​Annex SL: Will it make a difference?

It still surprises me that many of my fellow professionals do not know about Annex SL, it has been used for many years in ISO 22301 Business Continuity and ISO 39001 Road Traffic Safety to name a few.

Nevertheless it only recently became a hot topic because of the pending publication of the world’s number one standard ISO 9001:2015.

I am in a lucky and privileged position to represent the Chartered Quality Institute (CQI) on ISO/TC176 – the technical committee writing ISO 9001:2015. However, my main concern is that many businesses are still using multiple management systems and having multiple certification audits.

So arguably not a true business management system, I stay away from the term "integrated". My justification is I do not want an integrated certification management system, I would prefer an integrated business with a single management system (that should set the cat amongst the pigeons). Annex SL will play a significant part to achieve this objective and realise the benefits within our business.

For the AA, the adoption of Annex SL will allow our many management standards, within many business units to recognise substantial efficiencies in terms of our system ongoing support and growth. In addition the framework will create a system that requires less maintenance and resources, creating one document or process instead of many.

The new standards using Annex SL high level structure and common core text and terms are designed to be much less prescriptive, affording the AA greater freedom to design their own management systems. We see this as a significant positive, for too many years we have implemented a process to satisfy the ‘requirements’.

The AA management system goes much further than any ISO requirements. It includes processes and procedures that help employees, adds value and enhances customer satisfaction. Last year we had over 670,000 hits on our intranet pages, which demonstrates the success and value of the system.

Unfortunately with the implementation of Annex SL we must spend considerable time and effort to modernise the system and remove duplication where we have implemented a number of processes or systems to satisfy the requirements and our external auditors.

When Annex SL is adopted there will be almost identical requirements across all standards. This means there is scope for a change in approach in terms of third-party assessments. From our perspective, I would expect external certification bodies to reduce audit days and employ or train more multi-skilled auditors.

Internal discussions are based on who owns the management system, who should be involved and because of the similarities, what resources should we reduce.

I suspect the health and safety, quality manager and information security manager will need to work much closer than before, ideally under one reporting director. Organisations similar to certification bodies will also have to invest to ensure people are adequately trained in each applicable discipline.

We are lucky at the AA to have a full-time audit team already multi-skilled with quality, environment and health & safety, however the information security and business continuity team (BCP) are managed separately and have their own resources ­– intriguingly the BCP manager uses the primary management system.

This leads onto the management representative, who is normally an unwilling volunteer usually selected because the quality manager or equivalent reports to them.

However, the new management system standards deliberately do not prescribe this role but we will retain the management representative role as the business unit champions.

There are now activities, which traditionally may have been delegated, but now top management (i.e. directors) will have to undertake. I’m lucky because this has always been the case.

In summary, the use of the Annex SL structure as well as commonly used terms and definitions will make it easier, less time consuming and consequently cheaper to implement and maintain systems.

Hopefully removing the red tape stigma and producing a robust system, aligned to business objectives with all standards working in harmony.

Mark Braham is Head of Business Assurance at the AA and represents the CQI on ISO/TC176 – the technical committee writing ISO 9001:2015.