The dynamics of the operating environment for organisations has changed a lot over the years with new technological advances, the rise of social media, environmental concerns, and the influence of many such political, social, economic, legal, financial, regulatory and cultural factors. Similarly, internal factors such as our own skills and competencies, internal organisational structure changes and culture may require us to plan or change our internal processes to suit the needs of the customer better and to ensure high-quality products/services to the customer. These internal and external factors are called Context in ISO 9001.
ISO 9001 requires that a company consider all these factors while creating their strategic plans and address all kinds of risks and opportunities arising out of these factors to determine the scope of the Quality Management System (QMS) and its processes. Apart from Context, Requirements of interested parties and product/services offered by an organisation shall also be considered while determining the scope of the QMS. An interested party for a small organisation may include but are not limited to customers, regulatory or government bodies, management, employees, suppliers, etc. The requirement of a customer, for example, can be a high-quality product/service and on-time delivery. The scope and processes of the QMS shall be defined such that the context, requirement of interested parties and types of products/services that you offer are addressed through your QMS.
Companies, today work in a highly volatile and competitive environment. For any company, whether big or small, it is essential to identify the contextual issues as these may lead to potential risk or an opportunity. For example, cultural and religious aspects of a region may impact how much a product or service is successful in that region. Without understanding this cultural aspect, if a product is launched in a new area, it runs the risk of low sales. So, identifying context and addressing the risks or opportunity arising out of this context through changed/enhanced processes or planning adequate and timely response to these risks is important for a company. An untimely, inadequate response to these factors may cost a company its reputation and may lead to loss of business.
These contextual issues may also present opportunities such as opening up of new markets, availability of new technologies leading to reduced costs. The organisation should also be prepared to capture these opportunities at the right time.
Context also ensures the QMS works in conjunction with the business's strategic direction. The contextual changes over time shall also be tracked so that the QMS is always in-sync with the changes in the internal and external context. With the introduction of this new clause in ISO 9001:2015 version, ISO has bridged the gap and ensured that business context and QMS operate together and are always synchronised. Let's now discuss what the ISO 9001 requirements are under this clause and how this can be implemented in your organisation.
This subclause requires an organisation to define the internal and external issues that are important to the organisation's purpose, strategic planning, and that affects the ability of the organisation to achieve its goals.
How to determine context? Context can be determined using formal methods like PESTLE (political, economic, social, technological, legal, environmental), SWOT (strengths, weaknesses, opportunities and threats) or can just be discussed in a management meeting and recorded for the purpose of strategic planning or risk tracking.
Here is a sample SWOT which identified the internal and external context of a small training institute that deals with providing training to individuals and companies.
Relevant interested parties are all internal and external stakeholders, whether individuals or groups, who could impact or potentially impact the ability of an organisation to provide products/services that meets the requirements of the customer or other regulatory requirements.
How are interested parties and their needs/expectations determined? This can simply be done through brainstorming with the management considering the explicit and implicit requirement of stakeholders. Let's take an example of the training institute to explain this:
Interested parties |
Needs of Interested Parties |
Customer (Students) |
High-Quality training delivery |
High-Quality Training Material used |
|
Could be a source of referrals to new students |
|
Employee /Staff |
Require appropriate training |
Good Compensation |
|
Expect satisfactory equipment, facilities |
|
Supplier |
Expect to be paid promptly |
Require clearly defined requirements |
|
Top Management |
Company must remain financially healthy |
All data should be secured and data loss due to system crash shall be avoided |
|
Company must maintain the required number of trained staff |
|
Certification Body |
Level of compliance to ISO 9001 |
Australian regulatory body |
Awareness and compliance on regulatory requirement must be ensured |
Context and requirement of interested parties are not static and may change with time; that is why it is essential to update these with changing market trends and varying internal environment of the organisation. ISO 9001 requires that you monitor and review the context and requirements of interested parties. Typically, this is done in Management Review meeting, which shall be planned at least annually to discuss the status and effectiveness of QMS.
