ISO 9001 Knowledge base

Strahinja Stojanovic

How to identify the context of the organization in ISO 9001:2015

Context of the organization is a new requirement in ISO 9001, stating an organization must consider both the internal and external issues that can impact its strategic objectives and the planning of the QMS. It pretty much changes the concept and application of clause 4, and requirements regarding the context of the organization do sound a little bit vague, so what does this clause actually require?

Clause 4 of ISO 9001:2015 Context of the organization requires the organization to evaluate itself and its context. This means that you need to define influences of various elements on the organization and how they reflect on the QMS, the company’s culture, objectives and goals, complexity of products, flow of processes and information, size of the organization, markets, customers, etc. It is also a means to detect risks and opportunities regarding the business context.

Context of the organization

Where to start?

Although the standard doesn’t prescribe the method for determining the context of the organization, there are some logical steps and milestones.

First, you need to determine which of the new requirements are already met in your existing documentation, because some of the requirements related to the Quality Manual in ISO 9001:2008 are now transferred into this new clause (for more information, read The future of the Quality Manual in ISO 9001:2015).

If you have already implemented ISO 9001:2008, then you probably have already defined the scope of the QMS in the Quality Manual and the sequence of processes and their interaction, either in the form of text or flowchart (see How to create an ISO 9001 process flowchart (PDF). If you are implementing the standard from scratch, then you need to determine the scope of your QMS and identify the processes and their interactions (for more information, read Four things you need to start your ISO 9001 project).

Once the scope of the QMS is defined, together with exclusions (for more information, see What is an acceptable exclusion in Clause 7 of ISO 9001?, and processes and their relations are identified, the following steps need to be taken:

Sequence of processes

What are internal and external issues?

This requirement of clause 4 can seem too general, and there is a risk of going too wide when defining the internal and external issues. In fulfilling this clause, you should focus only on issues that can affect the customer satisfaction and delivery of quality product and/or service.

An organization’s internal context is the environment in which it aims to achieve its objectives. Internal context can include its approach to governance, its contractual relationships with customers, and its interested parties. Things that need to be considered are related to the culture, beliefs, values, or principles inside the organization, as well as complexity of processes and organizational structure.

To determine external context, you should consider issues arising from its social, technological, environmental, ethical, political, legal, and economic environment. Examples of external context may include:

  • government regulations and changes in the law
  • economic shifts in the organization’s market
  • the organization’s competition
  • events that may affect corporate image
  • changes in technology

Basically, all this information is in the heads of the CEO and other members of management, but it was never put on paper; the best way to gather it is by organizing some brainstorming. Systematization of all this information can be very valuable and demonstrate where you stand as an organization.

Should we care about other people’s opinions?

In simple terms, the requirement for identifying relevant interested parties means that you need to decide whose opinion about your company you should care about.

Interested parties include direct customers, end users, suppliers and partners, regulators, and others. Others could include people in the organization, owners/shareholders, and even society. These parties add value to the organization or are impacted by the activities within the organization. Identifying and meeting their needs is important to implementing an efficient and effective quality management system. Their feedback can really help you to determine what can be improved in your organization, and how.

Let’s put it on paper

Once all this information is gathered, it should be documented; the standard is pretty explicit about it. But where it should be documented? The first choice is to create a new document, and this document will be something that the certification body will require instead of a Quality Manual prior to the audit. The second choice is to include these new requirements in the existing Quality Manual. This can be very practical, since the Quality Manual contains some of the old requirements, so you’ll only have to add the part with internal and external issues and interested parties. Another advantage of this approach is that everyone is already familiar with the Quality Manual, so it wouldn’t be some great change in documentation structure; also, the certification auditors may ask for it out of habit.

Last, but not least

Regular management review is necessary to monitor the organization’s internal or external issues. Once the internal context is understood, management can conduct an external analysis using “PEST” (political, economic, social, technological) and SWOT (strengths, weaknesses, opportunities, threats) analyses and really benefit from this new requirement, instead of just formally fulfilling it.

The context of the organization seems like one of the “document and forget about it” requirements, but it shouldn’t be. Information gathered through defining context can be very useful for identifying room for improvement, and it shouldn’t be taken for granted. Knowing the context of your organization and opinions of your interested parties can help you improve your organization and make it even better.

