DRAFT ISO GUIDE

ISO/DGUIDE 83

ISO/TMBG Secretariat: TMB

Voting begins on: Voting terminates on:
2020-06-04 2020-08-27

High level structure and identical text for management

system standards and common core management system
terms and definitions
Structure à niveau élevé et texte identique pour les normes de système de management et termes et
définitions principaux communs de système de management

ICS: 03.100.01; 01.120

THIS DOCUMENT IS A DRAFT CIRCULATED

FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL Please refer to the notes on page 1.
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, This document is circulated as received from the committee secretariat.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN Reference number
NATIONAL REGULATIONS.
ISO/DGUIDE 83:2020(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. © ISO 2020
ISO/DGUIDE 83:2020(E)


COPYRIGHT PROTECTED DOCUMENT

© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland

ii  © ISO 2020 – All rights reserved

 ISO/DGUIDE 83:2020(E)

2020-06-03

Final draft of the Revised Appendix 2 of Annex SL to the ISO/IEC

Directives Consolidated ISO Supplement for ISO MB ballot
Notes from the TMB/JTCG/TF 14 leadership:
This is the final draft of the proposed revision of Annex SL, Appendix 2 of the ISO
Supplement to the ISO/IEC Directives that is now being submitted for ISO Member Body
Ballot as Draft Guide 83. It is important to emphasize that this circulation as “DGuide 83” is
simply an administrative tool to facilitate the ballot among all ISO Member Bodies, and, if
approved, the text will be published as part of the next version of “Annex SL” in the ISO
Supplement to the ISO/IEC Directives (forecast for 2021).
This final draft provides a marked-up version of the proposed revision compared to the
current (2020) version of Appendix 2 in the Directives, together with a very brief rationale for
each change that has been introduced.
Further work on Appendix 3 text (Guidance on the use of Appendix 2 for MS standards
writers), is being prepared and will be available when the revised Appendix 2 is published
(scheduled for early 2021)
The current proposed text has already been approved in a formal ballot of TF 14 constituent
members (ISO committees with responsibility for one or more management system
standard(s) and those NSBs who have chosen to participate in the revision process), and
has been endorsed by both the JTCG and the TMB TF 2 on Management Systems
Standards.
You are asked to provide your vote as follows:
• Approve the proposed changes
• Disapprove the proposed changes
• Abstain
Comments are required for votes of disapproval, and are optional for approvals or
abstentions. If the ballot is approved, minor editorial comments that have been submitted
may be incorporated prior to publication. Other comments, including any technical
comments, will be taken forward for possible consideration in a potential future (more
substantial) revision. If the ballot is disapproved, the current Appendix 2 to Annex SL will
remain unchanged

© ISO 2020 – All rights reserved 1

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

NOTE In the Identical text proposals, XXX = a Management System Standard (MSS) discipline specific qualifier (e.g. energy,
road traffic safety, IT security, food safety, environment, quality) that needs to be inserted.
Blue italicized text is given as advisory notes to standards drafters

Introduction
Drafting instruction Specific to the discipline.

This text has been prepared using the “high-level structure” harmonized approach (i.e. clause sequence, identical core text and Commented [DH1]: This is in line with the changes made by
common terms and core definitions) provided in Annex L, Appendix 2 of the ISO/IEC Directives, Part 1. This is intended to JTCG (currently awaiting formal approval from TMB/MSS TF)
enhance alignment among ISO and IEC management system standards, and to facilitate their implementation for organizations
that need to meet the requirements of two or more such standards.
HLS is highlighted in the text (clauses 1 to 10) by the use of blue font. Black represents the ISO or IEC specific discipline text.
Strikeout is used to show agreed deletions within the HLS text. The use of blue text and strikeout is only to facilitate analysis and
will not be incorporated after the Draft International Standard stage of development for this document.

1. Scope
Drafting instruction Specific to the discipline.

Drafting instruction The scope of the document shall address the intended result(s) of the management system. Commented [DH2]: This change is included because the
intended results of a management system standard provide an
important reference for determining risk and opportunities that
need to be addressed (see 6.1 first indent).
Also 4.1 and 5.1 contain requirements that are related to the
2. Normative references intended results of the management system

Drafting instruction Clause Title shall be used. Specific to the discipline.

