u.s. technical advisory group to iso/tc 242 energy … jtcg documents 2014 update.… · u.s....

U.S. Technical Advisory Group to ISO/TC 242 Energy Management Date: 2014-Jan-06

Doc. Number:

T-242-263

TC 242 N Document TC 242 WG 1 P1 Guidance TC 242 WG 1 P2 EnMS Auditing TC 242 WG 2 P1 EnPI and baseline TC 242 WG 3 M&V Organization TC 242 WG 4 P1 Energy Auditing TC 242 CAG TC 257 Related document JTCG OTHER

Your contact: Deann Desai [email protected] +1 770-605-4474 Melody McElwee [email protected] Phone: + 1 770-725-2138

JTCG Documents

Comments: Attached for your consideration are the recent updates to the JTCG MSS ANNEX SL.

Actions: This requires no action on your part it is an informational transmission.

Expert Recommendation

The work of the JTCG is currently waiting on the TMB (ISO Management Team – Technical Management Board) to approve what has been done so far which includes a guidance document on terminology, a concept document, and an FAQ document. The next TMB meeting is in Feb 2014 and hopefully we will have more information at that time.

Due Date:

Not applicable

Confidentiality This message and the confidential information contained in this message regarding the US TAG and it’s positions, including any attached files, is confidential, privileged and intended for the sole use of the intended recipient. If you are not the intended recipient of this message or you otherwise received this in error, please delete it and notify the sender immediately by telephone, fax or email reply. Any unauthorized review, disclosure, discussion, copying, printing, publication, distribution or use of this message or the information in this message to those outside of the US TAG to TC 242 is strictly prohibited.

mailto:[email protected]

mailto:[email protected]

ISO/TMB Joint Technical Coordination Group JTCG N362

- Chair: Anne-Marie Warris - Secretary: vacant

Secretariat administered by: SIS, Swedish Standards Institute

email: [email protected] Phone +46 8 5555 2025

JTCG minor edit proposal for Annex SL

This documents sets out the proposed edits / minor amends to Annex SL which were discussed and agreed at the JTCG meeting 3 and 4 October 2013. The edits / minor changes are based on proposals made by ISO CS Editor and JTCG TF4. The edits relates to:

Cross-references to other terms in the definitions are now given in italics, not bold

Delete "etc." throughout because it is an imprecise term

Definition 3.09 risk because the terms "event", "consequence" and "likelihood" are not defined in this clause (only in ISO Guide 73:2009) there can be no direct cross-referencing using bold font.

Deleted term “correction” - because it is unused in the current Annex SL text.

As notes cannot contain requirements (or use “may”, “should” etc.), so the language used in the Notes to 7.2 and 7.5.3 has been amended

It is no longer permissible to have two lists of the same type in one sub clause; consequently 5.2, 6.2 and 7.5.3 have had a new list style applied to their first set of bullet points, and 9.2 has been amended by the addition of sub-subclause headings without titles

Addition of a new Note 2 to 3.17 (and renumbering of current Note 2 as Note3) to clarify that an internal audit may be conducted by an external party

Addition of “relevant” in 2nd bullet to 4.2 for clarification

Clarification of 7.4 by the deletion of “need for” and the addition of a new bullet “how to communicate”

Appendix 2

(normative)

High level structure, identical core text, common terms and core definitions

NOTE In the identical text proposals, XXX = an MSS discipline specific qualifier (e.g. energy, road traffic safety, IT security, food safety, societal security, environment, quality) that needs to be inserted. Blue italicized text is given as advisory notes to standards drafters.

Introduction

DRAFTING INSTRUCTION Specific to the discipline.

1. Scope

DRAFTING INSTRUCTION Specific to the discipline.

2. Normative references

DRAFTING INSTRUCTION Clause Title shall be used. Specific to the discipline.

3. Terms and definitions

DRAFTING INSTRUCTION 1 Clause Title shall be used. Terms and definitions may either be within the standard or in a separate document. To reference Common terms and Core definitions + discipline specific ones. The arrangement of terms and definitions shall be according to the concept systems of each standard.

DRAFTING INSTRUCTION 21 The following terms and definitions constitute an integral part of the “common text” for management systems standards. Additional terms and definitions may be added as needed. Notes may be added or modified to serve the purpose of each standard.

DRAFTING INSTRUCTION 32 ItalicsBold type in a definition indicates a cross-reference to another term defined in this clause, and the number reference for the term is given in parentheses.

DRAFTING INSTRUCTION 43 Where the text “XXX” appears throughout this clause, the appropriate reference should be inserted depending on the context in which these terms and definitions are being applied. For example: “an XXX objective” could be substituted as “an information security objective”.

For the purposes of this document, the following terms and definitions apply.

3.01 organization

person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.08)

Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.

Field Code Changed

Field Code Changed

Field Code Changed

3.02 interested party (preferred term) stakeholder (admitted term)

person or organization (3.01) that can affect, be affected by, or perceive themselves itself to be affected by a decision or activity

3.03 requirement

need or expectation that is stated, generally implied or obligatory

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.

Note 2 to entry: A specified requirement is one that is stated, for example in documented information.

3.04 management system set of interrelated or interacting elements of an organization (3.01) to establish policies (3.07) and objectives (3.08) and processes (3.12) to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning, and operation, etc.

Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.

3.05 top management person or group of people who directs and controls an organization (3.01) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.

Note 2 to entry: If the scope of the management system (3.04) covers only part of an organization, then top management refers to those who direct and control that part of the organization.

3.06 effectiveness

extent to which planned activities are realized and planned results achieved

3.07 policy

intentions and direction of an organization (3.01), as formally expressed by its top management (3.05)

3.08 objective

result to be achieved

Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.12)).

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an XXX objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).

Note 4 to entry: In the context of XXX management systems, XXX objectives are set by the organization, consistent with the XXX policy, to achieve specific results.

3.09 risk

effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.

3.10 competence

ability to apply knowledge and skills to achieve intended results

3.11 documented information information required to be controlled and maintained by an organization (3.01) and the medium on which it is contained

Note 1 to entry: Documented information can be in any format and media, and from any source.

Note 2 to entry: Documented information can refer to:

— the management system (3.04), including related processes (3.12);

— information created in order for the organization to operate (documentation);

— evidence of results achieved (records).

3.12 process

set of interrelated or interacting activities which transforms inputs into outputs

3.13 performance

measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to the management of activities, processes (3.12), products (including services), systems or organizations (3.01).

3.14 outsource (verb)

make an arrangement where an external organization (3.01) performs part of an organization’s function or process (3.12)

Note 1 to entry: An external organization is outside the scope of the management system (3.04), although the outsourced function or process is within the scope.

3.15 monitoring determining the status of a system, a process (3.12) or an activity

Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.

3.16 measurement process (3.12) to determine a value

3.17 audit

systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).

Note 2 to entry: internal audit is conducted by the organization itself, or by an external party on its behalf.

Note 32 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.

3.18 conformity fulfilment of a requirement (3.03)

3.19 nonconformity

non-fulfilment of a requirement (3.03)

3.20 correction action to eliminate a detected nonconformity (3.19)

3.2120 corrective action action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence

3.2221 continual improvement

recurring activity to enhance performance (3.13)

4. Context of the organization

4.1 Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its XXX management system.

4.2 Understanding the needs and expectations of interested parties

The organization shall determine:

— the interested parties that are relevant to the XXX management system;

— the relevant requirements of these interested parties.

4.3 Determining the scope of the XXX management system

The organization shall determine the boundaries and applicability of the XXX management system to establish its scope.

When determining this scope, the organization shall consider:

— the external and internal issues referred to in 4.1;

— the requirements referred to in 4.2.

The scope shall be available as documented information.

4.4 XXX management system

The organization shall establish, implement, maintain and continually improve an XXX management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard / this part of ISO XXXX / this Technical Specification.

5. Leadership

5.1 Leadership and commitment

Top management shall demonstrate leadership and commitment with respect to the XXX management system by:

– ensuring that the XXX policy and XXX objectives are established and are compatible with the strategic direction of the organization;

– ensuring the integration of the XXX management system requirements into the organization’s business processes;

– ensuring that the resources needed for the XXX management system are available;

– communicating the importance of effective XXX management and of conforming to the XXX management system requirements;

– ensuring that the XXX management system achieves its intended outcome(s);

– directing and supporting persons to contribute to the effectiveness of the XXX management system;

– promoting continual improvement;

– supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

NOTE Reference to “business” in this International Standard / this part of ISO XXXX / this Technical Specification should can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.

5.2 Policy

Top management shall establish a XXX policy that:

a) is appropriate to the purpose of the organization;

b) provides a framework for setting XXX objectives;

c) includes a commitment to satisfy applicable requirements;

d) includes a commitment to continual improvement of the XXX management system.

The XXX policy shall:

– be available as documented information;

– be communicated within the organization;

– be available to interested parties, as appropriate.

5.3 Organizational roles, responsibilities and authorities

Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization.

Top management shall assign the responsibility and authority for:

a) ensuring that the XXX management system conforms to the requirements of this International Standard;

b) reporting on the performance of the XXX management system to top management.

6. Planning

6.1 Actions to address risks and opportunities

When planning for the XXX management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:

— give assurance that assure the XXX management system can achieve its intended outcome(s);

— prevent, or reduce, undesired effects;

— achieve continual improvement.

