New High Level Structure for ISO Management Systems Standards 10Th International Quality Forum Cartagena De Indias, Colombia 28Th August 2014 Contents

New High Level Structure for ISO Management Systems Standards 10th International Quality Forum Cartagena de Indias, Colombia 28th August 2014 Contents

1. What is a management system (MS) 2. ISO MS Standards (MSS) 3. The problem: proliferation of different MSS 4. The solution: High Level Structure (HLS) 5. Update on ISO 9001, ISO 14001 & ISO 45001 (former OHSAS 18001) What is a management system?

ISO/IEC Directives Part 1 Management System (MS) Set of interrelated or interacting elements of an organization to establish policies and objectives and processes to achieve those objectives

Management Systems Standards

ISO/IEC Directives Part 1

Management Systems Standards (MSS) Standard that provides requirements or guidelines for organizations to develop and systematically manage their policies, processes and procedures in order to achieve specific objectives. Some well known MSS

ISO 9001:2008 Quality management systems -- Requirements ISO 14001:2004 Environmental management systems -- Requirements with guidance for use ISO 50001:2011 Energy management systems -- Requirements with guidance for use ISO 22000:2005 Food safety management systems -- Requirements for any organization in the food chain ISO/IEC 27001:2013 Information technology -- Security techniques – Information security management systems -- Requirements ISO 20121:2012 Event sustainability management systems -- Requirements with guidance for use ISO 39001:2012 Road traffic safety (RTS) management systems - Requirements with guidance for use ISO 13485:2003 Medical devices -- Quality management systems -- Requirements for regulatory purposes

Issues related to proliferation of MSS

. Growing number of MSS => concern among users • slightly different structures • different definitions for same terms • often contradicting requirements => ISO TMB found a solution a high level structure for all MSS!

. Annex SL particularly useful for organizations that choose to operate a single MS (sometimes called integrated) that can meet the requirements of two or more MSS simultaneously (without causing confusion or conflict) The MSS vision

All ISO management system “requirements” standards to be aligned ISO to enhance the compatibility of these standards, through the promotion of identical:  Clause titles  Sequence of clause titles  Text  Terms and definitions Permission to diverge only where necessitated by specific differences in managing their individual fields of application High Level Structure (HLS) for MSS

In 2012 Annex SL added to the Supplement to the ISO/IEC Directives, Part 1, Procedures Specific to ISO. It defines: a) the proposal process for a new MSS b) the rules for drafting a MSS using a common approach Three appendices are included in Annex SL: • Appendix 1: Justification criteria questions • Appendix 2: HLS, identical text, and common terms and core definitions • Appendix 3: Guidance on HLS, identical text, and common terms and core definitions Annex SL High Level Structure

Introduction 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the organization 5. Leadership 6. Planning 7. Support Find all the detail and text 8. Operation on Annex SL structure in 9. Performance evaluation ISO Directives free from ISO 10. Improvement

Sub-clause structure (I)

4. Context of the organization 4.1.Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the XXX management system 4.4 XXX management system 5. Leadership 5.1 Leadership and commitment 5.2 Policy 5.3 Organizational roles, responsibilities and authorities 6. Planning 6.1 Actions to address risks and opportunities 6.2 Objectives and plans to achieve them Sub-clause structure (II)

7. Support 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information 8. Operation Operational planning and control

Sub-clause structure (III)

9. Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit 9.3 Management review 10. Improvement 10.1 Non conformity and corrective action improvement

Status of implementation of Annex SL for MSS Type A

7 standards have been published following Annex SL ISO 30301; ISO 22301; ISO 20121; ISO 39001 ISO 14298; ISO 22313; ISO 27001 9 standards under revision or new standards using Annex SL ISO 9001; ISO 14001; ISO 55001; ISO 18420; ISO 19228 ISO 19600; ISO 21101, ISO 34001; ISO 37101 5 standards published before Annex SL was introduced ISO 22000:2005; ISO 28000:2007; ISO 30000:2009 ISO 50001:2011; ISO /IEC 20000-1:2011

New: introducing concept of «Risk»

The topic of risk will be addressed by TC/SC/PCs based on:  the scope of their MSS  their discipline related risks  the risk that the management system itself is not effective Each discipline should clarify its need for a formal “risk management“ approach Update on high profile MSS

• ISO 9001Quality management systems - Requirements

• ISO 14001 Environmental management systems- Requirements with guidance for use

• ISO 45001 Occupational health and safety management systems – Requirements (former OHSAS 18001) ISO 9001

Current status: public consultation (DIS) Ballot dates: 10 July to 10 October 2014 Target publication date: October 2015

What is the scope of the revision? The main changes relate to its format and the increased importance on risk: • the same high-level structure used by other MSS which will help companies implementing more than one standard • the identification of risk and risk control as requirements in the standard • the requirement of top management to take a more active role in aligning quality policies with business needs • a number of changes in terminology (also in ISO/DIS 9000) ISO 14001

Current status: public consultation (DIS) Target publication date: October 2015

What is the scope of the revision? 1. based on the ISO/TMB approved requirements and application guidance related to the JTCG work on the High Level Structure (HLS) for Management System Standards (MSS) and its identical text, common terms and core definitions (referred to as „Annex SL Structure‟) 2. consider the final report of the ISO/TC 207/SC 1 "Future Challenges for EMS" Study Group 3. ensure the maintenance and improvement of the basic principles of ISO 14001: 2004, and also the retention and improvement of its existing requirements ISO 45001

Current status: working draft (CD expected July 2014) Target publication date: October 2016 Scope: This International Standard specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organization to control its OH&S risks and improve its OH&S performance. It does not state specific OH&S performance criteria, nor does it give detailed specifications for the design of a management system.

This International Standard is applicable to any organization that wishes to: a) establish an OH&S management system to eliminate or minimize risks to personnel and other interested parties who could be exposed to OH&S hazards associated with its activities; b) implement, maintain and continually improve an OH&S management system; c) assure itself of its conformity with its stated OH&S policy; d) demonstrate conformity with the requirements of this International Standard. ISO 45001

• Former OSHAS 18001 migrated to ISO using new HLS • 1st Working Draft (Dec 2013) generated nearly 1300 comments (230 pages) • Most comments related to definition of «Risk» and how it is treated in clause 6.1 • Committee Draft expected July 2014 • Ongoing issue of title: “Occupational Health and Safety (OH&S)” or “Occupational Safety and Health (OSH)” • Recommendations for an OH&S MS auditing competency requirements ( new Part to ISO/IEC 17021)

Highlights of changes in the revision

• Includes requirements for visible involvement, support and commitment from top management • Incorporates requirements for a strategic understanding of environmental issues that are important to an organization • Expands environmental policy commitments from prevention of pollution to a more proactive and positive commitment to protect the environment from harm and degradation • Emphasizes a focus on improving environmental performance • Takes a life cycle perspective of environmental issues related to the organizations products and services Benefits to an organization

• Implementation will reinforce the importance of environmental management to the organization‟s business strategy • By using a risk-based approach, an organization can prioritize its environmental challenges and focus on opportunities that provide a competitive advantage • The standardized format will enable organization‟s implementing multiple management systems to streamline their internal processes and reduce conflicts and variation • Most importantly, it will help an organization fulfill the environmental pillar of sustainable development Questions

Thank you / Muchas gracias!!