Define the scope of QMS based on the context
Once an organisation has identified the context, the next step is to define the scope of QMS. Scope of the Quality Management System should be defined based on
The scope of the QMS generally covers the entire organisation. Some exceptions can be when your QMS only covers one physical location, or it is catering to one industry where your organisation has multiple distinct functional units for each industry. So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable if this is relevant.
An example of a scope statement is:
"ABC Training provides a complete range of training courses and teaching solutions to individuals, Australian Businesses and Australian Government."
The Scope statement shall include enough information to determine what is covered by the processes of the QMS. So, if there are exclusions to some requirements of QMS, these shall be clearly indicated in the scope providing suitable justification.
For example, a company dealing in 3-D printing which prints the CAD designs provided by their customers shall clearly state the exclusion as:
"Clause 8.3 Design and development - XYZ printing does not produce, manufacture or carry out any activities requiring design or development. This clause of ISO 9001 is therefore not relevant. XYZ printing creates 3D prints with customer provided CAD files and did not do any CAD modelling for them."
After defining the scope of your QMS, the next step is to establish the QMS. Put in simple words, QMS is "the way you want things to be done in the organisation that satisfies the customer's expectations and the organisation's quality objectives".
Below are the key steps that you need to take to build your QMS:
Key processes are the activities or steps you go through to fulfil the customer requirements. Apart from the key processes which directly links to customer requirements, you will need to define certain support processes as well, which are critical to ensure customer requirements are met.
Some examples of processes are given below:
1. Customer-related processes
2. Support Processes
3. Management-related Process (for Top Management)
A typical process can be documented in the form of procedures and which will include:
Once you have identified the core processes, the next step is to define the sequence and interaction of these processes. Block Diagrams, process flowcharts or other visual depictions can show how activities, departments or functions, inputs, outputs, and employees interact and interconnect in a logical order.
While planning QMS, Management shall also determine and address the risks and opportunities to ensure that the QMS can achieve its intended results.
The steps that you need to take to ensure that this is addressed is:
a) Plan actions to address these risks and opportunities (derived from context and requirements of interested parties)
b) Determine methods to integrate these actions into your QMS processes
An example of how this can be done with risks identified from internal and external context identified or needs of relevant stakeholders is given below:
Interested parties |
Needs of Interested Parties |
Risk/Opportunity |
Treatment Method |
Customer (Students) |
High-Quality training delivery |
Differences in style of training delivery may result in an inconsistent quality of training |
Handle through Training SOP and guidelines for Tutors |
source of referrals to new students |
Good feedback from existing students will lead to more customers |
Plan actions for the opportunity and address through Customer feedback procedure and Corrective Actions |
|
Suppliers |
Require clearly defined requirements |
Unclear requirements may lead to the wrong product being delivered |
Handle in Purchase and Supplier Management process |
Management |
All data should be secured and data loss due to system crash shall be avoided |
Student Data loss may lead to dissatisfaction among students |
Plan mitigation actions for the Risk and handle in Document Management Process |
Company must maintain the required number of trained staff |
Less staff may lead to business loss |
Plan mitigation actions for the Risk and handle in Employee Training Procedure |
|
Certification Body |
Level of compliance to ISO 9001 |
Certificate withdrawal |
Efficient Internal auditing (Internal Audit Procedure) |
Context |
Issue |
Risk/Opportunity |
Treatment Method |
Source: SWOT |
Team small and high dependency on them |
Any attrition in the team may lead to business loss |
Plan mitigation actions for the Risk |
Source: SWOT |
IT companies are potential clients |
IT companies or individuals working in IT can bring more business |
Track as an opportunity and plan actions |
At periodic intervals, the QMS shall be reviewed and analysed to ensure that it delivers the intended results. The intent is to reflect on the processes and data and bring in changes in the system to improve the results. This should be done in Management Review (at least annually) or other management meetings which happens more frequently.