To learn more about the requirements, read this free white paper: Clause-by-clause explanation of ISO 9001:2015.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on ISO 9001 standard.

You may unsubscribe at any time.

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what are your rights, see this Privacy Notice.

39 responses to “How to identify the context of the organization in ISO 9001:2015”

  1. Max Kojouri says:

    sounds really helpful .

  2. Taja Andrej says:

    Dear Mr. Stojanovic,

    what exactly do you mean by “Once all this information is gathered, it should be documented; the standard is pretty explicit about it.”?
    To what specific requirement about documented information about context are you referring to?
    Thank you and best regards,

    Taja A.

    • Strahinja Stojanovic says:

      Dear Taja,

      The article was written when the standard was still in the draft version and should be updated. The standard requires information about the context to be monitored and reviewed, and one way of doing it is to document at least some part of the context.

      Thank you for noticing this, we will make correction as soon as possible.

      Best regards,


  3. Mohammed Idrees says:

    Dear Mr. Stojanovic,

    In “Last, but not least” paragraph, it is written that we must perform external analysis after internal analysis, is it necessary to perform it in this order, internal then external, or the order of how to perform the analysis does not matter?

    Thank you in advance,
    Mohammed Idrees

    • Strahinja Stojanovic says:

      Dear Mr. Idrees,

      The order of determining issues is not defined by the standard, so the organization can approach it in any way that it finds the most appropriate.However, it is more common to determine internal issues first and than start with external issues, but again it is not mandatory.

      Best regards,


  4. Дмитрий Сафиуллов says:

    Dear Mr. Stojanovic,
    In logic of this post I see you propose to use SWAT/PEST as a tool to develop context. But I also meet opposite cases when context is done first through brainstorming, and then SWOT/PEST/Risk analysys is done based on info from context.
    Do you think there is one more correct way or its really to be decided by the organization?

    Thank you
    Dmitry Safiullov

    • Strahinja Stojanovic says:

      Dear Mr. Safiullov,

      There are different ways for meeting requirements regarding the context, and there is no one optio that will fit all organizations. SWOT and PEST are the most appropriate for small and mid size organizations and that is why I’ve mentioned them.

      Brainstorming is a really good method and it can be combined with SWOT or PEST because they provide some structure to the brainstorming session. When you tell people to focus on strengths, weaknesses, threats and opportunities, the brainstorming session will move in good direction and you will get proper results.

      Defining the context properly makes the risks and opportunities self evident and it facilitates meeting requirements for addressing risks and opportunities as well. But again, this is only a suggestion and it is in no way required by the standard, every company can find the methodology that works best for itself.

      Best regards,


  5. Sheila A Pearson says:

    Do you have an example of a swot or Pest completed for internal and external issues? I need an example.

  6. Sheila A Pearson says:

    do you have an example of a swot or pest completed for both internal and external issues? I need an example.

  7. chahi says:

    hello, please, i’m confused! when we look at the mandatory documentation of the ISO 9001 we can see 4 documents : The scope, the politic, the objective and the procedure of outsourced processus. and now i have just seen in this article about the context of the organisation “Once all this information is gathered, it should be documented; the standard is pretty explicit about it? so please can you explain what does it mean?

    • Strahinja Stojanovic says:

      Dear Chai,

      The article was written in the draft version of the standard and this statement about documenting the context is no longer relevant. Thank you for pointing this out. We will update the text of the article.

      Best regards,


      • chahi says:

        Dear stojanovic,
        Please, i’m working in power plant as a maintenance specialist of gas turbine, and i want to have a certification of my person, is there a certification of my job? iso or other? thank you in advance

  8. James Ford says:


    How are the internal and external issues that should be identified in the scope different from those you would document in a Risk and Opportunities Register? Could such a register not be used for compliance for this part of the standard?

    • Strahinja Stojanovic says:

      Dear James,

      The context is the source of information used for identification of risks and opportunities. For example, the element of the internal context can be outdated equipment, or lack of skilled workers, and the risk can be nonconforming products or failure to meet customer or product requirements.

      The context as an input for the risk identification and assessment and the risks are closely connected but they are not the same thing.

