As per ISO 9000, the definition of Context of the Organization is “business environment“, “combination of internal and external factors and conditions that can have an effect on an organization’s approach to its products, services and investments and interested Parties“. The note states that this concept of Context of Organization is equally applicable to Not for profit organization, public service organization and governmental organization. Also in normal language, this concept is also known as the business environment, organizational environment or ecosystem of an organization.
The implementation of QMS should be the strategic decision of the organization and is influenced by the context of the organization and the changes in that context. The changes in the context can be with respect to its specific objectives, the risks associated with its context and objectives, the needs and expectations of its customers and other relevant interested parties, the products and services it provides, the complexity of processes it employs and their interactions, the competence of persons within or working on behalf of the organization and its size and organizational structure. The context of an organization will include internal factors such as organizational culture and external factors such as the socio-economic conditions under which it operates. The scope of ISO DIS 9001:2015 states that an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements and aims to enhance customer satisfaction.
Any interested party which is not relevant to the quality management system need not be considered and similarly, any requirement of the interested party not relevant to the quality management system need not be considered. Determining what is relevant or not relevant is dependent on whether or not it has an impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. The organization can decide to determine additional needs and expectations that will meet its quality objectives. However, it is at the organization’s discretion whether or not to accept additional requirements to satisfy interested parties beyond what is required by this Standard.
There is a new clause relating to the context of the organization,
Clause 4 Context of the organization
These clauses require the organization to determine the issues and requirements that can impact on the planning of the quality management system. Interested parties cannot go beyond the scope of ISO 9001. There is no requirement to go beyond interested parties that are relevant to the quality management system. Consider the impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. Organizations can go beyond the minimum requirements to determine additional needs and expectations for interested parties that would not be “relevant” at the discretion of the organization and should be clear in the quality management system. The “Context of Organization” clause has four sub-clauses ie
- Clause 4.1 Understanding the Organization and its context
- Clause 4.2 Understanding the needs and expectations of interested parties
- Clause 4.3 Determining the scope of the quality management system
- Clause 4.4 Quality management system and its processes
Clause 4.1 Understanding the Organization and its context
The organization should determine external and internal issues for the organization relevant to its purpose, strategic planning and which affect the organization’s ability to achieve its objectives. The Organization should monitor and review the information about external and internal issues. The organization must consider issues related to values, culture knowledge and performance of the organization for the understanding of internal issues. The organization must consider issues related to arising from the legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional or local for the understanding of external context. For considering internal context as well as external factors both positive as well as negative factors must be considered.
An organization’s context involves its “operating environment.” The context must be determined both within the organization and external to the organization. It is important to understand the unique context of an organization before starting strategic planning. To establish the context means to define the external and internal factors that the organizations must consider when they manage risks. An organization’s external context includes its outside stakeholders, its local operating environment, as well as any external factors that influence the selection of its objectives (goals and targets) or its ability to meet its goals. An organization’s internal context includes its interested parties, its approach to governance, its contractual relationships with its customers, and its capabilities and culture. An organization’s internal context is the internal environment within which the organization seeks to achieve its sustainability goals. The internal context may include,
- Product and service offerings
- Governance, organizational structure, roles, and accountability
- Regulatory requirements
- Policies and goals, and the strategies that are in place to achieve them,
- Assets (e.g., facilities, property, equipment and technology)
- Capabilities understood in terms of resources and knowledge (e.g., capital, time, people, processes, systems, and technologies)
- Information systems, information flows, and decision-making processes (both formal and informal)
- Relationships of the staff/volunteers/members and the perceptions and values of their internal stakeholders including suppliers and partners
- Organization’s culture
- Standards, guidelines, and models adopted by the organization and
- Form and extent of the organization’s contractual relationships.