The organization shall plan:

a) actions to address these risks and opportunities;

b) how to:

– integrate and implement the actions into its XXX management system processes;

– evaluate the effectiveness of these actions.

6.2 XXX objectives and planning to achieve them

The organization shall establish XXX objectives at relevant functions and levels.

The XXX objectives shall:

a) be consistent with the XXX policy;

b) be measurable (if practicable);

c) take into account applicable requirements;

d) be monitored;

e) be communicated;

f) be updated as appropriate.

The organization shall retain documented information on the XXX objectives.

When planning how to achieve its XXX objectives, the organization shall determine:

– what will be done;

– what resources will be required;

– who will be responsible;

– when it will be completed;

– how the results will be evaluated.

7. Support

7.1 Resources

The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the XXX management system.

7.2 Competence

The organization shall:

– determine the necessary competence of person(s) doing work under its control that affects its XXX performance;

– ensure that these persons are competent on the basis of appropriate education, training, or experience;

– where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken;

– retain appropriate documented information as evidence of competence.

NOTE Applicable actions may can include, for example: , the provision of training to, the mentoring of, or the re-assignment of currently employed persons; or the hiring or contracting of competent persons.

7.3 Awareness

Persons doing work under the organization’s control shall be aware of:

– the XXX policy;

– their contribution to the effectiveness of the XXX management system, including the benefits of improved XXX performance;

– the implications of not conforming with the XXX management system requirements.

7.4 Communication

The organization shall determine the need for internal and external communications relevant to the XXX management system, including:

– on what it will communicate;

– when to communicate:

– with whom to communicate;

– how to communicate.

7.5 Documented information

7.5.1 General

The organization’s XXX management system shall include:

a) documented information required by this International Standard / this part of ISO XXXX / this Technical Specification;

b) documented information determined by the organization as being necessary for the effectiveness of the XXX management system.

NOTE The extent of documented information for a XXX management system can differ from one organization to another due to:

– the size of organization and its type of activities, processes, products and services,;

– the complexity of processes and their interactions;

– the competence of persons.

7.5.2 Creating and updating

When creating and updating documented information the organization shall ensure appropriate:

– identification and description (e.g. a title, date, author, or reference number);

– format (e.g. language, software version, graphics) and media (e.g. paper, electronic);

– review and approval for suitability and adequacy.

7.5.3 Control of documented information

Documented information required by the XXX management system and by this International Standard / this part of ISO XXXX / this Technical Specification shall be controlled to ensure:

a) it is available and suitable for use, where and when it is needed;

b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

For the control of documented information, the organization shall address the following activities, as applicable:

– distribution, access, retrieval and use;

– storage and preservation, including preservation of legibility;

– control of changes (e.g. version control);

– retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the XXX management system shall be identified, as appropriate, and controlled.

Formatted: Numbered + Level: 1 +Numbering Style: a, b, c, … + Start at:1 + Alignment: Left + Aligned at: 0.63cm + Indent at: 1.27 cm


NOTE Access can implies imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information, etc.

8. Operation

8.1 Operational planning and control

The organization shall plan, implement and control the processes needed to meet requirements, and to implement the actions determined in 6.1, by:

– establishing criteria for the processes;

– implementing control of the processes in accordance with the criteria;

– keeping documented information to the extent necessary to have confidence that the processes have been carried out as planned.

The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

The organization shall ensure that outsourced processes are controlled.

9. Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

The organization shall determine:

– what needs to be monitored and measured;

– the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;

– when the monitoring and measuring shall be performed;

– when the results from monitoring and measurement shall be analysed and evaluated.

The organization shall retain appropriate documented information as evidence of the results.

The organization shall evaluate the XXX performance and the effectiveness of the XXX management system.

9.2 Internal audit

9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the XXX management system:

a) conforms to:

– the organization’s own requirements for its XXX management system;

– the requirements of this International Standard;

b) is effectively implemented and maintained.



9.2.2 The organization shall:

a) plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting, . The audit programme(s), which shall take into consideration the importance of the processes concerned and the results of previous audits;

b) define the audit criteria and scope for each audit;

c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;

d) ensure that the results of the audits are reported to relevant management;

e) retain documented information as evidence of the implementation of the audit programme and the audit results.

9.3 Management review

Top management shall review the organization's XXX management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.

The management review shall include consideration of:

a) the status of actions from previous management reviews;

b) changes in external and internal issues that are relevant to the XXX management system;

c) information on the XXX performance, including trends in:

– nonconformities and corrective actions;

– monitoring and measurement results;

– audit results;

d) opportunities for continual improvement.

The outputs of the management review shall include decisions related to continual improvement opportunities and any need for changes to the XXX management system.

The organization shall retain documented information as evidence of the results of management reviews.

10. Improvement

10.1 Nonconformity and corrective action

When a nonconformity occurs, the organization shall:

a) react to the nonconformity, and, as applicable:

– take action to control and correct it;

– deal with the consequences;

b) evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere, by :

– reviewing the nonconformity;

– determining the causes of the nonconformity;

– determining if similar nonconformities exist, or could potentially occur;

c) implement any action needed;

d) review the effectiveness of any corrective action taken;

e) make changes to the XXX management system, if necessary.

Corrective actions shall be appropriate to the effects of the nonconformities encountered.

The organization shall retain documented information as evidence of:

— the nature of the nonconformities and any subsequent actions taken;

— the results of any corrective action.

10.2 Continual improvement

The organization shall continually improve the suitability, adequacy and effectiveness of the XXX management system.



1



JTCG Concept document to support of Annex SL

Please find attached Concept document developed by TF4 and approved by JTCG at its meeting. Please note the Annex SL text in here has not been updated in line with JTCG N362 proposal for minor edits Please note due to time constraints the format of the table has not been adjusted to remove the breaks that should not be there. It is intended that the table shall be one continues text table with no breaks between clauses.

2

JTCG/TF4/N27

3 December 2013

Annex SL Concepts document

Principle 1: Target audience

Standards Writers of Management System Standards (MSS) , not organizations implementing a MSS based on Annex SL

Principle 2: Clear understanding of the English language

Simple text need not be explained. It is not necessary to provide separate explanations for each sentence and bullet

Principle 3: Reflect intent of Annex SL (as written in 2010)

MSS specific interpretations or applications are not included, but rather avoided.

Principle 4: Additions

Standard writers are obliged to evaluate the sufficiency of the Annex SL requirements for their discipline specific MSS and include additional requirements in any clause, as appropriate to their technical subject.

This guidance is provided in a table format that includes the Annex SL text provides where necessary information on the concept behind the

requirement in the Annex SL text, and guidance, examples or comments as appropriate.

3

Annex SL (text) as taken from ISO Directives 2013 editions – not updated in line with JTCG proposal in

JTCG N362

Concept of the requirement

Guidance, examples, or commentary

Introduction

NOTE Specific to the discipline.

The intent of the Introduction is to give specific information or commentary about the technical content of the MSS, and about the reasons prompting its preparation. An Introduction is optional. It shall not contain requirements.

Refer to ISO/IEC Directives Part 2: Rules for the structure and drafting of International Standards, for specific requirements, guidance and examples.

1. Scope

NOTE Specific to the discipline.

The intent of the Scope clause is to succinctly define without ambiguity the subject of the MSS and the aspects covered, thereby indicating the limits of applicability of the MSS or particular parts of it. It shall not contain requirements. This clause is not to be confused with the scope of the management system (see 4.3)


2. Normative references

NOTE Clause Title shall be used. Specific to the discipline.

The intent of the Normative Reference clause is to give a list of the referenced documents which have been cited in the MSS in such a way as to make them indispensable for the application of the MSS. Normative references are optional.


3. Terms and definition

NOTE Clause Title shall be used. Terms and definitions may either be within the standard or in a separate document. To reference Common terms and Core definitions + discipline specific

The intent of the Terms and Definitions clause is to provide the common set of harmonized definitions for MSS terminology. Further, standards writers provide additional definitions for the discipline-specific terms, i.e., words used in particular subject fields by

This section should contain only the definitions of words used by specialists in the particular subject field in which the document is written, i.e., these words are called “terms” that are necessary for

4


JTCG N362



ones. For the purposes of this document, the following terms and definitions apply.

NOTE 1 The following terms and definitions constitute an integral part of the “common text” for management systems standards. Additional terms and definitions may be added as needed. Notes may be added or modified to serve the purpose of each standard.

NOTE 2 Bold type in a definition indicates a cross-reference to another term defined in this clause, and the number reference for the term is given in parentheses.

NOTE 3 Where the text “XXX” appears throughout this clause, the appropriate reference should be inserted depending on the context in which these terms and definitions are being applied. For example: “an XXX objective” could be substituted as “an information security objective”.

specialists that are necessary for understanding the MSS. As per ISO directives, Part 2, D.1.2, arrangement, Terms and definitions should be preferably organized according to the hierarchy of the concepts. Alphabetic order is the least preferred.

understanding the MSS. Words used in general language and ordinary communicative settings are not defined, as the everyday use and meaning of these words can be found in a dictionary.

For instance, the word “dog” in general language is commonly understood to mean a domestic canine. However, the word “dog” in mechanical engineering has a very specific meaning restricted to this field. The former is a “word”, and the latter is a “term”.

