How to determine the organization context and interested parties

sunrize · Apr 13, 2020

Dear

i saw that some organization implement clause 4.1, 4.2

by determine the interested parties first and then determine the context for each interested parties

is this a logic? and is good way ?

Andy Nichols · Apr 13, 2020

You can do either. As long as you understand WHAT and WHY you need to do this, the sequence you do it in doesn't matter as much.

sunrize · Apr 13, 2020

another question regarding risk and opprt.

i asses the risk according to multiplying (severity * occurrence) and list them from high to low

where opportunity according one criteria "its expected benefits only"

is this ok or i also required to have details to assess benefits according to (probability, cost ....etc)

Andy Nichols · Apr 13, 2020

sunrize said: ↑

another question regarding risk and opprt.

i asses the risk according to multiplying (severity * occurrence) and list them from high to low

where opportunity according one criteria "its expected benefits only"

is this ok or i also required to have details to assess benefits according to (probability, cost ....etc)
Click to expand...

You can do what you want, however, I would suggest that you're making it more complex than ISO 9001 intends.

John C. Abnet · Apr 13, 2020

sunrize said: ↑

another question regarding risk and opprt.

i asses the risk according to multiplying (severity * occurrence) and list them from high to low

where opportunity according one criteria "its expected benefits only"

is this ok or i also required to have details to assess benefits according to (probability, cost ....etc)
Click to expand...

Good day @sunrize ;
As @Andy Nichols stated, it appears you may be making this way too complicated. ISO 9001 has no requirement for 'scoring' or having a matrix listing risk and opportunities. Keep in mind, while clause 4 (specifically 4.1 and 4.2 ) need to periodically reviewed, the information you identify here (essentially WHO are we, WHAT do we do, WHO cares, and WHAT do they care about), rarely changes in most organizations.

Risk and Opportunity, however, change regularly. For example, fuel prices are currently extremely low. In part because of the fussing between Russia and Saudi Arabia, but also because of the current health crisis. This "risk" or "opportunity" (if you are a US shale producer, huge RISK, if a logistics company, huge OPPORTUNITY). was likely not on the radar (or a matrix) of the industries in my example six months ago.

Risks and opportunities are very dynamic. Regardless of what ISO 9001 requires, your organization would likely benefit from frequent (e.g. monthly? ) reviews of risks and opportunities that present themselves.

I assure you, USA shale producer company's Top Management did not wait month(s) to take action when per/barrel prices of oil started this recent significant drop.

Hopefully from my ramblings you can see why a fixed "matrix" of risks and opportunities might not benefit your organization. ALWAYS do what helps your organization...NOT what simply pleases an auditor.

Hope this helps.

Be well.

RIMilne · Apr 30, 2020

John C. Abnet said: ↑

Good day @sunrize ;
As @Andy Nichols stated, it appears you may be making this way too complicated. ISO 9001 has no requirement for 'scoring' or having a matrix listing risk and opportunities. Keep in mind, while clause 4 (specifically 4.1 and 4.2 ) need to periodically reviewed, the information you identify here (essentially WHO are we, WHAT do we do, WHO cares, and WHAT do they care about), rarely changes in most organizations.

Risk and Opportunity, however, change regularly. For example, fuel prices are currently extremely low. In part because of the fussing between Russia and Saudi Arabia, but also because of the current health crisis. This "risk" or "opportunity" (if you are a US shale producer, huge RISK, if a logistics company, huge OPPORTUNITY). was likely not on the radar (or a matrix) of the industries in my example six months ago.

Risks and opportunities are very dynamic. Regardless of what ISO 9001 requires, your organization would likely benefit from frequent (e.g. monthly? ) reviews of risks and opportunities that present themselves.

I assure you, USA shale producer company's Top Management did not wait month(s) to take action when per/barrel prices of oil started this recent significant drop.

Hopefully from my ramblings you can see why a fixed "matrix" of risks and opportunities might not benefit your organization. ALWAYS do what helps your organization...NOT what simply pleases an auditor.

Hope this helps.

Be well.
Click to expand...

Great info. Where should this be recorded and discussed? Should it be up to the most senior leaders to discuss in the business management review meeting and record it in there shared minutes?

Andy Nichols · Apr 30, 2020

RIMilne said: ↑

Great info. Where should this be recorded and discussed? Should it be up to the most senior leaders to discuss in the business management review meeting and record it in there shared minutes?
Click to expand...

Welcome!

I'd strongly recommend the use of the "Management Review" - as required by ISO 9001:2015. Subject to that being programmed to occur more than annually, which is the conventional (and wrong) use of the review #ISOsaysSo

Log in or Sign up

How to determine the organization context and interested parties

sunrize Member

Andy Nichols Moderator Staff Member

sunrize Member

Andy Nichols Moderator Staff Member

John C. Abnet Well-Known Member

RIMilne New Member

Andy Nichols Moderator Staff Member

Log in or Sign up

How to determine the organization context and interested parties

sunrize Member

Andy Nichols Moderator Staff Member

sunrize Member

Andy Nichols Moderator Staff Member

John C. Abnet Well-Known Member

RIMilne New Member

Andy Nichols Moderator Staff Member

Useful Searches