Annex SL Training for ISO 9001:2015. & ISO 14001:2015.

V2
15/01/15
1
© Associate Enterprises Ltd
Risk Management
Annex SL
The Future of Management Systems
www.assentriskmanagement.co.uk

V2
15/01/15
2
Risk ManagementIntro
• ISO/TMB has produced Annex SL with the
objective of delivering consistent and compatible
management system standards (mss) in an
attempt to make this process easier.
• Annex SL describes the framework for a generic
management system.
• Freely Available
http://www.iso.org/sites/directives/directives.ht
ml#toc_marker-76

V2
15/01/15
3
Risk ManagementKey Elements
1. high level structure,
2. identical core text,
3. common terms and core definitions.
In future all management systems standards will have these 3
elements.
High Level Structure can not be changed but sub clauses can be added.
Discipline-specific text can also be added;
Common Terms and Core Definitions can not be changed but can be
added to.

V2
15/01/15
4
Risk ManagementHigh Level Structure
Ten clauses used in all Management System Standards:
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the Organisation
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement.
Note: As of July 2013 ISO22301 & ISO 27001:2013 are using HLS.
Note: xxx used as placeholder to denote discipline of the standard i.e.
enironmental/quality etc.

V2
15/01/15
5
Risk Management
Clause 4. Context of
the Organisation
• 4.1 Understanding the organisation and its
context
• 4.2 Understanding the needs and
expectations of interested parties
• 4.3 Determining the scope of the XXX
management system
• 4.4 XXX management system

V2
15/01/15
6
Risk Management
Clause 4. Context of
the Organisation
• Expanded scope requirements for the
management system.
• Consider ‘Interested Parties’ both inside and
outside the organisation.
• Should be documented.

V2
15/01/15
7
Risk Management
Examples of
Interested Parties
MS
Customers
Employees
Suppliers
3rd Parties
• Visitors
• Contractors
Insurers
External
• Public/Neighbours
• The Media
Authorities
• Government
• Regulators
Emergency
• Utilities
• 999

V2
15/01/15
8
Risk ManagementClause 5. Leadership
• 5.1 Leadership and commitment
• 5.2 Policy
• 5.3 organisational roles, responsibilities and
authorities

V2
15/01/15
9
Risk ManagementClause 5. Leadership
• Emphasis on Leadership not just
management.
• Should communicate importance of system.
• Policy should be available to all interested
parties.

V2
15/01/15
10
Risk ManagementClause 6. Planning
• 6.1 Actions to address risks and opportunities
• 6.2 XXX objectives and planning to achieve
them

V2
15/01/15
11
Risk ManagementClause 6. Planning
• Risk is now prominent and replace Preventive
action.
• ISO 31000 provides guidance on risk
management.
• Objectives are more specific and in line with
Policy.
• Objectives should be measurable (if practicable),
monitored, communicated, and updated as
appropriate. They have to be established at
relevant functions and levels.

V2
15/01/15
12
Risk ManagementClause 7. Support
• 7.1 Resources
• 7.2 Competence
• 7.3 Awareness
• 7.4 Communication
• 7.5 Documented information
• 7.5.1 General
• 7.5.2 Creating and updating
• 7.5.3 Control of documented information

V2
15/01/15
13
Risk ManagementClause 7. Support
• Little new content here.
• Term Documented Information is used and
includes
– Documents
– Records
– Forms
– Other

V2
15/01/15
14
Risk ManagementClause 8. Operation
• 8.1 Operational planning and control

V2
15/01/15
15
Risk ManagementClause 8. Operation
• The Specifics of what the organisation does.
• The bulk to the specific standard requirements
will be here i.e. Environmental 14001, Quality
9001.

V2
15/01/15
16
Risk Management
Clause 9. Performance
Evaluation
• 9.1 Monitoring, measurement, analysis and
evaluation
• 9.2 Internal audit
• 9.3 Management review
Some useful common terms and core definitions
from Appendix 2 of Annex SL follows:

V2
15/01/15
17
Risk Management
Evaluation
Common terms & core definitions from Appendix 2 of Annex SL
3.12
process
set of interrelated or interacting activities which transforms inputs into outputs
3.13
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the management of activities, processes (3.12), products (including
services), systems or organizations (3.01).
3.14
outsource (verb)
make an arrangement where an external organization (3.01) performs part of an organization's function or process
(3.12)
Note 1 to entry: An external organization is outside the scope of the management system (3.04), although the
outsourced function or process is within the scope.
3.15
monitoring
determining the status of a system, a process (3.12) or an activity
Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.

V2
15/01/15
18
Risk Management
Evaluation
3.16
measurement
process (3.12) to determine a value
3.17
audit
systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or
third party), and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its
behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.

V2
15/01/15
19
Risk Management
Evaluation
3.18
conformity
fulfillment of a requirement (3.03)
3.19
nonconformity
non-fulfillment of a requirement (3.03)
3.20
corrective action
action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence
3.21
continual improvement
recurring activity to enhance performance (3.13)

V2
15/01/15
20
Risk Management
Clause 10.
Improvement
• 10.1 Nonconformity and corrective action
• 10.2 Continual improvement
Preventive action has been replaced by
Opportunities to address risks.

V2
15/01/15
21
Risk ManagementMore Info
• Annex
SLhttp://www.iso.org/sites/directives/directiv
es.html#toc_marker-76
• IRCA Briefing Note
http://www.irca.org/en-
gb/resources/Guidance-notes/Annex-SL-
previously-ISO-Guide-83/

V2
15/01/15
22
Risk ManagementContact Us
If we can help you implement any ISO standards
& achieve certification, please contact us:
• www.assentriskmanagement.co.uk
• London & South East: 020 3432 2854
• Midlands: 01332 896 478
• Wales & West: 029 2000 4623
• Twitter: @assent1

Annex SL Training for ISO 9001:2015. & ISO 14001:2015.

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Annex SL Training for ISO 9001:2015. & ISO 14001:2015.

Similaire à Annex SL Training for ISO 9001:2015. & ISO 14001:2015. (20)

Dernier

Dernier (20)

Annex SL Training for ISO 9001:2015. & ISO 14001:2015.