LRQA ISO Standards Update: ISO Standards Revision Podcast

Welcome to the latest episode of the LRQA Podcast Series. Leading up to LRQA’s Agenda 14 Roadshow which takes place across the UK from April the 1st to the 11th we will be speaking to Richard Crute-Morris, LRQA UK Technical Manager about the upcoming revisions to ISO Management Systems Standards specifically the ISO 9001 and ISO 14001 revisions, as well as Annex SL.

Interviewer: Firstly Richard why is this such an important time for those interested in ISO Management Systems Standards?

RCM: Well ISO 9001 and 14001 are the two largest globally deployed management systems and the reason why this is so important is they’ve had no real serious development since 2000 for 9001 and 2004 for 14001. The International Standards Organisation (ISO) have gone through a development themselves in the way in which they want to see management system standards constructed so there’s a commonality between them. This framework is laid out in something which we term as Annex SL, and this lays out a ten clause standard structure that is universal across the development of management systems standards. It’s important because things are changing and things are changing quite considerably. So with the introduction of the new high level structure which is within the Annex SL document which has been issued by ISO this gives a common framework that all management systems standards are being constructed against so there’s a commonality across all of them. The first one we came across was one called ISO 20121 as we called it for sustainable events and we deployed that within the Olympic Organising Committee for transportation and subsequently there has been issue against the new structure of ISO 22301 for business continuity and ISO 27001 for information security. There are others which are developed within it but one of the main ones coming along is ISO 45001 which will be replacing the Occupational Health & Safety standard of 18001. So it’s important, it’s happening across the piece, it’s happening on a global basis and it’s a big change.

Interviewer: Now Richard what would you say are some of the most important changes that are coming to ISO 9001?

RCM:There are lots of changes, there’s lots of incremental changes which themselves add up to important changes. But the significant ones are around scoping, understanding the context of the organisation, where it fits in society, what it’s there to do in terms of its product delivery and its services. Leadership and policy is a big change in being more prescriptive and upping the ante really for leadership accountability. The introduction of risk for ISO 9001 is a massive change. Although we do it every day in our everyday lives and it’s kind of how we do things generally, the fact that it’s now got to be linked to what we do within organisations and our business and then have objectives driven out of those on a priority basis is a huge change. There’s also the introduction of an element of knowledge management which again needs a little bit more definition but the knowledge piece around 9001 is becoming more, and needs to be more available to others within the organisation. System design has been looked at as well and this has brought in management of outsourced activities, those services and activities that an organisation has done for it but is part of its service deliverable and they were previously mentioned but quite lightly, but now they’re really brought in with a significant amount of descriptors required. And then the process approach which was previously in the introduction is now fully embedded within the requirements of the standard.

Interviewer: So those are the changes, the important changes Richard to ISO 9001. How about the important changes to ISO 14001?

RCM: Well again 14001 is up for change. It’s got some quite interesting changes within it. One of them is within the scoping again around protecting the environment. It’s always been there, always been a requirement to have environmental preservation but this is moving further now into actually active protection of the environment and improving those products and services that are delivered to be more environmentally aware. The scope has had a massive change. It’s more defined, it challenges the previous vagaries and it looks at the operational units, its functions and also its boundaries both physical and beyond those boundaries. The leadership again, leadership accountability is boosted and policy really does open up more in terms of defining what it is that the business is there to do. 14001 also looks at risk as 9001 does, but we’re not looking at full risk assessment here, we’re looking at a risk based approach. The 14001 brings in the concepts of value chain, or supply chain if you like in terms of its environmental impacts and aspects to the amount that can be controlled and influenced and also it looks or asks businesses to look at the lifecycle approach from cradle to grave as it were, but not full analysis, it’s looking at an approach but I must emphasise its not full analysis. Again, outsourcing activities in terms of delivery and system design and process approach are starting to appear more within 14001 than they have been there before.

Interviewer: Thank you Richard. Now what do you think will be the long-term result of ISO developing a global Health & Safety Management System?

RCM: Well this is very interesting. The OHSAS 18001 as it currently is, is reasonably well deployed globally but as soon as it hits an ISO standard then there will be significantly more interest on a global basis. Of course, its structured currently within the structure of 14001 and will be converting to the Annex SL structures. But with 14001 leading the way on this because of similarities between them it should be a relatively easy construct. However, there’s always those people within development activity that have specific issues that they want to voice, and one of the key risks within this standard will be the requirements based on statutory and regulatory requirements and the implications of those especially within litigation cultures. So it shouldn’t be too different from 14001 because with 14001 leading the way, 45001 should have a very similar structure.

Interviewer: Now Richard what changes do you anticipate for SME’s who might currently only have an ISO 9001 system in place?

