CALL US 1-888-553-2256

ISO 9001 Knowledge base

Mark Hammar

How to define the scope of the QMS according to ISO 9001:2015

Author: Mark Hammar

Determining the scope of the Quality Management System (QMS) has been a part of the ISO 9001 requirements for a long time. This scope is a vital part of the quality manual, as it defines how far the QMS extends within the company’s operations, and details any exclusion from the ISO 9001 requirements and the justification for these. It is through the scope that you define what your Quality Management System covers within your organization.

With the release of the new update to the ISO 9001 requirements, ISO 9001:2015, there is some additional clarification on defining the scope of the QMS. These clarifications will help to standardize how companies define the scope of their QMS, even if they choose not to have a quality manual, which is no longer a stated requirement in the standard.

What does the ISO 9001:2015 standard state?

Section 4.3 of the standard details the requirements for determining the scope of the Quality Management System. In a note about the QMS, it is stated that the QMS can include the whole organization, specifically identified functions of the organization, specifically identified sections of the organization, or one or more functions across a group of organizations. To start, there are three considerations to be included when determining the scope:

  1. External and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
  2. Requirements of relevant interested parties
  3. The product and service of the organization

In addition, the scope is to include any requirements of the ISO 9001 standard that can be applied, and if a requirement is determined to not apply, the organization will not use this as a reason for not ensuring conformity of product and service. The scope is to state the products and services covered by the QMS, and justification for any instances where the ISO 9001 standard cannot be applied.

How does this apply to my organization?

It is most common that the scope of the QMS covers the entire organization. Some noted exceptions are when your QMS only covers one physical location of a multi-location company, or when your manufacturing or service is distinctly split between industries (e.g., in a plant with three assembly lines where assembly lines 1 and 2 are for automotive and need to have a QMS certified to the ISO/TS 16494 QMS standard for automotive, but you want line 3 to be certified to ISO 9001 since many of the automotive requirements do not apply).

So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable if this is relevant. It should be clear enough to identify what your business does, and if not all parts of the business are applicable, it should be easily identified which parts are. Some examples could be:

  • XYZ Manufacturing located in London, England, producing machined components in the aerospace and automotive industry within Europe.
  • XYZ Consultants located in offices in Europe, Asia, and North American provide Information Technology Support to companies in any industry.
  • XYZ Computing provides software development services to companies in the automotive and heavy machinery industries within North and South America.
  • XYZ Industries is a division of XYZ International that operates in Indonesia and provides paper products to the Asian market.

Make your scope statement clear and concise

Your scope does not have a size limit, and should include enough information to determine what is covered by the processes of the QMS. However, it is important to make it clear what is included and what is not. If it is not clear to you what processes in your company are covered by your QMS, then how will it be clear to an outside auditor or other interested party? Making your scope statement simple and easy to read can help to focus your QMS efforts and prevent unnecessary questions about activities that you may perform that may not be applicable to your QMS certification.

To learn more about the requirements, read this free white paper: Clause-by-clause explanation of ISO 9001:2015.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on ISO 9001 standard.

You may unsubscribe at any time.

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what are your rights, see this Privacy Notice.

25 responses to “How to define the scope of the QMS according to ISO 9001:2015”

  1. Dennis van Lamoen says:

    Dear Mark,

    Although the examples are definitely clear and concise, they only take into account the product/service aspect – issues and stakeholders remain unaddressed. How would the scope’s definition reflect these? I find myself having trouble trying to translate these concepts to something that easily allows itself to be incorporated into this concise way of description. Thanks in advance for anything you would care to elaborate on.

    Dennis

    • Mark Hammar says:

      Dennis,
      The wording of the scope does not necessarily need to include information on issues and stakeholders, the standard only asks that you consider this when determining your scope. That being the case, in one example above when stating that the scope is within the “aerospace industry” this implies some of the stakeholders and issues which the company has included in thinking about the scope.

      To explain further you may have identified an issue that you will need to include the nickle plating of your own product in order to control the quality, but this does not necessarily mean that you will include the words plating into your scope statement. This could be included by changing “producing machined components” in your scope to “producing finished machined components”. If plating was to become another product that you sell then you would want to change the wording to “producing machined components and plating services” as this is now a stand alone deliverable to your customers.

