The New ISO Standard ‘Standard’ Template

8/9/2019 The New ISO Standard ‘Standard’ Template

1/23

The new ISO standard‘Standard’ Template

Graham Watson

Integre Ltd.

How Many Business Management Systems do we Need?

Hunterston A, 26 September 2012


2/23


3/23

ISO/IEC Directives, Part 1

Consolidated ISO Supplement – Procedures

specific to ISO

Annex SL (normative)Proposals for management system standards

Appendix 3 (normative)

High level structure, identical core text, common termsand core definitions

(Formerly Guide 83)


4/23

Background

• Management system standards developed by

Technical Committees, Sub-committees or

Project committees

• Lack of common structure

• TMB directs TCs to make them compatible

• Little/slow progress• JTCG formed

• JTCG expanded and directed to develop high

level structure and core terminologyIntegre 4


5/23

Management system models

Integre 5

ISO 9001 ISO 14001

ISO 14001 clone


6/23

Joint Technical Coordination Group (JTCG)

• Originally set up to coordinate compatibility

between ISO 9001 and ISO 14001

• Comprises chairs and secretaries of

management system Technical Committees

• Developed high level structure for all MSS (as

Guide 83)

Integre 6


7/23

ISO TMB Terms of Reference (extract)

• To examine proposals for new fields of ISO technical activity,and to decide on all matters concerning the establishmentand dissolution of technical committees.

• To keep the ISO/IEC Directives for the technical work under

review, to examine and coordinate all proposals foramendments and to approve appropriate revisions.

• To act on the following matters: – monitoring of the work of technical committees and project

management requirements;

– approval of titles, scopes and programmes of work of individualtechnical committees;

Integre 7

They must be obeyed!


8/23

TMB decisions (February 2012)

TECHNICAL MANAGEMENT BOARD RESOLUTION 18/2012

Final draft High Level Structure and identical text for MSS and common MS terms and coredefinitions

The Technical Management Board,

• Notes the recommendations contained in the Joint Technical Coordination Group (JTCG)report and the proposed revised draft of the High Level Structure and identical text for MSSand common MS terms and core definitions (JTCG N316),

• Further notes that the proposed document includes proposals on the applicability andflexibility of its implementation,

• Decides that any future MSS (new and revisions) shall, in principle, follow the structure andguidance included in this document (JTCG N316) but decides to permit deviations on thecondition that these are reported to the TMB, with detailed rationale,

• Further decides that this will be reviewed by the TMB after one year,

• Requests the DMT to incorporate the above document in the revised Annex SL (including the

revised Guide 72 and the current JTCG N316 "High Level Structure and identical text for MSSand common MS terms and core definitions"),

• Thanks the JTCG for its work, and

• Decides to revise the mandate of the JTCG to: provide the TMB and technical committeeswith information on the development of ISO MSS.

Integre 8


9/23

Aims of Annex SL

• To enhance the consistency and alignment of ISO managementsystem standards by providing – a unifying and agreed high level structure,

– identical core text and common terms and core definitions.

• All ISO management system “requirements” standards are aligned

and the compatibility of these standards is enhanced.• Individual management systems standard will add additional

“discipline-specific” requirements as required.

• This common approach to new management system standards andfuture revisions of existing standards will increase the value of suchstandards to users.

• It will be particularly useful for those organizations that choose tooperate a single (sometimes called “integrated”) managementsystem that can meet the requirements of two or moremanagement system standards simultaneously.

Integre 9


10/23

Annex SL High Level Structure

Introduction

1. Scope

2. Normative references

3. Terms and definition

4. Context of the organization

4.1 Understanding the organization and its context

4.2 Understanding the needs and expectations of

interested parties4.3 Determining the scope of the XXX management

system

4.4 XXX management system

5. Leadership

5.1 Leadership and commitment

5.2 Policy

5.3 Organization roles, responsibilities and

authorities6. Planning

6.1 Actions to address risks and opportunities

6.2 XXX objectives and planning to achieve them

7. Support

7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication

7.5 Documented information

7.5.1 General7.5.2 Creating and updating

7.5.3 Control of documented information

8. Operation

8.1 Operational planning and control

9. Performance evaluation

9.1 Monitoring, measurement, analysis andevaluation

9.2 Internal audit9.3 Management review

10. Improvement

10.1 Nonconformity and corrective action

10.2 Continual improvement

Integre 10

All new or revised ISO management system standards will look like this


11/23

Annex SL Common Terms

organization

interested party (preferred term)

stakeholder (admitted term)

requirement

management systemtop management

effectiveness

policy

objective

riskcompetence

documented information

process

performance

outsource (verb)

monitoring

measurementaudit

conformity

nonconformity

correction

corrective actioncontinual improvement

Integre 11

All new or revised ISO management system standards will use these defined terms


12/23

“Rules” - Use

• ISO management system standards include the highlevel structure and identical core text as found inAppendix 3 to this Annex SL.

• The common terms and core definitions are either

included or normatively reference an internationalstandard where they are included.

• The high level structure includes the main clauses(1 to 10) and their titles, in a fixed sequence.

• The identical core text includes numbered sub-clauses (and their titles) as well as text within thesub-clauses.

Integre 12


13/23

“Rules” – Non applicability

• If due to exceptional circumstances the high levelstructure or any of the identical core text, commonterms and core definitions cannot be applied in adiscipline-specific management system standard

then the TC/PC/SC needs to notify ISO/TMB throughthe ISO/TMB Secretary at [email protected] of therationale for this and make it available for review byISO/TMB.

• TC/PC/SC strive to avoid any non-applicability of thehigh level structure or any of the identical core text,common terms and core definitions.

Integre 13

mailto:[email protected]:[email protected]


14/23

“Rules” – Discipline-specific management

system standards

• Discipline-specific text does not affect harmonization or contradict or undermine the intentof the high level structure, identical core text, common terms and core definitions.

• Insert additional sub-clauses, or sub-sub-clauses (etc.) either ahead of an identical text sub-clause (or sub-sub-clause etc.), or after such a sub-clause (etc.) and renumbered accordingly.Examples of additions include: – new bullet points

– discipline-specific explanatory text (e.g. Notes or Examples), in order to clarify requirements

– discipline-specific new paragraphs to sub-clauses (etc.) within the identical text – adding text that enhances the existing requirements in Appendix 3 to this Annex SL

• Avoid repeating requirements between identical core text and discipline-specific text.

• Distinguish between discipline-specific text and identical core text from the start of thedrafting process. This aids identification of the different types of text during the developmentand balloting stages.

• Understanding of the concept of “risk” may be more specific than that given in the definitionunder 3.09 of Appendix 3 to this Annex SL. In this case a discipline-specific definition may beneeded. The discipline-specific terms and definitions are differentiated from the coredefinition, e.g. (XXX) risk .

• Common terms and core definitions will be integrated into the listing of terms and definitionsin the discipline-specific management system standard consistent with the concept system ofthat standard.

Integre 14


15/23


16/23


17/23

Changes (2) - Documented information

documented information

information required to be controlled and maintained by an organization

(3.01) and the medium on which it is contained

NOTE 1 to entry: Documented information can be in any format and media and from any source.

NOTE 2 to entry: Documented information can refer to

– the management system (3.04), including related processes (3.12);

– information created in order for the organization to operate (documentation);

– evidence of results achieved (records).

Integre 17


18/23

Changes (2) - Documented information

7.5 Documented information

7.5.1 General The organization’s XXX management system shall include

- documented information required by this International Standard

- documented information determined by the organization as being necessary for the effectiveness of the XXX

management system.

7.5.2 Creating and updating When creating and updating documented information the organization shall ensure appropriate- identification and description (e.g. a title, date, author, or reference number)

- format (e.g. language, software version, graphics) and media (e.g. paper, electronic)

- review and approval for suitability and adequacy.

7.5.3 Control of documented information Documented information required by the XXX management system and by this International Standard shall be

controlled to ensure

- it is available and suitable for use, where and when it is needed- it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

For the control of documented information, the organization shall address the following activities, as applicable

- distribution, access, retrieval and use,

- storage and preservation, including preservation of legibility

- control of changes (e.g. version control)

- retention and disposition

Documented information of external origin determined by the organization to be necessary for the planning and

operation of the XXX management system shall be identified as appropriate, and controlled.

Integre 18


19/23

Changes (3) - Risk

risk

effect of uncertainty

NOTE 1 to entry: An effect is a deviation from the expected — positive or negative.

NOTE 2 to entry: Uncertainty is the state, even partial, of deficiency of information

related to, understanding or knowledge of, an event, its consequence, or likelihood.

NOTE 3 to entry: Risk is often characterized by reference to potential events (ISO

Guide 73, 3.5.1.3) and consequences (ISO Guide 73, 3.6.1.3), or a combination of

these.

NOTE 4 to entry: Risk is often expressed in terms of a combination of the

consequences of an event (including changes in circumstances) and the associated

likelihood (ISO Guide 73, 3.6.1.1) of occurrence.

Integre 19


20/23

Risk - ISO 31000:2009

risk

effect of uncertainty on objectives

NOTE 1 An effect is a deviation from the expected — positive and/or negative.

NOTE 2 Objectives can have different aspects (such as financial, health and

safety, and environmental goals) and can apply at different levels (such as

strategic, organization-wide, project, product and process).

NOTE 3 Risk is often characterized by reference to potential events (2.17)

and consequences (2.18), or a combination of these.

NOTE 4 Risk is often expressed in terms of a combination of the

consequences of an event (including changes in circumstances) and the

associated likelihood (2.19) of occurrence.

NOTE 5 Uncertainty is the state, even partial, of deficiency of information

related to, understanding or knowledge of an event, its consequence, or

likelihood.

Integre 20


21/23

Changes (3) - Risk

6. Planning

6.1 Actions to address risks and opportunities

When planning for the XXX management system, the organization shall

consider the issues referred to in 4.1 and the requirements referred to in 4.2

and determine the risks and opportunities that need to be addressed to- assure the XXX management system can achieve its intended outcome(s)

- prevent, or reduce, undesired effects

- achieve continual improvement.

The organization shall plan:

a) actions to address these risks and opportunities, andb) how to

- integrate and implement the actions into its XXX management system

processes

- evaluate the effectiveness of these actions.

Integre 21


22/23

Standards using Annex SL

Published

• ISO 22301 - Business continuity management

• ISO 20121 - Event sustainability management

FDIS

• ISO 39001 - Road Traffic Safety management

Work ongoing

• ISO 9001 - Quality management

• ISO 14001 - Environmental management

• ISO 27001 - Information security management

Integre 22


23/23

The new ISO standard‘Standard’ Template

Integre 23

Thank you for your attention

Documents

The New ISO Standard ‘Standard’ Template