HLS: High Level Structure for management system standards

By Guillaume Promé
Jan. 25, 2022 ISO 13485

HLS - Deming Wheel - PDCA

The HLS (High Level Structure for management system standards) is a common framework for standards on management systems.

Some are already aligned with the HLS, such as ISO/IEC 27001 (information security management), others will be aligned with their next edition.

This article proposes to summarize the HSL structure, based on Annex SL / Appendix 2 of the ISO/IEC Directives, Part 1 – Consolidated ISO Supplement – ISO-specific procedures.

What is the HLS structure?

The High Level Structure for management system standards is a framework for that defines common terms, concepts and chapter.

Does the HLS structure apply to ISO 13485 for medical devices?

No, the version under revision retains the old structure, to ensure its independence.

How is the HLS structured?

The HLS structure is based on 10 articles:
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement

The first 3 are general and without requirements. The next ones fit into the PDCA model (Plan: 4,5,6,7; Do: 8; Check: 9; Act: 10).

Is the HLS strictly applied?

No, although all sections are necessarily present, each management system standard introduces its own concepts and additional requirements, particularly for section 8 dealing with operational activities.

The 10 articles of the HLS

The first 3 articles are relatively general and contain no requirements:

  1. Scope
  2. Normative references
  3. Terms and definitions

The following 7 can be grouped according to the PDCA template. Here is an illustration using the Deming wheel:

Note: the interpretation of the model is flexible, so the ISO 9001 puts Leadership at the center of the PDCA, Support is associated with “Do”.

General articles

Art. 1 –  Scope

Defining the scope means defining what (what the standard does) and who (for whom the standard is useful).

In the case of ISO 9001:2015, the standard provides requirements for quality management systems, it is intended for an organization that needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements and to enhance customer satisfaction.

The requirements of ISO 14001 relate to environmental management, for organizations wishing to be part of a sustainable development approach.

Art. 2 – Normative references

Contains the list of standards, dated, necessary for the implementation of the relevant standard.

For example, ISO 9001:2015 refers to ISO 9000:2015 for the principles and vocabulary used in the standard.

Art. 3 – Terms and definitions

A list of definitions useful for understanding and applying the standard.

It includes basic common terms (e.g. organization, management, performance, corrective action…) and others specifics to the topic under consideration (e.g. environmental policy in ISO 14001, customer satisfaction in ISO 9001).

Many of these terms are derived from ISO 9000. Unlike DIS the FDIS of ISO 9001:2015 no longer uses the definitions and simply refers to ISO 9000, you can find these definitions on the ISO website.

Articles related to planning (PLAN)

Planning is to be taken in a broad sense, it is everything that is necessary to organize the activity of the organization.

Art. 4 – Context of the organization

HLS - organisation context


  • Organization: not limited to corporations: institutions, charities and even self-employed people are organizations.
  • Issues: everything that may arise from the legal, competitive, cultural, social, economic… environment external and internal to the organization.
  • Stakeholders: We think of course of the customer, but we must also consider the environment, suppliers, carriers, bankers, the regulation, and even the management system standard. The needs and expectations of the interested parties are grouped in the form of requirements.


The idea is to take a step-up, to look at the context to define the scope of the management system. To do this, the organization considers its own issues, as well as the requirements of the stakeholders.

Art. 5 – Leadership

HLS Leadership


  • Leadership: person(s), at the highest level of the organization, who directs and controls activities. Some authority may be delegated (to heads of services, quality manager…).
  • Resources: human resources of course, but also material, natural, financial…
  • Policy: expression of the organization’s intentions and orientations, in the form of commitments.


This chapter emphasizes the role of Leadership and its commitment.

Management sets the policy, ensures the availability of resources and generally promotes the management system and ensures its proper implementation.

Art. 6 – Planning

HLS - Planning


  • Objective: the result to be achieved
  • Risk: characterized by potential events (probability of occurrence), origin, consequences
  • Opportunity: an opportunity to improve the management system
  • Action: a task, planned


In addition to the planning of objectives, the organization plans the actions implemented to reduce the risks and seize the opportunities.

Within the meaning of the text, planning requires defining what is to be done, the resources needed,  responsibilities, implementation modalities, deadlines, and means of evaluation of effectiveness.

Art. 7 – Support

HLS - Support


  • Competence: ability to apply knowledge / know-how
  • Communication: obtaining and or providing information, both internally and externally
  • Documented information: information that needs to be controlled and maintained


Support for the organization’s activities revolves around:

  • From resources
  • From information
  • From communication

As seen in article 5, there are multiple resources. In the case of human resources the competencies must be defined and proven. The article emphasizes the awareness of staff, who must feel involved.

The concept of documented information allows the organization to manage its knowledge.

Compared to ISO 9001:2008, documented procedures are now documented information to be maintained, records become documented evidence of activities performed.

Article on implementation (DO)

Art. 8 – Operation

HLS - Operation


    • Process: an activity, which considers inputs to produce outputs. A company’s services are often built around a process.
    • Criteria: references for making a comparison


The organization breaks down its activities into processes (internal and external) on which criteria are placed.

The operation depends enormously on the topic considered (quality management, environmental management…). Article 8 is therefore very succinct in the HLS and much more detailed in the standards, this is where we find the numerous requirements on the Operation of the organization.

ISO 9001:2015 sets requirements for products and services (§8.2.3): requirements determination and review, design and development, production, delivery…

ISO 14001 develops requirements around environmental emergencies.

Article on evaluation (CHECK)

Article 9 – Performance evaluation

HLS - Performance evaluation


  • Management review: a review of the management system, conducted by management
  • Internal audit: audit conducted by the organization


The organization defines the activities of monitoring, measurement, analysis, and evaluation (what, when, how).

Internal audits are performed to have a good view of the management system (conformity to requirements, efficiency…).

During management meetings, management reviews the management system, taking into account the organization’s issues, performance information, ongoing actions…

Article on improvement (ACT)

Art. 10 – Improvement

HLS - Improvement


  • Nonconformity: non-fullfilment of a requirement. In other words, failure to comply with a requirement.
  • Corrective action: action that aims to eliminate the causes of a nonconformity to prevent recurrence
  • Continual improvement: aims to continually enhance performance


The organization is committed to continual improvement.

In the event of nonconformity, the organization must control it, correct it and deal with the consequences. If the causes of the nonconformity can reproduce, the organization will need to take corrective action to eliminate them, with a potential impact on the management system.

Note: with this new structure the notion of preventive action disappears, it is in fact included in the risk management.

Lists of mandatory documented information

Below is the list of documented information that is required in the HLS structure:

  • Scope of the organization’s management system
  • Organization’s policy
  • Organization’s objectives
  • Evidence of competence of individuals
  • Process planning and operation
  • Results of monitoring and measurement activities
  • Implementation and results of internal audits
  • Conclusions of management reviews
  • Nature of non-conformities, corrective action and results