3. Terms and definitions. Commented [DH3]: The terms and definitions in clause 3 are
now listed according to the hierarchy of the concepts in
Drafting instruction 1 Clause Title shall be used. Common terms and core definitions shall may either be included in the MS conformance with ISO Directives part 2, 2019, 16.4.
standard, and they may also be included or in a separate vocabulary standard.
Commented [DH4]: Changes in this drafting instruction are
made in line with the decision taken by JTCG to include all common
Common terms and core definitions shall be stated as well as others that are discipline specific.
terms and core definitions in each MS standard.
In Clause 3, discipline specific terms and definitions may also be included.

The arrangement of terms and definitions should preferably be listed according to the hierarchy of the concepts (i.e. systematic
order), but may differ from the order given below in Clause 3. Alphabetical order is the least preferred order.

For the purposes of this document, the following terms and definitions apply.

Drafting instruction 2 The following terms and definitions constitute an integral part of the “common text” for management
systems standards. Additional terms and definitions may be added as needed. Notes to entry may be added or modified to serve Commented [DH5]: This change is made for consistency reasons
the purpose of each standard. When drafting terms and definitions, standards writers of MSS are advised to make use of the
flowcharts given in the JTCG terminology guidance (part of appendix 3). Commented [DH6]: This change is introduced to provide
guidance to standards writers and to enhance the consistency of
Drafting instruction 3 Italic type in a definition indicates a cross-reference to another term defined in this clause, and the
work done by ISO/TC/SC/PC.
number reference for the term is given in parentheses.
Drafting instruction 4 Where the text “XXX” appears throughout this clause, the appropriate reference should be inserted
depending on the context in which these terms and definitions are being applied. For example: “an XXX objective” could be
substituted as “an information security objective”.

2 © ISO 2020 – All rights reserved

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

3.1
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its
objectives (3.1.3.2)

Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise,
authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
Note 2 to entry: If the organization is part of a larger entity, the term “organization” refers only to the part of the larger entity that is
within the scope of the XXX management system Commented [DH7]: This change is included to make it clear that
whenever reference is made to ‘the organization’ in a MSS, it relates
3.21.1 to (that part of ) the organization that is within the scope of the XXX
interested party (preferred term) management system. Because this is relevant to the users of the
stakeholder (admitted term) MSS (not only standards writers) this note is included in appendix 2
person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision or activity

3.51.2
top management
person or group of people who directs and controls an organization (3.1) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.
Note 2 to entry: If the scope of the management system (3.1.3) covers only part of an organization then top management refers
to those who direct and control that part of the organization.
3.41.3
management system
set of interrelated or interacting elements of an organization (3.1) to establish policies (3.1.3.1) and objectives
(3.1.3.2) and as well as processes (3.1.4) to achieve those objectives Commented [DH8]: This change has been made to avoid the
use of the so-called Oxford comma, that is difficult to understand for
Note 1 to entry: A management system can address a single discipline or several disciplines. non-native English speakers

Note 2 to entry: The management system elements include the organization’s structure, roles and responsibilities, planning and, Commented [DH9]: This change is made for consistency reasons
operation.
Note 3 to entry: The scope of a management system can include the whole of the organization, specific and identified functions
of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations. Commented [DH10]: This note is deleted because it was
considered superfluous with the new second note to the definition
3.71.3.1 of organization
policy
intentions and direction of an organization (3.1) as formally expressed by its top management (3.1.2)
3.81.3.2
objective
result to be achieved

Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financeial, health and safety and environmental goals). and Commented [DH11]: This change has been made to avoid the
They can apply at different levels (such asbe, for example, strategic, organization-wide or specific to a, project, product and or word ‘goals’ here.
process (3.1.4)).
Commented [DH12]: This change has been made to make the
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcomeresult, a purpose, an operational text more clear
criterion, as an XXX objective or by the use of other words with similar meaning (e.g. aim, goal, or target).
Commented [DH13]: Throughout the text ‘outcome’ has been
Note 4 to entry: In the context of XXX management systems XXX objectives are set by the organization, consistent with the XXX replaced by ‘result’ in response to a number of comments that
policy, to achieve specific results. argued that result is clearer and easier to translate.

