Annex SL

Last updated

The Annex SL (also known as Annex L in the 2019th edition) is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed-upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS (and B where appropriate) are aligned and the compatibility of these standards is enhanced. [1] [2] [3] [4]

Contents

Before 2012, various standards for management systems were written in different ways. Several attempts have been made since the late 90s to harmonize the way to write these but the first group that succeeded to reach an agreement was the Joint Technical Coordination Group (JTCG) set up by ISO/Technical Management Board.

Various of Technical Committees within ISO are currently working on revising all MSS published before Annex SL was adopted. Many standards are already following Annex SL such as ISO 9001, and ISO 14001.

High level structure

According to Annex SL, a Management System Standard should follow the structure: [5]

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

Types of standards

Two kinds of standards for management systems are defined by the Annex SL: [6]

MSS (Type A) following Annex SL

Sector specific to ISO 9001

MSS (Type A) not yet revised in accordance with Annex SL

Sector specific to ISO 9001

Sector specific to ISO/IEC 27001

MSS (Type A) under development

MSS (Type B) following Annex SL

MSS (Type B) not following Annex SL

MSS (Type B) under development

See also

Wikipedia List of ISO standards

Related Research Articles

<span class="mw-page-title-main">Business continuity planning</span> Prevention and recovery from threats that might affect a company

Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

The ISO 9000 family is a set of five quality management systems (QMS) standards by the International Organization for Standardization (ISO) that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success.

ISO 14000 is a family of standards by the International Organization for Standardization (ISO) related to environmental management that exists to help organizations (a) minimize how their operations negatively affect the environment ; (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above.

ISO 19011 is an international standard that sets forth guidelines for management systems auditing. The current version is ISO 19011:2018. It is developed by the International Organization for Standardization (ISO).

ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

<span class="mw-page-title-main">ISO 22000</span> Food safety standard

ISO 22000 is a food safety management system by the International Organization for Standardization (ISO) which is outcome focused, providing requirements for any organization in the food industry with objective to help to improve overall performance in food safety. These standards are intended to ensure safety in the global food supply chain. The standards involve the overall guidelines for food safety management and also focuses on traceability in the feed and food chain.

The ISO/IEC 27000-series comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

ISO 31000 is a family of international standards relating to risk management codified by the International Organization for Standardization. The standard is intended to provide a consistent vocabulary and methodology for assessing and managing risk, resolving the historic ambiguities and differences in the ways risk are described.

ISO 28000:2022, Security and resilience – Security management systems – Requirements, is a management system standard published by International Organization for Standardization (ISO) that specifies requirements for a security management system including aspects relevant to the supply chain.

Nigel Howard Croft is a globally recognized authority on quality management and conformity assessment. He retired as Chairman of the ISO Joint Technical Coordination Group for Management System Standards in December 2023 after serving a three-year term, having been appointed by ISO's Technical Management Board in December 2020. During his tenure, he coordinated the deployment of the ISO London Declaration on Climate Action into all ISO Management System Standards, requiring organizations that implement these standards to determine the extent to which climate change can affect their results and the ways in which their activities can have a impact on climate change. This can then lead to the implementation of risk-based adaptation and mitigation strategies. Dr Croft was previously Chair of the ISO Technical Committee TC 176/SC 2 from February 2010 until December 2018, with overall responsibility for the ISO 9001 standard, used worldwide as a basis for certification of quality management systems, and the ISO 9004 guidelines standard aimed at improving organisational performance, among others. In 2019 and 2020 he led the revision of "Annex SL" of the ISO Directives, that forms the basis for over 40 management system standards including those on environmental management, Occupational Health and Safety, Information Security, Anti-bribery, Food Safety, Artificial Intelligence and many more.

ISO/TC 176 is Technical Committee 176 of the International Organization for Standardization (ISO), responsible for Quality management and quality assurance - the ISO 9000 family of standards.

DQS Holding GmbH based in Frankfurt am Main is the holding company of the worldwide DQS Group. The group provides assessments and certifications of management systems and processes of any type.

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.

<span class="mw-page-title-main">ISO/TC 292</span>

ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience.

ISO 22313:2020, Security and resilience - Business continuity management systems – Guidance to the use of ISO 22301, is an international standard developed by technical committee ISO/TC 292 Security and resilience. This document provides guidance for applying the requirements for a business continuity management system (BCMS) in accordance with the requirements set out in ISO 22301:2019.

ISO 22301:2019, Security and resilience – Business continuity management systems – Requirements, is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.

References

  1. "ISO - Directives and Policies". ISO.
  2. Norwich, Quickfire Digital Web Design (24 April 2019). "What is Annex SL?". QMS.
  3. "What is the Annex SL System Structure? | NQA". www.nqa.com.
  4. "What is Annex SL and why is it important?". March 6, 2019.
  5. "Annex SL And Management System Standards – ISO". July 21, 2020.
  6. "ISO - Management System Standards list". ISO.
  7. "ISO 9001:2015". ISO. September 2021.
  8. "ISO 14001:2015". ISO. 13 December 2022.
  9. "ISO 14298:2013". ISO.
  10. "ISO 18788:2015". ISO.
  11. "ISO/IEC 19770-1:2012". ISO.
  12. "ISO/IEC 20000-1:2018". ISO. 6 July 2021.
  13. "ISO 20121:2012". ISO. 25 November 2019.
  14. "ISO 21001:2018". ISO. 2 May 2018.
  15. "ISO 21101:2014". ISO. 19 August 2020.
  16. "ISO 21401:2018". ISO. 26 July 2022.
  17. "ISO 22000:2018". ISO. 5 June 2023.
  18. "ISO 22301:2019". ISO. 5 June 2023.
  19. "ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements". ISO. October 2022.
  20. "Iso 28000:2022". 4 May 2022.
  21. "ISO 35001:2019". ISO. 15 December 2020.
  22. "ISO/TS 54001:2019". ISO. 11 June 2019.
  23. "ISO/TS 9002:2016". ISO. November 2016.
  24. "ISO 9004:2018". ISO. 4 April 2018.
  25. "ISO 18091:2019". ISO. 26 March 2019.
  26. "ISO 56002:2019". ISO. 24 June 2021.
  27. "ISO 14002-1:2019". ISO.
  28. "ISO/IEC 27013:2015". ISO. 17 December 2015.
  29. "ISO/FDIS 37002". ISO. 9 December 2021.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.