Terms that are not used in a MSS do not have to be defined. Terms and their associated definitions can be located in this clause of the MSS or included in a referenced document. Suggested references for dictionaries are listed in ISO/IEC Directives, Part 2, Sixth edition, 2011, B.2 Reference works for language.

Rules for drafting terms and definitions are given in ISO Directives, Part 2, Annex D, together with special rules for terminology standards, such as vocabularies, nomenclatures or lists of equivalent terms in different languages.

5


JTCG N362



3.01 organization person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.08)

Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.

3.02 interested party (preferred term) stakeholder (admitted term) person or organization (3.01) that can affect, be affected by, or perceive themselves to be affected by a decision or activity

Interested parties can include: - Customers - Community - Suppliers - Regulators - Nongovernment organizations - Investors - Employees

3.03 requirement need or expectation that is stated, generally implied or obligatory

NOTE 1 to entry: “Generally implied” means that it is custom

or common practice for the organization and interested parties

that the need or expectation under consideration is implied.

NOTE 2 to entry: A specified requirement is one that is

stated, for example in documented information.

Requirements, other than legal requirements, become obligatory when adopted by the organization.

6


JTCG N362



3.04 management system set of interrelated or interacting elements of an organization (3.01) to establish policies (3.07) and objectives (3.08) and processes (3.12) to achieve those objectives

NOTE 1 to entry: A management system can address a single discipline or several disciplines.

NOTE 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning, operation, etc.

NOTE 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.

3.05 top management person or group of people who directs and controls an organization (3.01) at the highest level

NOTE 1 to entry: Top management has the power to delegate authority and provide resources within the organization.

NOTE 2 to entry: If the scope of the management system

(3.04) covers only part of an organization then top management refers to those who direct and control that part of the organization.

3.06 effectiveness extent to which planned activities are realized and planned results achieved

3.07 policy

7


JTCG N362



intentions and direction of an organization (3.01) as formally expressed by its top management (3.05)

8


JTCG N362



3.08 objective result to be achieved

NOTE 1 to entry: An objective can be strategic, tactical, or operational.

NOTE 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.12)).

NOTE 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an XXX objective or by the use of other words with similar meaning (e.g. aim, goal, or target).

NOTE 4 to entry: In the context of XXX management systems XXX objectives are set by the organization, consistent with the XXX policy, to achieve specific results.

3.09 risk effect of uncertainty

NOTE 1 to entry: An effect is a deviation from the expected — positive or negative.

NOTE 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

NOTE 3 to entry: Risk is often characterized by reference to potential events (ISO Guide 73, 3.5.1.3) and consequences

(ISO Guide 73, 3.6.1.3), or a combination of these.

NOTE 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (ISO

Guide 73, 3.6.1.1) of occurrence.

Discipline specific standards can define

“risk” in terms that are specific to their

discipline. ISO 31000 provides a definition of

”risk” that some discipline-specific standards

can use (see also definition 3.09).

3.10 competence

9


JTCG N362



Ability to apply knowledge and skills to achieve intended results

10


JTCG N362



3.11 documented information information required to be controlled and maintained by an organization (3.01) and the medium on which it is contained

NOTE 1 to entry: Documented information can be in any format and media and from any source.

NOTE 2 to entry: Documented information can refer to – the management system (3.04), including related processes (3.12);

– information created in order for the organization to operate (documentation); – evidence of results achieved (records).

3.12 process set of interrelated or interacting activities which transforms inputs into outputs

3.13 performance measurable result

NOTE 1 to entry: Performance can relate either to quantitative or qualitative findings.

NOTE 2 to entry: Performance can relate to the management of activities, processes (3.12), products (including services), systems or organizations (3.01).

11


JTCG N362



3.14 outsource (verb) make an arrangement where an external organization (3.01) performs part of an organization’s function or process (3.12)

NOTE 1 to entry: An external organization is outside the scope of the management system (3.04), although the

outsourced function or process is within the scope.

For purposes of Annex SL, an outsourced process is one which

the function or process is integral to the organization’s functioning

the function or process is needed for the MS to achieve its intended outcome

liability for the function or process conforming to requirements is retained by the organization

the organization and the external provider have an integral relationship e.g. one where the process is perceived by interested parties as being carried out by the organization

3.15 monitoring determining the status of a system, a process (3.12) or an activity

NOTE 1 to entry: To determine the status there may be a need to check, supervise or critically observe.

3.16 measurement process (3.12) to determine a value

12


JTCG N362



3.17 audit systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

NOTE 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).

Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.

NOTE 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.

Annex SL 9.2 pertains to internal audits. Annex SL requires that internal audits are conducted by the organization or by an external party on its behalf.

Independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest. “Audit evidence” consists of records, statement of fact and other information relevant to the audit criteria and verifiable, and “audit criteria” are the set of policies, procedures or requirements (3.03) used as a reference against which audit evidence is compared as defined in ISO 19011 Audit findings and the audit conclusion may be described collectively as the audit result. ”Audit findings” consist of the results of the evaluation of the collected audit evidence against audit criteria and the “audit conclusion” is the outcome of an audit after consideration of the audit objectives and all audit findings, as defined in ISO 19011. A combined audit is an audit of an organization’s management system against two or more sets of audit criteria or standards (for example, quality, safety, etc) and often referred to as an ‘integrated’ audit.

13


JTCG N362



3.18 conformity fulfilment of a requirement (3.03)

3.19 nonconformity non-fulfilment of a requirement (3.03)

Nonconformity relates to the requirements specified by the management system standard and to the requirements adopted by the organization

3.20 corrective action action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence

Corrective action is action taken to eliminate

the cause of a nonconformity, whereas

“correction” is immediate action taken to

eliminate a detected nonconformity

3.21 continual improvement

recurring activity to enhance performance (3.13)

4. Context of the organization

4.1 Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its XXX management system.

The intent of the clause on Understanding the organization and its context is to specify the requirements for a high-level (e.g. strategic) understanding of the important issues that can affect, either positively or negatively, the MS. Issues can be e.g. important topics for the organization, problems for debate and discussion, or changing circumstances The knowledge gained is then used to guide the

Examples of issues that may be important to an MS, and may need to be addressed by an MSS include: – environmental characteristics or

conditions related to climate, pollution, resource availability, and biodiversity, and the effect these conditions may have on the organization’s ability to achieve its objectives;

– the external cultural, social, political,

14


JTCG N362



efforts to plan, implement and operate the management system. Standards writers may prescribe additional requirements related to understanding the organization and its context in their discipline specific MSS.

legal, regulatory, financial, technological, economic, natural and competitive context, whether international, national, regional or local;

– characteristics or conditions of the organization, such as

o organizational governance, information flows and decision-making processes

o organizational policies, objectives, and the strategies that are in place to achieve them;

o the capabilities of the organization, understood in terms of resources (e.g. capital, time, people, knowledge, processes, systems and technologies);

o the organization's culture; o standards, guidelines and

models adopted by the organization;

o the life cycle of the organization’s products and services.

4.2 Understanding the needs and expectations of interested parties The organization shall determine the interested parties that are relevant to the

The intent of the clause on Understanding the needs and expectations of interested parties is to specify the requirements for a high-level (e.g. strategic) understanding of the needs and expectations of relevant interested parties that are applicable to the

Examples of potential interested parties may include:

legal and regulatory authorities (local, regional, state/provincial,

15


JTCG N362



XXX management system, and

The organization shall determine the relevant requirements of these interested

parties

MS and to the MSS Not all interested party requirements are requirements of the organization. Some are not applicable to the organization or relevant to the management system. Others are mandatory because they have been incorporated into laws, regulations, permits and licenses by governmental or court action. There may be others that an organization may decide to voluntarily adopt or decide to enter into an agreement or contract. Once adopted or agreed to, it must comply. If an interested party ‘perceives’ themselves to be affected by the management system, they must make it known. Apart from legal requirements, the needs and expectations of an interested party become obligations when they are specified and the organization decides that it will adopt them. Once the organization subscribes, then they become organizational requirements (see 4.3). The knowledge gained is then used to guide the efforts to plan, implement and operate the management system. Standards writers can prescribe additional requirements related to understanding the needs and expectations of interested parties in their discipline specific MSS.

national or international),

parent organizations,

customers,

trade and professional associations,

community groups,

non-governmental organizations,

suppliers,

neighbours,

employees and others working on behalf of the organization.

Examples of interested party requirements may include:

law;

permits, licences or other forms of authorization;

orders issued by regulatory agencies;

judgments of courts or administrative tribunals;

treaties, conventions and protocols;

relevant industry codes and standards; and

contracts which have been entered into;

agreements with community groups or non-governmental organizations;

agreements with public authorities and customers;

organizational requirements;

voluntary principles or codes of practice;

voluntary labelling or environmental

16


JTCG N362



commitments;

obligations arising under contractual arrangements with the organization.

4.3 Determining the scope of the XXX management system The organization shall determine the boundaries and applicability of the XXX management system to establish its scope. When determining this scope, the organization shall consider the external and internal issues referred to in

4.1, and

the requirements referred to in 4.2.

The scope shall be available as documented information.