Internal context can also be defined as anything within the organization that may influence the way in which the organization manages its internal risks. Once the internal context is understood, one can conduct the macro-environmental external analysis using “PEST” (political, economic, social and technological) analysis. This analysis determines which factors are can influence how the organization operates. The organization cannot control these factors, but it must seek to adapt to them. The PEST factors can be classified as opportunities and threats in a SWOT (strengths, weaknesses, opportunities, and threats) analysis. Alternatively, some organizations might use Porter’s “Five Forces Model.” These methods are used to review a strategy or position or direction of an organization. Completing a pest analysis is simple and helps the individuals involved in the organization to understand and find ways to deal with the context.
|Political Factors||Economic Factors|
|Ecological/Environmental Issues||National economies and trends|
|Current legislation||General taxation issues|
|Anticipated future legislation||Taxation to activities, products, services|
|International legislation (global influences)||Seasonality or other weather issues|
|Regulatory bodies and processes||Market and trade cycles|
|Government policies, terms, and change||Specific sector factors|
|Funding, grants, and initiatives||Customer/end-user drivers|
|Market lobbying groups||Interest and exchange rates|
|Wars and conflicts||International trade and monetary issues|
|Social Factors||Technology Factors|
|Lifestyle trends||Competing technology development|
|Consumer attitudes and opinions||Replacement technology/Solutions|
|Media views||Maturity of Technology|
|Law changes affecting social behaviours||Information and communications|
|Image of the organization||Consumer buying mechanisms|
|Consumer buying patterns||Technology legislation|
|Fashion and role models||Innovation potential|
|Major events and influences||Technology access, licensing, patents|
|Buying access and trends||Intellectual property issues|
|Ethnic/Religious factors||Global communication|
|Advertising and publicity||Social media use|
|Ethical issues||Maturity of the organization’s products/ services|
Example of PEST Analysis
Example Porter’s “Five Forces Model.”
Although organizations cannot control the macro-environment factors they need to manage them to their advantage. They also need to protect themselves from PEST factors which may increase operational costs or affect their reputation. The external context’s micro-environment consists of the organization’s immediate operations and how they affect its performance and decision-making. These factors have a direct impact on the success of the organization. It is important to have a full analysis of the micro-environment before moving to strategy development. Here are some of the micro-environmental context factors.
Organizations must attract and retain customers by offering products services that meet their needs along with providing excellent customer service
There must be the availability of people with the motivation to remain as contributing members of the organization and develop the skills necessary to provide a competitive edge
Suppliers provide organizations with the resources they need to carry out their activities. If a supplier provides bad service, this affects the way the organization operates. Close supplier relationships are an effective way to remain competitive and secure the resources needed
All organizations require investment to grow. They may borrow the money from a bank or have people invest in their work. Relationships with investors need to be managed carefully as problems can detrimentally affect the long-term success of the organization
Positive media attention can bring success to the organization by maintaining its reputational strength. Managing the media (including the presence in social media) is a challenge.
- Members of the organization need to have a sense of belonging. Can the organization offer benefits that are better than those offered by the competitors? Is there a strong value proposition? Competitor analysis and monitoring is crucial if an organization is to maintain or improve its position in the competitive landscape of the community. The organization must always be aware of its competitor’s activities. The landscape can change quickly.
As in the case of the macro-environmental context, the organization cannot always control its micro-environment factors. But they must be carefully managed together and with the internal context understanding. Both internal and external context can have influence over the organization. Customer pressures and complaints can force organizations to change various policies such as product returns and customer and technical support. Technological changes can provide new and more effective ways to handle communications, operations, shipping, and logistics. Cultural and religious differences may hinder product or service entry into certain countries. Government’s regulatory and trade policies can play a significant role in determining how businesses operate, especially in regard to international trade, taxation, and regulations. The media, including social media, can have a huge impact on a company’s image and public relations. A bad news video or news report can go viral pretty fast, and if your organization doesn’t provide an acceptable response, the negative publicity and effects can last a long time. Sociological forces often drive what, where and how consumers buy product and services. There is an increasing trend in the number of consumers purchasing products online and reading reviews before making a purchase. The multinational and multicultural trend in workforce composition can cause significant changes in the hiring and retention of competent human resources. If the response to these situations is unplanned, weak or untimely, it might have a dramatic impact on the future of the business – loss of customers, serious production interruption or disruption, permanent loss of organizational knowledge, even loss or bankruptcy of the business. Contextual issues can have a positive impact, as it may present opportunities such as new, improved or increased availability of previously scarce resources, opening up of or access to new markets, availability of new technologies leading to reduced costs, improved product quality, services, and operational efficiency. Many of these contextual issues can be viewed as variables some changing faster, others slower, depending on whether the organization is fast-paced and leading-edge or in a stable or mature industry. Therefore variability in these issues depicts uncertainty about their future behaviour. Such uncertainty can be quite diverse, complex and at times highly unpredictable. This presents a dilemma to organizations in terms of tracking and adapting to changes in these issues. This uncertainty introduces the need for understanding and use of risk evaluation, mitigation, and management. Thus each organizational contextual issue will have its own specific set of uncertainties with different levels of complexity and risk and the need for specific controls to mitigate or eliminate the risk.
