Featured Product
This Week in Quality Digest Live
Standards Features
Ryan E. Day
Is your company motto ‘Safety first… second, third?’
Tom Taormina
With ISO 9001’s clause 8.4, responsibility can’t be abdicated
Chad Kymal
Addressing risks from inadequate information security and cybersecurity starts with leadership
Jon Speer
As a medical device manufacturer, you can expect to be inspected

More Features

Standards News
ISO and WHO are working for universal access to quality health products that are all at once safe, effective, and affordable
Streamlines shop floor processes, manages nonconformance life cycle, supports enterprisewide continuous improvement
Allows construction industry to collaborate across projects and national borders
Enhances accreditation services portfolio across global market
Features illustrations as applied in real-world organizational contexts
Standards like ISO 10303 and ISO 14306 help to keep planes high in the sky
Amendments to the California Consumer Privacy Act go into effect no later than July 2020
VQIP allows for expedited review and importation for approved applicants that demonstrate safe supply chains
Intended to harmonize domestic and international requirements

More News

Pam Bethune

Standards

ISO 9001:2015—Establishing the Context of the Organization

Organizations may need to broaden their traditional concepts of themselves

Published: Wednesday, February 1, 2017 - 13:02

One of the newest parts of ISO 9001:2015 and related management standards are the concepts of context and interested parties. What do these mean, and how can you apply them to your organization?

What the standard says

When making sense of Clause 4.1—“Understanding the organization and its context” and Clause 4.2—“Understanding the needs and expectations of interested parties,” we first want to look at what the standard actually says:

4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.
The organization shall monitor and review information about these external and internal issues.
NOTE 1: Issues can include positive and negative factors or conditions for consideration.
NOTE 2: Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local.
NOTE 3: Understanding the internal context can be facilitated by considering issues related to values, culture, knowledge and performance of the organization.

“4.2 Understanding the needs and expectations of interested parties
Due to their effect or potential effect on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine:
a) the interested parties that are relevant to the quality management system;
b) the requirements of these interested parties that are relevant to the quality management system.
The organization shall monitor and review information about these interested parties and their relevant requirements. [Taken from ISO 9001:2015 (E)]”

Where are these clauses located?

You could also ask why is their location in the standard important?

They are the very first clauses after the introduction, which comes before all other requirements, including the requirement to determine the scope. Therefore, they are logically required as part of the process to create the scope and the system itself. Equally logically, they are therefore key underpinnings of the new standard.

What do we do with these clauses?

First, the organization may need to broaden its traditional look at itself. Most companies look at their internal processes, their customers, and their market. Some push that view to include the environmental impact. A few also include the social and cultural aspects of their company, their community, and their workforce. The new standard is pushing organizations to include all of these in the planning for their scope and their QMS.

What is meant by the word “context?” It is a combination of factors, both internal and external, that directly affect the organization and its continuing ability to provide products and services for its customers. External factors include the entire environment the organization inhabits: culture, social, political, legal, statutory, regulatory, economic, etc., at all relevant levels: local, state, federal, even international. Internal factors include the organization’s company culture, its governance, its structure, vision for the future, technology, and strategic decisions.

The definition starts with “external and internal issues,” so clearly there cannot be a simple focus on just the customers and the owners. Then the standard goes on to put some boundaries on those issues: “...that are relevant to its purpose and its strategic direction and that affects its ability to achieve the intended result(s) of the QMS.” So the color of the walls in the boardroom is not part of the context. Determining the boundaries will be the first challenge, which is why the next requirement is the scope of the system.
“Relevant to its purpose” is the first phrase. So, what is the organization’s purpose? There are layers here. One layer of the purpose is obvious: to create the existing service or a product. Bringing in the “strategic direction” adds another layer since one strategic direction might be to grow into another product or service. The last layer is from the final phrase “that affects its ability to achieve the intended result(s) of the QMS.” The QMS exists to enable the organization to create the service or product efficiently and effectively and, above all, to the requirements of the customer and the company (i.e., to make a profit). Together, these phrases are used by the standard to enable your organization to create the boundaries that will be critical to all of the next steps.

