Appendix 2
(normative)
High level structure, identical core text, common terms and core definitions
NOTE    In the Identical text proposals, XXX = an MSS discipline specific qualifier (e.g. energy, road traffic safety, IT security, food safety, societal security, environment, quality) that needs to be inserted. Blue italicized text is given as advisory notes to standards drafters.
Introduction
DRAFTING INSTRUCTION    Specific to the discipline.
1.  Scope
DRAFTING INSTRUCTION    Specific to the discipline.
2.  Normative references
DRAFTING INSTRUCTION    Clause Title shall be used. Specific to the discipline.
3.  Terms and definitions
DRAFTING INSTRUCTION 1    Clause Title shall be used. Terms and definitions may either be within the standard or in a separate document. To reference Common terms and Core definitions + discipline specific ones. The arrangement of terms and definitions shall be according to the concept systems of each standard. For the purposes of this document, the following terms and definitions apply.
DRAFTING INSTRUCTION 2    The following terms and definitions constitute an integral part of the “common text”for management systems standards. Additional terms and definitions may be added as needed. Notes may be added or modified to serve the purpose of each standard.
DRAFTING INSTRUCTION 3    Italics type in a definition indicates a cross-reference to another term defined in this clause, and the number reference for the term is given in parentheses.
DRAFTING INSTRUCTION 4    Where the text “XXX”appears throughout this clause, the appropriate reference should be inserted depending on the context in which these terms and definitions are being applied. For example: “an XXX objective” could be substituted as “an information security objective”.
3.01
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.08)
Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
134
3.02
interested party (preferred term)
stakeholder (admitted term)
person or organization (3.01) that can affect, be affected by, or perceive itself to be affected by a decision or activity
3.03
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied”means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, for example in documented information.
3.04
management system
set of interrelated or interacting elements of an organization (3.01) to establish policies (3.07) and objectives (3.08) and processes (3.12) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning and operation.
Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
3.05
top management
person or group of people who directs and controls an organization (3.01) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.
Note 2 to entry: If the scope of the management system(3.04) covers only part of an organization, then top management refers to those who direct and control that part of the organization.
3.06
effectiveness
extent to which planned activities are realized and planned results achieved
3.07
policy
intentions and direction of an organization (3.01), as formally expressed by its top management (3.05)
3.08
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
135
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.12)).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose,
an operational criterion, as an XXX objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).
Note 4 to entry: In the context of XXX management systems, XXX objectives are set by the organization, consistent with the XXX policy, to achieve specific results.
3.09
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
documented evidenceNote 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential “events”(as defined in ISO Guide 73:2009, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
3.10
competence
ability to apply knowledge and skills to achieve intended results
3.11
documented information
information required to be controlled and maintained by an organization (3.01) and the medium on which it is contained
Note 1 to entry: Documented information can be in any format and media, and from any source.
Note 2 to entry: Documented information can refer to:
  the management system(3.04), including related processes(3.12);
—  information created in order for the organization to operate (documentation);
—  evidence of results achieved (records).
3.12
process
set of interrelated or interacting activities which transforms inputs into outputs
3.13
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
136
Note 2 to entry: Performance can relate to the management of activities, processes(3.12), products (including services), systems or organizations(3.01).
3.14
outsource (verb)
make an arrangement where an external organization (3.01) performs part of an organization’s function or process (3.12)
Note 1 to entry: An external organization is outside the scope of the management system(3.04), although the outsourced function or process is within the scope.
3.15
monitoring
determining the status of a system, a process (3.12) or an activity
Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.
3.16
measurement
process (3.12) to determine a value
3.17
audit
systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf. Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.18
conformity
fulfilment of a requirement (3.03)
3.19
nonconformity
non-fulfilment of a requirement (3.03)
3.20
corrective action
action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence
3.21
continual improvement
recurring activity to enhance performance (3.13)
137
4.  Context of the organization
4.1  Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its XXX management system.
4.2  Understanding the needs and expectations of interested parties
The organization shall determine:
—the interested parties that are relevant to the XXX management system;
—the relevant requirements of these interested parties.
4.3  Determining the scope of the XXX management system
The organization shall determine the boundaries and applicability of the XXX management system to establish its scope.
When determining this scope, the organization shall consider:
—the external and internal issues referred to in 4.1;
—the requirements referred to in 4.2.
The scope shall be available as documented information.
4.4  XXX management system
The organization shall establish, implement, maintain and continually improve an XXX management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard/this part of ISO XXXX/this Technical Specification.
5.  Leadership
5.1  Leadership and commitment
Top management shall demonstrate leadership and commitment with respect to the XXX management system by:
ensuring that the XXX policy and XXX objectives are established and are compatible with the strategic direction of the organization;
—ensuring the integration of the XXX management system requirements into the organization’s business processes;
—ensuring that the resources needed for the XXX management system are available; —communicating the importance of effective XXX management and of conforming to the XXX management system requirements;
—ensuring that the XXX management system achieves its intended outcome(s);
138

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。