Implementing the first Management System is indeed challenging, as you are aligning all the processes of your organization to the standard. This process may make you wonder: do I have to go through all of this again to integrate with other ISO standards? The answer is no. After implementing one ISO standard, integrating with other ISO standards is much faster and simpler, as the normative structure of all ISO standards is the same and organized according to the Annex SL.
What is Annex SL?
Aiming precisely at easy integration of management systems and optimization of audits, ISO reorganized the standards in 2012, making them all have the same structure, which is the Annex SL.
Annex SL is divided into some topics:
4 Context of the Organization
9 Performance Evaluation
In other words, regardless of the management system standard, they will all have this division of requirements, making it easier to align two or more standards, facilitating implementation.
This same Annex SL is based on the PDCA cycle – Plan, Do, Check, Act.
The PDCA cycle guides that the management system needs to be in constant change in search of improvements, and the creation of Annex SL made this much more visible.
- Plan: context of the organization, leadership, planning, support.
- Do: operation
- Check: performance evaluation
- Act: Improvement
Are the requirements also the same to facilitate integration with other ISO standards?
Yes and no. Most of the requirements indeed have the same basis, but they have variations.
One of the most common integrations is between ISO 9001 (quality) + ISO 14001 (environmental) + ISO 45001 (health and occupational safety), in which the requirement 4.1 on understanding the organization and its context is very similar, with the text only being adapted to the needs of each theme and sometimes considered not applicable, as seen below:
- ISO 9001: The organization must monitor and critically analyze information about these external and internal issues.
- ISO 14001: These issues must include environmental conditions that affect or are capable of affecting the organization.
- ISO 45001: Not applicable, so it was not included in the standard.
The same happens inversely, sometimes a standard may contain a larger number of requirements within one item of Annex SL.
Another common integration is between ISO 37301 (compliance) + ISO 37001 (anti-bribery), where the former focuses more on the rear guard of the company, so within the PDCA cycle, it is more focused on planning, while the latter is aimed at attacking bribery, so it has more requirements in the operation part, resulting in a greater variability of requirements between the standards in their respective parts.
In summary, integrating with other ISO standards is much simpler than implementing a management system from scratch, as your company is already pre-organized and will only need to make some adaptations to meet both standards.