The intent of the clause on Determining the scope of the management system is to establish the physical and organizational boundaries to which the management system will apply. The organization has the freedom and flexibility to define its boundaries and may choose to implement MSS within the entire organization, a specific unit, or particular function(s) within an organization. An understanding of the context (4.1) and the requirements of relevant interested parties (4.2) are considerations when establishing the scope of the management system and in determining which requirements the organization will adopt. Documentation of the scope is created and controlled in accordance with the requirements of Documented information (7.5). Standards writers can prescribe additional requirements for determining the scope of the management system in their discipline specific MSS.

It should be noted that the term scope can be used in three different applications: - the Scope of the ISO MSS (clause 1) - the scope of the organization’s

management system (as defined by 4.3)

- the “scope” of an organization’s certification.

4.4 XXX management system

The organization shall establish, implement, maintain and continually improve an XXX management system, including the processes needed and their interactions,

The intent of the Management System clause is to specify the overarching requirement(s) related to creating the ‘necessary but sufficient’ set of processes that, together, form an effective management system in conformance to the MSS.

The minimum processes required to be established in a MSS include: - Management system processes (4.4) - Operational planning and control

processes, including outsourced

17


JTCG N362



in accordance with the requirements of this International Standard.

The organization retains authority, accountability, and autonomy, to decide how it will fulfil the management system requirements, including the level of detail and extent to which it will integrate the management system requirements into its business. Standards writers can prescribe additional requirements for the management system or its processes in their discipline specific MSS. Note when drafting an MSS, reference to this clause may avoid the need to keep repeating phrases such as “establish, maintain, and continually improve …”, for e.g. a process , a procedure, a management system, in multiple clauses.

processes (8.1)

5. Leadership

5.1 Leadership and commitment

Top management shall demonstrate leadership and commitment with respect to the XXX management system by ensuring that the XXX policy and XXX

objectives are established and are compatible with the strategic direction of the organization

ensuring the integration of the XXX management system requirements into the organization’s business processes

The intent of the clause on Leadership and Commitment is to identify actions in which top management is personally involved with and directs in the organization. Top management may not perform all of these actions themselves (e.g., they may delegate responsibility to others), but they are accountable for making sure they are performed. Standards writers can prescribe additional requirements related to leadership and commitment in their discipline specific MSS. In the 2nd bullet the importance of “integration … into

Visible support, involvement and commitment of the organization’s top management is important to the successful implementation of the MSS. It sets the tone and expectations, increases acceptance, and motivates personnel to be engaged in the MS initiatives. It can provide reassurance to external parties that an effective management system is likely in place. An example of a “business process” may be an organization’s central human resource function, which may be responsible for ensuring that the competency requirements of an MSS are met.

18


JTCG N362



NOTE Reference to “business” in this International Standard

should be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.

ensuring that the resources needed for the XXX management system are available

communicating the importance of effective XXX management and of conforming to the XXX management system requirements

ensuring that the XXX management system achieves its intended outcome(s)

promoting continual improvement

supporting other relevant management roles to

demonstrate their leadership as it applies to their areas of responsibility.

the organization’s business processes” is emphasized and it is assigned as one of Top management’s roles. In the 7th bullet “to demonstrate their leadership as it applies to their areas of responsibility” refers to the “relevant management roles”, and not to Top management. The 7th bullet is intended to require Top management to create a culture and environment that encourages people with leadership roles (not necessarily formal management positions, e.g. team leaders) to work actively towards implementing the requirements of the management system and seeking to achieve the XXX objectives. Standards writers can prescribe additional requirements for leadership and commitment in their discipline specific MSS.

5.2 Policy Top management shall establish a XXX policy that is appropriate to the purpose of the

organization

provides a framework for setting XXX objectives

includes a commitment to satisfy applicable requirements, and

The intent of the clause on Policy is to specify the high level organizational commitments required of the MSS, taking into account the organization’s purpose. It is used to frame the objectives which the organization sets for itself. Documentation of the policy is created and controlled in accordance with the requirements of Documented information (7.5). The policy is communicated internally in accordance with the requirements of the Communication clause

While the policy is expected to contain a commitment to satisfy applicable requirements, in particular laws and regulations, it is understood that even the most effective MS will not guarantee full compliance at any particular point in time. Under such circumstances, it should not be considered out of conformance so long as the MS results in the prompt detection and corrective action of the system deficiencies that contributed to the instance(s) of noncompliance.

19


JTCG N362



includes a commitment to continual improvement of the XXX management system.

The XXX policy shall be available as documented information

be communicated within the organization

be available to interested parties, as appropriate

(7.4). It also shall be made available to other interested parties. Standards writers can prescribe additional requirements related to policy in their discipline specific MSS.

5.3 Organization roles, responsibilities and authorities Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization. Top management shall assign the responsibility and authority for: a) ensuring that the XXX management system conforms to the requirements of this International Standard: and

b) reporting on the performance of the XXX management system to top management.

The intent of the clause on Organization roles, responsibilities and authorities is to assign responsibility and authority for the implementation of the MS requirements to relevant roles within the organization. Top management is accountable for these responsibilities and authorities being assigned and communicated to the respective persons performing those roles. The responsibilities and authorities are communicated in accordance with the requirements of the Communication clause (7.4). Demonstration of conformance to the requirements of the MSS is conducted in accordance with the requirements of the Internal audit clause(9.2) Performance reporting is conducted in accordance

The role of ensuring that the management system conforms with the requirements of the MSS can be assigned to an individual, shared by several individuals, or assigned to a team. Such individuals should have sufficient access to top management in order to keep management informed of the status and performance of the MS.

20


JTCG N362



with the requirements of Management review (9.3) Standards writers can prescribe additional requirements related to policy in their discipline specific MSS.

6. Planning

6.1 Actions to address risks and opportunities When planning for the XXX management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to assure the XXX management system can

achieve its intended outcome(s)

prevent, or reduce, undesired effects

achieve continual improvement.

The organization shall plan: a) actions to address these risks and opportunities, and

b) how to

integrate and implement the actions into its XXX management system processes

The intent of the clause on Actions to address risks and opportunities is to specify the requirements for the planning needed as a prerequisite to establishing the MS. It specifies what needs to be considered and what needs to be addressed. The planning is performed at a strategic level, versus the tactical planning done for Operational planning and control (8.1). At a minimum, planning needs to consider the issues relevant to the organization’s context identified in (4.1) and the organization’s applicable requirements identified in (4.3) in order to address any negative or positive consequence posed in a prioritized fashion. Prioritization is based on the three bullet items. Annex SL calls for actions to address risks in 6.1, but does not call for risk management, risk assessment or risk treatment. For those MSS that need to address risk formally, the MSS should clarify its need for a “risk management“ approach, and agree on the positioning of risk assessment and risk treatment text (i.e. should it go in clause 6 or clause 8, or in both).

The purpose of planning is to anticipate potential scenarios and consequences, and as such is

Reference to ‘Risks and Opportunities’ is intended to broadly describe something that poses a threat having detrimental or negative effect, or alternatively, something that has the potential for a beneficial or positive effect. It is not intended to be the same as the technical, statistical, or scientific interpretation of the term risk. Threat and opportunity determination may be through informal means, or may be though formal qualitative or quantitative methodologies

21


JTCG N362



evaluate the effectiveness of these actions. preventive in addressing undesired effects before they occur. Similarly, it looks for favourable conditions or circumstances that can offer a potential advantage or beneficial outcome and includes planning for those worthy of pursuit. Planning also includes determining how to incorporate the actions deemed necessary or beneficial into the MS, either through objective setting (6.2), operational control (8.1) or other specific clauses of the MS, e.g. resource provisions (7.1), competence (7.2). The mechanism for evaluating the effectiveness of the preventive action taken is also planned, and can include monitoring, measurement techniques (9.1), internal audit (9.2) or management review (9.3). Standards writers can prescribe additional requirements related to actions to address risks and opportunities in their discipline specific MSS.

6.2 XXX objectives and planning to achieve them

The organization shall establish XXX objectives at relevant functions and levels. The XXX objectives shall be consistent with the XXX policy

be measurable (if practicable)

The text is self-explanatory; readers should note linkages to Leadership and commitment (5.1) and Policy (5.2). Objectives should be specified in a way that allows determination of their fulfilment to be made. By including the caveat “where practicable”, it is acknowledged that there may be situations when it may not be feasible to measure an objective. The status and progress on objectives are periodically

Intentionally left blank

22


JTCG N362



take into account applicable requirements

be monitored

be communicated, and

be updated as appropriate.

The organization shall retain documented information on the XXX objectives.

When planning how to achieve its XXX objectives, the organization shall determine

what will be done

what resources will be required

who will be responsible

when it will be completed

how the results will be evaluated

checked in accordance with the requirements of Monitoring, measurement, analysis and evaluation (9.1) and updated as appropriate, consistent with the requirements of Continual improvement (10.2). Objectives are communicated in accordance with the requirements of the Communication clause (7.4). Documentation of the objectives is created and controlled in accordance with the requirements of Documented information (7.5). The actions required to achieve the objectives (i.e., ‘what’) and the associated timeframe (i.e., ‘when’) are determined. In addition, assignment of responsibility for doing it (i.e., ‘who’) is established in accordance with the requirements of Organization roles, responsibilities and authorities (5.3). Any need for budgets, specialized skills, technology or infrastructure, for example, are determined and provided in accordance with the requirements of Resources. (7.1). Lastly, a mechanism for evaluating the overall results of what was accomplished is determined in accordance with the requirements of Monitoring, measurement, analysis and evaluation (9.1) and reported in accordance with Management Review (9.3). Standards writers can prescribe additional requirements related to objectives and planning to achieve to them in their discipline specific MSS.

23


JTCG N362



7. Support

7.1 Resources The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the XXX management system.

The intent of the clause on Resources is to anticipate, determine and allocate the resources needed for creating and implementing the MS (including its operations and controls), as well as those needed for its ongoing maintenance and improvement. Standards writers can prescribe additional requirements related to resources in their discipline specific MSS.

Resources may include

human resources

specialized skills or knowledge

organizational infrastructure (i.e., buildings, communication lines, etc)

technology financial resources

7.2 Competence

The organization shall

determine the necessary competence of person(s) doing work under its control that affects its XXX performance, and

ensure that these persons are competent on the basis of appropriate education, training, or experience;

where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken, and

NOTE Applicable actions may include, for example: the provision of training to, the mentoring of, or the re-assignment

of currently employed persons; or the hiring or contracting of competent persons.

retain appropriate documented information as evidence of competence.

The text is self-explanatory when read in conjunction with the definition of competence (3.10). Documentation providing objective evidence of competence is created and controlled in accordance with the requirements of Documented information (7.5). Standards writers can prescribe additional requirements related to competence in their discipline specific MSS.


7.3 Awareness

The intent of the clause is self-explanatory.

Awareness of the policy should not be taken to mean that it needs to be memorized;

24


JTCG N362



Persons doing work under the organization’s control shall be aware of the XXX policy

their contribution to the effectiveness of the XXX management system, including the benefits of improved XXX performance

the implications of not conforming with the XXX management system requirements.

Standards writers can prescribe additional requirements related to awareness in their discipline specific MSS.

rather, persons should be aware of the key policy commitments, and their role in achieving them.

7.4 Communication

The organization shall determine the internal and external communications relevant to the XXX management system including

on what it will communicate

when to communicate

with whom to communicate.

how to communicate

The intent of the clause is self-explanatory. Annex SL requires communication on the following: -importance of effective XXX management and of conforming to the MS requirements -policy -responsibilities and authorities -performance of the MS -objectives [-contribution to the effectiveness of the MS, including the benefits of improved performance -implications of not conforming with the MS requirements] -results of audits Standards writers can include specific requirements for communication, including information that is necessary to communicate, either in this clause, or in the other clauses.

Communications should adhere to the principles of transparency, appropriateness, credibility, responsiveness and clarity. Communication can be verbal or written, one-way or two-way, internal or external.

25


JTCG N362



7.5 Documented information 7.5.1 General The organization’s XXX management system shall include documented information required by this

International Standard

documented information determined by the organization as being necessary for the effectiveness of the XXX management system.

NOTE The extent of documented information for a XXX

management system can differ from one organization to another due to

— the size of organization and its type of activities, processes, products and services,

— the complexity of processes and their interactions, and

— the competence of persons.

The intent of the clause General, Documented Information is to provide a description of the types of information that must be created, controlled, and maintained in a management system. This includes that which is - required for all MSS (as presented in clause

7.5.1 and in the respective clauses of Annex SL),

- required by a particular MSS, and - any additional information the organization

determines necessary to be documented.

The phrase “documented information as evidence of

...” implies the former term “record”.

It is the responsibility of the organization to determine what documented information it needs beyond that which is required by the MSS. The factors it should take into account are listed in the note. The term “documented information” refers to information that a MSS determines is necessary to control and maintain in any format or media (see 7.5.3) Documented information is created and controlled in accordance with the requirements of 7.5.2 and 7.5.3. Standard writers may include specific examples of appropriate documented information.

The minimum documented information

required to be created, controlled and/or

maintained in a MSS includes:

- Scope of the management system

- Policy

- Objectives

- Evidence of competence

- Documented information of external

origin necessary for the planning and

operation of the management system

- Documented information necessary to

have confidence that the processes

have been carried out as planned

- Monitoring, measurement, analysis

and evaluation results

- Evidence of internal audit programme

implementation

- Internal audit results

- Management review results

- Nature of nonconformities and actions

taken

- Corrective action results

Documented information, originally created for purposes other than the MSS, may be used.

26


JTCG N362



7.5.2 Creating and updating When creating and updating documented information the organization shall ensure appropriate identification and description (e.g. a title, date,

author, or reference number)

format (e.g. language, software version, graphics) and media (e.g. paper, electronic)

review and approval for suitability and adequacy.

The intent of the clause Creating and Updating Documented Information is to specify the requirements for uniquely identifying the information, defining the format and media it will be maintained in, and for its approval. Standards writers can prescribe additional requirements related to creating and updating documented information in their discipline specific MSS.

The identification, format and media used for documented information are the choice of the organization implementing the MSS; it need not be in the form of a textual format or a paper manual.

7.5.3 Control of documented information Documented information required by the XXX management system and by this International Standard shall be controlled to ensure it is available and suitable for use, where and

when it is needed

it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

distribution, access, retrieval and use,

NOTE Access implies a decision regarding the

permission to view the documented information only, or the permission and authority to view and change the

documented information, etc.

storage and preservation, including

The intent of the clause on Control of documented information is to specify the internal controls that need to be considered and implemented for information that is required to be documented. Not all internal controls are applicable to all types of documented information. In addition to internal information that is required to be documented, information created by external parties may be required for the MSS. The identification and control of such information is also required. Standards writers can prescribe additional requirements related to control of documented information in their discipline specific MSS.

The information required to be documented by the MSS may be integrated with other information management or documentation systems established by an organization.

27


JTCG N362



preservation of legibility

control of changes (e.g. version control)

retention and disposition

Documented information of external origin determined by the organization to be necessary for the planning and operation of the XXX management system shall be identified as appropriate, and controlled.

8. Operation

8.1 Operational planning and control The organization shall plan, implement and control the processes needed to meet requirements, and to implement the actions determined in 6.1, by establishing criteria for the processes

implementing control of the processes in accordance with the criteria

keeping documented information to the extent necessary to have confidence that the processes have been carried out as planned.

The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

The intent of the clause on Operational planning and control is to specify the requirements that need to be implemented within the organization’s operations to make sure the MSS requirements are fulfilled, and the priority risks and opportunities are being addressed. Operational control includes the methods implemented to make sure business operations, activities or equipment do not exceed specified conditions or performance standards or violate regulatory compliance limits, and thereby effectively achieve the intended outcome of the MS. These controls establish technical requirements necessary to achieve the desired optimal functionality for business processes, such as technical specifications or operating parameters or a prescribed methodology. Operational control is required for situations related to business processes where absence of controls could lead to deviations from the policy and objectives or poses unacceptable risk. These situations can be related to business operations,

Operational planning can be more detailed than the planning done in 6.1and at the tactical level focused on the business operations in support of those actions determined in Actions to address risks and opportunities (6.1).

28


JTCG N362



The organization shall ensure that outsourced processes are controlled.

activities or processes; production, installation or servicing; maintenance; or contractors, suppliers or vendors. The degree of control exercised will vary depending on many factors, including the functions performed; their importance or complexity; the potential consequences of deviation or variability; or, the technical competency involved versus what is available. Documentation needed to have confidence that the operational control processes have been carried out as planned is created and controlled in accordance with the requirements of Documented information (7.5). Requirements for management of change, both planned and unintended changes, are required to prevent or otherwise minimize the chance technical requirements are not fulfilled, or new risks are introduced. When operational controls fail, action is necessary to address any resultant undesired effect(s). Control of outsourced processes is not unlike the control of operations; however the degree of control can be limited to partial control or influence. It is not intended to change any legal relationship with the external entity performing the outsourced process. Standards writers can prescribe additional requirements related to operational planning and

29


JTCG N362



control in their discipline specific MSS.

9. Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

The organization shall determine

what needs to be monitored and measured

the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results

when the results from monitoring and measurement shall be analysed and evaluated.

The organization shall retain appropriate documented information as evidence of the results.

The organization shall evaluate the XXX performance and the effectiveness of the XXX management system.

The intent of the clause on Monitoring, measurement, analysis and evaluation is to specify the requirements for implementing checks to be sure the intended results of the MS are achieved as planned. Checking can be qualitative (monitoring) or quantitative (measurement). The characteristics that are monitored or measured, analyzed and evaluated provide the ‘necessary and sufficient’ information to judge the extent to which the MS planned activities are realized and its planned results are achieved. The information gained through monitoring or measurement, analysis and evaluation is presented to top management in accordance with the requirements of Management Review (9.3). Documentation of the monitoring, measurement, analysis and evaluation results is created and controlled in accordance with the requirements of Documented information (7.5). Standards writers can prescribe additional requirements related to monitoring, measurement, analysis and evaluation in their discipline specific MSS.


9.2 Internal audit The intent of the clause on Internal audit is to specify the requirements for planning, implementing and

The management and conduct of internal audits should abide by the principles of

30


JTCG N362



The organization shall conduct internal audits at planned intervals to provide information on whether the XXX management system;

a) conforms to

the organization’s own requirements for its XXX management system

the requirements of this International Standard;

b) is effectively implemented and maintained.