© ISO 2020 – All rights reserved 3

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

3.91.3.3
risk
effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an
event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential events (as defined in ISO Guide 73) and consequences (as
defined in ISO Guide 73), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in
circumstances) and the associated likelihood (as defined in ISO Guide 73) of occurrence.
3.121.4
process
set of interrelated or interacting activities which that transforms uses or transforms inputs into to deliver a
outputsresult Commented [DH14]: This change is made to acknowledge that
inputs are not always transformed in a process but can also be
Note 1 to entry: Whether the result of a process is called output, product or service depends on the context of the reference. simply used (e.g. information). Because of including ‘uses’ the last
part of the definition needed to be changed as well.
3.101.4.1
competence Commented [DH15]: This note was added for clarification and
ability to apply knowledge and skills to achieve intended results is a slightly amended note from 3.4.1 in ISO 9000:2015

3.111.5
documented information
information required to be controlled and maintained by an organization (3.1) and the medium on which it is contained

Note 1 to entry: Documented information can be in any format and media and from any source.
Note 2 to entry: Documented information can refer to
– the management system (3.1.3), including related processes (3.1.4);
– information created in order for the organization to operate (documentation);
– evidence of results achieved (records).
3.131.4
performance
measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to managing activities, processes (3.12), products, (including services), systems or Commented [DH16]: This change acknowledges the difference
organizations (3.1). between products and services that is currently made in most MSS

3.211.6.1
continual improvement
recurring activity to enhance performance (3.1.6)
3.61.6.2
effectiveness
extent to which planned activities are realized and planned results are achieved Commented [DH17]: This change has been made to improve
grammar
3.31.7
requirement
need or expectation that is stated, generally implied or obligatory

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the
need or expectation under consideration is implied.

Note 2 to entry: A specified requirement is one that is stated, e.g. in documented information.

4 © ISO 2020 – All rights reserved

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

3.181.7.1
conformity
fulfilment of a requirement (3.1.7)

3.191.7.2
nonconformity
non-fulfilment of a requirement (3.1.7)

3.201.7.2.1
corrective action
action to eliminate the cause(s) of a nonconformity (3.1.7.2) and to prevent recurrence.

3.171.8
audit
systematic and, independent and documented process (3.1.4) for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled Commented [DH18]: This change is made to be consistent with
the text in clauses 5-10 where there are no requirements to
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a document processes
combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.161.9
measurement
process (3.1.4) to determine a value

3.151.9.1
monitoring
determining the status of a system, a process (3.1.4) or an activity

Note 1 to entry: To determine the status there can be a need to check, supervise or critically observe.
3.14 Commented [DH19]: This term and definition have been
outsource (verb) deleted because the term outsourced processes is no longer used in
make an arrangement where an external organization (3.1) performs part of an organization’s function or process 8.1
(3.12)

Note 1 to entry: An external organization is outside the scope of the management system (3.4), although the outsourced
function or process is within the scope.

4. Context of the organization

4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and that affect its
ability to achieve the intended outcomeresult(s) of its XXX management system. Commented [DH20]: Throughout the text ‘outcome’ has been
replaced by ‘result’ in response to a number of comments that
argued that result is clearer and easier to translate.
4.2 Understanding the needs and expectations of interested parties

The organization shall determine:

 the interested parties that are relevant to the XXX management system,

 the relevant requirements of these interested parties,

Commented [DH21]: This requirement is added to clarify that it
 which of these requirements will be addressed through the XXX management system. is the responsibility of the organization to determine the
requirements that are addressed through the management system
and thereby become obligatory

© ISO 2020 – All rights reserved 5

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

4.3 Determining the scope of the XXX management system

The organization shall determine the boundaries and applicability of the XXX management system to establish its
scope.

When determining this scope, the organization shall consider:

 the external and internal issues referred to in 4.1,

 the requirements referred to in 4.2.

The scope shall be available as documented information.

4.4 XXX management system

The organization shall establish, implement, maintain and continually improve an XXX management system,
including the processes needed and their interactions, in accordance with the requirements of this document.