RCM: SME’s are going to have to look again at their business context. It’s the key thing that needs to be established and understood within organisations. What is the context, what are we here to do and linking that through to the business objectives, the performance monitoring and having a plan-do-check-act cycle in maintaining and improving the organisation. The process approach is still present and if they’ve been maturing their systems in line with 9001-2008 the process approach change should now be embedded. But they are going to have some difficulties, but LRQA Assessors are there to help and assist through the transition to ensure that there’s no falling over at the end of the certification process. And the biggest issue around all of this will be the consideration of risk. Its new to 9001, we saw it coming through 9004 a couple of years ago, but it’s now here with us to stay and that’s the biggest thing that all ISO 9001 businesses need to be aware of.

Interviewer: How about organisations Richard who might currently be running completely different QMS, EMS and Health & Safety systems?

RCM: Well for those businesses running these multiple management systems the Annex SL high level structure is a bit of a god send really. It’s a common structure across all the management systems that looks at and actively promotes integration of management systems, doing as much within the common field as can be possible in terms of the business management processes such as review and audit and action management and those types of things. Of course there will be levels of activity within the standards which need to be done specifically but it doesn’t mean that they can’t be conjoined in order of their system management. So, yes it’s a good thing. I think it’s a good way forward and businesses need to be taking advantage of that to really optimise their systems.

Interviewer: And what should companies be doing right now Richard to get ready for the management systems standards revisions?

RCM: The first thing that businesses need to be looking at is risk. How do they understand risk, the risk based approach. It’s very important that they have an understanding of what it means and that’s known throughout the organisation. Once they understand what that’s about they then need to go back and look at the context of the organisation, what are we here to do, what are we here to deliver, linking that through this plan-do-check-act cycle, through leadership into business management objectives and then performance management and feedback. It’s a vital that that bit needs to be understood for businesses to understand what the new standards are trying to deliver.

Interviewer: Richard, will the role of assessors and independent assessment and certification change?

RCM: The fundamental role won’t change. We, independent assessment and assessors are there to deliver conformity assessments against management system standards. The fact that the standards have changed is the issue, what we will do as an assessment organisation is change and train to meet that requirement and deliver our same independent value added service.

Interviewer: Richard how important will the technical expertise and training of assessors be in the assessment of the new standards and will any new skills from assessors be required in order to deliver assessments against the new standards?

RCM: Yes of course training is required. We need to understand the meaning of what the high level structure of Annex SL is about and how it’s applied generically. That can then help us in looking at businesses that have multiple system standards to incorporate that into their business framework to aid them in integration activity. The high level standard also brings in the risk based thinking that we need to look at and value chain and lifecycle. So we need to understand those to be able to talk to our organisations that we assess from a knowledgeable point of view and we’ve been doing this for some time in terms of the LRQA business approach, looking at risk, questioning risk, changing our assessment activity to address risks that are present in the business that perhaps need a bit of a look at. So it’s not going to be something new to us, but it is going to be something that we are going to have to evolve into in line to meet the Annex SL high level structural requirements.

Interviewer: Richard could you tell us a little bit about the LRQA Agenda ‘14 series?

RCM: Certainly. LRQA undertake an annual event where we go around the country delivering an event to our clients to keep them up-to-date with what’s happening within certification. This year we’re focusing on the new standards which have been structured in line with ISO Annex SL high level structure for management systems standards. We are looking at 27001 which is for information security which has been issued, it’s a released standard and we’re looking how that’s applied, the requirements of the high level structure. And then we’re doing a piece on the 9000 and 14000 standards which are currently working towards their draft international standard status. Looking at what’s changed within them, the implications of those changes and giving our clients a heads up on what we see is coming in the future when the draft international standards are issued. We’re going to nine venues over the course of two weeks ranging from Perth in Scotland down to Winchester in the south and East to West as well. So it’s a broad coverage and it’s a way of us communicating to our clients what’s going on within our business. We also give them a general update on standards that may affect them in the marketplace and what’s coming up.

Interviewer: And finally Richard I want you to look into your crystal ball and if you could fast forward to as I say 2025, what are your thoughts on the impact that independently certified management systems will have on the business world at large?

RCM: I wish I could have that foresight. I’d like to think that we do think along those lines in terms of how is this going to develop, but who would have thought ten years ago we’d be where we are now looking at a common high level management system. I think there are steps that can be taken in terms of maybe having a common management system requirement and breaking out of that then the particular market sectors or other elements that businesses would want to enter into are moduled into it. So I think there is potential for that in the future, whether the market wants that to happen, whether the other certification organisations throughout the world want that to go that way. I think that’s something that we would have to look at and that would be looked at through the certification structure of the IIOC organisation. Will it change, yes I think it will change. It will be driven by what the, what industry tells us, what the market tells us, but also some forward thinking around how do systems and management systems operate within organisations.

Interviewer: Richard Crute-Morris, LRQA UK Technical Manager, thank you very much indeed.

RCM: A pleasure.

Thank you for listening to the LRQA Podcast Series. For more information from LRQA on the ISO Standards Revisions please visit for more information on LRQA UK’s Agenda 14 please visit

To listen to the podcast, click here.