Question

explain what annex SL is futhermore, list and explain at least 4 high level main clauses and how they may be applied in an ISO 9001 audit. answer in detail.

Answer 1

Annex SL

Annex SL (renamed in 2019 as Annex L) is a new management system format that helps streamline creation of new standards, and makes implementing multiple standards within one organization easier.

It replaces ISO’s Guide 83, which provided a base structure and standardized text for management system standards (MSS). Guide 83 started to address complaints that many have when integrating current MSS like ISO 9001, ISO 14001 and ISO 27001. While these standards have common elements, they are described and organized differently, making it difficult for organizations to implement multiple standards.

“Annex L” further addresses these issues by creating a “template” upon which ISO MSS are to be built in the future. Written primarily as a guide to those who draft the standards, the core of Annex L consists of 8 clauses and 4 appendices that encompass a “high level structure” (essentially shared high level concepts among standards), shared terms/definitions and actual shared clause titles and text. Examples of “high level structure” covered by Annex L include areas ranging from support to operations, and leadership to planning.

Who Created Annex L

Annex L is a product of the ISO Technical Management Board’s (TMB) Joint Technical Coordination Group (JTCG). The TMB is charged with managing the technical processes associated with implementing new technical standards. This includes the rules which govern standards creation, checking how the process is working, and managing the technical committees which construct the standards. The JTCG reports to the TMB and specifically manages the activities associated with creating and implementing an MSS. One of its main tasks is to ensure that the input from the various technical committees associated with each standard are represented in the resulting MSS of a given area (i.e. environmental, aerospace, etc.)

High level main clauses of Annex SL

The major clause numbers and titles of all management system standards will be identical They are:

1.Scope

The Scope should define what the ‘intended outcome(s)’ are of the discipline. The term ‘expected outcome’ will not be used. Auditors should expect alignment between what the organisation has determined in clause 4 with what is stated here.The scope sets out the intended outcomes of the management system. The outcomes are industry specific and should be aligned with the context of the organization.

Clause 2: Normative references

Provides details of the reference standards or publications relevant to the particular standard.

Clause 3: Terms & definitions

Details terms and definition applicable to the specific standard in addition to any formal related terms and definitions standard.

4. Context of the organisation

Understanding the organisation and its context
Understanding the needs and expectations of interested parties
Determining the scope of the XXX management system
XXX management system

As the flagstone of a management system, clause 4 determines why the organization is here. As part of the answer to this question, the organization needs to identify internal and external issues that can impact on its intended outcomes, as well as all interested parties and their requirements. It also needs to document its scope and set the boundaries of the management system – all in line with the business objectives. At first glance, clause 4 is radical and daunting, but on further consideration it makes sense in practice. The organisation will have already have completed this thinking before even considering implementing any ISO management system. This is the flagstone of the management system – why the organisation is here. The organisation needs to determine its relevant issues, both inside and outside, that have an impact on what it is trying to achieve, its intended outcomes. Also, who are the relevant interested parties (the preferred term to stakeholders) and what are their requirements? The organisation needs to determine and document its own scope where are the boundaries of the management system?, what’s in and what’s out? This must be needs to be appropriate to the organisation and it objectives. Finally, the organisation needs to build, operate and improve its management system; nothing new or difficult there. The issues and requirements identified here will be addressed in clause 6 – Planning. Auditors should now have a clear and concise list of objective evidence to identify and confirm. It will include the organisations goals and intended outcomes, internal and external issues, the relevant stakeholders and their requirements and the management system scope. Collectively this will provide a key insight into the organisation. This should not be just a tick-list, but the entirety will provide a key insight into the organisation – it should provide illumination and clarity.

5. Leadership

Leadership and commitment
Policy
organisational roles, responsibilities and authorities

The new high level structure places particular emphasis on leadership, not just management as set out in previous standards. This means top management now has greater accountability and involvement in the organization’s management system. They need to integrate the requirements of the management system into the organization’s core business process, ensure the management system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the management system and heighten employee awareness and involvement.