5. Leadership
5.1 Leadership and commitment
Top management shall demonstrate leadership and commitment with respect to the XXX management system by:

 ensuring that the XXX policy and XXX objectives are established and are compatible with the strategic
direction of the organization

 ensuring the integration of the XXX management system requirements into the organization’s business
processes

 ensuring that the resources needed for the XXX management system are available

 communicating the importance of effective XXX management and of conforming to the XXX
management system requirements

 ensuring that the XXX management system achieves its intended outcomeresult(s) Commented [DH22]: Throughout the text ‘outcome’ has been
replaced by ‘result’ in response to a number of comments that
argued that result is clearer and easier to translate.
 directing and supporting persons to contribute to the effectiveness of the XXX management system

 promoting continual improvement

 supporting other relevant managerial roles to demonstrate their leadership as it applies to their areas Commented [DH23]: This change is made because all relevant
of responsibility. roles should be supported to demonstrate leadership and not only
relevant managerial roles
NOTE Reference to “business” in this document can be interpreted broadly to mean those activities that are core to the purposes
of the organization’s existence.

5.2 XXX Policy Commented [DH24]: This change in the heading has been made
to be consistent with the text of this subclause
Top management shall establish a XXX policy that:

a) is appropriate to the purpose of the organization;

6 © ISO 2020 – All rights reserved

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

b) provides a framework for setting XXX objectives;

c) includes a commitment to satisfy meet applicable requirements; Commented [DH25]: This change has been made because
‘meeting requirements’ provides clearer language and to align with
d) includes a commitment to continual improvement of the XXX management system. the text in 8.1

The XXX policy shall:

 be available as documented information

 be communicated within the organization

 be available to interested parties, as appropriate

5.3 Roles, responsibilities and authorities

Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and
communicated within the organization.

Top management shall assign the responsibility and authority for:

a) ensuring that the XXX management system conforms to the requirements of this document;

b) reporting on the performance of the XXX management system to top management.

6. Planning
6.1 Actions to address risks and opportunities

When planning for the XXX management system, the organization shall consider the issues referred to in 4.1 and
the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:

 give assurance that the XXX management system can achieve its intended outcomeresult(s); Commented [DH26]: Throughout the text ‘outcome’ has been
replaced by ‘result’ in response to a number of comments that
argued that result is clearer and easier to translate.
 prevent, or reduce, undesired effects;

 achieve continual improvement.

The organization shall plan:

a) actions to address these risks and opportunities;

b) how to

 integrate and implement the actions into its XXX management system processes;

 evaluate the effectiveness of these actions.

6.2 XXX objectives and planning to achieve them

The organization shall establish XXX objectives at relevant functions and levels.

The XXX objectives shall:

© ISO 2020 – All rights reserved 7

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

a) be consistent with the XXX policy;

b) be measurable (if practicable);

c) take into account applicable requirements;

d) be monitored;

e) be communicated;

f) be updated as appropriate;

f)g) be available as documented information.. Commented [DH27]: This change has been made to be
consistent in the verb used in connection with documented
information, avoid the distinction between maintaining and
The organization shall retain documented information on the XXX objectives.
retaining documented information and to avoid overlap with the
definition of ‘documented information’ that includes the verbal
When planning how to achieve its XXX objectives, the organization shall determine:
expression ‘to be maintained’.
 what will be done;

 what resources will be required;

 who will be responsible;

 when it will be completed;

 how the results will be evaluated.

6.3 Planning of changes Commented [DH28]: This new subclause has been added with
the aim of alignment between MSS because a number of MSS have
When the organization determines the need for changes to the XXX management system, the changes shall be already incorporated a subclause on this subject, but not always in
clause 6.
carried out in a planned manner.

7. Support
7.1 Resources

The organization shall determine and provide the resources needed for the establishment, implementation,
maintenance and continual improvement of the XXX management system.

7.2 Competence
The organization shall:
 determine the necessary competence of person(s) doing work under its control that affects its XXX
performance;

 ensure that these persons are competent on the basis of appropriate education, training, or
experience;

 where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness
of the actions taken.;

retain appropriate documented information as evidence of competence.

Commented [DH29]: This change has been made to be
consistent in the verb used in connection with documented
Appropriate documented information shall be available as evidence of competence. information, avoid the distinction between maintaining and
retaining documented information and to avoid overlap with the
definition of ‘documented information’ that includes the verbal
expression ‘to be maintained’.

