Driving Behavioral Change for Information Management through Data-Driven Gree...
Future of ISO standards LRQA viewpoint
1. ISO Standards – 2013 Update
A viewpoint from LRQA
October 14 2013
Improving performance,
reducing risk
2. What is changing?
• Structure of all ISO Management
System Standards
• Annex SL
• ISO 27001
• ISO 9001
• ISO 14001
• OHSAS/ISO 18001
• Impact on Integrated Systems
3. What is changing?
In Other Words
“The world of management systems
and the role they play in how
organisations manage their business.”
4. Framework of all new management systems standards
•
•
•
•
•
•
•
•
•
•
Scope
Normative References
Terms & Definitions
Context of the Organisation
Leadership
Planning
Support
Operations
Performance
Improvement
5. ISO standards revision – significant changes
• Organisational Context
• Leadership
• The Management of Risk
• Change Management
• Performance
• Integration of Different Systems
6. The Implications
Organisational Context
• This requires the determination of external and internal factors that are relevant to the organisations’
purpose and that affect its ability to achieve the intended outcomes of the management system.
• This will have significant implications for the design of the management system and the alignment of
strategy and structure within organisations.
Leadership
• Top management shall demonstrate leadership and commitment with respect to the management
system and shall ‘ensure ..’. LRQA believes that the use of the word ‘ensure’ indicates an increase in the
personal responsibilities of senior management.
• This will require amongst other things that policy and objectives are compatible with strategic intent
and that the management system is integrated with the organisations business processes.
7. The Implications
Risk
• Organisations need to consider risks to ensure it can meet policy and objectives; for significant risks
measures need to be put in place to manage them.
• This is an extension of the current planning requirements. This strengthens the need for organisations to
look ahead so that the management system delivers for the future as well as the present.
Change
• The organisation will need to manage change through the management system and also maintain the
system while the organisation changes itself.
• This is recognition that the management system is both the controlling mechanism of the organisation
and part of it at the same time.
8. The Implications
Performance
• Performance requirements are broader, enhanced and include the preparation of performance analysis
as a significant input into the management review process.
• This will strengthen the link between management system performance and the quality of
product/service delivery.
Integration
• The introduction of high level common text and structure for all management systems standards
through the adoption of Annex SL will help organisations using more than one standard to align aspects
and/or integrate elements or the whole of the management system.
9. Annex SL - Definition
Annex SL defines the framework for
generic MSS so as to ensure that the text
used is aligned to the extent that they
have, where practical, identical clause
titles, sequence of clauses, definitions and
as much identical text as feasible.
10. Annex SL - Features
The framework will have ten sections with wording being tailored to the
intended users of the particular standard:
• Scope
• Normative references
• Terms and definitions
• Context of the organisation
• Leadership
• Planning
• Support
• Operation
• Performance evaluation
• Improvement
11. ISO 27001 - Revision Implications
• Clause 4 dedicates itself to the ‘organisational context’. This section is divided into 4
sub clauses with the fundamental change being:
• 4.1 Understanding the organisation and its context
• 4.2 Understanding the needs and expectations of interested parties
• Preventive action being replaced with ‘Actions to address, risks and opportunities’ (6.1)
• An amalgamation of Document and Record Control into one clause (7.5)
• The formal inclusion of Outsourcing which may be particularly important to
organisations that rely on 3rd party data centres and ICT infrastructure service and
maintenance providers (8.1)
• A greater emphasis on setting the objectives, monitoring performance and metrics (9.1)
More information can be found in LRQA’s White Paper:
The new ISO/IEC 27001 Standard. Evolution or revolution?
12. ISO 9001 - Revision Implications
Increased user confidence through
greater senior management ‘quality
leadership’ responsibility tied to
closer links between the
management system and
product/service quality, all raising
the responsibility of certification
and accreditation bodies.
Mike James, Managing Director LRQA
and Chair IIOC
September 2013
13. ISO 14001 - Revision Implications
The main focus of the revision is to strengthen the
incorporation of the EMS into the Organisation’s Business
Processes. Further topics include:
• Integration of the EMS into the organisation’s strategic
management
• Improvement of identification and consideration of the views
of interested parties on a strategic level
• Broader view on the supply and value chain including
consideration of the life cycle
• Improving the environmental performance using indicators
for the performance evaluation
• Focus on compliance with legal and other requirements
• Applicability for small and medium sized companies
• Integration with other Management Systems such as Social
Responsibility, Sustainability, Greenhouse Gas or Energy
Management
Cornelia Fricke
LRQA ISO 14001
Technical Manager
September 2013
14. OHSAS/ISO 18001 - Revision Implications
ISO Project Committee (PC) 283 established July 2013 for the
development of an ISO standard built upon OHSAS 18001 the internationally-recognised and adopted British Standard
for Occupational Health and Safety.
The task facing PC 283 is now to establish the
Technical Committee (TC) which will be responsible
for the development of the standard itself.
However, before this can happen, ISO is faced with
the challenge of consolidating all of the different
approaches to OHSAS around the world to produce
a generic model that is acceptable to both the
developed and developing world.
David Lawson,
LRQA Technical Director
July 2013
15. Timelines for Revisions
• The scheduled publication date for the ISO 9001 DIS is April 2014 with final
publication anticipated September 2015
• The scheduled publication date for the ISO 14001 DIS is July / Aug 2014, with the
FDIS currently planned for publication in Mar/Apr 2015 and final publication is
anticipated mid 2015.
• OHSAS 18001 has been proposed as an ISO standard. If vote successful publication
date is anticipated late 2016
• The (as yet to be confirmed) three year transition period will allow organisations
to change at a pace suited to them
16. LRQA and Future MSS Development
• Chairmanship of IIOC and key ISO technical committees
• LRQA’s approach has been supportive of these ideas focusing on
aligning the management system with the core business systems;
reducing risk and improving performance
• For more forward thinking organisations the changes will be
supportive of their management systems culture
• For those organisations who have maintained a more traditional
approach this will allow them to realise a more formalised approach
17. Our unique assessment methodology
Business Assurance from LRQA helps
you to manage your systems and risks
to improve and protect the current and
future performance of your organisation