The organization must “monitor and review information about these external and internal issues.” Boundaries from the analysis above are required; otherwise, the task is impossible. Operationally, what does this mean? It means that the leadership must determine what will be monitored, how it will be monitored, and when it will be reviewed. For most organizations, this would be annually or even less often, such as every five years, as part of a strategic review. For some organizations, especially those in fast-changing environments, the review may be much more frequent. The examination of context will reveal critical information about this.

The notes give some guidance on understanding context. Remember that the context already exists. No organization operates outside its context, but this has not always been explicitly acknowledged. This standard requires that the organization examine the context, set appropriate boundaries, and take steps to monitor and review it. This is how the standard acknowledges that a “one size fits all” approach is not acceptable.

That next step includes determining the interested parties: Who are they?

Like context, these have always been there, whether explicit or not. The question has become how openly they must be taken into account based on the boundaries taken from the context?

They can include owners or shareholders, governmental bodies (national, regional, state, county, city), business associations, employees, suppliers, customers, the communities where facilities or people are located, and debt holders.

Use the context to determine how far afield you need to go (i.e., what are the boundaries developed from examining the organization’s context?)

When you have the winnowed list of who the interested parties are, then you need to determine their “needs and expectations.”

What is a need?

That will depend on the interested party. A debt holder needs to believe that your organization is financially solvent, will remain so, and will pay its debt obligations on time and in whole. Suppliers needs to know that the company will continue to source them, will pay the bills on time, and will deal fairly and honestly with them.

What are their expectations?

An employee needs to get paid, but expects fairness and honesty, and may also expect promotion. Some employees do not expect a promotion, but expect their work to be stress-free. Expectations may vary wildly even within a group such as all of your suppliers. Some are harder to measure. For example, customers do not expect to read that their newly purchased clothing was made by slave labor, and they do not expect to read that the clothing contains cancer-causing chemicals. Expectations are highly variable and change over time.

In summary, the company’s leadership must examine the organization’s context and the associated interested parties, and then set up the strategic direction and the scope—the boundaries—of the QMS. Then, using this context, they ensure that the quality policy and objectives are compatible with the context and the associated strategic direction.

Determining the organization’s context and interested parties enables the leadership to ensure the QMS is more effective and more efficient at delivering what the interested parties need and expect.

Join Pam Bethune, Automotive Regional Competency manager of Dekra, and host Dirk Dusharme, editor in chief of Quality Digest, for the webinar, “ISO Revisions: Context of the Organization,” on Thurs., Feb. 9, 2017, at 11 a.m. Pacific, 2 p.m. Eastern. Register here.

Discuss

About The Author

Pam Bethune’s picture

Pam Bethune

Pam Bethune is the regional competence manager of the automotive sector for DEKRA. She is a lead auditor for IATF 16949, ISO 9001, ISO 14001, ISO 13485, and OHSAS 18001. Bethune expertise includes change leadership in quality systems, lean manufacturing, and Six Sigma in automotive and pharmaceutical industries. She has a reputation for building and strengthening teams performance in diverse manufacturing and service organizations.

Comments

Hi, Although the standard

Hi,
Although the standard keep clause 4.1 and 4.2 separate but I think that in reality it is the interested parties that create or set the context of organization.

ISO 9001:2015

A very informative piece on the why & what of ISO 9001:2015 certification.. Good read!

Interested Parties and External Auditors

Pam,

This is a great article on the new ISO standard.

Question: TO what extent will our external auditors audit who our organization's interested parties are ?  If we potentially have interested parties that are not mentioned in our organizations Quality Manual, could that constitute a finding ?

Thank you !

Extent of auditing interested parties

Hi,

This is an excellent question and one that is still being trialed.

The standard does not specify that this be retained as documented information but it is a requirement, so I advise our auditors to ask: "what is your process?".  The audit of the process starts with your response and we will be looking for the effectiveness of your choice.  We will be looking for obvious missing pieces and obvious missing parties will almost certainly result in an NC or at least an opportunity.  For example, if your QM refers to an interested party (IP), but your process does not include them, that would in my opinion be an NC if the IP is significant.  In another example, if you supply a market with a regulatory body and your IP does not include them, that would be an NC.  In this example, if you supply automotive and ignore NHTSA, that would be possibly be an NC, depending on your product of course.

I suspect this will be a bone of contention between auditor and auditee.

Pam