The High Level Structure (HLS) was introduced by the International Organization for Standardization (ISO) to give management system standards a uniform structure and similar core content. The aim behind this is to improve the alignment of different ISO standards by means of a cross-standard structure.

The HLS also serves as a guideline for the revision or development of future standards. In the long term, all ISO standards for management systems are intended to contain the same overarching structure, common core requirements and common terms and definitions.

The rules for the High Level Structure and the core contents were published in 2012 in the Annex "Harmonized Approach to Management System Standards" (Annex SL) of the ISO/IEC Directives. In May 2021, ISO published the revised Annex SL. With this, the HLS underwent a revision with various clarifications, additions, but also deletions. 

Since then, the High Level Structure (HLS) is now called "Harmonized Structure" (HS), and the term "Harmonized Approach" (HA) is also used. In terms of content, there are no major changes; the core requirements of the HLS have largely been retained. However, the new Harmonized Structure will only become effective with the next revision of the respective ISO standard.

 

Definition of High Level Structure

The Harmonized Structure (HS), or High Level Structure (HLS), is a guideline for the development of new ISO management system standards that harmonizes their structure and requirements to a large extent. ISO's goal with the HS (HLS) is to ensure uniform use of core texts, terms, and definitions. Above all, the common basic requirements promote the integration of different systems in an organization.

This keeps the management system lean and efficient, while still effectively meeting all the expectations of interested parties. Other keywords include: Context of the organization, leadership and commitment, process orientation, and the risk-based approach.

 

The structure of the HLS

 

The High Level Structure has a strong focus on top management and the context of the organization (Clause 4 and Clause 5). The basic structure always consists of ten Chapters (called Clauses):

1 Scope

2 Normative references: both sections contain standard-specific wording and define the objectives

3 Terms and definitions: Reference to the general terms presented in Appendix SL and any terms specific to the standard.

4 Context of the organization: understanding of internal and external matters, the needs and expectations of relevant interested parties

5 Leadership: top management responsibility and commitment, policies, organizational functions, roles, responsibilities, and authorities

6 Planning: measures to manage risks and opportunities, quality objectives, and plans to achieve them

7 Support: necessary resources, competence, awareness, communication, and documented information

8 Operations: operational planning and governance

9 Performance evaluation: monitoring, measurement, analysis and evaluation, internal audit, management review

10 Improvement: nonconformity, corrective action, and continuous improvement.

The subclauses of individual standards vary by topic around the subject-specific content of a standard. For example, the ISO 9001 quality management standard has more subclauses under Clause 5 than the ISO 14001 standard for environmental management.

Clauses 4 to 10 are of particular relevance for the certification of management systems, not least because the PDCA cycle and thus the continuous improvement process can also be found here. 

 

Essential changes in the HS - a selection 

The new Harmonized Structure will become effective with the next revision of the respective standard. Of the better-known ISO Management System Standards, ISO 37301:2021 (Compliance Management) and the recently revised Information Security Standard ISO 27001 have benefited from this so far.

Clause 1 "Scope": The scope of each standard will in future be linked to the intended results of the management system. For ISO 14001, this would be, for example, the improvement of environmental performance, the fulfillment of binding obligations and the achievement of set environmental goals - for users rather a formality, for auditors possibly an indicator for assessing the effectiveness of a management system.

Clause 3 "Terms": In future, all terms relevant to a management standard and their standard definitions must be listed in full in Clause 3 of the respective standard. This should lead to greater transparency and clarity. A mere reference to "sister standards" is thus no longer necessary. 
The terms "outsourcing" and "control of outsourced processes" have been completely deleted, since in the past users were often unable to clearly identify when a process is to be considered outsourced and when it is not. New requirements have been included in Clause 8 to take better account of this situation.

Clause 4.2 "Interested parties": In this clause, a clarification has been made that is indirectly linked to the standard definition of the term "requirement". In 4.2.b, it is required to identify the relevant requirements of the relevant interested parties. This has been supplemented by a requirement 4.2.c, according to which, from the identified relevant requirements, those relevant to the organization's management system are once again filtered out. 
In standards such as ISO 14001 or ISO 45001, a similar formulation already exists, according to which an organization must filter out from the requirements of the relevant interested parties those requirements that it is legally obligated to fulfill. 

Clause 6 "Planning": In view of the topic "Management of change", this clause has been given an additional sub clause 6.3. Clause 6.3 requires that changes to the management system be planned. In Clause 8 "Operation", this requirement is made more specific in that the planning of changes must also be controlled.

Clause 7.5 "Documented information": This clause now focuses on the availability, usability and protection of the documented information required for the management system and required by the relevant standard (7.5.3). And this applies regardless of what type of documented information is involved. Old vocabulary such as "retention" is no longer used.

Clause 10 "Improvement": After the revision, the clause now aims more at (proactively) initiating improvements than at identifying possible improvements. This change may be understood as an adaptation to the requirement for general "continuous improvement".