The organization shall: a) plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting. The audit programme(s) shall take into consideration the importance of the processes concerned and the results of previous audits;

b) define the audit criteria and scope for each audit;

c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;

d) ensure that the results of audits are reported to relevant management, and

e) retain documented information as evidence of the implementation of the audit programme and the audit results.

maintaining an internal audit programme for purposes of checking that the organization’s MS conforms to both the MSS requirements and any additional MS related requirements the organization self imposes, and that the MS is being effectively implemented and maintained as planned. An internal audit programme requires that -internal audits be planned and scheduled based on the importance of the processes audited and the results of previous audits -a methodology for planning and conducting internal audits be established -roles and responsibilities within the audit programme be assigned taking into account the integrity and independence of the internal audit process -the audit criteria (i.e., policies, procedures or requirements used as a reference against which relevant and verifiable records, statements of fact or other information will be compared) and audit scope (i.e., description of the physical locations, organizational units, activities and processes, as well as the time period covered) for each audit planned. The internal audit programme is planned and implemented and maintained by internal personnel, or can be managed by external persons acting on the organization’s behalf. In either case the selection of internal audit programme personnel needs to meet Competence (7.2) requirements.

integrity, fair presentation, due professional care, confidentiality, independence and an evidence-based approach. Guidance on establishing an internal audit programme, performing management system audits and evaluating the competence of audit personnel is given in ISO 19011.

31


JTCG N362



The results of internal audits are reported to the management responsible for the functions/unit audited, and any other individuals deemed appropriate in accordance with the requirements of the Communication clause (7.4). Documentation providing evidence of internal audit programme implementation and audit results is created and controlled in accordance with the requirements of Documented information (7.5). Information, including trends, on internal audit results is reviewed in accordance with the requirements of Management review (9.3). Standards writers can prescribe additional requirements related to internal audit in their discipline specific MSS.

9.3 Management review

Top management shall review the organization's XXX management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.

The management review shall include consideration of:

a) the status of actions from previous management reviews;

b) changes in external and internal issues that are relevant to the XXX management system;

c) information on the XXX performance,

The intent of the clause on Management review is to specify the requirements related to the conduct of a holistic review of the MS by top management, including the information to be covered and the expected outputs. Top management is required to be personally engaged in this review. It is their mechanism to drive changes to the MS and direct continual improvement priorities, particularly in relation to the changing circumstances in the organization’s context, deviations from intended results, or favourable conditions that offer an advantage with beneficial


32


JTCG N362



including trends in:

nonconformities and corrective actions

monitoring and measurement results, and

audit results;

d) opportunities for continual improvement.

The outputs of the management review shall include decisions related to continual improvement opportunities and any need for changes to the XXX management system. The organization shall retain documented information as evidence of the results of management reviews.

outcome. Documentation of the management review results is created and controlled in accordance with the requirements of Documented information (7.5). Standards writers can prescribe additional requirements related to management review in their discipline specific MSS.

33


JTCG N362



10. Improvement

10.1 Nonconformity and corrective action

When a nonconformity occurs, the organization shall: a) react to the nonconformity, and as applicable

take action to control and correct it, and

deal with the consequences;

b) evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere, by

reviewing the nonconformity

determining the causes of the nonconformity, and

determining if similar nonconformities exist, or could potentially occur;

c) implement any action needed;

d) review the effectiveness of any corrective action taken; and

e) make changes to the XXX management system, if necessary.

Corrective actions shall be appropriate to the effects of the nonconformities encountered.

The intent of the clause on Nonconformity and corrective action is to specify the requirements for responding when the MSS and MS (including operational) requirements are not satisfied. It includes taking action to correct the situation, examine the cause and determine if other occurrences exist or potentially exist elsewhere so that action can be taken to prevent reoccurrence. Further, it requires evaluation of the action taken to confirm that the intended result was achieved, and evaluation of the MS to determine if changes are warranted to avoid future occurrences of similar nonconformities. Documentation of the nonconformity, corrective action and the results is created and controlled in accordance with the requirements of Documented information (7.5). Standards writers can prescribe additional requirements related to nonconformity and corrective action in their discipline specific MSS.


34


JTCG N362



The organization shall retain documented information as evidence of: the nature of the nonconformities and any

subsequent actions taken, and

the results of any corrective action

10.2 Continual improvement

The organization shall continually improve the suitability, adequacy and effectiveness of the XXX management system.

The intent of the clause on Continual improvement is to specify the requirements to improve the Management System (MS). Improvement is focused in three main areas: Suitability – the extent to which the MS ‘fits’ and is right for the organization’s purpose, its operations, culture, and business systems Adequacy – the extent to which the MS is sufficient in meeting the applicable requirements; and Effectiveness – the extent to which planned activities are realized and planned results achieved. Continual improvement involves making changes to the design and implementation of the MS in order to improve the organization’s ability to achieve conformity with the requirements of the MSS and meet its objectives and policy commitments. Although there may be value in improving the system elements alone, the intended outcome of planned actions and other MS changes is an improvement in the organization’s performance. Several clauses of a MSS can assist in achieving continual improvement. A coordinated

Continual implies occurrence over a period of time, but with intervals of interruption (unlike ‘continuous’ which indicates occurrence without interruption). In the context of continual improvement, the expectation is that improvements occur periodically, over time. The rate, extent and timescale of actions that support continual improvement are determined by the organization, in light of its context, economic factors, and other circumstances.

35


JTCG N362



implementation of these clauses may help to develop a robust way to achieve this improvement, including, but not limited to: - taking actions to address risks and opportunities (6.1); - establishing objectives (6.2); - upgrading operational controls (8.1), taking into consideration new technologies, methods or information; - analyzing and evaluating performance (9.1); - conducting internal audits (9.2); - conducting management reviews (9.3); and

- detecting nonconformity(ies) and implementing

corrective action(s) (10.1). The organization periodically evaluates and reviews its MS in accordance with the requirements of Monitoring, measurement, analysis and evaluation (9.1) and Internal Audit (9.2) and Management Review (9.3) to identify opportunities for improvement, and plans appropriate actions to be taken in accordance with Actions to address risks and opportunities (6.1), Objectives and planning to achieve them (6.2), and Operational planning and controls (8.1). Standards writers can prescribe additional requirements related to continual improvement in their discipline specific MSS.





JTCG Terminology Guidance in support of Annex SL

Attached please find Terminology Guidance developed by TF4 and approved by JTCG This is intended to help standard writers and others understand the approach to terminology in Annex SL.

JTCG TF4 N

2

Terminology Guidance

1 Practical steps to develop a MSS vocabulary regarding terms and definitions contained in Annex SL

Example of note to entry addition:

“organization”

Keep the definition of “organization” of Annex SL and add a note to entry to give

specific characteristics related to road traffic safety management system:

Does this definition

suit my subject field?

Can I add a note to

entry to clarify the

definition?

Annex SL common term and core

definition

Draft a new

definition of a

subordinate concept

Keep the term and definition

Add a note to entry to Annex

SL definition

Begin the definition with the

term of the concept defined

in Annex SL and add specific

characteristics of your subject

field

End

No

Yes

Yes

No

Yes

JTCG TF4 N

3

organization

person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.

Note 2 to entry: In the context of this International Standard, one of the main objectives is to develop and implement an appropriate road traffic safety policy to reduce death and serious injuries related to road traffic crashes.

Example of drafting a new definition corresponding to a specific concept:

“management system”

Rewrite the definition of “road traffic safety management system” as a subordinate

concept of “management system” by giving the specific characteristics of road

traffic safety management:

management system

set of interrelated or interacting elements of an organization to establish policies

and objectives and processes to achieve those objectives

road traffic safety management system

management system that is set to establish a road traffic safety policy with the objective of reducing death and serious injuries related to road traffic crashes

JTCG TF4 N

4

2 Practical steps to develop a MSS vocabulary regarding terms and

definitions (discipline specific concepts) not contained in Annex SL

2.1 Subject field specific concepts

2.2 Introduction

In addition to what it has been described in chapter 1, there will often be a need for terms

and definitions specific to a subject field, but not directly linked to Annex SL common terms

and core definitions.

2.1.1

A – Questions before drafting a definition:

A.1

Is it already defined in an International Standard? Have a look at the ISO Online Browsing

Platform (OBP).

If so, and if the definition is acceptable, quote that definition and give the source.

A.2

Is the term

self-explanatory or commonly known, and it

cannot be interpreted differently in different contexts?

Is it already defined

in other International

Standard?

Is the terms self-

explanatory or

commonly used?

Term specific to a subject field

Keep the term and definition

Do not define it. Keep the

definition from the common

dictionary or current

technical document

End

Yes

Ye

Yes

JTCG TF4 N

5

If so do not define it.

Common dictionary or current technical terms may only be defined if they are used with a

specific meaning in the relevant context.

B – Good practice for writing definitions

Only include main characteristics (i.e. focus on aspects that differentiate the concept from other concepts).

Additional information should be added in notes.

Use short phrases, if possible, in only one line.

Consider only one issue in each phrase

Avoid introductory words such as “it means”, “is” or “the term is used for”.

Avoid using the term itself in the definition.

Whenever possible use the singular form for the definition.

A good definition should be:

clear;

concise;

relevant and applicable to the standard in question.

