1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Context of organization less complex

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Eline Boonk, Sep 7, 2020.

  1. Eline Boonk

    Eline Boonk New Member

    Joined:
    Sep 4, 2020
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Enschede, the Netherlands
    As an organization, we are ISO 9001:2015 certified. We do not yet know whether we are properly addressing paragraph 4 of the standard 'context of the organization'.

    At this point, management has made the following:
    - an external analysis, using the PESTEL analysis.
    - an overview of stakeholders and their interests
    - an internal analysis, using the McKinsey 7S Model.

    The output of this results are in an Action-oriented SWOT.


    Once a quarter, this information is gone through to look at the status from the SWOT and once a year it is checked whether all documentation is still up-to-date.

    All this is quite a lot of work.

    Are there organizations that approach this more easily?
    How?

    (I have already seen more questions regarding this subject, but not yet an unambiguous answer with concrete examples.)
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Most of what should be considered in the Context are items to discuss at Management Review. Are you doing this Context information at a different time??
     
    Eline Boonk likes this.
  3. Eline Boonk

    Eline Boonk New Member

    Joined:
    Sep 4, 2020
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Enschede, the Netherlands
    Hello Andy,
    Thank you for your feedback.
    At the management review we check whether all documentation is still up-to-date. The SWOT we check one a quarter.
    I notice that management thinks it is only large documents, which must be worked through.
     
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Why? This isn't a requirement. Also, your internal audits should be doing this.
    I wouldn't think this needs checking that frequently. Typically SWOT is a strategic look at the organization.
     
  5. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    4.1 and 4.2 are inputs to other requirements of the standard. For example, if the organization understands the needs and expectations of their interested parties (e.g. customers, employers, employees, regulatory bodies, etc.) they can easily determine appropriate objectives at relevant functions, levels and processes (6.2). They can easily identify risks/opportunities that might cause difficulties in fulfilling the needs and expectations (6.1).

    If the organization understands the internal and external issues, it will give them a good reference for identifying risks/opportunities. Positive issues can be used as the basis for identifying opportunities, while negative issues for risks.

    Don't need to complicate the approach in satisfying the requirements in 4.1 and 4.2.
     
    CRISTIAN PELTEA likes this.
  6. Eline Boonk

    Eline Boonk New Member

    Joined:
    Sep 4, 2020
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Enschede, the Netherlands
    Sorry, we don't check all documentation at the management review.
    We do indeed have internal auditors for this.
    We check the external analysis, the overview of the stakeholders and their interests and the internal analysis.
    We don't have a SWOT, but a action-oriented SWOT. It contains actions that must be carried out.
     
  7. Eline Boonk

    Eline Boonk New Member

    Joined:
    Sep 4, 2020
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Enschede, the Netherlands
    Do you have a concrete example of what this looks like in an organization. You will have to record this and review it regularly?

    What would be the simplest approach?
     
  8. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    There is no requirement about documentation on 4.1 and 4.2. However, on those requirements that use them as inputs like 4.3, 6.1.1, 6.2 and 9.3, documentation will need to be retained or maintained.
     
  9. NISHITH NEEMA

    NISHITH NEEMA Member

    Joined:
    Sep 15, 2020
    Messages:
    14
    Likes Received:
    2
    Trophy Points:
    2
    As an organization, we are ISO 9001:2015 certified. We do not yet know whether we are properly addressing paragraph 4 of the standard 'context of the organization'.
    Answer
    The standard, and requires the organization to determine all internal and external issues that may be relevant to the achievement of
    the objectives of the QMS. Hence the organisation should first determine all the customer internal and external parties which are your customer and determine their expectation from you.
    Remember clause 4 is Context of the organization which is further divided in
    4.1 Understanding organization and its context
    4.2 Understanding needs and expectations of interested parties
     
  10. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    there are more than customers the organization has to take care of. The internal and external issues are also not necessarily anything to do (directly) with a customer. Think more broadly.
     
  11. Rustle

    Rustle Member

    Joined:
    Jun 23, 2020
    Messages:
    29
    Likes Received:
    4
    Trophy Points:
    2
    Location:
    Scotchland
    I prepare a combined SWOT / Risk Register which is then reviewed at least annually during management review. This ticks the box without much effort. Also would have an overview of organisational context which references the SWOT / Risk Register and interested parties register and have never had any issues with this clause in audits.
     
    Eline Boonk likes this.
  12. Marigi

    Marigi Member

    Joined:
    Sep 4, 2020
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    2
    Hi. Newbie here. I am looking for some inputs on the best way to demonstrate clause 4.
    For an organization with multiple branches, does each branch need to maintain a documentation of the context?
     
