Annex SL

The Annex SL (also known as Annex L in the 2019th edition) is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed-upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS (and B where appropriate) are aligned and the compatibility of these standards is enhanced.

Before 2012, various standards for management systems were written in different ways. Several attempts have been made since the late 90s to harmonize the way to write these but the first group that succeeded to reach an agreement was the Joint Technical Coordination Group (JTCG) set up by ISO/Technical Management Board.

Various of Technical Committees within ISO are currently working on revising all MSS published before Annex SL was adopted. Many standards are already following Annex SL such as ISO 9001, and ISO 14001.

High level structure
According to Annex SL, a Management System Standard should follow the structure:
 * 1) Scope
 * 2) Normative references
 * 3) Terms and definitions
 * 4) Context of the organization
 * 5) Leadership
 * 6) Planning
 * 7) Support
 * 8) Operation
 * 9) Performance evaluation
 * 10) Improvement

Types of standards
Two kinds of standards for management systems are defined by the Annex SL:
 * Type A MSS: in regard to management system requirement (for example ISO 9001 and ISO 14001)
 * Type B MSS: in regard to guidelines (for instance ISO 9004 and ISO 14004)

MSS (Type A) following Annex SL
Sector specific to ISO 9001
 * ISO 9001:2015, Quality management systems - Requirements
 * ISO 14001:2015, Environmental management systems - Requirements with guidance for use
 * ISO 14298:2013, Graphic technology - Management of security printing processes
 * ISO 18788:2015, Management system for private security operations - Requirements with guidance for use
 * ISO/IEC 19770-1:2017, Information technology - IT asset management - Part 1: IT asset management systems - Requirements
 * ISO/IEC 20000-1:2018, Information technology - Service management - Part 1: Service management system requirements
 * ISO 20121:2012, Event sustainability management systems - Requirements with guidance for use
 * ISO 21001:2018, Educational organizations - Management systems for educational organizations - Requirements with guidance for use
 * ISO 21101:2014, Adventure tourism - Safety management systems - Requirements
 * ISO 21401:2018, Tourism and related services - Sustainability management system for accommodation establishments – Requirements
 * ISO 22000:2018, Food safety management systems - Requirements for any organization in the food chain
 * ISO 22301:2019, Security and resilience - Business continuity management systems - Requirements
 * ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection — Information security management systems — Requirements
 * ISO 28000:2022, Security and resilience - Security management systems - Requirements
 * ISO 30301:2019, Information and documentation - Management systems for records - Requirements
 * ISO 30401:2018, Knowledge management systems – Requirements
 * ISO 35001:2019, Biorisk management for laboratories and other related organisations
 * ISO 34101-1:2019, Sustainable and traceable cocoa beans - Part 1: Requirements for sustainability management systems
 * ISO 37001:2016, Anti-bribery management systems - Requirements with guidance for use
 * ISO 37101:2016, Sustainable development in communities - Management system for sustainable development - Requirements with guidance for use
 * ISO 37301:2021, Compliance management systems - Requirements with guidance for use
 * ISO 39001:2012, Road traffic safety (RTS) management systems - Requirements with guidance for use
 * ISO 41001:2018, Facility management - Management systems - Requirements with guidance for use
 * ISO 44001:2017, Collaborative business relationship management systems - Requirements and framework
 * ISO 45001:2018, Occupational health and safety management systems - Requirements with guidance for use
 * ISO 46001:2019, Water efficiency management systems - Requirements with guidance for use
 * ISO 50001:2018, Energy management systems - Requirements with guidance for use
 * ISO 55001:2014, Asset management - Management systems - Requirements
 * ISO 15378:2017, Primary packaging materials for medicinal products — Particular requirements for the application of ISO 9001:2015, with reference to good manufacturing practice (GMP)
 * ISO 19443:2018, Quality management systems — Specific requirements for the application of ISO 9001:2015 by organizations in the supply chain of the nuclear energy sector supplying products and services important to nuclear safety (ITNS)
 * ISO/TS 22163:2017, Railway applications — Quality management system — Business management system requirements for rail organizations: ISO 9001:2015 and particular requirements for application in the rail sector
 * ISO/TS 54001:2019, Quality management systems — Particular requirements for the application of ISO 9001:2015 for electoral organizations at all levels of government
 * ISO/IEC 80079-34:2018, Explosive atmospheres — Part 34: Application of quality systems for ex product manufacture

MSS (Type A) not yet revised in accordance with Annex SL

 * ISO 10012:2003, Measurement management systems - Requirements for measurement processes and measuring equipment
 * ISO 30000:2009, Ships and marine technology - Ship recycling management systems - Specifications for management systems for safe and environmentally sound ship recycling facilities

Sector specific to ISO 9001
 * ISO 13485:2016, Medical devices - Quality management systems - Requirements for regulatory purposes
 * ISO 16000-40:2019, Indoor air - Part 40: Indoor Air Quality Management System
 * ISO/TS 17582:2014, Quality management systems - Particular requirements for the application of ISO 9001:2008 for electoral organizations at all levels of government
 * ISO/TS 29001:2010 Petroleum, petrochemical and natural gas industries - Sector-specific quality management systems - Requirements for product and service supply organizations

Sector specific to ISO/IEC 27001
 * ISO/IEC 27701:2019, Information technology - Security techniques - Enhancement to ISO/IEC 27001 for privacy management - Requirements

MSS (Type A) under development

 * ISO 7101 Healthcare Quality Management Systems Standard

MSS (Type B) following Annex SL

 * ISO/TS 9002:2016, Quality management systems - Guidelines for the application of ISO 9001:2015
 * ISO 9004:2018, Quality management — Quality of an organization — Guidance to achieve sustained success
 * ISO 14004:2016, Environmental management systems — General guidelines on implementation
 * ISO 18091:2019, Quality management - Guidelines for the application of ISO 9001:2008 in local government
 * ISO 19600:2014, Compliance management systems — Guidelines
 * ISO 22313:2020, Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301
 * ISO 24518:2015, Activities relating to drinking water and wastewater services — Crisis management of water utilities
 * ISO 50004:2020, Energy management systems — Guidance for the implementation, maintenance and improvement of an energy management system
 * ISO 55002:2018, Asset management — Management systems — Guidelines for the application of ISO 55001
 * ISO 56002:2019, Innovation management - Innovation management system - Guidance
 * ISO/IEC/IEEE 90003:2018, Software engineering — Guidelines for the application of ISO 9001:2015 to computer software

MSS (Type B) not following Annex SL

 * ISO 14002-1:2019, Environmental management systems - Guidelines for applying the ISO 14001 framework to environmental aspects and environmental conditions by environmental topic areas - Part 1: General
 * ISO 14005:2019, Environmental management systems — Guidelines for a flexible approach to phased implementation
 * ISO 22004:2014, Food safety management systems — Guidance on the application of ISO 22000
 * ISO/IEC 27013:2015, Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (under revision)
 * ISO 28001:2007, Security management systems for the supply chain — Best practices for implementing supply chain security, assessments and plans - Requirements and guidance
 * ISO 28002:2011, Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use
 * ISO 28007-1:2015, Ships and marine technology — Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract) - Part 1: General

MSS (Type B) under development

 * ISO 37002, Whistleblowing management systems - Guidelines