  2. Epp says:

    Dear Mark,

    Thank you very much for the explanation.
    Actually my organization want to go for ISO 9001:2015, but only for specific business only.

    Our organization is a small IT company and we have about 50 employees.
    Our main business are :
    1. Software Development for our client, and
    2. IT Management Consulting

    And we want to go for ISO 9001:2015 but mainly for the Software Development only right now (because of limited time and resource)
    Can we exclude the IT management consulting and go for the software development only?

    Thank you very much
    Epp

    • Mark Hammar says:

      Hello Epp,

      In short, yes you could exclude the IT consulting from your scope. I have seen companies who have three manufacturing lines where 2 are certified to the automotive standard and only 1 is certified to ISO 9001, and I have seen companies who have been in the manufacturing industry and excluded a test services from their scope. It is possible to limit your scope to only part of what you do.

      However, you have to ask yourself where you will really be saving money by doing this. Will you exclude the IT management consulting from your internal audits and management reviews as well? If so you will be running a parallel system for assessing how this part of your business is running and potentially having a different way to assess the resource needs. Take a look and it might not be as much of a saving as you think.

  3. Fawzi Rammah says:

    Dear Mark,
    I work for a very large Water utility services Co, I have been assigned a project manager for ISO 90001:2015 QMS requirements and certification. all services are linked to the entire organization process e.g. HR system , service channels, operations & maintenance, central regulators, budgeting and planning, documentations (policies and procedures), complaints handling, etc. Therefore, I find difficulty to understand how can I implement QMS on a particular service or location, especially when I have many defects in the business, operational processes, low customer satisfaction rate and poor complaints handling!

    • Mark Hammar says:

      Hello Fawzi,

      While it will be difficult to answer your question in one message, the good news is that a Quality Management System using ISO 9001:2015 is intended to be designed for exactly what you have identified. The requirements of the standard are intended to address all of the processes in your organisations that are required to deliver your products and services to your customers while improving the system and customer satisfaction.

      So, by defining your possesses using the guidance of the ISO 9001:2015 standard you can then find improvement objectives to work towards improved customer satisfaction (such as improving complaints managements). In general you need to define what you do, align this with your customer needs and expectations, then find gaps that can be corrected and improved to improve your abilities to deliver and improve customer satisfaction. It starts with identifying what needs to be in your QMS using the requirements of ISO 9001:2015 which is recognised as the standard for what should be included.

      If you have further questions, or want to know how the products of Advisera can help, I suggest you contact our ISO 9001 experts, Strahinja Stojanovic at [email protected].

  4. moustafa yousef says:

    Dear Mark,
    i work in international airport , i am responsible on the quality management system and i donot know how to identifying the interested parties and how to identifying the context of my organization

  5. Arlene Steele says:

    Hi Mark
    Do you have an example of a scope I could look at please?
    Thank you
    Arlene

    • Mark Hammar says:

      Arlene,

      It very much depends on the company, but a scope could be as simple as “The design of X product in X industry as serviced by X location.”

      Regards,

  6. Ian Moon says:

    Hi Mark
    Our organisation currently holds a 9001 certificate in the UK. The scope of which is ‘roughly’ the design and manufacture of xxx products for the xxx industry. If we were to open a distribution centre in another country to improve lead times (where we already have a sales presence) Could we add that to our current certificate? Or would we need to certify the distribution hub separately? The hub would be solely for the storage and distribution of goods. There would be no manufacturing or other activities taking place there.

    • Mark Hammar says:

      Ian,

      You would need to discuss this with your registrar, but in most cases this is acceptable and you would then change your scope to include “distribution in X location”. Just to remember, as with any other processes you would need to find a way to audit your distribution process for this location, and include this in management review.

      Regards,

  7. Alfred MbC says:

    Hi,

    The company has added an additional service. Can the additional service be added to the company’s current ISO license for the next surveillance visit?