  13. Rustle

    Rustle Member

    Joined:
    Jun 23, 2020
    Messages:
    29
    Likes Received:
    4
    Trophy Points:
    2
    Location:
    Scotchland
    no but if you have a centrally held management system it is important that each branch has access and that it is relevant to them
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Welcome!

    The main answer is going to be derived from the scope of the QMS - is it covering all "branches"? Typically an organization has standardized processes for all branches, handed down from a corporate entity. The strategy comes from that corporate office. Section 4 is really a strategic look at the organization and how the branches are affected or affect that, tactically.

    I would anticipate that the "HQ" would determine the answers to clause 4. Things like risk registers and such like are NOT required (it says very clearly that an organization does not need a formalized risk management approach), unless these are part of your management tool box. The venue for demonstrating compliance is the records of management review (section 9) and much of the information relating to interested parties is usually on that agenda. Creating another layer of bureaucracy is counter-intuitive to the ISO 9001 requirements (which is seeking to reduce paperwork) and irrespective of any (perceived) need to please external auditors...(that's NOT the correct test of effectiveness)
     
  15. Marigi

    Marigi Member

    Joined:
    Sep 4, 2020
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    2

    Thank you so much for this very valuable insight.
    Yes, the scope covers all branches. Our management review is conducted at various levels in the organization (at the level of the branch, region and HQ. In the HQ are various committees, with members of the Top Management as committee members.) However, it's not at each level that the requirements of clause for mgt review are discussed. e.g. in the branch level, the review only focuses on customer sat, and business outputs. In the HQ though, in one of the highest committees, almost all the clause requirements are tackled but at various meetings dates/not in one seating. Would this be acceptable?
     
  16. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Yes. Take the statement of the ISO/TS 9002:2016 (Guidelines for the application of ISO 9001:2015) below for your reference:

    Management review should be conducted at planned intervals; this could be daily, weekly, monthly,
    quarterly, semi‐annually or annually. Some management review activities may be carried out by various
    levels of the organization, provided the results are made available to top management. It is not required
    that all the inputs to management review be addressed at one time, but instead they may be addressed
    during sequenced management reviews; the organization should address how it will ensure that all
    the ISO 9001 management review requirements are met. The organization may conduct management
    reviews as a standalone activity or in a combination of related activities (e.g. meetings, reports).

    Another reference that can provide clarifications about management reviews is the Auditing Practices Group Guidance of the International Accreditation Forum about Policy, Objectives and Management Review. See below statement:

    ISO 9001 specifies a number of inputs to the management review process and these topics
    need to be addressed; however, these are not the only subjects that can be included in a
    review. It is also acceptable not to address them individually or simultaneously but as part of
    an overall review of the business. Auditors should be aware that the inputs could be in many
    forms such as reports, trend charts and so on.

    The management review process should not be an exercise carried out solely to
    satisfy the requirements of the standard and the auditors; it should be an integral part
    of the organization’s business management process. An overall management review is a
    complex process carried out at various levels in the organization. It will always be a two-way
    process, generated by top management with inputs from all levels in the organization. These
    activities could vary from daily, weekly, monthly, organizational unit meetings to simple
    discussions or reports.
     
    CRISTIAN PELTEA likes this.
  17. Marigi

    Marigi Member

    Joined:
    Sep 4, 2020
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    2
    Hello. Your indulgence please, as I ask once more.
    While our SWOT and risk assessment is conducted at the enterprise level, our CB auditors keeps on looking for risk assessment conducted at the branch level pointing out possible issues that may be local to the branch. Is it ideal that each branch also conduct a risk assessment at their level?
     
  18. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Your auditor has no basis for asking for this. ISO 9001 leaves this entirely to you and, if the section is read carefully, it talks about the STRATEGIC nature of issues. To me, at branch level, that's not strategic. You have the latitude to consider (and IMHO should only consider) the enterprise level SWOT. Actions - in section 6 Planning) may be taken at branch level, but that's different.

    Your auditor is fishing for something NOT required. Reject their questions/requests. It's not what the standard says.
     
  19. Rustle

    Rustle Member

    Joined:
    Jun 23, 2020
    Messages:
    29
    Likes Received:
    4
    Trophy Points:
    2
    Location:
    Scotchland
    I think it is reasonable for the auditor to ask this. If the risk assessment is prepared at an enterprise level it may not be considering risks that exist at the branch level.
     
  20. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    The auditor must audit to the criteria: ISO 9001:2015 and the clients QMS. If they don't do it and don't say they will, there's no issue. The auditor must then look for objective evidence that NOT considering branch level risk and opportunity has been problematic. But most auditors are a) incompetent in such matters or b) lazy, preferring to demand things instead, writing non-conformities to justify their jobs.