Example internal issues could include, but are not limited to:
- Structure of the organization — limited flexibility when dealing with varying demands
- Roles within the organization — Rigid, personnel willing to adapt to demands?
- Availability of reliable qualified and competent workforce — very good (positive)
- Stability of workforce – Wage benchmarking is not consistent with competitors
- Staff retention — very high (positive)
- Impact of unionization – Uncordial
- Staff competency levels– high(positive)
- Contractual arrangements with customer-beneficial
- Payment terms from customers-high credit
- Solvency of customers -etc
- Expansion of customer base-etc
- The overall strength of the business to support funding needs -etc
- Relationship with investors. -etc
- Credit terms available .-etc
- Service level agreements with customers -etc
- The culture within the organization -etc
Example external issues could include, but are not limited to:
- Political, economic, social, technological, legal and regulatory — Laws changing, affecting product conformity, minimum wage changing, evolutions in more efficient machinery affecting the price
- Operating Permits becoming tighter on emission levels — technology demands
- Overall economic performance in the country — above EU norm (positive)
- Competitive environment — overall low-cost of entry into the market
- Economic plans for future -etc
- The nature and impact of the economy on the market -etc
- Customer demographics -etc
- General levels of consumer confidence -etc
- Customer expectation -etc
- Standardization and certification within the industry -etc
- Regulation within the industry generally -etc
- Trade associations and lobbying powers -etc
- Impact on neighbours. -etc
Clause 4.2 Understanding the needs and expectations of interested parties
The organization shall determine relevant interested parties and relevant requirements of relevant interested parties. Relevant interested parties to be considered are those that could affect or potentially affect the organization’s ability to constantly provide products and services that meet customer and applicable statutory and regulatory requirements. Monitor and review information related to interested parties and relevant requirements.
Firstly, the organization will need to determine external and internal issues that are relevant to its purpose, i.e. what are the relevant issues, both inside and out, that have an impact on what the organization does, that would affect its ability to achieve the intended outcome(s) of its management system. It should be noted that the term ‘issue’ covers not only problems, which would have been the subject of the preventive action in previous standards, but also important topics for the management system to address, such as any market assurance and governance goals that the organization might set for its management system. Next, the organization has to determine relevant interested parties and relevant requirements of relevant interested parties.
An interested party is a person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity that’s within the scope of the management system. There will be those external interested parties that impose specific legal, regulatory or contractual requirements in an organization. There may also be requirements specified by internal interested parties, for example, management and staff (permanent and temporary). Typically these would include:
- Trade unions
- Government agencies
- any other person or organization interested in the organization
There is no requirement in this International Standard for the organization to consider interested parties which have been determined by the organization not to be relevant to its quality management system. Similarly, there is no requirement to address a particular requirement of a relevant interested party if the organization considers that the requirement is not relevant. Determining what is relevant or not relevant is dependent on whether or not it has an impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. The organization can decide to determine additional needs and expectations that will assist it to meet its quality objectives. However, it is at the organization’s discretion whether or not to accept additional requirements to satisfy interested parties beyond what is required by this International Standard.
|Executive Board||Good financial performance, legal compliance/ avoidance of fines|
|Local residents||No complaints relating to noise, parking, health and safety, pollution, waste, employment|
|Law enforcers/ Regulators||Identification of applicable statutory and regulatory requirements for the products and services provided, understanding of the requirements, the application within the QMS, and update/ maintenance of them|
|Customers||Value for money, high quality, expectations for design innovation, on time, low-cost, quick response, installation expertise, health and
|Bank/Finance||Good financial performance|
|Employees||Professional development, prompt payment health, and safety, work/ life balance, employment security|
|Insurers||No claims/prompt payment/risk management|
|External providers||Prompt payment, health, and safety, work relationship|
|Trade Unions||Compliance (employment law)|
One tool which can be used for determining the relevant requirement of relevant interested parties is Stakeholder analysis
|Example of Stakeholder analysis|
Clause 4.3 Determining the scope of the quality management system
The organization must establish the scope of the quality management system by determining the boundaries and applicability of the quality management system. While determining the scope the organization must consider the internal and external issues determined in 4.1.,the requirements of relevant interested parties in 4.2. and the products and services of the organization. Requirements from this International standard that can be applied by the organization shall be applied within the scope of the QMS. Requirements from this International standard that cannot be applied by the organization and which does not affect the organization’s ability or responsibility to provide product and services that meet the conformity of its product and services and enhancement of the customer satisfaction. The organization must make available the scope and must maintain scope as documented information stating the Products and services covered by the QMS and any Justification where a requirement of this International Standard cannot be applied.
