Informational The role of Annex SL - High Level Structure of ISO MSS's - Revision Update February 2019

Paul Simpson

Trusted Information Resource
#1
I did a search and couldn't find anything specifically talking about the application of Annex SL for Quality management systems standards (MSS). This is another article I wrote for Bywater about how the text of Annex SL is just a start in defining how a quality system operates.

Text is reproduced here to allow comments on selected parts.

If, like me, you’re interested in the topic of management systems you will have: listened in to many conversations; followed many social media threads, and; read many articles in print about the future of management systems standards and, apparently, that future is …

Is this our Dead Sea Scrolls or Rosetta Stone discovery? Is Annex SL ‘our’ equivalent of the Enigma machine to break the code of Quality, Environmental or XXX Management (insert your favourite management system standard discipline here)? From now on automagically will we be able to translate ISO standards into a fully integrated management system our organisation’s leaders will be falling over themselves to support?

With no desire to rain on anyone’s parade I will serve a note of caution: Don’t build this up to be something it is not; at risk of it becoming a damp squib. I’ll get back to what I think are the benefits of Annex SL shortly but, for the purposes of this article want to cover some of the things Annex SL just won’t do. Let’s take one simple example: ‘5.2.1 Establishing the XXX policy’. It goes without saying that all the requirements under the heading have no meaning unless we replace XXX with ‘Quality’ (or any other flavour of policy). If we do this ‘find and replace’ to put the requirement into an ISO 9001 context are we any nearer value? I suggest not. It remains a simple set of discipline-specific requirements for what a quality policy statement shall cover.

We can even do what many organisations and consultants do, and generate a company specific policy that ticks off all the requirements from ISO 9001 (in this case). Apologies to any ‘Joe Bloggs Ltd.’ out there:

At Joe Bloggs Limited, we have established and implemented and will continue to maintain a quality policy appropriate to our organization and to support our strategic direction. We are committed to satisfying applicable requirements. We maintain an annual set of quality objectives and will continually improve our quality management system.

Simples! Our ISO 9001 policy is now in the form of ‘documented information’ and we can now kick on, or can we? IMHO with this Quality policy we are no nearer providing any organisational value and so, while Annex SL has many virtues, it hasn’t solved any problems yet. In order to deliver the intended value of improved Quality that ISO 9001’s policy requirement is aimed at we have to develop a meaningful Policy statement and, to do that, we need to understand the background as to why a policy statement is necessary in the first place.
•Policies can be useful for a variety of reasons – for Quality they provide a means to reinforce a culture of customer focus and improvement.
•The statement, and the fact it is endorsed by the organisation’s leader(s) communicates the importance of quality to internal and external interested parties (e.g. employees and customers).
•The policy statement is intended to inspire employees to direct their efforts towards satisfying customer requirements. For me an effective policy statement needs to be RED (sic). It should:
◦Resonate – so for readers to it should reflect the organisation that has signed up to it
◦Enthuse – nothing bland will do here, readers should be inspired to continue good behaviours and change bad ones.
◦Drive – objectives and targets mentioned in the policy should become the key metrics for employees to address to enable the organisation to satisfy its customers and improve performance


Where Annex SL contributes is through providing common text and structure so ISO Technical Committees aren’t spending all their time trying to find a better way of saying ‘the organisation shall have a XXX policy’. They can spend the majority of standards development time ensuring that all the discipline specific requirements are as good as they can be. So ISO TC 176 can spend its time looking at how good and excellent organisations manage quality and building those practises into the next edition of ISO 9001.

To improve understanding on the purpose of a policy statement there are a number of resources available on the Internet. Perhaps start with the Chartered Management Institute – here. Further detail is provided by Jisc, a service provider for UK Education and Research sectors. While aimed at education providers (and apparently archived) the guidance remains relevant – here.
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
Admin
#2
I created the thread The Future Structure of ISO Management System Standards back in 2009, with the earliest information on what we know now as High Level Structure.

The decision to create a common framework for all most ISO MSS has to do with the ISO's TMB perception that such common structure would be highly desired by organizations that want to have integrated management systems. So, ISO obliged to the perceived demand.

Sure, the PDCA cycle can be massaged by almost any discipline. But, in my view point, we can improve standards ad nauseum, but until we have high-caliber conformity assessment practices in place, value added standardization of management systems will be a challenge for most practitioners.
 
#3
I like the Annex SL, mostly for the "context of the organization". It gives something to engage management in the use of the QMS, where in the past, the QMS is something forced on them to meet a customer demand. Looking past integration of management systems, I believe it's an inspired improvement to the requirements.
 