      Best regards,


  9. Nalisha Santokhie says:

    Do we necessarily need a legal compliance register to be performed by a lawyer if by design the company already takes into consideration all the legal aspects of the business operations? In any case, due to the nature of the operations, the company cannot operate unless it follows all the legal requirements

    • Strahinja Stojanovic says:

      Dear Nalisha,

      The standard doe not require identification of legal requirements to be performed by lawyer, it can be done by people within the organization.

      Best regards,


  10. Inaam Adam says:


    • Iciar Gallo says:

      Dear Inaam

      Sorry for the late response, could you please clarify what are you referring to?

      Best regards

  11. Tonya says:

    Good afternoon. Are there any examples of The Context of Organization as it pertains to Aviation?

  12. ibmpre says:

    Assalam alikum,

    please provide some examples of cultural, social and economic environments,
    issues affecting any industry

    • Strahinja Stojanovic says:


      There are various examples of cultural and social issues related to the products and services provided by the organization, but the most influential can be religion of the people working in the company or the market where the products and services are delivered. For example, you wouldn’t sell the ham to the Muslim countries. In most cases, the social and cultural factors don’t have a great influence on quality, but in more conservative societies, these factors can have big effect on the customer satisfaction.

      Economic environment issues don’t have great influence until the economic situation deteriorates to the extent that makes it difficult for the organization to deliver its products and services. For example, imposed sanctions on the raw materials that the organization uses to manufacture the product, or big inflation, etc.

      Best regards,


      • Raj Dhabadgaonkar says:

        Good afternoon. Are there any examples of context of organisation pertaning label printing industry

        • Iciar Gallo says:

          Dear Raj

          Here are some examples for a printing company:

          Relevant internal issues:
          – Management related – corporate issues, organization structure
          – Human aspects – culture, competence
          – Resource factors – facilities, location
          – Organization performance – new product release

          Relevant external issues:
          – Financial/economic factors – inflation, credit availability
          – Social factors – unemploymet rate, public perception
          – Political/legal issues: government stability, regulatory
          – Technological – equipment, new materials
          – Competition – competitive advantage, market share

          Of course these are just examples, you will need to determine the specific context of your organization, preferably with a simply method such a SWOT or PEST analysis.

          Best regards


  13. ibmpre says:

    Assalam alikum,

    please provide some examples of issues related to values, culture
    pertaining to any industry

    • Strahinja Stojanovic says:


      The example of issues related to values and culture can be religiosity of the owners of the company that translates into the values and culture of the company. For example, recently there was an incident in US where christian baker didn’t want to bake cake for gay wedding, and the court decided he has a right not to provide his services in a way that is in collision with his beliefs.

      Best regards,


  14. Mari U says:

    can you please provide an example of a context documentation specific for a branch of a bank? and how will this be consummated for the risk determination and risk assessment? could the context and the risk assessment be reflected in a single document? any suggested procedure of properly doing and documenting these? thank you.

  15. karthik G says:

    is it required to maintain COTO for all the departments of an organization separately ?

  16. ibmpre says:

    Assalam alikum,
    do we need to identify the external and internal issues which is currently affecting us or the potential issues (issues may or may never happen)

    • Iciar Gallo says:


      You need to consider not only the issues that are currently affecting your company but the potential ones that can affect the customer satisfaction and delivery of quality product and/or service. For instance, a potential external issue could be a change in technology.

      Best regards

  17. ibmpre says:

    Assalam alikum,

    how come an issues arise from legal as mentioned in the standard clause 4 (notes)

    • Iciar Gallo says:


      Legal issues may arise from changes in legislation such as discrimination law, consumer law, employment law, and health and safety law, etc. These issues can affect how a company operates, its costs, and the demand for its products.

      Best regards

  18. Ahmed Radwan says:

    How i can determine the internal and external issues of the organization and what is the best method of applying?

    • Iciar Gallo says:

      The simplest way is to organize a brainstorming session with the relevant people of your organization and perform a SWOT analysis (strenghts, weaknesses, opportunities, threats) to determine the relevant internal and external issues of your organization.

Leave a Reply

Your email address will not be published. Required fields are marked *



  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.