Determining the scope of the Quality Management System (QMS) has been a part of the ISO 9001 requirements for a long time. This scope is a vital part of the QMS, as it defines how far the QMS extends within the company’s operations and details any exclusion from the ISO 9001 requirements and the justification for these. It is through the scope that you define what your Quality Management System covers within your organization. With the release of the new update to the ISO 9001 requirements, ISO 9001:2015, there is some additional clarification on defining the scope of the QMS. These clarifications will help to standardize how companies define the scope of their QMS, even if they choose not to have a quality manual, which is no longer a stated requirement in the standard. Section 4.3 of the standard details the requirements for determining the scope of the Quality Management System. In a note about the QMS, it is stated that the QMS can include the whole organization, specifically identified functions of the organization, specifically identified sections of the organization, or one or more functions across a group of organizations. To start, there are three considerations to be included when determining the scope:
- External and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
- Requirements of relevant interested parties
- The product and service of the organization
In addition, the scope is to include any requirements of the ISO 9001 standard that can be applied, and if a requirement is determined to not apply, the organization will not use this as a reason for not ensuring conformity of product and service. The scope is to state the products and services covered by the QMS, and justification for any instances where the ISO 9001 standard cannot be applied. It is most common that the scope of the QMS covers the entire organization. Some noted exceptions are when your QMS only covers one physical location of a multi-location company, or when your manufacturing or service is distinctly split between industries (e.g., in a plant with three assembly lines where assembly lines 1 and 2 are for automotive and need to have a QMS certified to the ISO/TS 16949 QMS standard for automotive, but you want line 3 to be certified to ISO 9001 since many of the automotive requirements do not apply). So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable if this is relevant. It should be clear enough to identify what your business does, and if not all parts of the business are applicable, it should be easily identified which parts are. Some examples could be:
- XYZ Manufacturing located in London, England, producing machined components in the aerospace and automotive industry within Europe.
- XYZ Consultants located in offices in Europe, Asia, and North American provide Information Technology Support to companies in any industry.
- XYZ Computing provides software development services to companies in the automotive and heavy machinery industries within North and South America.
- XYZ Industries is a division of XYZ International that operates in Indonesia and provides paper products to the Asian market.
Your scope does not have a size limit and should include enough information to determine what is covered by the processes of the QMS. However, it is important to make it clear what is included and what is not. If it is not clear to you what processes in your company are covered by your QMS, then how will it be clear to an outside auditor or other interested parties? Making your scope statement simple and easy to read can help to focus your QMS efforts and prevent unnecessary questions about activities that you may perform that may not be applicable to your QMS certification.
The scope of ISO 9001 is given in clause 1 Scope and defines the scope of the standard itself. This should not be confused with the scope of the QMS, which is a term commonly used to describe the organization’s processes, products (and /or services), and related sites, departments, divisions, etc., to which the organization applies a formal QMS. (Note, this does not necessarily include all the processes, products, sites, departments, or divisions, etc. of the organization). The scope of the QMS should be based on the nature of the organization’s products and their realization processes, the result of risk assessment, commercial considerations, and contractual, statutory and regulatory requirements. While ISO 9001 is generic and is applicable to all organizations (regardless of their type, size or product category), under certain circumstances, an organization may exclude complying with some specific ISO 9001 requirements, while being permitted to claim conformity to the standard. This is because it has been recognized that not all the requirements in this clause of the standard are relevant to all organizations. ISO 9001 itself makes allowance for such situations. Consequently, the scope of registration/certification encompasses the scope of the QMS, as well as describing any excluded ISO 9001 requirements. As the terms scope of the QMS and scope of registration/certification are often used interchangeably, this can lead to confusion when a customer or end-user is trying to identify what parts of an organization have been registered/certified to ISO 9001, what product lines or processes are covered by the QMS, or what ISO 9001 requirements have been excluded. In order to dissipate such confusion and to enable identification of what has been registered/certified, the scope of registration/certification should clearly define:
- the scope of the QMS (including details of the product lines and related sites, departments, divisions, etc. that are covered by it).