Paul Simpson

Trusted Information Resource
#4
I created the thread The Future Structure of ISO Management System Standards back in 2009, with the earliest information on what we know now as High Level Structure.
Thanks, Sidney. I remember it at the time, your usual prescience! ;) I'm sure the proliferation of MSS was the driver for this project and, by and large, it seems to have gone well. The JTCG is looking to recruit people to join the working group to review and revise Annex SL as part of the regular review of the ISO Directives, so perhaps we can capture some thoughts here for what should go into 'Son of Annex SL'?

The decision to create a common framework for all most ISO MSS has to do with the ISO's TMB perception that such common structure would be highly desired by organizations that want to have integrated management systems. So, ISO obliged to the perceived demand.
I'd agree it is one of the perceived benefits that ISO are using to market Annex SL. I feel the main reason (as I put in my article) was to prevent TCs and working groups from expending a lot of time and energy in refining text that is relatively simple and doesn't relate to the core business of the TC - discipline specific requirements.

People who are really interested in 'Integration' have gone ahead and done it long before Annex SL came on the scene. IMHO it doesn't take a whole lot of effort to bring a range of requirements into a management system covering a range of MSSs (not to mention laws, product standards, etc.).

Sure, the PDCA cycle can be massaged by almost any discipline. But, in my view point, we can improve standards ad nauseum, but until we have high-caliber conformity assessment practices in place, value added standardization of management systems will be a challenge for most practitioners.
Totally agree with you on this, Sidney. Announced elsewhere but TC 176 is so concerned about the 'Context' of ISO 9001 (see what I did there? ;)) that it has formed a task group under Dr Nigel Croft to address 'Brand Integrity' issues. I'll happily share a bit more elsewhere. Not sure where the best place to have a thread is, though?

I like the Annex SL, mostly for the "context of the organization". It gives something to engage management in the use of the QMS, where in the past, the QMS is something forced on them to meet a customer demand. Looking past integration of management systems, I believe it's an inspired improvement to the requirements.
Agreed, Andy. I love 'Context' and feel it is the strongest element in Annex SL. It starts to bring ISO 9001 out of the clutches of the Quality Manager who constrains the QMS to just ISO 9001 requirements (ignoring the big, bad world that actually defines how the organization needs to identify customers, their requirements, and what controls are needed to ensured sustained success as a business).

It forces auditors out of their darkened rooms, too. They have to understand context and then test the QMS put forward against these market requirements to ensure it is effective.

We will soon see if the 2015 transition weeds out poor QMs and poor Auditors, though.
 

Marcelo

Inactive Registered Visitor
#7
This is another article I wrote for Bywater about how the text of Annex SL is just a start in defining how a quality system operates.
I'm sorry, but I'm pretty sure that ISO does not have any idea how a quality system operates :p and even if they did, this is something that cannot be standardized as each organization implementing a QMS will have it's own way to operate the QMS (and ISO 9001 and related standards should really be kept to evaluate a QMS, not create or operate one).
 
Last edited:

Marcelo

Inactive Registered Visitor
#8
In fact, if we would really standardize how most organizations operate their QMS right now, it would be a shame, because most:
- see a QMS as only a bureaucratic nightmare
- only implement things to pass the audit
- usually just really do something days before the audit, as preparation
and things like that.

That would really be the standard way organizations operate in practice :(
 
Last edited:

Sidney Vianna

Post Responsibly
Staff member
Admin
#9
Marcelo, I agree. In fairness, ISO 9001 states that it is not it's intent to imply the need for uniformity in the structure of different quality management systems.

But to your point, that's why, in my mind, a quality system HAS TO BE embedded seamlessly and invisibly in the organization's business/operational processes, in order to be value added and sustainable. A quality system MUST BE as unique, tailored and bespoke to an organization, as it's way of running the business. Until organizations have that epiphany, they will be running the fool's errand of chasing a standard-aligned quality system.

The TC 176 (and many others) fail miserably in driving this critical message. Paragraph 5.1.1.c) in ISO 9001:2015 is a timid start, but, are conformity assessment practitioners assessing compliance with it?
 
Last edited:
#10
I was make to understand that there will be a NEW high level structure as follows :-

(a) Leadership
(b) Stakeholder management & accountability
(c) Risk Management
(d) Compliance Management
(e) Process Management
(f) Improvement and Innovation
(g) Support and (human) resources.
 
