Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

What does ISO “Annex SL” mean?

One subject worth mentioning is that of something the ISO calls “Annex SL” (not to be confused with “Annex A” from ISO/IEC 27001!).

This is a very obscure name for a concept that represents a big change in ISO management system standards, starting with ISO22301. There are a number of ISO standards that involve operating a “management system” to address the specific subject of the standard.

Some of the main examples are:

ISO9001 – Quality management

ISO14001 – Environmental management

ISO/IEC 27001 – Information security management

ISO/IEC 20000 – IT service management


Traditionally, all of these standards have had a slightly different way of implementing and running a management system and the wording of the standards has varied sometimes quite significantly. This is ok until an organization decides to try to run a single management system across multiple standards, for example ISO9001 and ISO/IEC 27001. Then it becomes difficult for the organization to marry up differing ways of doing the same thing and it makes the auditors’ job harder (and longer and more expensive) too.

So, to get around this problem of “multiple management systems” the ISO decided to standardise the wording of the management system parts of the standards. They produced a long document with numerous appendices, one of which was “Annex SL” containing a first draft of the standard wording. Over time the ISO is now phasing in this common “Annex SL” wording and all new standards or new versions of existing standards will have it. As it happens, ISO22301 was the first to adopt this new layout and so may be called the first “Annex SL” standard. Since 2012 one other standard has been revised which is ISO/IEC 27001 (Information security) and at the time of writing (mid 2015) the plan is to make ISO9001 and ISO14001 “Annex SL” compatible too.

The good news for an organization implementing a BCMS based on ISO22301 or an ISMS based on ISO/IEC 27001 is that they will by default be putting in place an “Annex SL” management system. This will make it much easier for them to implement other standards such as ISO9001 at a later date.

So if you are going down the multiple standards route it’s worth remembering – Annex SL is where it’s at!

Over 3000 businesses have purchased our toolkits


The toolkit was easy to use and came with all the instructions needed to confidently complete and comply with GDPR law.

Bayford & Co Ltd

View all Testimonials