All ISO Management Systems now have a common structure which is called the Harmonised Structure (HS). This is whether the system is for Quality, Innovation, Environment, Health and Safety or IT Security. This means that organizations with more than one management system have a much easier task integrating their systems. ISO 56001:2024 now enables Innovation to be integrated with all of these other standards.

The ISO requirements start with a clause ‘The Context of the Organisation’ which asks us to look at what are the external and internal issues impacting an organisation. Right away this draws us into Strategic Planning and engagement of Leadership.

Risk-based thinking then requires us to identify which issues, both external and internal, have the greatest risk for the organization. There is a very logical flow as the standard then asks us to mitigate the higher risks.

This means applying prevention to these risks and we have choices on how to do this. Traditionally this would have been done by writing procedures. Today we can mitigate risk with far more choices such as using technology (software), developing our people’s competencies or the use of simple checklists.   

This means there are far less documentation requirements and the terms ‘documents’ and ‘records’ in previous standards are replaced with ‘Documented information’ which gets us thinking about information and information flow.

A management system is a ‘set of interrelated or interacting elements’ and for it to be effective, information must flow between people and between processes. Information flow is the lifeblood of our organization.