No Interested Parties Matrix NC?

Recently, a CB auditor raised a nonconformity against clause 4.2. According to the documented finding: “Inadequate identification of interested parties and their requirements, needs and expectations.” The auditor was looking for a matrix that describes the 1) interested parties, 2) relevant needs and expectations, 3) actions to be taken and 4) status.

The organization, which is a government agency, actually, presented the following approaches:

• Objectives of each department are aligned with the requirements of the relevant interested parties (to demonstrate conformity with clause 6.2.1c);
• Documented procedures have a section describing the “expected outputs” of the process that are aligned with the relevant interested parties needs and expectations (to demonstrate conformity with clause 4.4.1a);
• Having a full-scope covering all their processes that produce their products and services being provided to their clients, including support processes that satisfy regulatory bodies (to demonstrate conformity with clause 4.3b);
• The commitments in their quality policy reflect the needs and expectations of the relevant interested parties (to demonstrate conformity with clause 5.2.1c);
• The records of their management meetings evidently cover their responses on the needs and expectations of their clients and regulatory bodies (to demonstrate conformity with 9.3.2c.1);
• The process owners can also verbally explain the interested parties and their needs and expectations relevant to their process where objectives and controls are derived from (to demonstrate conformity with 7.3);
• Each process owner maintains a risks registry that identifies risks/opportunities affecting their objectives. The registry has a section where interested parties and their needs/expectations are indicated. This section serves as the basis for setting the objectives (to demonstrate conformity with clauses 6.1 and 6.2).

Did the organization fail to understand the needs and expectations of the interested parties? Does clause 4.2 intend the organizations to create a “matrix”? What’s your take on this?

 

If organizations are “required”, particularly by CB auditors, to produce a matrix to demonstrate conformity with clause 4.2, these auditors (even consultants) devalue the intent of the standard. Below is an example from a government agency:


The intent of clause 4.2 is for organizations to have a clear “understanding” of the needs and expectations of their interested parties. When needs and expectations are clearly understood, it will help the organization to:

• Better define the scope of their organization’s QMS (clause 4.3b). This will prevent organizations, particularly in the public sector, to narrow the scope to cover only a specific service they are mandated to deliver to fulfill the needs and expectations of their interested parties. For example: A city government, that is mandated to deliver services to its constituents, only wanted to apply the ISO 9001 requirements in their business permitting service.
• Better align their functional and process objectives against the requirements that really matter (clause 6.2.1c). That when objectives are achieved, customers and other interested parties get satisfaction.
• Better identify controls that address risks that can adversely affect the fulfillment of the objectives (clause 6.1.1). Where risk is defined as “effect of uncertainty on objectives” and that objectives relate to interested parties needs and expectations (ISO 31073:2022 Risk Management Vocabulary).

The above items are just some of the advantages that organizations can get from a clear understanding of the intent of clause 4.2. Not to mention understanding the inputs to their product/service design (8.3.3), the commitments in their quality policy (5.2.1c), things they need to monitor/measure (9.1.1), and the information that need to be reviewed by the top management (9.3.2c.1).

“Requiring” a matrix does not add any value to an organization’s QMS other than a document that satisfies the shallow interpretation of the one who requires it.