- the organization’s main processes for its product realization or service delivery activities (such as design, manufacture, and delivery), for the product lines that are covered,
- any ISO 9001 requirement that has been excluded
(It should be noted that the scope of registration/certification is not the same as the certificate that is awarded to the organization after successful demonstration of conformity to ISO 9001. The certificate will usually include a synthesized description of the scope of registration/certification, but not the details of the ISO 9001 requirements that have been excluded; however, it may include a note to refer to the fact that the exclusions are detailed in the organization’s Quality Manual.)
It is essential that a scope of registration/certification be drafted by the organization prior to applying for registration/certification. This should then be analyzed by the CRB during the Stage 1 audit, for appropriate planning of the Stage 2 audit. It is the responsibility of the auditor:
- to ensure that the final statement of the scope of registration/ certification is not misleading;
- to verify that this scope only refers to the processes, products, sites, departments, or divisions, etc. of the organization that were assessed during the registration/ certification audit; and
- to verify that this scope defines any excluded requirements from ISO 9001 and that justification for such exclusions is provided and is reasonable.
As an additional measure to combat potential confusion among customers and end-users, the scope of registration/certification should be clearly defined in the organization’s Quality Manual and any publicly available documents (this includes, for example, promotional and marketing material). However, promotional statements should never be included in the scope of registration/ certification.
An example of how a scope could be derived
Organization’s purpose and strategic direction
“As one of India’s leading Data Communications manufacturers, installers and on-site managed service providers of ﬁber optic cabling (for Information Technology connectivity): as well as installer and on-site managed service provider of copper cabling and IT cabinets; our reason for ‘being’ is a combination of our vision, mission, and values.“
What is our vision?
“To become the most trusted manufacturer, installer and service provider of ﬁber optic/copper cabling (IT cabling) and IT cabinets within India and Europe.“
What is our mission?
“To expand our operations by Consistently meeting customers expectations, and our legal requirements, which includes the enhancement of customer satisfaction through the effective application of our processes for continual improvement.“
What are our values?
“Sustainable business practices including corporate social responsibility ( social, economic and environmental), responsible governance, and equal opportunity are all expected values within our organization. These are re-enforced through sustainable ethics and workforce integrity throughout all business operations. Co-operation and collaboration are expected norms within the organization’s management, with recognition provided for all through regular appraisals. We encourage and embrace any values which enforce the behaviours that employees cherish.“
“To open two new offices in India, and one new ofﬁce in Germany, and Spain this year. To implement and gain accredited certification to ISO 9001 and ISO 14001 in these new offices, within a year of the ofﬁces opening. To employ a motivated workforce that will embrace the organization’s values, and complement the co-operation and collaboration needed to achieve the effective application of our processes for continual improvement.“
2. Organization’s intended result(s) of its QMS
1.From the Scope of the Standard:
1. To demonstrate its ability to consistently provide products and services that meet customer and applicable regulatory requirements
2. To enhance customer satisfaction through the:
- Effective application of the QMS
- Processes for continual improvement of the QMS
- Assurance of conformity to customer and applicable statutory and regulatory requirements
2. Speciﬁc to the organization:
- Reduction in waste, during manufacturing, through reduced rejects, effective corrective action and improvements in process understanding and compliance
- To assist in the creation of an effective knowledge database for the consistent provision of product and service, and for business continuity purposes
- Contractual arrangements – generally within the sector
- Competitive environment – overall low cost of entry into the market
- Legislation, e.g. employment of non-nationals
- Regulation within the industry generally
- Overall competition within the recruitment sector
- The overall economic climate in the country
- Countries environmental requirements affecting products and service
- Technology advances
- Standardization and certification within the industry
- Client consideration of bringing expertise in-house
- Client working environment other trades working alongside us,
- Client configuration changes during installation
- Relationships with external interested parties
- Perceptions/values of external interested parties
- Key drivers and trends
- Workforce culture within the sector and country
- Construction delays
- External inspections/audits
- Competitors cease trading
- Availability of raw materials
- Power cuts in countries
- Availability of external providers – machinery maintenance, etc.
