What is Annex SL?
Annex SL is a document produced by one of the ISO Technical Management Board’s Joint Technical Coordination Group, a replacement for the ISO Guide 83. That sounds like an awful lot of jargon, so more realistically? It is a framework for a generic management system, putting all the common parts of a “management” system together and allowing space for the specific technical detail that different management systems might require.
The framework is split into seven main sections, with clauses 4, 5, 6 and 7 all falling within what would be termed as planning activities within the Deming Cycle, Plan, Do, Check and Act.
They split planning up into fairly logical steps and should help organisations to ensure that the management system that they are putting in place really fits their business.
Clause 4 is all about the context of the organisation, which while one might think all companies are aware of, is something that may not have been discussed or updated since the business first set up. This idea, is looking at what is the business trying to achieve, who are the customers and what do they want, perhaps this is already addressed within the marketing department. Then, who are the suppliers, do they rely on your organisation, (probably the part that is least considered) and finally who else does your business affect, neighbours, competitors?
While this is not something that an organisation generally reviews every month, it is something that probably needs a review on a regular basis as while the organisation may not change the external environment probably does. Once we have the context in place, then it becomes easier for the next part of the system development that of determining the scope of the system; that is the boundaries of the system, e.g. one facility or many facilities, one product group, or all product groups.
Once this has been determined then the final part of contextualising the organisation which is stating what processes are within the management system should be straightforward.
Clause 5 is all about leadership, note that it is leadership not management, so does that make a difference? Managers have subordinates who have power over others, by formal authority, Leaders have followers, – and following is always a voluntary activity 1.
Annex SL is asking that the leadership ensure that the management system is integrated into the organisation’s business processes, and not something that is seen as an extra. Something that has been difficult to evidence in the past, is management commitment, and that is made clearer by management ensuring the system achieves its intended outcomes, and that it has sufficient resources. They are expecting “top management” or the “leaders” to be involved and to be hands on.
The policy that the top management have created has to be communicated as always, but not only internally as it was in some standards, (e.g. ISO 9001) but to interested parties which was always the case in certain other standards, (e.g. ISO 14001). It is also within the leadership section that the roles, responsibilities and authorities will be defined. This might make it clearer that the leadership define who has the responsibility to do what and therefore are ultimately accountable.
Clause 6 is about planning, already three clauses in and the “old school” planning is only now starting. The planning should state the action to address the risks and opportunities the organisation is anticipating. This could be compared with a business planning SWOT analysis (strengths, weaknesses, opportunities and threats analysis). Since the organisation will already have determined the context of the organisation the analysis will be all but completed.
Preventive action which is many management standards is currently at the end, will now be brought in at the planning stage, which may be more understandable. It is during this planning stage that objectives for the applicable management system should be developed, and of course the plans to achieve the objectives. As ever the objectives should be measurable. The management of change comes in at planning too, showing that change doesn’t just happen, as organisations we choose to change and therefore we need to plan for that change and ensure that it does not adversely affect the management standard.
Clause 7 is titled Support and addresses Resources, Competence, Awareness, Communication and Documented Information. We need the correct resources to deliver the actions we have chosen in the face of our opportunities and risks. Where the resources are people we need them to be competent. Annex SL should ensure that there is a consistent definition of competence (see our website later this year for our discussion on competence) “Awareness” has been mentioned in many of the standards previously but not in all, so having a section in Annex SL should ensure that consistency again.
“Awareness” is of what is required of the particular management system and also what would constitute conformity. “Communication” addresses both internal and external communication, what to communicate, when to communicate it and to whom. This may mean to certain groupings of stakeholders depending upon what the communication is about. The final section of support is regarding the decision as to what needs to be documented, creating and updating Documentation and then controlling it. This has been in management standards for as long as there have been ISO standards.
Clause 8 is titled Operation and this is where the doing part of the organisation and the management system standard will be located. In terms of Annex SL it is the shortest clause, because the bulk of the text will come from the specific discipline management system. It will have an operational planning and control section and a Management System Standard specific requirement section.
Clause 9 is very much about the evaluation of the performance of the system, looking at what the business has achieved, and what it believes is important to monitor and measure within their company, e.g. it may be product parameters, the number of incidents and accidents, the timeframe for closing corrective actions, supplier delivery time. What is important is that the organisation chooses. The extent and specifics of the monitoring, measurement, analysis and evaluation will depend upon your own organisation and the standard or standards that you are working to.
This section is where the internal audit of the system will live, as this should be providing information as to whether the system conforms to requirements set by the organisation and the appropriate standards. Finally in this section is Management Review. Once the data is available and evaluated and the system is audited, the management should now have enough information to check whether the system is “suitable, adequate and effective.”
Finally, Clause 10 addresses improvements, specifically non-conformity, corrective action and continual improvement.
We all know that no matter how good our systems are, occasionally things do go wrong, and this is the section that ensures that they are addressed and action taken to put them right in the future. Continual improvement is surely the objective for any management system and it ought to be easy to pick up on the information gathered in clause 9 to determine what is ripe for improvement and what is worth leaving be. For die-hards of ISO 9001, the removal of preventive action from this end of the standard may be hard to take, however it is addressed much earlier in the risk section of Annex SL; perhaps a more logical place for it.
Annex SL’s significance in the future?
The significance of Annex SL for the future is that it should be much easier to integrate all the management systems, e.g. ISO 9001, ISO 14001 and what will be ISO 45001. It should be possible to audit the main parts of all the management systems at the same time, reducing the audit burden.
It should mean that there is no conflict between different standards, e.g. currently the BS OHSAS 18001 standard clause 4.5.5 requires that internal audits determine whether the management system “…is effective in meeting the organisation’s policy and objectives” whereas the ISO 9001 clause 8.2.2 which deals with internal audits makes no mention of the organisation’s policy and objectives. While there may be an implication that overall the audits would look at that, the wording means that there are different expectations from the output in each standard, or the methods of achieving the same aim. This means that rather than working together, professionals working with management systems spend unnecessary time debating the semantics of standards rather than working together on a common framework.
Also, should other management systems become more important to your business, e.g. ISO 27001 Information Security Management, ISO 5001 Energy Management, (more about that later this year) ISO 22000 Food Safety or even ISO 20121 Sustainable Event Management, then it is an easier process to add them onto your existing management systems. It means that your organisation should be able to take advantage of further developments without losing the benefits of what already exists.