In developing Annex SL, the International Organisation for Standardisation (ISO) have provided a useful basis for organisations to manage their affairs in a way that is recognised worldwide. Achievement of registration to one of the standards that follow Annex SL provides evidence that the organisation has taken a serious approach to its business. One of the objectives of this article to demonstrate a robust path towards registration.
Annex SL provides a high-level template for the development of management specifications by the Technical Committees of the ISO. It provides a universal structure for management specifications, together with standardised wording that should be followed across all management systems common terms and definitions. In some instances, the core text cannot follow the standardised wording for which agreement has to be reached with the ISO.
This article describes Annex SL in outline and provides a systematic approach that organisations can use when developing their management systems. ISO 9001:2015, the specification for Quality Management Systems is selected as it is primary to the Chartered Quality Institute (CQI) Construction Special Interest Group (ConSIG), although the principles can be applied across all specifications that have been developed to meet Annex SL.
Definitions used in this article
[Note: these are not official definitions, but are useful for this article]
A. Management specification.
A document prepared by a technical Committee of ISO to meet the requirements of Annex SL. Note that these are specifications that are to be met and not standards that have to be reached: the difference is subtle but important!
B. Management System
A documented set of information that is used by an organisation to provide the basis for its management. The term “documented” does not necessarily mean on paper but can be on any medium that is accessible to those needing it.
The International Organisation for Standardisation recognised that there were considerable differences in the construction of the many management specifications. They also recognised that many organisations were developing integrated management systems and were encountering difficulty in reconciling the requirements of one specification with another, especially where there were conflicts. Common sense says that an organisation has only one way of managing its affairs and not several.
As a consequence, Guide 83 was issued. However, this was a guide and, in 2011, Annex SL was adopted formally. All management specifications issued after this date follow this pattern.
The core text on Annex SL has ten high-level clauses, as shown in Table 1 below.
Table 1 – Clauses of Annex SL
The scope defines the intended outcomes of the management system. The outcomes are industry-specific and should be aligned with the context of the organization (clause 4).
Provides details of the reference standards or publications relevant to the particular standard. For ISO 9001:2015, the normative reference is ISO 9000:2015.
|Terms and definitions (subdivided into three parts): high-level structure, identical core text, and common terms and core definitions|
|Context of the organization:
Clause 4 consists of four sub-clauses:
Clause 5 comprises three sub-clauses:
Clause 6 includes two sub-clauses:
Clause 7 consists of five sub-clauses:
Clause 8 has one sub-clause:
Clause 9 is formed of three sub-clauses:
Clause 10 looks at how nonconformities and corrective actions should be managed. It includes two sub-clauses:
In many ways, Operation (Clause 8) is the most interesting in that it has only one sub-clause. Theoretically, the same words should appear in all of the specifications that are based on Annex SL with the exception of clause 8, which is the place where the requirements that are specific to the discipline are defined. This works reasonably well, although there are some instances where allowances have had to be made. Two examples are described below:
i. ISO 14001: The environmental risk register, which is normally art of the operational side of environmental management, together with some of the other risk-based requirements have been moved out of clause 8 and into clause 6.
ii. ISO 44001: Collaborative working is a process that follows a definite path from the start of a relationship until its end. Although some aspects of Annex SL were straightforward to define (document control as an instance), fitting the process into the specification was very difficult and has been well accomplished.
Implementing a management system – the pathway
The hard work is done at the outset. An organisation will need to recognise that the thrust of the specification has changed. The guiding principle is the management of its affairs so as to maximise its bottom line and reduce risk, both financially and reputationally. To this end, the senior management team must consider the following simple questions:
1. What do we do now?
2. What will we be doing in the future?
3. What “issues” do we face?
4. What is an “issue” anyway?
5. Who are the “interested parties”?
6. Where do the risks lie?
7. What is the “scope” of the business that we want to cover with our formal management system?
Taking that a little further, the crux of the argument is around the risks that an organisation faces, both on a day-to-day basis, but also on an irregular basis. Risks can include those that affect profit and/or reputation. Here are a few:
1. A customer may buy what we produce
2. We may get no orders
3. Something becomes defective while we are producing it
4. The customer returns something because it has failed
5. The regulator has found something that is against the regulations.
6. And so on.
This means that it is necessary to identify those interested parties that may affect the way in which the organisation works. Table 2 below includes some of these factors that can affect risk.
Table 2 – Some of the factors that can affect risk
There are many processes for undertaking risk assessment. One of the most suitable is the Failure Mode and Effect Analysis (FMEA). Criticality can be introduced also. This will allow the organisation to rank its risks and then decide what actions to take to militate against them causing actual financial or reputational harm. The process below has been developed from ISO 9001:2015, together with BS 31000:2009, at the revisions that were extant at the time of writing.
Having determined the risks and planned to meet them – or not if the probability or effect is not sufficient to warrant action – the organisation can set up appropriate objectives for the business. These should not be set for ever and a day but be practical and achievable working objectives. The process below may help.
The rest is, of course, plain sailing. All that is needed now is to describe the arrangements that the organisation will be working to in order to meet the objectives that is has set for itself. The requirements from ISO 9001:2015 are shown in the diagram below:
With the exceptions discussed above, all of the descriptions above are common to all management specifications that are prepared to meet Annex SL, recalling that in some specifications, some aspects that are discipline-centric may appear in clauses other than clause 8 – Operation. What this demonstrates is that the basic arrangements can be made common to all disciplines, with only certain elements being discipline-centric.
The detail from ISO 001:2015 for clause 8 is shown below for completeness. Readers with interests in other specifications should refer to those documents. Note also that clause 9 – “Performance Evaluation” and clause 10 – “Improvement” are shown in this diagram, although they are common to all specifications.
Finally, Annex SL places considerable emphasis on the role of “Top Management”. There is a clear indication that this means that the most senior staff in an organisation have to take personal responsibility for completing certain tasks, mainly by doing them themselves. The specifications that have been developed make it very clear that those managing the organisation must be personally involved. Simply signing the Quality charter, for instance, is not sufficient. This means that specifications are for directly managing organisations and that they are not an add-on accessory that is wheeled out when an assessor arrives.
This article set out to explain the structure of Annex SL and its interpretation into the specifications that ISO has published. It has also provided a pathway to success for those organisations wishing to implement management systems to meet the requirements of one or more specifications as a fully integrated set of arrangements to protect reputation as well as profit margins.
Original article written by Keith Hamlyn, reviewed by Tony Hoyle and Mike Buss on behalf of the CQI Construction Special Interest Group, and authorised for publication by the Competency Working Group on 5 May 2018.