- Structure of the organization
- Roles within the organization
- Availability of reliable, qualified and competent workforce
- Stability of the workforce
- Staff retention
- Staff training levels
- External providers competence and availability
- Availability and quality of candidates to fulfil our vacancies
- The culture within the organization
- Working hours
- Staff morale
- Internal politics
- Governance, Policies, objectives
- General competence
- Information systems
- Decision-making processes
- Relationships with interested parties
- Perceptions/values of interested parties
- Standards, guidelines, and models adopted
- Contractual relationships
- Potential conﬂicts
- Processes for resolving conﬂicts
- Social customs
- Management’s abilities
- Database skills
- Root cause analysis abilities
- Improvement tools and abilities to apply
- Ability to motivate the workforce
- Project management expertise – new offices
- Understanding and experience in implementing ISO 9001
- Co-operation of workforce
Interested parties and relevant requirements
|Executive Board||Good financial performance, legal compliance/ avoidance of fines, sustainable, corporate and social responsibility with a suitable governance framework|
|Local residents||Local employment, a good reputable employer|
|Law enforcers/ Regulators||Identification of applicable statutory and regulatory requirements for the products and services provided, understanding of the requirements, the application within the QMS, and update/ maintenance of them, Legal compliance, prompt responses to investigations and inquiries|
|Customers||Value for money, high quality, expectations for design innovation, on time, low-cost, quick response, installation expertise, legal compliance|
|Bank/Finance||Good financial performance and cash flow|
|Employees||Professional development, employment security, and good employee working relationships|
|Insurers||No claims/prompt payment/risk management|
|External providers||Clear, unambiguous contracts and scope of works, good working relationship|
|Trade Unions||Compliance (applicable laws) and good working relationships with management|
Products and services of the organization
- Fibre optic cable manufacture – multimode
- Conﬁguring /layout/plans of cable routes within a client building
- Installation of IT cabling on client site (ﬁber optic and copper cabling)
- Installation of IT cabinets and connect cabling to active IT equipment
- Test connectivity and data performance
- On-site conﬁguration management – moves, and changes
- On-site network incident management
- Provision/management of on-site IT human resource
- IT client disaster recovery service and help desk
The production, installation and on-site managed service of ﬁber optic cabling (for Information Technology connectivity), and the installation and on-site managed service of copper cabling and IT cabinets, at client sites in India, Germany, and Spain.
- India (Manufacturing)
- Germany (Ofﬁce)
- Spain (Ofﬁce)
All clause requirements are applicable to the above scope, except for 8.3 (Design and development of products and services). This is because the organization does not design its products and services, but produces ﬁber cable (and installs IT cabinets, and cabling along routes) according to established/deﬁned standards and industry guidance. Clause 8.3 is therefore not applicable to our Quality Management System.
—————————End of example—————————————
Clause 4.4 Quality management system and its processes
The organization must establish, implement, maintain and continually improve its quality management system as per the requirement of these standards by determining the process needed and its application throughout the organization. While determining the processes, the organization must determine the inputs required and the outputs expected from these processes, the sequence, and interaction of these processes, The organization must control these processes to ensure its effective operation. The organization must establish the criteria and methods which include monitoring, measurements, and other related performance indicators to ensure the effective operation and control of these processes. The organization must determine and ensure the availability of the resources needed for the effective operation of these processes. The personnel having authorities and responsibilities for these processes must be identified. As per clause 6.1, the organization must determine risk and opportunities, analysis them and must take appropriate action to address them. There must be methods for monitoring, measuring, as appropriate, and evaluation of these processes. The organization must make changes in its process if it fails to achieve the intended result. The organization must look opportunities for improvement for these process and for Quality management system as a whole.
The organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.
