An ongoing series of Posts: Practical advice on Clauses 4.1 and 4.2 of ISO 9001:2015
In this article, we are going to consider the first two ISO 9001 clauses in Part 4 of the revised Standard, ISO 9001:2015, namely, Context of the Organization.
Context of the Organization (COTO)
Part 4 is a new section that establishes the context of the Quality Management System (QMS) and how the business strategy supports this. The ‘context of the organization’ (frequently referred to as COTO) is the section that underpins the rest of the new standard.
Clause 4.1: The organization will need to determine external and internal issues that are relevant to its purpose and would have an impact on what the organization does.
Clause 4.2: The organization will need to identify the “interested parties” that are relevant to their QMS. Each organization will identify their own unique set of “interested parties” and over time these may change.
Clause 4.3: The scope of the QMS must be determined which should consider any outsourced functions or processes if they are relevant. The new standard does not make any reference to exclusions.
However, in Annex A, the standard clarifies that the organization cannot decide a requirement to be not applicable if it falls within the scope of its QMS. Conversely, the organization can decide a requirement to be not applicable if it cannot, rationally, be included within the scope of its QMS.
Clause 4.4: The final requirement of Part 4 is to establish, implement, maintain and continually improve the QMS. We are going to consider ISO 9001 Clauses 4.1 and 4.2. We’ll examine ISO 9001 Clauses 4.3 and 4.4 in a later Article.
An understanding of the context of an organization is used to establish, implement, maintain and continually improve its QMS. The internal and external issues that are determined here can result in risks and opportunities to the organization or to the quality management system.
Examples of internal issues relevant to the context of the organization
- its activities, products and services,
- strategic direction,
- culture and capabilities (i.e. people, knowledge, processes, system),
- values, knowledge and performance of the organization.
SWOT Analysis is frequently used to establish the relevant internal issues. The four elements here are:
- Strengths: Describe what an organization excels at and what separates it from the competition: a strong brand, loyal customer base, a strong balance sheet, unique technology, and so on.
- Weaknesses: Stop an organization from performing at its optimum level. They are areas where the business needs to improve to remain competitive: a weak brand, higher-than-average turnover, high levels of debt, an inadequate supply chain, or lack of capital.
- Opportunities: Refer to favourable external factors (product/service-related) that could give an organization a competitive advantage.
- Threats: Refer to external factors (product/service-related) that have the potential to harm an organization.
Examples of external issues relevant to the context of the organization
- natural and competitive circumstances, whether international, national, regional or local.
In implementing ISO 9001, prepare a listing of those issues, internal and external, that the organization has determined need to be addressed and managed within the QMS.
PESTEL Analysis is a popular tool used to establish the external issues. The elements of this tool are:
- Political Factors: Determine the extent to which government and government policy may impact an organisation or a specific industry. This would include political policy and stability as well as trade, fiscal and taxation policies too.
- Economic Factors: Impact on the economy and its performance, which in turn directly impacts on the organisation and its profitability. Factors include interest rates, employment or unemployment rates, raw material costs and foreign exchange rates.
- Social Factors: Focus on the social environment and identify emerging trends. This helps a marketer to further understand their customers’ needs and wants. Factors include changing family demographics, education levels, cultural trends, attitude changes and changes in lifestyles.
- Technological Factors: Consider the rate of technological innovation and development that could affect a market or industry. Factors could include changes in digital or mobile technology, automation, research and development. There is often a tendency to focus on developments only in digital technology, but consideration must also be given to new methods of distribution, manufacturing and also logistics.
- Environmental Factors: Relate to the influence of the surrounding environment and the impact of ecological aspects. With the rise in the importance of CSR (Corporate Sustainability Responsibility), this element is becoming more important. Factors include climate, recycling procedures, carbon footprint, waste disposal and sustainability
- Legal Factors: Establish what is legal and allowed within the territories the organization operates in. The organization must be aware also of any change in legislation and the impact this may have on business operations. Factors include employment legislation, consumer law, healthy and safety, international as well as trade regulation and restrictions. Political factors do cross over with legal factors; however, the key difference is that political factors are led by government policy, whereas legal factors must be complied with.