8 © ISO 2020 – All rights reserved

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

NOTE Applicable actions can include, for example: the provision of training to, the mentoring of, or the re-assignment of
currently employed persons; or the hiring or contracting of competent persons.

7.3 Awareness

Persons doing work under the organization’s control shall be aware of:

 the XXX policy;

 their contribution to the effectiveness of the XXX management system, including the benefits of
improved XXX performance;

 the implications of not conforming with the XXX management system requirements.

7.4 Communication
The organization shall determine the internal and external communications relevant to the XXX management
system including:
 on what it will communicate;

 when to communicate;

 with whom to communicate;

 how to communicate.

7.5 Documented information

7.5.1 General

The organization’s XXX management system shall include:

a) documented information required by this document;

b) documented information determined by the organization as being necessary for the effectiveness of
the XXX management system.

NOTE The extent of documented information for a XXX management system can differ from one organization to another due to:

— the size of organization and its type of activities, processes, products and services;
— the complexity of processes and their interactions;
— the competence of persons.

7.5.2 Creating and updating documented information Commented [DH30]: This change is made for consistency
reasons
When creating and updating documented information the organization shall ensure appropriate:

 identification and description (e.g. a title, date, author, or reference number)

 format (e.g. language, software version, graphics) and media (e.g. paper, electronic)

 review and approval for suitability and adequacy.

7.5.3 Control of documented information

© ISO 2020 – All rights reserved 9

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

Documented information required by the XXX management system and by this document shall be controlled to
ensure:

a) it is available and suitable for use, where and when it is needed;

b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

For the control of documented information, the organization shall address the following activities, as
applicable:

 distribution, access, retrieval and use;

 storage and preservation, including preservation of legibility;

 control of changes (e.g. version control);

 retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and
operation of the XXX management system shall be identified as appropriate, and controlled.

NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and
authority to view and change the documented information.

8. Operation
8.1 Operational planning and control

Drafting instruction This subclause heading will be deleted if no additional subclauses are added to Clause 8.

The organization shall plan, implement and control the processes needed to meet requirements, and to implement
the actions determined in Clause 6.1, by: Commented [DH31]: The reference is more generally to clause
6 because also actions determined in 6.2 and 6.3 shall be
 establishing criteria for the processes; implemented according to this subclause

 implementing control of the processes in accordance with the criteria.;

 keeping documented information to the extent necessary to have confidence that the processes have
been carried out as planned.

Documented information shall be available to the extent necessary to have confidence that the processes have
been carried out as planned. Commented [DH32]: This change has been made to be
consistent in the verb used in connection with documented
information, avoid the distinction between maintaining and
The organization shall control planned changes and review the consequences of unintended changes, taking action
retaining documented information and to avoid overlap with the
to mitigate any adverse effects, as necessary. definition of ‘documented information’ that includes the verbal
expression ‘to be maintained’.
The organization shall ensure that outsourced externally provided processes, products or services that are relevant
to the XXX management system are controlled. Commented [DH33]: This change has been made in response to
a number of comments that showed that the term outsource is not
clear and that the distinction between outsourced, contracted and
9. Performance evaluation purchased products, services and processes is not clear in practice.
All these activities need to be controlled. As a result of this change
9.1 Monitoring, measurement, analysis and evaluation the term outsourcing has been deleted in clause 3

The organization shall determine:

10

10 © ISO 2020 – All rights reserved

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

 what needs to be monitored and measured;

 the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid
results;

 when the monitoring and measuring shall be performed;

 when the results from monitoring and measurement shall be analysed and evaluated.

The organization shall retain appropriate Ddocumented information shall be available as evidence of the results. Commented [DH34]: This change has been made to be
consistent in the verb used in connection with documented
The organization shall evaluate the XXX performance and the effectiveness of the XXX management system. information, avoid the distinction between maintaining and
retaining documented information and to avoid overlap with the
9.2 Internal audit definition of ‘documented information’ that includes the verbal
expression ‘to be maintained’.
9.2.1 General
The organization shall conduct internal audits at planned intervals to provide information on whether the XXX Commented [DH35]: This change has been made because a
management system: number of MSS have applied this subdivision of 9.2 to make the text
clearer.
a) conforms to:
 the organization’s own requirements for its XXX management system;

 the requirements of this document;

b) is effectively implemented and maintained.

