The dynamics of the operating environment for organisations has changed a lot over the years with new technological advances, the rise of social media, environmental concerns, and the influence of many such political, social, economic, legal, financial, regulatory and cultural factors. Similarly, internal factors such as our own skills and competencies, internal organisational structure changes and culture may require us to plan or change our internal processes to suit the needs of the customer better and to ensure high-quality products/services to the customer. These internal and external factors are called Context in ISO 9001.

ISO 9001 requires that a company consider all these factors while creating their strategic plans and address all kinds of risks and opportunities arising out of these factors to determine the scope of the Quality Management System (QMS) and its processes. Apart from Context, Requirements of interested parties and product/services offered by an organisation shall also be considered while determining the scope of the QMS. An interested party for a small organisation may include but are not limited to customers, regulatory or government bodies, management, employees, suppliers, etc. The requirement of a customer, for example, can be a high-quality product/service and on-time delivery. The scope and processes of the QMS shall be defined such that the context, requirement of interested parties and types of products/services that you offer are addressed through your QMS.

Why is context important?

Companies, today work in a highly volatile and competitive environment. For any company, whether big or small, it is essential to identify the contextual issues as these may lead to potential risk or an opportunity. For example, cultural and religious aspects of a region may impact how much a product or service is successful in that region. Without understanding this cultural aspect, if a product is launched in a new area, it runs the risk of low sales. So, identifying context and addressing the risks or opportunity arising out of this context through changed/enhanced processes or planning adequate and timely response to these risks is important for a company. An untimely, inadequate response to these factors may cost a company its reputation and may lead to loss of business.

These contextual issues may also present opportunities such as opening up of new markets, availability of new technologies leading to reduced costs. The organisation should also be prepared to capture these opportunities at the right time.

Context also ensures the QMS works in conjunction with the business's strategic direction. The contextual changes over time shall also be tracked so that the QMS is always in-sync with the changes in the internal and external context. With the introduction of this new clause in ISO 9001:2015 version, ISO has bridged the gap and ensured that business context and QMS operate together and are always synchronised. Let's now discuss what the ISO 9001 requirements are under this clause and how this can be implemented in your organisation.

Understanding the organisation and its context

This subclause requires an organisation to define the internal and external issues that are important to the organisation's purpose, strategic planning, and that affects the ability of the organisation to achieve its goals.

How to determine context? Context can be determined using formal methods like PESTLE (political, economic, social, technological, legal, environmental), SWOT (strengths, weaknesses, opportunities and threats) or can just be discussed in a management meeting and recorded for the purpose of strategic planning or risk tracking.

Here is a sample SWOT which identified the internal and external context of a small training institute that deals with providing training to individuals and companies.

Understanding the needs and expectations of interested parties

Relevant interested parties are all internal and external stakeholders, whether individuals or groups, who could impact or potentially impact the ability of an organisation to provide products/services that meets the requirements of the customer or other regulatory requirements.

How are interested parties and their needs/expectations determined? This can simply be done through brainstorming with the management considering the explicit and implicit requirement of stakeholders. Let's take an example of the training institute to explain this:

Monitor and review the context

Context and requirement of interested parties are not static and may change with time; that is why it is essential to update these with changing market trends and varying internal environment of the organisation. ISO 9001 requires that you monitor and review the context and requirements of interested parties. Typically, this is done in Management Review meeting, which shall be planned at least annually to discuss the status and effectiveness of QMS.

Define the scope of QMS based on the context

Once an organisation has identified the context, the next step is to define the scope of QMS. Scope of the Quality Management System should be defined based on

• The external and internal issues
• The requirements of relevant interested parties
• Products and services of the organisation

How to write a Scope Statement?

The scope of the QMS generally covers the entire organisation. Some exceptions can be when your QMS only covers one physical location, or it is catering to one industry where your organisation has multiple distinct functional units for each industry. So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable if this is relevant.

An example of a scope statement is:

"ABC Training provides a complete range of training courses and teaching solutions to individuals, Australian Businesses and Australian Government."

The Scope statement shall include enough information to determine what is covered by the processes of the QMS. So, if there are exclusions to some requirements of QMS, these shall be clearly indicated in the scope providing suitable justification.

For example, a company dealing in 3-D printing which prints the CAD designs provided by their customers shall clearly state the exclusion as:

"Clause 8.3 Design and development - XYZ printing does not produce, manufacture or carry out any activities requiring design or development. This clause of ISO 9001 is therefore not relevant. XYZ printing creates 3D prints with customer provided CAD files and did not do any CAD modelling for them."

Quality management system and its processes

After defining the scope of your QMS, the next step is to establish the QMS. Put in simple words, QMS is "the way you want things to be done in the organisation that satisfies the customer's expectations and the organisation's quality objectives".

Below are the key steps that you need to take to build your QMS:

1. Identify Key Processes
2. Determine the sequence and interaction of these processes
3. Determine the measurements and controls that need to be in place to evaluate these processes
4. Determine the resources required
5. Assign responsibilities and authorities
6. Address risk and opportunities
7. Evaluate processes and implement the changes needed to ensure that these processes achieve the intended results;
8. Continually improve the QMS

How to establish a QMS?

Key processes are the activities or steps you go through to fulfil the customer requirements. Apart from the key processes which directly links to customer requirements, you will need to define certain support processes as well, which are critical to ensure customer requirements are met.

Some examples of processes are given below:

1. Customer-related processes

• Marketing, Sales
• Design and Development
• Production
• Purchasing
• Storage
• Packaging and Delivery

2. Support Processes

• Calibration
• Recruitment
• Training
• Auditing
• Document and Record Management
• Measurement and Analysis
• Corrective Action

3. Management-related Process (for Top Management)

• Risk Management
• Strategic Planning
• Operation and Resource Planning
• Quality Objective Setting
• Management review

A typical process can be documented in the form of procedures and which will include:

1. Inputs and Outputs
2. Sequence of activities
3. Measurements and Controls
4. Responsibilities and Authorities

Once you have identified the core processes, the next step is to define the sequence and interaction of these processes. Block Diagrams, process flowcharts or other visual depictions can show how activities, departments or functions, inputs, outputs, and employees interact and interconnect in a logical order.

While planning QMS, Management shall also determine and address the risks and opportunities to ensure that the QMS can achieve its intended results.

The steps that you need to take to ensure that this is addressed is:

a) Plan actions to address these risks and opportunities (derived from context and requirements of interested parties)

b) Determine methods to integrate these actions into your QMS processes

An example of how this can be done with risks identified from internal and external context identified or needs of relevant stakeholders is given below:

At periodic intervals, the QMS shall be reviewed and analysed to ensure that it delivers the intended results. The intent is to reflect on the processes and data and bring in changes in the system to improve the results. This should be done in Management Review (at least annually) or other management meetings which happens more frequently.