The primary focus of clause 4.4.1 requirements is to manage and control all your QMS processes including processes for operations. QMS includes processes for management(leadership) activities, Planning which includes risk assessment, support processes (such provision of resources, communication, etc), Operation, performance evaluation, and Improvement as part of QMS. Clause 4.4.1 requires the ‘Process Approach’ to be used in defining your QMS. Documentation of QMS processes and the need for and detail of specific process documentation is determined by ISO 9001, customer, regulatory and your own organizational requirements, the complexity of products and processes, effect on quality, the risk of customer dissatisfaction, economic risk, effectiveness and efficiency, the competence of personnel. Clause 4.4.2 requires you to have documents needed to ensure the effective planning, operation, and control for QMS processes. Based on these factors, you must determine what processes need to be documented and how you will document it. Not all processes need to be documented; your documents must also include a description of the interaction between your QMS processes. A number of different methods can be used to document processes, such as graphical representations, written instructions, checklists, flow charts, visual media, or electronic methods, etc. Process flowcharts or block diagrams can show how policies, objectives, influential factors, job functions, activities, material, equipment, resources, information, people and decision making interact and/or interrelate in a logical order. Procedures may be an acceptable way to document processes provided they describe inputs and outputs, appropriate responsibilities, controls and resources needed to satisfy customer requirements. Regardless of whether or not you document all of your processes, you must provide evidence of effective implementation of all your QMS processes. Such evidence does not necessarily need to be documented.
Clause 4.4 c requires you to determine criteria for effective process operation and control. You could determine criteria to control the inputs, outputs, and resources used. For example, Raw materials as an input to production would have acceptance criteria that it must meet before it can be used.
These criteria (controls) must be established for each QMS process. Note that such controls may also come from the customer, regulatory or industry bodies. Equally important are the specific methods required for effective operation and control of each process. These may include job travelers; work instructions; in-process inspection sheet; specifications and drawings; SPC charts; set up checklist; machine manuals; etc. Note these control methods may apply to any or all of inputs, outputs or conversion activities.
This clause also requires you to monitor and measure your QMS processes. Clause 9.1 provides requirements to plan and implement these controls for monitoring and measuring conformity to process performance criteria determined above. Ways to monitor and measure QMS processes may include – tracking against process parameters, goals and objectives, using tools and records such as process check-sheets; product acceptance criteria; SPC records; production records; maintenance records; labour records, etc. More details on monitoring and measuring controls are covered in clause 9.1.
Under 4.4.1d, resources for QMS processes may include facility, material, equipment, labour, supplies, utilities, etc. Every QMS process will require a different combination of resources. Resource details may be identified in specifications, production schedules, bill of materials, production travellers or routers, work instructions, etc. Information for QMS processes will vary from process to process and may include -production schedules, bill of materials, product acceptance and process performance criteria, production traveller or router, work instructions, etc. Use clause 7.5 and other relevant clauses to control process information.
Under 4.4.1 e the organization shall have to ensure that adequate responsibilities and authorities are assigned as per as the requirements given in the clause 5.3.
This promotes the use of risk-based thinking. Risk is defined as the “effect of uncertainty.” Notes in the definition further describe risk as a “deviation from the expected,” either positive or negative. The term “uncertainty” is defined as a lack of information or knowledge about a potential event that can be expressed as a result of the likelihood and consequence of such an event. A positive deviation arising from risk can provide an opportunity, but not all positive effects of risk result in opportunities. Actions to address opportunities can also include consideration of associated risks. Clause 4.4.1 f requires that when planning its QMS, the top management must implement and promote a culture of risk-based thinking throughout the organization to determine and address the risks and opportunities associated with providing assurance that the QMS can achieve its intended result(s); provide conforming products and services, enhance customer satisfaction; promote desirable effects and improvement; and prevent, or mitigate, undesired effects.
Clause 4.4.1 g requires to evaluate of QMS processes as per the requirement is given in clause 9.1.3 and evaluation may be done through a review of measurement and monitoring records and performance indicators for each process. These reviews must identify opportunities to improve QMS processes, use of resources and product quality. Clause 4.4.1 h calls for improvement in the process as per the requirement is given in clause 10. When process nonconformities occur, then corrective action is required to bring the QMS process under control. Remember, the corrective action process is not just for product related nonconformities. Processes must be continually improved through the setting of incrementally realistic, measurable objectives. Planning for continual improvement requires a review of process data, resources and controls to bring about the desired change.
Clause 4.4.1a – 4.4.1h must be applied to all QMS processes. Note also that many ISO 9001 clauses (e.g. clause 8.2; 8.4; 8.6; etc.), require specific processes to be established within your QMS, These processes must also be identified and controlled in your QMS.
Example of Quality Manual
|Example of quality manual|