9.2.2 Internal audit programme

The organization shall:

The organization shall plan, establish, implement and maintain an audit programme(s), including the
frequency, methods, responsibilities, planning requirements and reporting.,

When establishing the internal audit programme(s), the organization which shall consider take
intoconsideration the importance of the processes concerned and the results of previous audits.
The organization shall:
Commented [DH36]: This change has been made for ease in
understanding Now the two distinct concepts covered in the
paragraph (what an audit programme entails and what should be
considered when establishing an audit programme) are listed
separately.

a) define the audit objectives, criteria and scope for each audit; Commented [DH37]: This change has been made to avoid the
construct ‘take into consideration’ and to only apply ‘consider’ and
‘take into account’
b) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
Commented [DH38]: This change has been made for
completeness
c) ensure that the results of audits are reported to relevant managers.;

retain dDocumented information shall be available as evidence of the implementation of the audit programme(s) and Commented [DH39]: This change has been made to be
the audit results. consistent in the verb used in connection with documented
information, avoid the distinction between maintaining and
9.3 Management review retaining documented information and to avoid overlap with the
definition of ‘documented information’ that includes the verbal
9.3.1 General expression ‘to be maintained’.
Top management shall review the organization's XXX management system, at planned intervals, to ensure its
continuing suitability, adequacy and effectiveness. Commented [DH40]: The subdivision of the subclause has been
made in response to comments that argued to clearly distinguish
9.3.2 Management review inputs between requirements related to inputs and results of the
management review
The managementThe management review shall include consideration of:
Commented [DH41]: This change has been made to avoid the
a) the status of actions from previous management reviews; construct ‘include consideration of’ and to only apply ‘consider’ and
‘take into account’

11

© ISO 2020 – All rights reserved 11

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

b) changes in external and internal issues that are relevant to the XXX management system;
b)c) changes in needs and expectations of interested parties that are relevant to the XXX
management system; Commented [DH42]: This change is made for consistency
c)d) information on the XXX performance, including trends in: reasons. Now bullets b and c cover both elements of the context of
the organization (4.1 and 4.2)
— nonconformities and corrective actions;

— monitoring and measurement results;

— audit results;

d)e) opportunities for continual improvement.

9.3.3 Management review results

The outputs results of the management review shall include decisions related to continual improvement Commented [DH43]: This change has been made to be
opportunities and any need for changes to the XXX management system. consistent with the newly introduced subtitle of 9.3.3 'management
review results'.
The organization shall retain Ddocumented information shall be available as evidence of the results of management
reviews. Commented [DH44]: This change has been made to be
consistent in the verb used in connection with documented
information, avoid the distinction between maintaining and
retaining documented information and to avoid overlap with the
definition of ‘documented information’ that includes the verbal
expression ‘to be maintained’.

12

12 © ISO 2020 – All rights reserved

 ISO/DGUIDE 83:2020(E)

2020-06-03

Annex SL (Appendix 2) text

10. Improvement
10.1 Continual improvement Commented [DH45]: The order of the subclauses has been
changed in response to comments requesting to start the clause on
The organization shall continually improve the suitability, adequacy and effectiveness of the XXX management improvement with ‘real improvement’ instead of acting on
system. shortcomings.

10.21 Nonconformity and corrective action

When a nonconformity occurs, the organization shall:

a) react to the nonconformity, and as applicable:

 take action to control and correct it;

 deal with the consequences;

b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not
recur or occur elsewhere, by:

 reviewing the nonconformity;

 determining the causes of the nonconformity;

 determining if similar nonconformities exist, or can potentially occur;

c) implement any action needed;

d) review the effectiveness of any corrective action taken;

e) make changes to the XXX management system, if necessary.

Corrective actions shall be appropriate to the effects of the nonconformities encountered.

The organization shall retain Ddocumented information shall be available as evidence of:
 the nature of the nonconformities and any subsequent actions taken;
 the results of any corrective action
Commented [DH46]: This change has been made to be
consistent in the verb used in connection with documented
information, avoid the distinction between maintaining and
retaining documented information and to avoid overlap with the
definition of ‘documented information’ that includes the verbal
expression ‘to be maintained’.

13

© ISO 2020 – All rights reserved 13