How to identify the context of the organization in ISO 9001:2015

Context of the organization is a new requirement in ISO 9001, stating an organization must consider both the internal and external issues that can impact its strategic objectives and the planning of the QMS. It pretty much changes the concept and application of clause 4, and requirements regarding the context of the organization do sound a little bit vague, so what does this clause actually require?

Clause 4 of ISO 9001:2015 Context of the organization requires the organization to evaluate itself and its context. This means that you need to define influences of various elements on the organization and how they reflect on the QMS, the company’s culture, objectives and goals, complexity of products, flow of processes and information, size of the organization, markets, customers, etc. It is also a means to detect risks and opportunities regarding the business context.

Context of the organization

Where to start?

Although the standard doesn’t prescribe the method for determining the context of the organization, there are some logical steps and milestones.

First, you need to determine which of the new requirements are already met in your existing documentation, because some of the requirements related to the Quality Manual in ISO 9001:2008 are now transferred into this new clause (for more information, read The future of the Quality Manual in ISO 9001:2015).

If you have already implemented ISO 9001:2008, then you probably have already defined the scope of the QMS in the Quality Manual and the sequence of processes and their interaction, either in the form of text or flowchart (see How to create an ISO 9001 process flowchart (PDF). If you are implementing the standard from scratch, then you need to determine the scope of your QMS and identify the processes and their interactions (for more information, read Four things you need to start your ISO 9001 project).

Once the scope of the QMS is defined, together with exclusions (for more information, see What is an acceptable exclusion in Clause 7 of ISO 9001?, and processes and their relations are identified, the following steps need to be taken:

Sequence of processes

What are internal and external issues?

This requirement of clause 4 can seem too general, and there is a risk of going too wide when defining the internal and external issues. In fulfilling this clause, you should focus only on issues that can affect the customer satisfaction and delivery of quality product and/or service.

An organization’s internal context is the environment in which it aims to achieve its objectives. Internal context can include its approach to governance, its contractual relationships with customers, and its interested parties. Things that need to be considered are related to the culture, beliefs, values, or principles inside the organization, as well as complexity of processes and organizational structure.

To determine external context, you should consider issues arising from its social, technological, environmental, ethical, political, legal, and economic environment. Examples of external context may include:

  • government regulations and changes in the law
  • economic shifts in the organization’s market
  • the organization’s competition
  • events that may affect corporate image
  • changes in technology

Basically, all this information is in the heads of the CEO and other members of management, but it was never put on paper; the best way to gather it is by organizing some brainstorming. Systematization of all this information can be very valuable and demonstrate where you stand as an organization.

Should we care about other people’s opinions?

In simple terms, the requirement for identifying relevant interested parties means that you need to decide whose opinion about your company you should care about.

Interested parties include direct customers, end users, suppliers and partners, regulators, and others. Others could include people in the organization, owners/shareholders, and even society. These parties add value to the organization or are impacted by the activities within the organization. Identifying and meeting their needs is important to implementing an efficient and effective quality management system. Their feedback can really help you to determine what can be improved in your organization, and how.

Let’s put it on paper

Once all this information is gathered, it should be documented; the standard is pretty explicit about it. But where it should be documented? The first choice is to create a new document, and this document will be something that the certification body will require instead of a Quality Manual prior to the audit. The second choice is to include these new requirements in the existing Quality Manual. This can be very practical, since the Quality Manual contains some of the old requirements, so you’ll only have to add the part with internal and external issues and interested parties. Another advantage of this approach is that everyone is already familiar with the Quality Manual, so it wouldn’t be some great change in documentation structure; also, the certification auditors may ask for it out of habit.

Last, but not least

Regular management review is necessary to monitor the organization’s internal or external issues. Once the internal context is understood, management can conduct an external analysis using “PEST” (political, economic, social, technological) and SWOT (strengths, weaknesses, opportunities, threats) analyses and really benefit from this new requirement, instead of just formally fulfilling it.

The context of the organization seems like one of the “document and forget about it” requirements, but it shouldn’t be. Information gathered through defining context can be very useful for identifying room for improvement, and it shouldn’t be taken for granted. Knowing the context of your organization and opinions of your interested parties can help you improve your organization and make it even better.

To learn more about the requirements, read this free white paper: Clause-by-clause explanation of ISO 9001:2015.

Advisera Strahinja Stojanovic
Author
Strahinja Stojanovic

Strahinja Stojanovic is certified as a lead auditor for the ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.