Informational The role of Annex SL - High Level Structure of ISO MSS's - Revision Update February 2019

Paul Simpson

Trusted Information Resource
I did a search and couldn't find anything specifically talking about the application of Annex SL for Quality management systems standards (MSS). This is another article I wrote for Bywater about how the text of Annex SL is just a start in defining how a quality system operates.

Text is reproduced here to allow comments on selected parts.

If, like me, you’re interested in the topic of management systems you will have: listened in to many conversations; followed many social media threads, and; read many articles in print about the future of management systems standards and, apparently, that future is …

Is this our Dead Sea Scrolls or Rosetta Stone discovery? Is Annex SL ‘our’ equivalent of the Enigma machine to break the code of Quality, Environmental or XXX Management (insert your favourite management system standard discipline here)? From now on automagically will we be able to translate ISO standards into a fully integrated management system our organisation’s leaders will be falling over themselves to support?

With no desire to rain on anyone’s parade I will serve a note of caution: Don’t build this up to be something it is not; at risk of it becoming a damp squib. I’ll get back to what I think are the benefits of Annex SL shortly but, for the purposes of this article want to cover some of the things Annex SL just won’t do. Let’s take one simple example: ‘5.2.1 Establishing the XXX policy’. It goes without saying that all the requirements under the heading have no meaning unless we replace XXX with ‘Quality’ (or any other flavour of policy). If we do this ‘find and replace’ to put the requirement into an ISO 9001 context are we any nearer value? I suggest not. It remains a simple set of discipline-specific requirements for what a quality policy statement shall cover.

We can even do what many organisations and consultants do, and generate a company specific policy that ticks off all the requirements from ISO 9001 (in this case). Apologies to any ‘Joe Bloggs Ltd.’ out there:

At Joe Bloggs Limited, we have established and implemented and will continue to maintain a quality policy appropriate to our organization and to support our strategic direction. We are committed to satisfying applicable requirements. We maintain an annual set of quality objectives and will continually improve our quality management system.

Simples! Our ISO 9001 policy is now in the form of ‘documented information’ and we can now kick on, or can we? IMHO with this Quality policy we are no nearer providing any organisational value and so, while Annex SL has many virtues, it hasn’t solved any problems yet. In order to deliver the intended value of improved Quality that ISO 9001’s policy requirement is aimed at we have to develop a meaningful Policy statement and, to do that, we need to understand the background as to why a policy statement is necessary in the first place.
•Policies can be useful for a variety of reasons – for Quality they provide a means to reinforce a culture of customer focus and improvement.
•The statement, and the fact it is endorsed by the organisation’s leader(s) communicates the importance of quality to internal and external interested parties (e.g. employees and customers).
•The policy statement is intended to inspire employees to direct their efforts towards satisfying customer requirements. For me an effective policy statement needs to be RED (sic). It should:
◦Resonate – so for readers to it should reflect the organisation that has signed up to it
◦Enthuse – nothing bland will do here, readers should be inspired to continue good behaviours and change bad ones.
◦Drive – objectives and targets mentioned in the policy should become the key metrics for employees to address to enable the organisation to satisfy its customers and improve performance


Where Annex SL contributes is through providing common text and structure so ISO Technical Committees aren’t spending all their time trying to find a better way of saying ‘the organisation shall have a XXX policy’. They can spend the majority of standards development time ensuring that all the discipline specific requirements are as good as they can be. So ISO TC 176 can spend its time looking at how good and excellent organisations manage quality and building those practises into the next edition of ISO 9001.

To improve understanding on the purpose of a policy statement there are a number of resources available on the Internet. Perhaps start with the Chartered Management Institute – here. Further detail is provided by Jisc, a service provider for UK Education and Research sectors. While aimed at education providers (and apparently archived) the guidance remains relevant – here.
 

Sidney Vianna

Post Responsibly
Leader
Admin
I created the thread The Future Structure of ISO Management System Standards back in 2009, with the earliest information on what we know now as High Level Structure.

The decision to create a common framework for all most ISO MSS has to do with the ISO's TMB perception that such common structure would be highly desired by organizations that want to have integrated management systems. So, ISO obliged to the perceived demand.

Sure, the PDCA cycle can be massaged by almost any discipline. But, in my view point, we can improve standards ad nauseum, but until we have high-caliber conformity assessment practices in place, value added standardization of management systems will be a challenge for most practitioners.
 