Important to know: HLS and PDCA

The chapters of the High Level Structure are based on the PDCA cycle of Plan-Do-Check-Act. The following chapters are assigned to the individual PDCA phases:

  • Plan: Chapters 4, 5 and 6
  • Do: Chapters 7and 8
  • Check: Chapter 9
  • Act: Chapter 10

Which standards follow the High Level Structure?

All modern ISO management system standards are based on the common basic structure - High Level Structure. This includes the ISO standards for

Quality management: ISO 9001

Environmental protection: ISO 14001

Security and health at work: ISO 45001

Energy management: ISO 50001

Information security: ISO 27001

Compliance management: ISO 37301

Business continuity management: ISO 22301 

whitepaper-dqs-high-level-structure
Loading...

High Level Structure

The 5 most important ISO standards in a visual representation
Infographics for ISO 9001ISO 14001ISO 27001ISO 45001 and ISO 50001

Integrated management system with a common structure - the evolution

With the publication of the ISO 50001 energy management standard at the end of August 2018, the last of the big five ISO management system standards was also equipped with the High Level Structure (HLS). This basic structure also establishes uniform basic texts for the core requirements as well as common designations and basic definitions. In this way, different systems should merge more easily and become one integrated management system.

When the information security standard ISO 27001 appeared in 2013, it was the first of the more significant ISO standards to be based on HLS. However, it is only since the major revision of ISO 9001 (quality management) and ISO 14001 (environmental management) in 2015 that the common basic structure has become known to a wider range of users. In March 2018, ISO 45001 (occupational health and safety) was added, and in August 2018, ISO 50001 (energy management).

Today it can be said that with the common basic structure, the High Level Structure, an integrated management system is significantly more efficient. The innovations have proven their worth, and without reservation: organizations whose management system - for example, according to ISO 9001 - is built on the basis of the High Level Structure have a noticeable advantage in the integration and implementation of further, topic-specific requirements.

 

Advantages and benefits of the High Level Structure

The application of several standards in an integrated management system becomes much easier, for example in the combination of quality management and information security. This is especially true if the fundamental requirement of all applied sets of rules is met: namely, the full integration of the respective standard requirements into the existing management system and thus into the general business processes of a company.

Here is an overview of the main advantages:

  • The uniform structure and the use of identical core texts, terms and definitions make it easier for users to understand a standard.
  • Thanks to the standardization, subject-specific standard requirements can be integrated more quickly into an existing system; in most cases, ISO 9001 forms the starting point.
  • With HLS, the introduction of several management systems, for example quality, environment, information security, becomes much simpler and more efficient. Duplication of work and effort in documentation are also reduced.
  • With an integrated management system, audits (internal and external) can be carried out more easily, or according to several standards at the same time, and synergies can be used.

 

Does an integrated management system with a common structure have disadvantages?

The relevant standards ISO 9001ISO 14001ISO 27001 and ISO 50001 already had certain similarities in structure and content. However, it was not until HLS that a structure was created that makes it much easier, if not possible at all, to integrate the requirements of different sets of regulations right down to the last corners of a company. This is particularly evident in the case of occupational safety and health with the High Level Structure in ISO 45001.

If a company uses an integrated management system with a common structure, this does not result in any disadvantages - neither from the uniform structure nor from the terminology. There is also no requirement that the terminology must be used in the documented information of a company.

In ISO 9001:2015 , you will find two informative annexes. While these do not contain requirements, they are recommended.

  • Annex A: Clarification of new structure, terminology and concepts.
  • Annex B: Other international standards on quality management and quality management systems.

DQS - Auditing your integrated management system with added value

Companies with an integrated management system based on the High Level Structure (the future Harmonized Structure) pursue the goal of avoiding interface problems and duplications, bundling resources and utilizing synergies - in other words, taking a holistic view of their operational processes. And that's exactly how our auditors audit.

The combined, simultaneous certification of an integrated system offers numerous opportunities thanks to the cross-thematic approach. For example, a DQS audit not only identifies potential for improvement, but also contradictions between the different subject areas.

It is important to us that you perceive our audit not as an audit, but as an enrichment for your management system. Our claim always begins where audit checklists end. Take us at our word!

audits-dqs-audit wuerfel nebeneinander auf tisch
Loading...

DQS. Because not all audits are created equal.

Do you have questions about the certification of your quality management system according to ISO 9001? Find out more. Without obligation and free of charge.

Author
Ute Droege

DQS expert for quality management systems, long-time auditor and experienced trainer for ISO 9001.

Loading...

Relevant articles and events

You may also be interested in this
Instructor Led Training

ISO 27001 | Information Security Management System | Lead Implementer Training | South Africa

On demand
Classroom or Virtual | English
Instructor Led Training

Integrated Management Systems (IMS) - Lead Auditor Training (South Africa)

On demand
Virtual Instructor Lead (VILT) | English