    • Iciar Gallo says:

      Dear Alfred

      you will definitely need to include it for the next surveillance visit. After the certification you need to maintain the system, this means you have to operate, improve and update the quality management system. Since the circumstances in your organization have changed, in your case because a new service, you´ll have to update your policies and procedures. Due to these changes there will be also new threats, which means that your risks will change, so your existing controls won´t be enough and you will have to review and update them if necessary.

  8. Mari U says:

    Hi,
    Our company has over a 100 branch. Under an existing certification of our QMS, all Branches are covered by only 1 certification. Branches are scattered all over the country, but each offers the same service, which are developed in the Head Office.
    With this set-up, I would like to ask if each site should be preparing its own context? Any best procedure to evidence compliance with the clause?

    Will appreciate your feedback.

    Thank you.

    • Iciar Gallo says:

      Dear Mari

      Context of the organization is referred to its operational environment. The context must be determined within the organization and external to the organization, in other words, you need to determine the internal and the external factors relevant to the organization´s purpose and its strategic direction that affects organization´s ability to achieve the intended results of its QMS.

      External factors include: culture, social, political, legal, statutory, regulatory, economic, etc., at all relevant levels: local, state, federal, even international; while internal factors include the organization’s company culture, its governance, its structure, vision for the future, technology, and strategic decisions. Probably in your case, internal context will be similar, although external context can differ from one branch to another . So you will need to determine the context for every organization. It is likely that some of the branches will share same internal and external issues if they for instance are located in the same state.

      There is not a formal requirement that prescribes how to determine the context of the organization, a simple way to do it is organizing a brainstorming session with the management and other relevant people of your organization and conduct SWOT (strengths, weaknesses, opportunities, threats) analysis and also an external analysis using “PEST” (political, economic, social, technological).

      You can see these articles to learn more about the context of the organization:
      – How to identify the context of the organization: https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
      – ISO 9001:2015 case study: context of the organization as a success factor in manufacturing company: https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/

      Best regards

      • Mari U says:

        Thank you for the valuable input.
        The set-up of our company is similar to a bank, where various branches can be found in one city. Each branch prepares its own context, conduct its own SWOT, identifies its own interested parties, etc.
        The process starts with the identification of internal and external issues, then comes the identification of interested parties, connecting it directly to risk assessment, all in one document! And this brings all the confusion as it produces a very huge document.
        Risks and opportunities are determined from the issues identified. Is there any way to simplify things?

        Looking forward to your valuable response.

        Thanks!

        • Iciar Gallo says:

          Dear Mari

          As I previously mentioned the context of the organization is referred to its operational environment, so if some branches share the same operational environment you don´t need to perform the identification of the internal and external context for every branch . More than likely, internal and external context and also interested parties will be the same, so you might group those branches which share same environment and that way you will decrease the number of documents and avoid repetition of similar analysis.

          Best regards

          • Mari U says:

            Can you please tell what is wrong with our template? we find it taxing to do.

            https://uploads.disquscdn.com/images/21c2ea125b5c0a08b7d230b35694087f56a1cd5645ff6f1ff25cfbb08bc5f63c.png

          • Iciar Gallo says:

            Dear Mari

            The table you proposed, although complete can be in fact, quite tough to fill out. You don´t need to analyze every factor as you show in the table, instead it is recommended to keep the determination of the context of the organization as well as the risk and opportunities assessment as simple as possible – you can organize a meeting and conduct a brainstorming session with the management and the relevant employees of your organization and perform a swot analysis, which gives you information not only about the internal context (strengths and weaknesses) and external context (opportunities and threats) but also about the risk and opportunities that you will need to address. It is important to mention that you always need to focus on those issues that are relevant to the organization and strategic direction, and avoid to analyze every factor. You can also use the same method of a brainstorming session meeting to identify the needs and expectations of the relevant interested parties for your organization.

            Best regards

          • Mari U says:

            Thank you very much.

          • Charlie A. Marquez says:

            Hi Iciar,

            Can you please give me a sample of a scope statement.

            Thanks,
            Charlie

          • Strahinja Stojanovic says:

            Hi Charlie,

            Here is the link to the free preview of our Scope of the Quality Management System https://advisera.com/9001academy/documentation/scope-of-quality-management-system/

            Best regards,

            Strahinja

Leave a Reply

Your email address will not be published. Required fields are marked *

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.