C – How to check if a definition is correct (principle of substitution)

Example

Definition:

product

any goods or service

Original text:

Relevance: select GHG sources, carbon storage, data and methods appropriate to the assessment of the GHG emissions arising from products;

Term substituted by its definition:

Relevance: select GHG sources, carbon storage, data and methods appropriate to the assessment of the GHG emissions arising from any goods or services;

JTCG TF4 N

6

3 Concept diagram of common terms and core definitions related to management systems

4.0 Practical recommendations for drafting and representing terms and definitions

4.1 Introduction

Clear, consistent and coherent standards need clear and consistent terminology. Rules regarding terminology are the remit of ISO/TC 37.

This Annex explains terminological concepts in a simple, practical way. This Annex does not supersede any of the ISO/TC 37 International Standards, amongst which adherence to two (ISO 704:2009 and ISO 10241-1:2011) is mandatory.

The following International Standards and normative documents are of particular importance when developing terminology standards or terminology sections in standards:

• ISO/IEC Directives, Part 2, Sixth edition, 2011, Rules for the structure and drafting of International Standards: The importance of terminology is emphasized in 4.4 a. Rules for the drafting and presentation of terms and definitions are given in Annex D. This is a

3.1

organization

3.1.1

interested

party

3.1.2

top

management

3.1.3

management

system

3.1.4

process

3.1.5

documented

information

3.1.6

performance

3.1.7

requirement

3.1.8

audit

3.1.9

measurement

3.1.10

outsource

3.1.3.3

risk

3.1.3.1

policy

3.1.3,2

objective

3.1.4.1

competence

3.1.6.1

continual

improvement

3.1.7.1

conformity

3.1.7.2

nonconformity

3.1.9.1

monitoring

3.1.7.2.1

corrective

action

3.1.9.1.1

effectiviness

JTCG TF4 N

7

summary that all committee members should read. It does not supersede the rules contained in the International Standards listed below.

• ISO 10241-1:2011, Terminological entries in standards — Part 1: General requirements and examples of presentation: ISO 10241-1 describes the practical sequence of activities that are to be followed when developing terminological entries and how they should be formatted and presented.

• ISO 704:2009, Terminology work — Principles and methods: ISO 704 provides rules on how concepts and concept systems are developed and structured, and on how definitions are drafted.

• ISO 15188:2001, Project management guidelines for terminology standardization: If a new management systems standard requires a lot of terminology then ISO 15188 provides practical advice on how this work is structured and controlled.

• ISO 860:2007, Terminology work — Harmonization of concepts and terms: Often terminologies overlap between technical fields, or are inconsistent within technical fields because they have been produced within a different context. ISO 860 provides a methodological approach to dealing with such issues.

• ISO 1087-1:2000, Terminology work — Vocabulary — Part 1: Theory and application: The vocabulary for terminology work.

4.2 Systematic order of terminological data

As stated in ISO 10241-1:2011, 5.1.1 “systematic order (*) of terminological entries shall be used whenever possible”.

There are two aspects to this specification

a) terms and definitions developed within a concept system provide the most effective and efficient method of working,

b) terms and definitions arranged in conceptual order allows standards users a quick and accurate search of data by standardization of term entry number, no matter in which language they are drafted. A language based alphabetical order should also be provided to provide alternative quick and accurate search.

(*) systematic order: order of terminological entries reflecting the underlying concept system.

4.3 Concepts

concept unit of knowledge created by a unique combination of characteristics

Note 1 to entry: Concepts are not necessarily bound to particular languages. They are, however, influenced by the social or cultural background which often leads to different categorizations.

[SOURCE: ISO 1087-1:2000(E/F), 3.2.1]

4.4 Concept systems / concept diagrams

Concepts are arranged in concept systems according to the relations among them.

JTCG TF4 N

8

Concept systems are graphically represented by concept diagrams.

4.5 Concepts relations

Main kinds of relations:

a) hierarchical - generic - partitive

b) associative

a) Hierarchical

Generic relation

general concept

superordinate management system

subordinate subordinate quality road traffic safety specific concept specific concept management system management system

Example from ISO 704:2009 (5.5.2.2.1)

pointing device

… touch pad computer mouse light pen …

mechanical optomechanical optical

mouse mouse mouse

Partitive relation

superordinate

subordinate subordinate subordinate

coordinates

JTCG TF4 N

9

Example from ISO 704:2009 (5.5.2.3.1)

optomechanical mouse

mouse mouse infrared infrared infrared

ball cord emitter sensor wheel

mouse circuit x-axis y-axis

button board roller roller

b) Associative relation

concept

concept

concept

Example from ISO 704:2009 (5.6.2)

pointer mouse pad

2 1

computer

mouse

3 4

mouse port clicking

4.6 Terms

term verbal designation of a general concept in a specific subject field

Note 1 to entry: A term may contain symbols and can have variants, e.g. different forms of spelling.

[SOURCE: ISO 1087-1:2000(E/F), 3.4.3]

4.7 Definitions

A definition defines the concept and not the term.

JTCG TF4 N

10

definition

representation of a concept by a descriptive statement which serves to differentiate it from related concepts

[SOURCE: ISO 1087-1:2000(E/F), 3.3.1]





JTCG Frequently Asked Questions in support of Annex SL

Please find attached FAQ developed by TF4 and approved by JTCG at its meeting.

JTCG / N359

2

JTCG/TF4/N28

3 December 2013

JTCG - Frequently Asked Questions (FAQs) Introduction In 2012 ISO added Annex SL to the ISO/IEC Directives, Part 1, Procedures Specific to ISO. Annex SL defines a) the proposal process for a new management system standard and b) the rules for drafting a management system standard using a common approach Three appendices are included in Annex SL: Appendix 1: Justification criteria questions; Appendix 2: High level structure, identical text, and common terms and core definitions; and, Appendix 3: Guidance on high level structure, identical text, and common terms and core definitions These FAQs have been developed by the ISO/TMB/TAG13-JTCG against Annex SL as it pertains to the high level structure, identical text, and common terms and core definitions only .Unless otherwise stated in the FAQs, the use of the term "Annex SL" refers to just section SL.9 and Appendices 2 and 3. 1. Who initiated the development of Annex SL ? In consideration of the “Report of the ISO TMB Ad Hoc Group on Management Systems Standards”, 10 February, 2006, the Technical Management Board (TMB) formed the Joint Technical Co-ordination Group on Management System Standards (TAG13-JTCG, or JTCG) to develop the future vision and guidelines for "aligning" future editions of its current management system standards (MSS), and for any new MSS. . 2. Who was involved in the development of Annex SL ? Annex SL was developed by the ISO Technical Management Board's Technical Advisory Group 13 "Joint Technical Co-ordination Group on Management system standards" (or JTCG). The secretariat (Chairperson and Secretary) of all ISO's Technical Committees (TCs), Project Committees (PCs) and Sub-committees (SCs) involved in the development of management system standards were requested to participate in the JTCG. In select cases, other ISO bodies involved in the development of management standards (as opposed to management system standards) were also invited to participate.

JTCG / N359

3

The JTCG established a number of Task Forces to develop Annex SL and its appendices. These were populated by experts from the JTCG's participating TCs/PCs/SCs. 3. What is the historical background of Annex SL ? Work to enhance commonality amongst management system standards (MSS) and avoid conflicting requirements began in the 1990’s between the two ISO committees with MSS then in existence: ISO 9001, Quality Management Systems & ISO 14001, Environmental Management Systems. The focus was on achieving ‘compatibility’. Their respective terminology groups ‘harmonized’ terms & definitions. Each committee established liaison members to serve as active members of each other’s working group to enhance the compatibility of common requirements. During the same period they established a Joint Working Group (JWG) for auditing standards. The JWG successfully merged the auditing standards and published ISO 19011. In the early 2000’s, in response to feedback from users, a Joint Task Group between the MSS committees was formed to facilitate further alignment of the ISO 9001 and ISO 14001 standards. A joint vision & high level structure were developed. However during this period, a proliferation of MSS work items were being proposed, and the need to expand the group beyond Quality and Environment to cover all ISO MS standardization activities was recognized. ISO Technical Management Board (TMB) established two Technical Advisory Groups: the Joint Technical Coordination Group (TAG 13, JTCG) on MSS and an oversight body, the Strategic Advisory Group on MSS. The JTCG built on the prior work, promoting the current vision of identical structure, identical requirements, and a set of common terms and core definitions for MSS. The output of this work, originally called Draft Guide 83, was balloted among the member bodies in 2011, approved by TMB, and published it (along with revised text from ISO Guide 72 on justification studies) in the ISO Directives in 2012 as Annex SL. In parallel, ISO 19011 was revised to expand its scope to cover all MSS discipline audits. 4. What was the Vision behind Annex SL ? All ISO management system “requirements” standards will be aligned and ISO will seek to enhance the compatibility of these standards, through the promotion of identical:

• Clause titles • Sequence of clause titles • Text, and • Terms and definitions

that are permitted to diverge only where necessitated by specific differences in managing their individual fields of application. 5. What is the aim of Annex SL ? The aim of Annex SL is to enhance the consistency and alignment of existing and future ISO management system standards by providing a unifying and agreed high level structure, identical core text and common terms and core definitions (see clause SL 9.1).

It defines a set of interdependent requirements that function as a whole, often referred to as a ‘systems approach’.

