HLS: High Level Structure for management system standards
The HLS (High Level Structure for management system standards) is a common framework for standards on management systems.
Some are already aligned with the HLS, such as ISO/IEC 27001 (information security management), others will be aligned with their next edition.
This article proposes to summarize the HSL structure, based on Annex SL / Appendix 2 of the ISO/IEC Directives, Part 1 – Consolidated ISO Supplement – ISO-specific procedures.
The High Level Structure for management system standards is a framework for that defines common terms, concepts and chapter.
No, the version under revision retains the old structure, to ensure its independence.
The HLS structure is based on 10 articles:
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
The first 3 are general and without requirements. The next ones fit into the PDCA model (Plan: 4,5,6,7; Do: 8; Check: 9; Act: 10).
No, although all sections are necessarily present, each management system standard introduces its own concepts and additional requirements, particularly for section 8 dealing with operational activities.
The 10 articles of the HLS
The first 3 articles are relatively general and contain no requirements:
- Scope
- Normative references
- Terms and definitions
The following 7 can be grouped according to the PDCA template. Here is an illustration using the Deming wheel:
Note: the interpretation of the model is flexible, so the ISO 9001 puts Leadership at the center of the PDCA, Support is associated with “Do”.
General articles
Art. 1 – Scope
Defining the scope means defining what (what the standard does) and who (for whom the standard is useful).
In the case of ISO 9001:2015, the standard provides requirements for quality management systems, it is intended for an organization that needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements and to enhance customer satisfaction.
The requirements of ISO 14001 relate to environmental management, for organizations wishing to be part of a sustainable development approach.
Art. 2 – Normative references
Contains the list of standards, dated, necessary for the implementation of the relevant standard.
For example, ISO 9001:2015 refers to ISO 9000:2015 for the principles and vocabulary used in the standard.
Art. 3 – Terms and definitions
A list of definitions useful for understanding and applying the standard.
It includes basic common terms (e.g. organization, management, performance, corrective action…) and others specifics to the topic under consideration (e.g. environmental policy in ISO 14001, customer satisfaction in ISO 9001).
Many of these terms are derived from ISO 9000. Unlike DIS the FDIS of ISO 9001:2015 no longer uses the definitions and simply refers to ISO 9000, you can find these definitions on the ISO website.
Articles related to planning (PLAN)
Planning is to be taken in a broad sense, it is everything that is necessary to organize the activity of the organization.
Art. 4 – Context of the organization
Definitions
- Organization: not limited to corporations: institutions, charities and even self-employed people are organizations.
- Issues: everything that may arise from the legal, competitive, cultural, social, economic… environment external and internal to the organization.
- Stakeholders: We think of course of the customer, but we must also consider the environment, suppliers, carriers, bankers, the regulation, and even the management system standard. The needs and expectations of the interested parties are grouped in the form of requirements.
Summary
The idea is to take a step-up, to look at the context to define the scope of the management system. To do this, the organization considers its own issues, as well as the requirements of the stakeholders.
Art. 5 – Leadership
Definitions
- Leadership: person(s), at the highest level of the organization, who directs and controls activities. Some authority may be delegated (to heads of services, quality manager…).
- Resources: human resources of course, but also material, natural, financial…
- Policy: expression of the organization’s intentions and orientations, in the form of commitments.
Summary
This chapter emphasizes the role of Leadership and its commitment.
Management sets the policy, ensures the availability of resources and generally promotes the management system and ensures its proper implementation.
Art. 6 – Planning
Definitions
- Objective: the result to be achieved
- Risk: characterized by potential events (probability of occurrence), origin, consequences
- Opportunity: an opportunity to improve the management system
- Action: a task, planned
Summary
In addition to the planning of objectives, the organization plans the actions implemented to reduce the risks and seize the opportunities.
Within the meaning of the text, planning requires defining what is to be done, the resources needed, responsibilities, implementation modalities, deadlines, and means of evaluation of effectiveness.
Art. 7 – Support
Definitions
- Competence: ability to apply knowledge / know-how
- Communication: obtaining and or providing information, both internally and externally
- Documented information: information that needs to be controlled and maintained
Summary
Support for the organization’s activities revolves around:
- From resources
- From information
- From communication
As seen in article 5, there are multiple resources. In the case of human resources the competencies must be defined and proven. The article emphasizes the awareness of staff, who must feel involved.
The concept of documented information allows the organization to manage its knowledge.
Compared to ISO 9001:2008, documented procedures are now documented information to be maintained, records become documented evidence of activities performed.
Article on implementation (DO)
Art. 8 – Operation
Definitions
-
- Process: an activity, which considers inputs to produce outputs. A company’s services are often built around a process.
- Criteria: references for making a comparison
Summary
The organization breaks down its activities into processes (internal and external) on which criteria are placed.
The operation depends enormously on the topic considered (quality management, environmental management…). Article 8 is therefore very succinct in the HLS and much more detailed in the standards, this is where we find the numerous requirements on the Operation of the organization.
ISO 9001:2015 sets requirements for products and services (§8.2.3): requirements determination and review, design and development, production, delivery…
ISO 14001 develops requirements around environmental emergencies.
Article on evaluation (CHECK)
Article 9 – Performance evaluation
Definitions
- Management review: a review of the management system, conducted by management
- Internal audit: audit conducted by the organization
Summary
The organization defines the activities of monitoring, measurement, analysis, and evaluation (what, when, how).
Internal audits are performed to have a good view of the management system (conformity to requirements, efficiency…).
During management meetings, management reviews the management system, taking into account the organization’s issues, performance information, ongoing actions…
Article on improvement (ACT)
Art. 10 – Improvement
Definitions
- Nonconformity: non-fullfilment of a requirement. In other words, failure to comply with a requirement.
- Corrective action: action that aims to eliminate the causes of a nonconformity to prevent recurrence
- Continual improvement: aims to continually enhance performance
Summary
The organization is committed to continual improvement.
In the event of nonconformity, the organization must control it, correct it and deal with the consequences. If the causes of the nonconformity can reproduce, the organization will need to take corrective action to eliminate them, with a potential impact on the management system.
Note: with this new structure the notion of preventive action disappears, it is in fact included in the risk management.
Lists of mandatory documented information
Below is the list of documented information that is required in the HLS structure:
- Scope of the organization’s management system
- Organization’s policy
- Organization’s objectives
- Evidence of competence of individuals
- Process planning and operation
- Results of monitoring and measurement activities
- Implementation and results of internal audits
- Conclusions of management reviews
- Nature of non-conformities, corrective action and results