The ISO High-Level Structure (HLS) is the basis for all management system standards and is now being revised by ISO. These changes will affect all management system standards. Users of ISO management system standards such as ISO 14001, 9001 and 45001 will need to evaluate how these changes will affect the organizations ISO management systems.
Introduced in 2012, the HLS was created to help better integrate quality, environmental and health and safety management systems. Prior to its introduction ISO 9001 had a different structure that ISO 14001 that complicated integration of the management core processes such as corrective action and management review. The HLS solved that problem. The revision introduced a new name for the HLS and it is now called Annex L, Appendix 2.
The revision will also introduce guidance on use of the HLS for standard writers and users. This guidance is called Annex L, Appendix 3. Both Annex L, Appendix 2 and 3 will be combined as a table.
Appendix 2 is in the final stages of an initial “limited” revision and not yet available to the public. Appendix 3 is in mid-stage revision and should be approaching the final stage later this year.
Here are a few of the most important changes to Annex L, Appendix 2 from the “limited” revision:
Definition of Risk
A lengthy debate is ongoing within ISO about if a revision to the definition of “Risk” is needed. “Risk” is currently defined in the HLS as “the effect of uncertainty”. Some within ISO argue that a better definition is “the effect of uncertainty on objectives“.
Others fear that the addition of the words “on objectives” to the definition of risk will cause confusion in standards like ISO 9001, 14001 and 45001. They believe this because these standard have a specific requirement to create measurable “objectives” within the management system.
The debate over the definition of risk has lead to several proposals including eliminating the definition of risk entirely from the HLS. A subgroup has been assigned the task of sorting this difficult issue and the results will be reflected in a future revision of the HLS. For now however the definition of “risk” will remain as it is in the HLS.
Expected Outcomes Vs Results
The previous version of the HLS used the term “expected outcomes” to describe the results organizations should expect from its ISO management system. Some users found the term “expected outcomes” confusing so it has been changed to “expected results”. The change was also made to simplify translation to other languages.
Outsourced Processes
The old HLS used the term “outsourced processes”. Manufacturers sometimes send their products to other organizations who perform specialized processes like heat treating or electroplating. This relationship between organizations was called “outsourcing” in the previous version of the HLS. The concept of “outsourced processes” however does not apply as well to other disciplines such as environmental management or health and safety management systems.
The term “external provider” is now being used in place of outsourced process. This change has been made in response to several comments that found the term “outsource” unclear. The use of external provider clarifies that outsourced, contracted, and purchased products, services and processes all need to be controlled by the management system.
Documented Information
The use of the terms “maintain” and “retain” to describe what needs to be done with certain types of documents in the management system has been replaced with the term “shall be available”. This change has been made to avoid confusion between maintaining and retaining documented information. This change is not expected to impact organizations with mature document control process and management systems.
Internal Audits
This part of the HLS has been substantially reorganized. The title of 9.2.1 was changed to General and 9.2.2 Internal Audit Program has been added. This change has been made for ease in understanding. Now the two distinct concepts covered in the paragraph (what an audit program entails and what should be considered when establishing an audit program) are listed separately.
Effects of the Annex L, Appendix 2 and 3 Revisions (Whats Next?)
The revision of Annex L is not expected to have a significant immediate effect on ISO standards or ISO management system audits. The revisions will not requires revision of any of the ISO management system standards until these standard are revised and updated as required by ISO. However, organizations in the process of implementing an ISO management system or integrating a new discipline specific standard such as ISO 45001 into an existing management system structure, should anticipate that these changes will appear in future revisions of ISO management system standards.