It defines what has to be achieved not how it should be achieved.

JTCG / N359

4

It specifies requirements. There is no inherent assumption of sequence or order in which they are to be implemented by an organisation. There is no inherent demand that all activities in a specific clause must be done before activities in another clause are started.

It does not dictate or imply a specific model for how to achieve the requirements.

It was written with the aim of avoiding repeating words and using plain English.

It deliberately separated clause 4.1 from 4.2 because of a wish to address interested parties separately and specifically.

It used cross referencing to show linkage

It deliberately used bullets to avoid presenting an inherent assumption of sequence or order. If standards writers want to, they can use a), b) etc instead of the bullet as a symbol.

It developed definitions with the aim of finding words that explained the concept behind the term in its most general approach. The process used the ISO requirement for development of definitions in ISO 704:2009 Terminology work — Principles and methods: In discipline specific standards it is possible to add Notes to explain and complete the sense; however, it should be understood that Notes to terminology are normative according to ISO Directives and cannot contain requirements.

6. Who is the intended user of Annex SL? The intended audience for the document is ISO Technical Committees (TC) Subcommittees (SC) and Project Committees (PC) and associated Working Groups that are involved in the development of management system standards (see clause SL9.1). 7. What benefit is there to harmonization ? Where organizations are implementing and operating several Management Systems they are often confronted with different and sometime contradicting requirements, terms and definitions. Annex SL will be particularly useful for those organizations that choose to operate a single (sometimes called “integrated”) management system that can meet the requirements of two or more management system standards simultaneously. 8. What is the flexibility of the HLS and identical text ? Annex SL is a core structure for MSS that TC/PC/SCs will need to add to and build on for the development of their discipline specific MSS The TMB recognized that standards writers may need flexibility when writing their discipline specific MSS, therefore the TMB decided that any future MSS (new and revisions) shall, in principle, follow Annex SL and decided to permit deviations on the condition they are reported to the TMB with detailed rationale. Clause SL9.3 provides further detail on non-applicability. The intent is that TC/SC/PC strive to avoid non applicability, therefore flexibility on the addition of discipline-specific text and sub-clauses were incorporated into the rules on using Annex SL.

a) Clause Structure Subclauses may be added at any position in the structure, and the subsequent sub-clauses be renumbered. Renaming, inserting or restructuring the main clauses (1.0 – 10.0) of the high level structure should be avoided.

b) Identical text

JTCG / N359

5

TC/SC/PCs are allowed to add discipline specific text that does not affect harmonization or contradict or undermine the intent of the identical text, common terms and core definitions, at any position within the high level structure and identical text. Examples of additions include:

o New bullet points o Discipline specific explanatory text o New paragraphs o Text that enhances the existing requirements in Appendix 2

TC/PC/SCs can avoid repeating requirements by adding discipline specific text to the identical text.

c) Deletion of identical text It is preferable to try to avoid deleting or replacing the identical text of Annex SL and thereby potentially affect harmonization or contradict or undermine its intent. If TC/SC/PCs determine, however, (a) special or exceptional circumstance(s) in which the identical text, common terms or core definitions cannot be applied in their MSS, then they must notify the TMB of its rationale (see clause SL9.3).

9. Is it possible to distinguish the Annex SL common text from discipline specific text ? Technical Committees can decide if they wish to distinguish the Annex SL common text by having it produced in a different colour, during the drafting stage. 10. Why does the common text not include a specific clause on “Preventive Action” ?

The high level structure and identical text does not include a clause giving specific requirements for “preventive action”. This is because one of the key purposes of a formal management system is to act as a preventive tool. Consequently, a MSS requires an assessment of the organization’s “external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s)” in clause 4.1, and to “determine the risks and opportunities that need to be addressed to: assure the XXX management system can achieve its intended outcome(s); prevent, or reduce, undesired effects; achieve continual improvement.” in clause 6.1. These two sets of requirements are considered to cover the concept of “preventive action”, and also to take a wider view that looks at risks and opportunities. 11. Why was the “process model” or the "PDCA” model not used in the structure of Annex SL ? In developing Annex SL Annex 3, the existing management system standards were reviewed. Since there were a number of models in use, no one model was adopted. Annex SL accommodates the concept of the PDCA cycle and the concept of managing processes as an interacting and interrelated set in order to achieve the intended outcomes This does not prevent a model diagram being incorporated in a management system standard.

JTCG / N359

6

12. How is risk to be addressed ?

The topic of risk will be addressed by TC/SC/PCs based on the scope of their MSS, their discipline related risks, as well as the risk that the management system itself is not effective. Each discipline should clarify its need for a formal “risk management“ approach.

13. Why is the term "Documented information" used instead of "Documentation" or "Records" ? The standard has been updated to reflect current technology. Data, documentation and records are now frequently processed electronically. Therefore the new term "documented information" has been created to describe and take account of this situation. The term subsumes the previous concepts of documentation, documents, documented procedures and records. 14. Why are there no references to "procedures" ? Annex SL was written to establish distinct requirements on what has to be done, not to define requirements for procedures. It was agreed that the need for procedures was discipline specific and would be addressed by the TC/PC/SCs in their MSS. 15. What is the difference between the terms "determine" and "identify" ? The terms are used interchangeably in general English but "identify" can have translational problems, as it can be mistaken for e.g. putting a label on something to identify it. "Determination" is an indication of an assessment rather than "identify" which indicates that something has been noted. Dictionary definitions give: Determine = establish or find out with certainty by research, examination or calculation Identify = establish the identity of something or somebody 16. Why is there explicit distinction between requirements for "top management " and "the organization" ? The success of the management system depends on the leadership and commitment of top management; however it would be unreasonable for top management to perform all activities within the management system, therefore it is necessary for such tasks to be assigned to other roles within "the organization". 17. What is the implication of "Top management shall ensure" ? This means that Top management remains accountable for the satisfactory completion of activities assigned to the organization. 18. How do 4.1, 4.2, 6.1 and 8.1 link together ?

JTCG / N359

7

The external or internal issues determined in 4.1 along with the relevant requirements of relevant interested parties determined in 4.2 create a knowledge base for determining the organizational requirements in 4.3 for the planning of the organization’s management system in 6.1, and for determining the control activities needed to achieve those requirements in 8.1 19. What does “issues” mean ?

An "issue" is "an important topic for the organization, problems for debate and discussion, or changing circumstances". This term was used in Annex SL identical text after referring to dictionary definitions (e.g. the Oxford English Dictionary).

20. What is the difference between “stakeholder” and “interested party” ?

Traditionally management systems standards used the term "interested party" because "stakeholder" created translation problems for a number of languages. The term "stakeholder" has gained wider acceptance even in translation, and some MSS now have chosen to use the term. The two terms are defined as being interchangeable, but with "interested party" as the preferred term.

21. Are interested parties part of the context of the organization ?

Interested parties are part of the context of the organization; however only "relevant" interested parties and their relevant requirements (as accepted by the organization) are considered for the implementation of the management system. Clause 4 "Context of the organization" is divided into three parts with the first part (4.1) addressing the important internal and external issues for the organization, the second (4.2) addressing the important interested parties and the relevant requirements, and the third part (4.3) is about the organization defining the scope of its management system once it has considered the two previous parts.

22. What is the difference between “as applicable” vs. “as appropriate” ? Dictionary definitions give:

Applicable = relevant; appropriate; possible to apply Appropriate = suitable (for, to)

In most cases appropriate implies some degree of freedom, whereas applicable implies that if it can be done it shall be done. 23. The title to Clause 4.1 states ‘understanding’ and ‘context’ while the text uses the terms ‘determine’ and ‘issues’; why is this ? “In order to understand you first have to find out what it is you need to evaluate”. That evaluation requires consideration of relevance and ability to achieve, etc. Once you know that, you have a basis for an understanding of the organization and its context.

JTCG / N359

8

24. What is the meaning of the term ‘requirement’ in the context of management systems. In Annex SL requirement is defined in 3.03. In the context of a management system, requirements become obligations when the organization chooses to comply with them. Obligations may arise from mandatory requirements, such as applicable laws and regulations or voluntary commitments such as industry standards and codes (including ISO MSS), contractual relationships, principles of good governance and accepted community and ethical standards. Clause 4.2 provides the framework for determining the relevant requirements of relevant interested parties, which the organization chooses to adopt in 4.3. A MSS contains specific requirements in addition to those of other relevant interested parties. Lastly, an organization may self-impose internal requirements above and beyond those required by an MSS or by other relevant interested parties. The term requirement is used in several clauses with reference to different sources of requirements.

Clauses 4.2, 4.3, 5.2, 6.1, 6.2 reference the requirements of relevant interested parties that are applicable to the organization. Clauses 4.4, 5.3, 9.2 reference the MSS requirements. Clauses 5.1, 7.3, 8.1, 9.2 reference the organization’s MS requirements

If clarification is needed to avoid confusion within a MSS, it is suggested that standards writers maintain the term ‘requirement’ as it is defined in Annex SL, and where necessary, make use of notes in the definition of ‘requirement’ or create a new term and definition for a specific requirement to cover cases where a difference needs to be made. 25. What is the meaning of the word "available" in Clause 7.5.3 ‘documented information’ ? The word ‘available’ encompasses the idea of ‘to whosoever needs access / is authorized, or are concerned with, the documented information’.