ISO has just completed work to provide identical structure, text and common terms and definitions for management system standards of the future. This will ensure consistency among future and revised management system standards and make integrated use simpler. It will also make the standards easier to read and, in so doing, be understood by users.
ISO has over the years published many management system standards for topics ranging from quality and environment to information security, business continuity management and records management. Despite sharing common elements, ISO management system standards come in many different shapes and structures. This, in turn, results in some confusion and difficulties at the implementation stage.
From theory to practice
All technical committees developing management system standards have to follow Annex SL in the new consolidated ISO Supplement. Annex SL harmonizes structure, text and terms and definitions, while leaving the standards developers with the flexibility to integrate their specific technical topics and requirements. Box 1 includes the high level structure and examples of definitions and identical text.
Box 1 : Examples from the new Annex SL
High level structure :
- Clause 1 - Scope
- Clause 2 - Normative references
- Clause 3 - Terms and definitions
- Clause 4 - Context of the organization
- Clause 5 - Leadership
- Clause 6 - Planning
- Clause 7 - Support
- Clause 8 - Operation
- Clause 9 - Performance evaluation
- Clause 10 - Improvement
Example of identical definitions :
Organization, interested party, policy, objective, competence, conformity.
Example of identical text :
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization.
There are subtle language issues such as the change from document and records to documented information, to the use of IT and other tools to illustrate what is being done. The new text recognizes the use of the broad concept of risk and the need to understand risk in the context of the management system. It also encourages everyone to view preventive action as a broader concept than simply preventing an incident from re-occurring.
No challenge is too big
Any change represents challenges and opportunities. And this is no exception. Over the next few months, we will promote understanding of what this change means to avoid confusion and improve understanding among the affected technical committees, as well as among the users of the standards.
What next ?
It will take a few years before all existing management system standards have been fully harmonized. However, there were an impressive number of standards that used the new format as it was being developed.
Two of ISOʼs flagship management system standards have launched their revision processes (ISO 9001 and ISO 14001) and both will use the new format for their revisions. Box 2 sets out the list of standards that have used the new approach.
The Joint Technical Coordination Group (JTCG) is responsible for the development of the document at the request of the ISO Technical Management Board (TMB). JTCG plans to collect information on user experience in 2012. It is available to answer any questions from standards writers, although users should initially ask their standards developing community.
Box 2 : Current status of the harmonization
- ISO 30301:2011, Information and documentation – Management systems for records – Requirements (Harmonized with Annex SL)
- ISO 22301:2012, Societal security – Business continuity management systems – Requirements (Harmonized with Annex SL)
- ISO 20121:2012, Event sustainability management systems – Requirements with guidance for use (Harmonized with Annex SL)
- ISO 39001, Road-traffic safety (RTS) management systems – Requirements with guidance for use (Currently being prepared for FDIS ballot with publication scheduled for September 2012 and in line with Annex SL)
- ISO/IEC 27001, Information technology – Security techniques – Information security management systems – Requirements (Revision is currently being prepared for DIS ballot with publication scheduled for 2013, and in line with Annex SL)
- ISO 55001, Asset management – Requirements (Currently on CD ballot with publication scheduled for 2014 and in line with Annex SL)
- ISO 16125, Fraud countermeasures and controls – Security management system – Requirements (Currently on CD ballot with publication scheduled for 2013, and in line with Annex SL)
The following MSS were published before the TMB decision and no decision on revision has been taken
- ISO 22000:2005, Food safety management systems – Requirements for any organization in the food chain
- ISO 28000:2007, Specification for security management systems for the supply chain
- ISO 30000:2009, Ships and marine technology – Ship recycling management systems – Specifications for management systems for safe and environmentally sound ship recycling facilities
- ISO/IEC 20000-1:2011, Information technology – Service management – Part 1 : Service management system requirements
- ISO 50001:2011, Energy management systems – Requirements with guidance for use
About the authors
Dr. Anne-Marie Warris, with 12 years of experience in standardization, is the Chair of Joint Technical Coordination Group (JTCG), and Chair of ISO technical committee ISO/TC 207, Environmental management, subcommittee SC 1, Environmental management systems. Dr. Warris is responsible for ensuring that Lloydʼs Register Marine Division listens to, and supports, relevant stakeholders in the environmental arena. She is a chartered engineer and chartered environmentalist through The Energy Institute. Dr. Warris holds an MBA from London Business School, a PhD in Combustion from Imperial College, London.
Dr. Stefan Tangen is the Secretary of JTCG and has been involved in standardization for seven years. He is also the Secretary of ISO/TC 223, Societal security, and works as a project manager at SIS, Swedish Standards Institute. Dr. Tangen holds a PhD in Production Engineering.
- Environmental management systems
- Information and documentationManagement systems for recordsRequirements
- Societal securityBusiness continuity management systems --- Requirements
- Event sustainability management systemsRequirements with guidance for use
- Road traffic safety (RTS) management systems - Requirements with guidance for use
- ISO/IEC 27001:2005 [Withdrawn]Information technologySecurity techniquesInformation security management systemsRequirements