One subject worth mentioning is that of something the ISO calls “Annex SL” (not to be confused with “Annex A” from ISO/IEC 27001!).
This is a very obscure name for a concept that represents a big change in ISO management system standards, starting with ISO22301. There are a number of ISO standards that involve operating a “management system” to address the specific subject of the standard.
Some of the main examples are:
ISO9001 – Quality management
ISO14001 – Environmental management
ISO/IEC 27001 – Information security management
ISO/IEC 20000 – IT service management
Traditionally, all of these standards have had a slightly different way of implementing and running a management system and the wording of the standards has varied sometimes quite significantly. This is ok until an organization decides to try to run a single management system across multiple standards, for example ISO9001 and ISO/IEC 27001. Then it becomes difficult for the organization to marry up differing ways of doing the same thing and it makes the auditors’ job harder (and longer and more expensive) too.
So, to get around this problem of “multiple management systems” the ISO decided to standardise the wording of the management system parts of the standards. They produced a long document with numerous appendices, one of which was “Annex SL” containing a first draft of the standard wording. Over time the ISO is now phasing in this common “Annex SL” wording and all new standards or new versions of existing standards will have it. As it happens, ISO22301 was the first to adopt this new layout and so may be called the first “Annex SL” standard. Since 2012 one other standard has been revised which is ISO/IEC 27001 (Information security) and at the time of writing (mid 2015) the plan is to make ISO9001 and ISO14001 “Annex SL” compatible too.
The good news for an organization implementing a BCMS based on ISO22301 or an ISMS based on ISO/IEC 27001 is that they will by default be putting in place an “Annex SL” management system. This will make it much easier for them to implement other standards such as ISO9001 at a later date.
So if you are going down the multiple standards route it’s worth remembering – Annex SL is where it’s at!