AndyN

Moved On
I like the Annex SL, mostly for the "context of the organization". It gives something to engage management in the use of the QMS, where in the past, the QMS is something forced on them to meet a customer demand. Looking past integration of management systems, I believe it's an inspired improvement to the requirements.
 

Paul Simpson

Trusted Information Resource
I created the thread The Future Structure of ISO Management System Standards back in 2009, with the earliest information on what we know now as High Level Structure.
Thanks, Sidney. I remember it at the time, your usual prescience! ;) I'm sure the proliferation of MSS was the driver for this project and, by and large, it seems to have gone well. The JTCG is looking to recruit people to join the working group to review and revise Annex SL as part of the regular review of the ISO Directives, so perhaps we can capture some thoughts here for what should go into 'Son of Annex SL'?

The decision to create a common framework for all most ISO MSS has to do with the ISO's TMB perception that such common structure would be highly desired by organizations that want to have integrated management systems. So, ISO obliged to the perceived demand.
I'd agree it is one of the perceived benefits that ISO are using to market Annex SL. I feel the main reason (as I put in my article) was to prevent TCs and working groups from expending a lot of time and energy in refining text that is relatively simple and doesn't relate to the core business of the TC - discipline specific requirements.

People who are really interested in 'Integration' have gone ahead and done it long before Annex SL came on the scene. IMHO it doesn't take a whole lot of effort to bring a range of requirements into a management system covering a range of MSSs (not to mention laws, product standards, etc.).

Sure, the PDCA cycle can be massaged by almost any discipline. But, in my view point, we can improve standards ad nauseum, but until we have high-caliber conformity assessment practices in place, value added standardization of management systems will be a challenge for most practitioners.
Totally agree with you on this, Sidney. Announced elsewhere but TC 176 is so concerned about the 'Context' of ISO 9001 (see what I did there? ;)) that it has formed a task group under Dr Nigel Croft to address 'Brand Integrity' issues. I'll happily share a bit more elsewhere. Not sure where the best place to have a thread is, though?

I like the Annex SL, mostly for the "context of the organization". It gives something to engage management in the use of the QMS, where in the past, the QMS is something forced on them to meet a customer demand. Looking past integration of management systems, I believe it's an inspired improvement to the requirements.
Agreed, Andy. I love 'Context' and feel it is the strongest element in Annex SL. It starts to bring ISO 9001 out of the clutches of the Quality Manager who constrains the QMS to just ISO 9001 requirements (ignoring the big, bad world that actually defines how the organization needs to identify customers, their requirements, and what controls are needed to ensured sustained success as a business).

It forces auditors out of their darkened rooms, too. They have to understand context and then test the QMS put forward against these market requirements to ensure it is effective.

We will soon see if the 2015 transition weeds out poor QMs and poor Auditors, though.
 

Marcelo

Inactive Registered Visitor
This is another article I wrote for Bywater about how the text of Annex SL is just a start in defining how a quality system operates.

I'm sorry, but I'm pretty sure that ISO does not have any idea how a quality system operates :p and even if they did, this is something that cannot be standardized as each organization implementing a QMS will have it's own way to operate the QMS (and ISO 9001 and related standards should really be kept to evaluate a QMS, not create or operate one).
 
Last edited:

Marcelo

Inactive Registered Visitor
In fact, if we would really standardize how most organizations operate their QMS right now, it would be a shame, because most:
- see a QMS as only a bureaucratic nightmare
- only implement things to pass the audit
- usually just really do something days before the audit, as preparation
and things like that.

That would really be the standard way organizations operate in practice :(
 
Last edited:

Sidney Vianna

Post Responsibly
Leader
Admin
Marcelo, I agree. In fairness, ISO 9001 states that it is not it's intent to imply the need for uniformity in the structure of different quality management systems.

But to your point, that's why, in my mind, a quality system HAS TO BE embedded seamlessly and invisibly in the organization's business/operational processes, in order to be value added and sustainable. A quality system MUST BE as unique, tailored and bespoke to an organization, as it's way of running the business. Until organizations have that epiphany, they will be running the fool's errand of chasing a standard-aligned quality system.

The TC 176 (and many others) fail miserably in driving this critical message. Paragraph 5.1.1.c) in ISO 9001:2015 is a timid start, but, are conformity assessment practitioners assessing compliance with it?
 
Last edited:

Minko57

Starting to get Involved
I was make to understand that there will be a NEW high level structure as follows :-

(a) Leadership
(b) Stakeholder management & accountability
(c) Risk Management
(d) Compliance Management
(e) Process Management
(f) Improvement and Innovation
(g) Support and (human) resources.
 
Top Bottom