Thread starter Similar threads Forum Replies Date
L Implementing the PRRC role in a company EU Medical Device Regulations 5
C NB approval - Basic question about Notified Bodies and their role EU Medical Device Regulations 10
B What is the role of Quality Engineer in APQP and PPAP APQP and PPAP 3
R Role of quality compliance in SAP Software Quality Assurance 2
Z Role of economic operators (EO) post the EU MDR Date of application in May 2020 EU Medical Device Regulations 1
T New role Quality Manager IATF 16949, new company, advise how to get started IATF 16949 - Automotive Quality Systems Standard 2
Sidney Vianna Informational The role of the quality professional - an interesting video by CQI Quality Manager and Management Related Issues 1
A Audit purpose - case study - What is the role of SQE in such case? General Auditing Discussions 3
M Informational Webinar: The role of the TGA in digital health Medical Device and FDA Regulations and Standards News 0
A Leadership Role in Designing QMS - Upper Management Support Quality Manager and Management Related Issues 16
H Clinical investigation - Role of Notified Body (NB) EU Medical Device Regulations 6
B Interview Presentation for Quality Engineer Role Next Week! Career and Occupation Discussions 21
Edward Reesor Role of increased regulatory costs in increasing risk ISO 13485:2016 - Medical Device Quality Management Systems 10
supadrai Forced into Regulatory Affairs Role - Where do I begin? Career and Occupation Discussions 4
Kronos147 Quality Manager's Role in AS9100 Rev. D AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 9
D Document approvers by role or by name Document Control Systems, Procedures, Forms and Templates 8
C Role of Breast Tissue Expander in Breast Reconstruction process. Medical Information Technology, Medical Software and Health Informatics 0
G Role of Remote Locations IATF 16949 - Automotive Quality Systems Standard 1
K New Quality Manager Role Quality Manager and Management Related Issues 13
R Registrars offering to perform Second Party Audits - Have they failed their role? Registrars and Notified Bodies 105
G Quality/Regulatory role in Automotive industry Career and Occupation Discussions 1
K What is Quality's and Engineering's role within FAI's AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 6
S Process Owner role in Problem Investigation/Corrective Action Problem Solving, Root Cause Fault and Failure Analysis 9
R Role of Contract Manufacturer - MDRs (Medical Device Reporting) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 9
K What is the role of the Six Sigma Black Belt? Six Sigma 9
J Quality Manager's role in Customer and Supplier Complaints Customer Complaints 10
R Role of Product Development in OSHAS 18001 Occupational Health & Safety Management Standards 6
V Interviews - How to differentiate your deliverable/role for potentially being hired Career and Occupation Discussions 9
N Role of Quality Function in Approving Work Instructions Document Control Systems, Procedures, Forms and Templates 4
K The Role of Management and Human Resources Training Courses Training - Internal, External, Online and Distance Learning 0
D Designing a Training Course called "Role of the Laboratory Quality Manager" Training - Internal, External, Online and Distance Learning 13
S What is the role of "Reviewer" and "Approver" in the preparation of procedures? Document Control Systems, Procedures, Forms and Templates 9
T Person in charge's role or responsibility in ISMS? ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 3
sagai Role and Use of Non QMS Standards and Guidances in the Medical Industry 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 17
L QMS for Service Company - Top Management wants to take the role of QMR Quality Manager and Management Related Issues 5
K Equivalent role of QP (Qualified Person) in FDA Regulations Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 8
O Which role plays Inverse cdf of a Standard Normal Distribution in Formula for Z-Bench Using Minitab Software 8
R Role of Qualified Person (QP) in Contract Manufacturing Pharma Business Quality Manager and Management Related Issues 2
V Best way to represent "Role Clarity" Quality Manager and Management Related Issues 3
V Defining Quality Assurance's Role in R&D (Product and Process Development) Design and Development of Products and Processes 11
C At what stage does Design Control play a role in Medical Device Development ISO 13485:2016 - Medical Device Quality Management Systems 2
K The role of mid level managers in a Quality System Manufacturing and Related Processes 9
P Role of Quality within an Organization Quality Manager and Management Related Issues 3
P Quality Engineer's Role in Tracking MRT Metrics & PDT Metrics Customer Complaints 2
P Quality Engineer's Role in Cost Management (including UMC) Misc. Quality Assurance and Business Systems Related Topics 3
C Role and Benefits of PIC/S (Pharmaceutical Inspection Cooperation Scheme) Other Medical Device Regulations World-Wide 2
D QA's Role in the Overall Picture of the Organization and in Day to Day Activities Misc. Quality Assurance and Business Systems Related Topics 10
Z Customer play significant role when Input or not? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M PFMEA (Process FMEA - Potential Causes and Failure) - Operator's Role FMEA and Control Plans 11
S Distributor?s Role in 21 CFR Part 820 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 10
Similar threads


















































Top Bottom