Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu
Home Blog What Does ISO “Annex SL” Mean?

What Does ISO “Annex SL” Mean?

One subject worth mentioning is that of something the ISO calls “Annex SL” (not to be confused with “Annex A” from ISO/IEC 27001!).

This is a very obscure name for a concept that represents a big change in ISO management system standards, starting with ISO22301. There are a number of ISO standards that involve operating a “management system” to address the specific subject of the standard.

Some of the main examples are:

ISO9001 – Quality management

ISO14001 – Environmental management

ISO45001 – Occupational heath and safety management

ISO22301 – Business continuity management

ISO/IEC 27001 – Information security management

ISO/IEC 20000 – IT service management

annex_sl

Traditionally, all of these standards have had a slightly different way of implementing and running a management system and the wording of the standards has varied sometimes quite significantly. This is ok until an organization decides to try to run a single management system across multiple standards, for example ISO9001 and ISO/IEC 27001. Then it becomes difficult for the organization to marry up differing ways of doing the same thing and it makes the auditors’ job harder (and longer and more expensive) too.

So, to get around this problem of “multiple management systems” the ISO decided to standardise the wording of the management system parts of the standards. They produced a long document with numerous appendices, one of which was “Annex SL” containing a first draft of the standard wording. Over time the ISO phased in this common “Annex SL” wording and all new standards or new versions of existing standards now have it. As it happens, ISO22301 was the first to adopt this new layout and so may be called the first “Annex SL” standard. Since 2012 all of the other management system standards have been gradually revised until we now have a situation where they are all compatible with each other (with minor variations).

The good news for an organization implementing (for example) a BCMS based on ISO22301 or an ISMS based on ISO/IEC 27001 is that they will by default be putting in place an “Annex SL” management system. This will make it much easier for them to implement other standards such as ISO9001 at a later date.

What is structure of Annex SL?

Each ISO standard that follows Annex SL has the same high-level structure as follows:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organisation
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

Sections 1-3 are for reference and don’t cover the requirements that are in sections 4-10. Section 0 is the introduction. The requirements of sections 4-10 are mandatory and meeting them determines the outcome of your certification audit

Editor’s note: The original post was published in June 2016, and updates have been made in February 2022 for accuracy and comprehensiveness.

More ISO Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO standard of your choice, go to our guidance pages where you can find more specific information about each standard and more downloadable resources.

More ISO Guidance

We’ve helped more than 4000 businesses with their compliance

Testimonials

Compared to competing toolkits, your ISO27001 document structure was very good. The provided "Introduction" of each was useful (I have moved those out of the core documents and into a more comprehensive manual) for the general audience vs security staff. The inclusion of references to 27017 and 27018 were appreciated. You provided more "ISMS-C" oriented artefacts than competitors.

Trusted By Design Inc.
Canada

View all Testimonials

Cookie Control

CertiKit uses cookies to improve your user experience. Some are essential for our website to work, but for others you have a choice over which ones you’re happy for us to use.

Please set the controls below to enable or disable the types of cookies shown.

Nice to have cookies
What are these?

Advertising Cookies
What are these?

Cookie Policy