4.2 Understanding the needs and expectations of interested parties – what to do
An organization is expected to gain a general (i.e. high-level, not detailed) understanding of the expressed needs and expectations of those internal and external interested parties that have been determined by the organization to be relevant.
The organization considers the knowledge gained when determining which of these needs and expectations it has to or it chooses to comply with, i.e. its compliance obligations.
In the case of an interested party perceiving itself to be affected by the organization’s decisions or activities related to its quality system performance (say, a local authority), the organization considers the relevant needs and expectations that are made known or have been disclosed by the interested party to the organization.
Interested party requirements are not necessarily requirements of the organization and your ISO 9001 Implementation is expected to reflect this clearly.
Some interested party requirements reflect needs and expectations that are mandatory because they have been incorporated into laws, regulations, permits and licences by governmental or even court decisions.
The organization may decide to voluntarily agree to or adopt other requirements of interested parties (e.g. entering a contractual relationship, subscribing to a voluntary initiative). Once the organization adopts them, they become organizational requirements (i.e. compliance obligations) and are considered when planning the quality management system. You will need to get top management approval for any new compliance obligations you propose to include in the QMS.
4.1 Understanding the Organization and its context – what not to do
Do not treat the requirements here as trivial. The COTO must be demonstrated as providing the ‘foundation’ for the QMS. Do not limit the evidence presented here to a few cleverly crafted generic sentences. Objective evidence of both internal characteristics and of external characteristics must be provided to support claims of understanding the context of the organization.
What will not suffice, and what the more arrogant members of top management may want to limit themselves to, is a claim such as: ‘Of course we understand the context of the organization; just look at our financials; our very profitability demonstrates our understanding of our customers and their needs. What more could you want?’
It would be best to prepare a statement of the internal and external issues that are significant to the business. Such a statement, in addition to its being offered as evidence of compliance to an ISO 9001 Audit Team during a Certification Body (CB) Audit, could usefully be reviewed and updated at Management Review Meetings (or equivalent).
Do not limit your research here to sources immediately ‘to hand’. Consult a wide range of sources, such as through internal documented information and meetings, in the national and international press, websites, publications from national statistics offices and other government departments.
Professional and technical publications, conferences and meetings with relevant agencies, meetings with customers and relevant interested parties, and professional associations will work as well.
4.2 Understanding the needs and expectations of interested parties – what not to do
Do not limit the scope here to the needs and expectations of Customers and Suppliers alone. A broader approach is expected. Prepare a checklist of potential interested parties and conduct desk research and conduct interviews (online interviews with Skype or similar) to determine their needs and expectations.
Sample Checklist of Potential Interested Parties
- end-users or beneficiaries;
- joint venture partners;
- owners of intellectual property;
- parent and subsidiary organizations;
- owners, shareholders;
- external providers;
- employees and others working on behalf of the organization;
- statutory and regulatory authorities (local, regional, national or international);
- trade and professional associations;
- local community groups;
- non-government al organizations;
- neighbouring organizations;
Again, do not limit the evidence presented here to a few cleverly crafted generic sentences. Objective evidence of needs and expectations must be provided to support claims of understanding such needs and expectations.
It would be best to prepare a statement of needs and expectations and including statutory and regulatory requirements. Such a statement, in addition to its being offered as evidence of compliance to Certification Body Auditors, could usefully be reviewed and updated at Management Review Meetings (or equivalent).
Conclusion & Feedback
As stated at the outset, an understanding of the context of an organization is used, and is necessary, to establish, implement, maintain and continually improve an effective quality management system.
You can anticipate that the CB Audit Team will start with Part 4 - they will want to fully understand the organization's context, the better to understand the QMS and its suitability in addressing the needs and expectations of all stakeholders. Make sure that you have a suitable body of evidence to present (and preferably documented evidence).
We'd value your feedback and comments, including any points you disagree with. Please use the Comments section, below.
Reference: In preparing this article use was made of ISO/TS 9002:2016, Quality management systems- Guidelines for the application of ISO 9001:2015