Understanding the organization and its context - to be compliant evidence should demonstrate that your organization is reviewing internal and external issues (context) at periodic intervals that might effect your business.
|ISO 9001:2015||ISO 9001:2008||Summary of Changes|
|4.0||Context Of The Organization||1.0||Scope||
|4.1||Understanding The Organization And Its Context||
|General||This new requirement requires an organisation to demonstrate that it understands all internal and external influences that may affect its strategic direction and market position and what effect any changes may have on its future.|
|4.2||Understanding The Needs And Expectations Of Interested Parties||1.1||General||This is a new requirement which requires the organisation to determine the boundaries and applicability of the QMS. It also makes reference to 4.1.
There is now a requirement to state the scope in terms of the ‘goods and services’ delivered and the sites of the organisation to be included. There is a requirement to document and justify any exclusion from the standard; exclusion must be limited to Clauses 7.1.4 to 8.0.
|4.3||Determining The Scope Of The Quality Management System||1.2||Application||This requirement is comparable to ISO 9001:2008 Clause 4 - Quality Management System and Clause 4.1 – General Requirements. Organizations should review their process-based management system to ensure that it captures elements from 4.1 and 4.2.|
|4.4||Quality Management System And Its Processes||4.0||Quality Management System||Process approach – now a stated requirement but the content is largely the same as previous clause 4.1 apart from a requirement to determine the risks to conformity if processes are ineffective.|
We suggest using a Context & Interested Parties Matrix to document any external and internal issues relevant to your organization's operational purpose and strategic direction that may affect its ability to achieve the intended result of the management system as directed by top management.
To assess whether your organisation has a high-level, conceptual understanding of its internal and external issues that affect it, either positively or negatively, its ability to achieve the intended outcomes, you should describe the processes used by your organization to identify internal and external issues and make reference to all objective evidence, including examples of these issues.
Examples of organizational issues might include:
You will need to determine and understand the various internal and external issues typically experienced in your type of organization that can have positive or negative impacts.
The standards do not specify that these internal and external issues, or their monitoring and review, be documented, so there might not be ‘lists of issues’ or records of reviews. However, information can be obtained via interviews with relevant Top management in relation to your organization’s context and its strategic direction, the identified issues and conditions, and how these may affect the intended outcomes of the management system.
Collate evidence to provide assurance that your organization is regularly, or as necessary, reviewing and updating its external and internal issues.
Although there is no requirement in ISO standards for documented information to define the context of the organization, your organization will find it helpful to retain the types of documented information listed below to help demonstrate compliance:
Reviewing your organization’s context could include interviews with senior management, questionnaires, surveys, research, drivers and trends, performance indicators, internal audits, gap analysis and other continual improvement, nonconformity and corrective action and analysis tools.
Cross-functional input is essential for the specific expertise required to identify the full breadth of issues, such as finance, training, human resources, commercial, engineering and design, etc.
Not only will this ensure a broader appreciation of the context but also wider engagement, particularly with those functions not previously involved with the QMS.
Using a SWOT Analysis Template identify and analyze your organization’s strengths, weaknesses, opportunities and threats.
Strengths are characteristics of our organization that allow operation more efficiently and effectively than competitors. For example:
Weaknesses are areas that are recognized as needing improvement. Consider:
Opportunities are trends, circumstances or business opportunities that may be taken advantage of. E.g.
Threats can be external or internal and are anything that can adversely affect business or operations. External threats could be economic, new legislation or even a new competitor in the market. Internal threats could be a skill or staff shortage within our organization. For example:
A workshop approach often allows ideas to be shared and provides an effective and efficient way of achieving a valuable outcome. The workshop could simply be a discussion identifying the issues that can be mapped out using Political, Economic, Social, Technological, Legal and Environmental (PESTLE) analysis.
This method helps to structure the conversation and will also help to achieve buy-in to what is often seen as a peripheral or niche area.
What is happening politically in the environment in which we operate?
What is happening with respect to ecological and environmental issues?
What is happening technology-wise which can impact what we do?
What is occurring socially and culturally in the markets in which we operate?
What is happening with changes to legislation?
What is happening within the economy?
To be compliant, evidence should be obtained that proves that your organization is reviewing all pertinent internal and external issues at periodic intervals.
Although there is no requirement for documented information to define the context of the organization, your organization will find it helpful to retain the following documents and information to help justify compliance:
ISO 9001 Clauses - PLAN
- 1 Scope
- 2 Normative references
- 3 Terms and Definitions
- 4 Context of the organization
- 5 Leadership
- 6 Planning
Updated: 9th October 2019
Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard