/TC 292 Security and resilience. This document provides guidance for applying the requirements for a business continuity management system (BCMS) in accordance with the requirements set out in ISO 22301:2019.
ISO 22301:2019, Security and resilience – Business continuity management systems – Requirements, is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.