At first glance, clause 5 appears to be just a reiteration of what’s gone before –policy, organisational roles, responsibilities and authorities etc. However, there is an emphasis on leadership, not just management. On further examination there is more here; top management now have to have a greater involvement in the management system. They have to make sure that the requirements of the management system are integrated into the organisation’s business processes – the management system is not just a bolt-on. The ‘business’ is whatever activities are at the heart of the organisation’s reason for existing. In addition, they have to demonstrate their commitment by making sure that the management system achieves its intended outcome(s) and has adequate resources. Additionally they have to inform everyone that management system is important and that everyone should participate in its effective implementation. The involvement of top management in the management system is now explicit and hands-on. The ‘XXX’ policy has also been strengthened. It has to include commitments to satisfy applicable requirements and continually improve the management system. As well as being communicated internally it has to be made available to interested parties. Auditors should now find it easier to audit management commitment – the requirements are much more specific and tangible and the evidence required should be more obvious.

6.Planning

Actions to address risks and opportunities
XXX objectives and planning to achieve them

Clause 6 brings risk-based thinking to the front. Once the organization has highlighted risks and opportunities in clause 4, it needs to stipulate how these will be addressed through planning. The planning phase looks at what, who, how and when these risks must be addressed. This proactive approach replaces preventative action and reduces the need for corrective actions later on. Particular focus is also placed on the objectives of the management system. These should be measurable, monitored, communicated, aligned to the policy of the management system and updated when needed.

After much deliberation, the decision to make risk explicit has been made – here it is in clause 6. Having highlighted the issues and requirements in clause 4, now it is time to address the risks and opportunities the organisation faces through planning. How will the organisation prevent, or reduce, undesired effects? How will the organisation ensure that it can achieve its intended outcomes and continual improvement? It will do it here in planning. Planning will address what, who, how and when. Not difficult. This proactive approach is easier to understand than preventive action and should reduce the need for correction and corrective action at a later date. The requirements around the ‘XXX’ objectives have also been made more detailed. They are to be consistent with the ‘XXX’ policy, measurable (if practicable), monitored, communicated, and updated as appropriate. They have to be established at relevant functions and levels. Clause 6 puts a greater emphasis on the organisation’s XXX’ planning which is integral to the business. Auditors should be familiar with risk – the consequences of an event and the associated likelihood of occurrence – and how to avoid, eliminate, minimize or mitigate it. They also need to focus on the positive aspect – opportunities for the business and how to optimize them. The risks and opportunities identified will lead to policies and objectives. Auditors should be able to identify and follow a clear path from issues and requirements through risks and opportunities, policies and objectives.

Annex L Being is Implemented In Standards Like ISO 9001:2015

Annex L will save any organization seeking to adopt MSS time and cost. Because standards such as ISO 9001 and ISO 14001 have similar intents but different structures, text and terminology, they are more difficult to implement together. And while there are tools such as our own integrated standards documentation* (which helps eliminate this duplication effort by creating an Integrated Management System or IMS), there has been a call to streamline the certification process for multiple standards adoption. In addition, there is an opportunity for ISO to infuse new concepts across multiple MSS. These concepts include enfranchising customers, suppliers and impacted communities into the quality process; the shift toward service-oriented businesses; and the extension of digital aids to serve what are often geographically and organizationally dispersed workgroups.

An IMS can streamline a businesses operations by merging different areas of compliance. For example, combining quality, environmental and safety into a single IMS requires less resources and is more likely to succeed than maintaining separate management systems for each. Standards can either be combined or integrated. An Integrated Management System integrates two or more standards from different disciplines into one. (example: ISO 9001, ISO 14001, OHSAS 18001)

A Combined Management System combines two more standards from the same discipline into one. (example: ISO 9001, AS9100) Companies visiting our IMS website Integrated-Standards.com often request combinations of standards such as:

• Quality Management
  • ISO 9001 (General Quality Management Systems
  • ISO 13485 (Medical Devices)
  • IATF 16949 (Automotive)
• AS9100 (Aircraft, Space & Defense))Environmental Management
  • ISO 14001 (Environmental Management Systems)
• Safety Management
  • OHSAS 18001 (Occupational Health & Safety)

Rather than just creating parallel systems, true integration means that similar processes are implemented without duplication or confusion. IMS elements that exist in each system are treated as common resources. They are defined, deployed and managed in the same manner and do not have to deal with multiple, often slightly different interpretations of their roles in executing each standard. Annex L should make creation of an IMS much easier.